Short Takes – 9-20-22

Critical flaws in airplanes WiFi access point let attackers gain root access. GBHackers.com article. Pull quote: “An adversary can exploit these vulnerabilities to compromise all types of inflight entertainment systems, and also other aspects of the system.” No direct access to flight controls but may provide network access depending on configuration.

Physics Body Concedes Mistakes in Study of Missile Defense. NYTimes.com article. Pull quote: “But the two scientists found that the study group had used the wrong interceptor speed — less than 2.5 miles per second instead of the faster pace of more than 3.1 miles per second. That error might seem small, but the military upshot was not. For an interceptor flight of 195 seconds, the baseline, the correct number was seen as moving the drones more than 100 miles farther out to sea.”

Facemask can detect viral exposure from a 10-minute conversation with an infected person. NewsWise.com article. Pull quote: “Once the aptamers bind to the target proteins in the air, the ion-gated transistor connected will amplify the signal and alert the wearers via their phones. An ion-gated transistor is a novel type of device that is highly sensitive, and thus the mask can detect even trace levels of pathogens in the air within 10 minutes.” More useful for a near instant testing device?

Kazakhstan Is Breaking Out of Russia’s Grip. ForeignPolicy.com article. Pull quote: “The deeper Moscow digs itself into a confrontation with the West and the international community, the more prepared Kazakhstan is to ditch Russia where possible while trying to avoid incurring losses as a result of Moscow’s displeasure.” An interesting byproduct of Putin’s failure in Ukraine.

GhostSec Strikes Again in Israel Alleging Water Safety Breach. Otorio.com article. Swimming pool control system. Pull quote: “Once again, this incident is a rather sad example of a business maintaining a poor password policy where the default credentials simply weren’t changed. Yet even with the hotel’s failure to change the default password, the system was also exposed to the internet, making it an extremely easy target for cyber attacks.” Looks like they could have controlled chlorine levels, no telling if there were safety controls in place to prevent lethal levels in atmosphere around pool.

Officials say DHS rejected plan to shield election officials from harassment. TheHill.com article. Pull quote: “Citing multiple people familiar with the matter, the outlet reported the proposal would track foreign influence activity and increase resources for reporting misinformation and disinformation surrounding the midterm elections, but officials raised concerns about the initiative being seen as partisan.” Avoiding the appearance of partisanship may end up being partisan in reverse.

Lawmakers Are Setting a Tight Schedule to Avoid a Government Shutdown. GovExec.com article. All sorts of issues holding up agreement. Just one, pull quote: “Lawmakers are seeking to strike a delicate balance, with many hurdles that could complicate a spending bill vote. Dozens of House Republicans are planning to vote against any CR that expires during the lame-duck session of Congress, arguing Republicans should insist on a measure that lasts into January. That would allow lawmakers to take up a full-year fiscal 2023 appropriations package when Republicans may control one or both chambers of Congress. Former President Trump issued a statement over the weekend imploring his party to take that approach.”

Not-So-Safe Automated Driving: Safety Risks During Drivers’ Takeover. HomelandSecurityNewsWire.com article. Problems with human backup of automated driving systems. Pull quote: “Against the backdrop of the current findings, the promise of increased safety that is often made in connection with automated driving remains extremely questionable. The next study on automated driving is already being planned, and will examine the factor of trust in technology.”