RendonWI writes: A Wisconsin wireless contractor discovered a flaw in the FCC’s Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company’s name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts… Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database.

As soon as it is submitted, the change is immediately reflected in the ASR.

Read more of this story at Slashdot.

Source: Slashdot – How A Contractor Exploited A Vulnerability In The FCC Website

Dan Drollette shares an article by an Oxford physics professor who’s concerned about the popularity of radical new proposals to fight global warming.

The Christian Science Monitor wonders if it’s time to re-engineer our climate. MIT’s Technology Review basically thinks the answer is “yes,” having described it earlier as “cheap and easy.” The Atlantic seems quite smitten with Economist writer Oliver Morton’s vision of remaking the planet, which geoengineering booster Jane Long breathlessly called “geopoetry.” The idea received recent coverage (much of it favorable) by New Scientist, NBC, and in TED talks; I myself have recently participated in an NPR panel discussion on the subject… But what has really catapulted the idea into the public eye is Harvard’s reckless plan for a privately-funded field trial testing some of the key elements needed… Proceeding to field experimentation crosses a thin red line beyond which lies the slippery slope down to ever-larger field trials and ultimately deployment.

Harvard’s experiment — which is partially funded by Bill Gates — is “subject to no governance save what Harvard chooses to impose upon itself,” according to the article. The experiment involves “putting something in the atmosphere to reflect more sunlight back out into space,” which the article warns will create “enduring” effects — and require humanity to commit to maintaining the same atmospheric conditions forever.

Read more of this story at Slashdot.

Source: Slashdot – What Happens When Geoengineers ‘Hack The Planet’?

Long-time Slashdot reader quotes Ars Technica:
The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world’s servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.

According to the article, the U.S. government told the court that national security was at risk.

Read more of this story at Slashdot.

Source: Slashdot – Does US Have Right To Data On Overseas Servers? We’re About To Find Out

“Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated.” Orome1 quotes Help Net Security:
The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.

Interestingly, it can also beat two-factor authentication — since the targeted user will still input the phone code into the man-in-the-middle site.

Read more of this story at Slashdot.

Source: Slashdot – Account Registrations Enable ‘Password Reset Man In The Middle’ Attacks