news.buyenne.com

An operating system used to manage firewalls sold by Juniper Networks contains unauthorized code that surreptitiously decrypts traffic sent through network virtual private networks, officials from the company warned Thursday.

It's not clear how the code got there or how long it has been there. An advisory published by the company said that NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. There's no evidence right now that the backdoor was put in other Juniper OSes or devices.

"During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," Juniper Chief Information officer Bob Warrall wrote. "Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS."

FCC Chairman Tom Wheeler. (credit: NCTA)

The Federal Communications Commission has asked Comcast, AT&T, and T-Mobile USA to answer questions about their implementations of "zero-rating," a practice that exempts certain types of content from customers' data caps.

FCC officials wrote to the companies yesterday, pointing out that data cap exemptions can favor some content providers over others, whose content does count against consumers' caps. The letters asked the companies to make "relevant technical and business personnel" available for discussions with FCC staff by January 15.

FCC Chairman Tom Wheeler told reporters today that "this is not an investigation. This is not any enforcement. This is to help us stay informed as to what the practices are, as we said we would do in the Open Internet Order."

(credit: Ryan J. Reilly)

Over the past couple months, there's been an ongoing battle between Congressman Lamar Smith (R-Tex.), chair of the House Science Committee, and the National Oceanic and Atmospheric Administration (NOAA). After a June study published in Science concluded there was no evidence that global warming had slowed in recent years, Rep. Smith accused NOAA climate scientists of manipulating surface temperature data for political reasons.

Rep. Smith has subpoenaed the internal communications of those scientists despite being provided all the data, methods, and rationale behind the work. NOAA replied it does not intend to release e-mails between scientists.

On December 1, Rep. Smith changed tack in a letter reiterating his demands. The letter complained that NOAA’s objections had focused on his requests for scientists’ communications, when he was also requesting communications between other NOAA staff. So he modified his terms—he'd start with e-mails from elsewhere in NOAA. “In order to move the Committee’s work forward and to allow for further discussions on issues related to the subpoenaed communications about which the agency and the Committee disagree, the Committee is willing to accommodate NOAA and prioritize communications sent and received by non-scientific personnel,” the letter read. “However, this prioritization does not alleviate NOAA’s obligation to respond fully to the Committee’s subpoena.”

A LifeLock ad from 2008. (credit: Elf Sternberg)

Today the Federal Trade Commission announced that identity protection company LifeLock will pay $100 million for playing fast and loose with its customers’ sensitive information, including names, social security numbers, credit card numbers, and bank information.

The settlement is the largest payout the FTC has ever won through an enforcement action. Customers who were part of a class-action suit against the company will get $68 million of that. The remainder of the sum "will be provided to the FTC for use in further consumer redress,” the FTC's press release states.

LifeLock was given a slap on the wrist and a $12 million fine in 2010 for falsely advertising its identity theft protection services. The company had advertised that for $10 a month, it would guarantee protection against identity theft, but the FTC charged that LifeLock merely put fraud alerts on its customers' credit files, which did not protect against identity theft from existing accounts, nor did it prevent fraudsters from using a person’s ID to get medical care or to apply for jobs. LifeLock’s CEO, Todd Davis, famously advertised his company’s services by displaying his social security number in ads. That act of hubris reportedly resulted in Davis’ identity being stolen 13 times.

Yesterday, Bloomberg Business published a story about a San Francisco hacker who claims to have built his own self-driving car in just a few months. George Hotz, who was the first person to hack the iPhone, has modified his Acura ILX and taught it to drive on freeways around the Bay Area. According to Bloomberg's article, Hotz had been in talks with Elon Musk about replacing that company's supplier of machine vision systems, Mobileye, until Musk offered Hotz a job, something the hacker did not appreciate.

Tesla, it turns out, did not like the way it and Mobileye were characterized in the article. In an online rebuttal, Tesla wrote "[w]e think it is extremely unlikely that a single person or even a small company that lacks extensive engineering validation capability will be able to produce an autonomous driving system that can be deployed to production vehicles." Mobileye's technology is now used by a host of OEMs and is one of the reasons Musk has said that optical sensors alone should be sufficient for autonomous vehicles.

Hotz's Acura ILX has been modified to contain a glovebox full of electronics, including a lidar puck on the roof and a forward-facing optical camera. Speaking to Bloomberg, Hotz said the secret to his car was the AI, which he has plans to refine while working as an Uber driver.

(credit: UMass Medical Center)

Yesterday, Congressional negotiators released a budget agreement that is likely to be signed by the president if it could pass both houses. The overall outlines of the deal—tax breaks that benefit businesses and increases in spending—will draw opposition from members of both parties, so it's not clear the president will ever see it.

Assuming it passes, however, the deal would be good news for scientific research. The American Association for the Advancement of Science has done an analysis of the bill and finds most research-focused agencies will see a boost. The priorities of many legislators, however, has ensured these boosts are not evenly distributed.

This appears to be a case where each party came in with a number (the president, House, and Senate each had spending bills under consideration), yet in many cases, they compromised by spending more than anybody had asked for. Overall, federal R&D money will go up by 8.1 percent in 2015, to nearly $150 billion. Roughly half of that, $73 billion, will end up being spent on defense research. Of that figure, $15.4 billion will go to basic science and tech research, even though none of the parties had asked for more than $14.6 billion.

Elon Musk views the historic Dragon capsule that returned to Earth on May 31, 2012, after delivering cargo to the International Space Station. (credit: NASA/Bill Ingalls)

A lot of scientists and engineers who study Mars worry about planetary protection, the concern that biospheres on other worlds might be contaminated by microbes from Earth. It’s a bit like Star Trek’s prime directive, and NASA and other space agencies take pains to clean their robotic spacecraft of Earth-based life before launching them to other planets.

The discovery of periodic, briny water on the surface of Mars earlier this year reignited concerns about planetary protection, including whether the Curiosity rover was free enough of Earth-based microbes to investigate these features, known as recurring slope lineae (RSL). The problem becomes even worse when humans are thrown into the mix.

Therefore, some in the scientific community believe astronauts should remain off Mars until rovers and other probes have thoroughly studied the question of life on Mars. After the confirmation of present-day water on Mars, for example, The Planetary Society’s Emily Lakdawalla, wrote, “If we keep our filthy meatbag bodies in space and tele-operate sterile robots on the surface, we'll avoid irreversible contamination of Mars—and obfuscation of the answer to the question of whether we're alone in the solar system—for a little while longer. Maybe just long enough for robots to taste Martian water or discover Martian life.”