Security Businesses SAP Systems are under Critical top Cyber Attack Vectors

Despite housing an organization's most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches. Based on assessments of hundreds of SAP implementations, the Onapsis Research Labs study found that over 95 percent of SAP systems were exposed to vulnerabilities that could lead to full compromise of the company's business data and processes. Most companies are also exposed to protracted patching windows averaging 18 months or more. In 2014 alone, 391 security patches were released by SAP, averaging more than 30 per month. Almost 50 percent of them were ranked as "high priority" by SAP.

Open Smart Grid Protocol Threatens Homegrown Encryption

Millions of smart meters, solar panels, and other grid-based devices rely on the Open smart grid protocol for communication and control — it's similar to SCADA's role for industrial systems. But new research shows that its creators made the common mistake of rolling their own encryption, and doing a poor job of it. The researchers believe this threatens the entire system. They say, "This function has been found to be extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever." Security analyst Adam Crain added, "Protocol designers should stick to known good algorithms or even the 'NIST-approved' short list. In this instance, the researchers analyzed the OMA digest function and found weaknesses in it. The weaknesses in it can be used to determine the private key in a very small number of trials.

North America To Ireland Dropbox Accounts Moves

Similar to a previous announcement by Twitter, Dropbox has changed its Terms of Service for users outside of North America (USA/Canada/Mexico) such that services will now be provided out of Ireland. Will other companies follow this trend and leave the USA (and the jurisdiction of the NSA)? Note, the announcement states that North American users are not able to opt into the Irish Terms of Service.

Master Combination Lock Easily Cracking

Impressive.

Kamkar told Ars his Master Lock exploit started with a well-known vulnerability that allows Master Lock combinations to be cracked in 100 or fewer tries. He then physically broke open a combination lock and noticed the resistance he observed was caused by two lock parts that touched in a way that revealed important clues about the combination. (He likened the Master Lock design to a side channel in cryptographic devices that can be exploited to obtain the secret key.) Kamkar then made a third observation that was instrumental to his Master Lock exploit: the first and third digit of the combination, when divided by four, always return the same remainder. By combining the insights from all three weaknesses he devised the attack laid out in the video.

Georgia Student Torches Computer Lab Unable To Hack Into Grading System

A 15 year-old Douglas County, Georgia high school student has been charged with five felonies, including burglary and arson, after sheriff's deputies caught him while responding to a 1 AM fire at Alexander High School. The boy admitted to investigators that he set fire to a computer after trying, unsuccessfully, to hack into the school computer system to change his grade on a failed test. "It's very sad and tragic. He could have very easily come to one of his counselors and asked for help," said Lt. Glenn Daniel with the Douglas County Sheriff's Department. "From what we can tell, (the student) was mad and frustrated because he could not hack into the system." Lt. Daniel said the charges could land the young man in prison for several years. The computer lab was cleaned up and re-opened in time for the start of that day's classes.

How Silicon Valley Got That Way and Why It Will Continue To Rule

Lots of places want to be 'the next Silicon Valley.' But the Valley's top historian looks back (even talks to Steve Jobs about his respect for the past!) to explain why SV is unique. While there are threats to continued dominance, she thinks it's just too hard for another region to challenge SV's supremacy.

Look Up! Look Out! The Almighty Buck United States Politics NASA Gets Its Marching Orders

HR 2039: the National Aeronautics and Space Administration Authorization Act for 2016 and 2017 (press release, full text, and as a pretty RGB bitmap) is in the House. In $18B of goodies we see things that actually resemble a space program. The ~20,000 word document is even a good read, especially the parts about decadal cadence. There is more focus on launch systems and manned exploration, also to "expand the Administration's Near-Earth Object Program to include the detection, tracking, cataloguing, and characterization of potentially hazardous near-Earth objects less than 140 meters in diameter." I find it awesome that the fate of the dinosaurs is explicitly mentioned in this bill. If it passes we will have a law with dinosaurs in it. Someone read the T-shirt. There is also a very specific six month review of NASA's "Earth science global datasets for the purpose of identifying those datasets that are useful for understanding regional changes and variability, and for informing applied science research." Could this be an emerging Earth Sciences turf war between NOAA and NASA? Lately it seems more of a National Atmospheric Space Administration. Mission creep, much?