We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
timothy from the what's-with-all-the-tsunami-alerts-lately? dept.
wiredmikey writes "Recently discovered security flaws in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States, has made the systems vulnerable to remote attack. The vulnerability stems from an SSH key that is hard-coded into DASDEC-I and DASDEC-II devices made by Monroe Electronics. Unless the default settings were altered during deployment, impacted systems are using a known key that could enable an attacker with full access if the systems are publicly faced or if they've already compromised the network. By exploiting the vulnerability, an attacker could disrupt a station's ability to transmit and/or could send out false emergency information. 'Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,' said Mike Davis, a principal research scientist at IOActive. The DHS issued an alert on the vulnerability, and IOActive, the firm that discovered the flaw, has published additional technical details (PDF) on the security issue."
Is it possible that software is not like anything else, that it is meant to
be discarded: that the whole point is to always see it as a soap bubble?