Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
People need to give themselves a shake and stop using MS products!
Hardware powering the US Emergency Alert System can be easily tricked into broadcasting bogus apocalyptic warnings from afar, say experts. Researchers at computer security biz IOActive reckon they found private encryption keys within firmware updates for the devices; miscreants armed with this information could successfully …
Not Eadon. It's a comment culled from an old MS security article from a number of years ago that I like to post on all security articles. (well, not all the MS ones....)
The point is that you can't just go "I use this vendor therefore I am secure". You have to secure stuff yourself or you are vulnerable.
(Eadon was Anti-MS, but even he didn't claim they were responsible for security flaws in Unix.....)
The vulnerability is specific to Linux-powered application servers from two manufacturers,
Tell me again how this is an Issue with Microsoft?
It isn't, of course ... but, equally, it isn't an issue with Linux. The problem seems to be that some fathead has decided to ship some software with private keys embedded in it in the clear.
It just happens that the software in question uses Linux ... the stupid error that leads to the vulnerability would be a stupid error and lead to a vulnerability on any system.
The possibilities are limited only by imagination and logistics.
"Zombie apocalypse" warning in Montana, many not fooled.
"Zombie apocalypse" warning everywhere (in US) the Lulze could be huge before anyone actually realizes that it defies all known laws of physics.
Thumbs up for this damm good prank and exposing yet another security hole in this web of stuff that's supposed to "protect" Americans.
...defies all known laws of physics.
I think you mean all known laws of biology. There's no law of physics that would prevent a corpse from being reanimated. Shuffling around moaning for brains might be a bit of a stretch, but I suspect they could do a music video with Michael Jackson.
No. Laws of physics, because, as the number of humans with brains asymptotes to zero it will be found that the number of brainless people outnumbers the zombies by an order of magnitude. Thus, no apocalypse.
P.S. I've waited so many years for the chance to use 'asymptote' I feel so... so... god-like!
Yes, indeed that's the point. Some lazy admins have been known to run the following commands:
(generate passwordless key)
# cat .ssh/id_rsa.pub > .ssh/authorized_keys
then they copy around the .ssh/id_rsa file. Now if this were the case with said firmware, it means that anyone getting their hands on the firmware gets the id_rsa key, and said key has access to the box. With no password.
Not sure if this is the case, but I wouldn't be surprised if it was...
Does anyone listen to radio these days? What with all the cell phones and texting, maybe there should be an "alert all cell phones" in specific geographical areas as well.
Of course with the lax security that others have shown, it would be a wonderful prank to edit the presidents voice to say something like "We have just exploded a Nuclear Bomb over Iran, the world is now safe" or some such (note to law enforcement: this is a joke/satire don't arrest me!).
Anonymous for obvious reasons
"Does anyone listen to radio these days? What with all the cell phones and texting, maybe there should be an "alert all cell phones" in specific geographical areas as well."
There is. While under development it was called CMAS or PLAN depending on which agency you talked too (Commercial Mobile Alert System or Personal Localized Alerting Network.) It is now called WEA (Wireless Emergency Alerts.) These are available nationwide in the US, and phones started supporting reception of these alerts within the last several years. Several non-supporting models have also received firmware updates to support them (both my previous Motorola Droid 2 Global and current Samsung Stratosphere did not support these, then they did after a firmware update. These both have 2.3.x with WEA added on, I think Android 4.x supports WEA stock.)
This system uses broadcast texts and a minor modification to the stock messaging app so it alerts on receipt of a message, subject to user control. It has options for "CMAS Test messages", AMBER alerts (this is for child abductions), "Severe alerts" (this is ordinarily severe thunderstorm or tornado warnings around here), "extereme alerts" (typically around here this means a tornado is on the ground), and "presidential alerts" (the nukes are on the way I suppose?) Presidential alerts cannot be disabled* while all others can be.
(An example message:
Tornado Warning in this area til 3:00 PM CDT. Take shelter now. Check local media. -NWS
*...Through the menu. If I set Handcent up to take over as "Default messaing application" for SMS and MMS, the stock app fails to alert, just the usual text messaging ding from handcent.