Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.
Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
This move should come as little surprise to anyone. While the main battle in getting net neutrality has been won, the war is far from over. The legislation was only proposed now because the FCC's net neutrality rules were just published in the Federal Register today. In addition to the legislation, a new lawsuit was filed in the U.S. Court of Appeals for the District of Columbia Circuit by USTelecom, a trade group representing ISPs.
NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:
"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."
Anonabox's parent company, Sochutel, says that only 350 of the devices lacked that password protection, and that it's fixed the gaping security oversights in newer version of the router.
The initial security criticisms of Anonabox helped to convince Kickstarter to freeze the proejct's $600,000 crowdfunding campaign in October. But Anonabox relaunched on Indiegogo and was later acquired by the tech firm Sochutel. Sochutel claims that the security flaws in the routers developed prior to its acquisition of Anonabox were out of its control, and that it's now hiring outside auditors to check its products' security.
From the article: "Letters detailing the benefits of the Comcast deal were submitted to the Federal Communications Commission by staff members from Americans for Tax Reform, the American Enterprise Institute, the Institute for Policy Innovation, Competitive Enterprise Institute, the Free State Foundation and the Center for Individual Freedom, as well as by a professor at a technology program at the University of Pennsylvania, all of which received support from Comcast or its trade association, tax documents and other disclosures reviewed by The New York Times show. A similar pattern is evident with charities like the Urban League and more than 80 other community groups that supported the media company and that also accepted collectively millions of dollars in donations from the Comcast Foundation over the last five years, documents reviewed by The Times show."
The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.