Skip to main content

7 Years Later, Emergency Alert Systems Still Unpatched, Vulnerable

chicksdaddy writes: The Security Ledger is reporting that more than 50 Emergency Alert System (EAS) devices made by Monroe Electronics (now Digital Alert Systems) are un-patched and accessible from the public Internet, seven years after security researchers alerted the public about security flaws in the devices. More than 50 EAS deployments across the United States still use a shared SSH key, a security vulnerability first discovered and reported by IOActive in 2013, according to a warning posted by the security researcher Shawn Merdinger on January 19, seven years after the initial vulnerability report was issued.

Security Ledger viewed the exposed web interfaces for Monroe/Digital Alerts Systems EAS hardware used by two FM broadcasters in Texas and an exposed EAS belonging to a broadband cable provider in North Carolina. Also publicly accessible: EAS systems for two stations (FM and AM) serving the Island of Hawaii. Residents there received a false EAS alert about an incoming ICBM in 2018. That incident was found to be the result of human error but prompted the FCC to issue new guidance about securing EAS systems. Digital Alert Systems said it is aware of the problem and is contacting the customers whose gear is exposed. However, a search using the Shodan search engine suggests that few have taken steps to remove their EAS systems from the public Internet in the past week. Security Ledger is withholding the names of the broadcasters whose EAS systems were exposed for security reasons. None of the stations contacted for the story was able to provide comment prior to publication.


from Slashdot: News for nerds, stuff that matters https://ift.tt/2tPavPS
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Dark Mode vs. Light Mode: Which Is Better?

Recently a well-respected UI consulting firm (the Nielsen Norman Group) published their analysis of academic studies on the question of whether Dark Mode or Light Mode was better for reading? Cosima Piepenbrock and her colleagues at the Institut für Experimentelle Psychologie in Düsseldorf, Germany studied two groups of adults with normal (or corrected-to-normal) vision: young adults (18 to 33 years old) and older adults (60 to 85 years old). None of the participants suffered from any eye diseases (e.g., cataract)... Their results showed that light mode won across all dimensions : irrespective of age, the positive contrast polarity was better for both visual-acuity tasks and for proofreading tasks... Another study, published in the journal Human Factors by the same research group, looked at how text size interacts with contrast polarity in a proofreading task. It found that the positive-polarity advantage increased linearly as the font size was decreased: namely, the smaller the fon...
Post a Comment
Read more

Hate Those Robocalls? This Service Lets You Sue Them for Up to $3,000 Per Annoying Call

2 hrs ago Save News 2 hrs ago News 2 hrs ago News Hate Those Robocalls? This Service Lets You Sue Them for Up to $3,000 Per Annoying Call Jody Serrano Save Until now, the majority of us might have simply hung up on robocallers. However, there’s now a way to get back at the companies who torment you with endless robocalls that ask you for your information or try to sell you stuff. The solution is called Robo Revenge, a service that lets you sue the unwanted caller for up… from Gizmodo | We come from the future https://ift.tt/2vzIYCv via IFTTT
Post a Comment
Read more

Signal Is Finally Bringing Its Secure Messaging To the Masses

An anonymous reader quotes a report from Wired: [Cryptographer and coder known as Moxie Marlinspike] has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for -- not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years -- thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream. That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all What...
Post a Comment
Read more