I don't believe the second paragraph.
We haven't had six terror plots between 2010 and today. And even if we did, how would the auditors know? But I'm sure the first paragraph is correct: the behavioral detection program is 0% effective at preventing terrorism.
The rest of the article is pretty depressing. The TSA refuses to back down on any of its security theater measures. At the same time, its budget is being cut and more people are flying. The result: longer waiting times at security.
-- Bruce Schneier
comments on a US Government Accountability
This collaboration with the security research community has far surpassed
our expectations: we have received over 780 qualifying vulnerability
reports that span across the hundreds of Google-developed services, as well
as the software written by fifty or so companies that we have acquired. In
just over a year, the program paid out around $460,000 to roughly 200
individuals. We’re confident beyond any doubt the program has made Google
ups its security bounties
The backdoor, which cannot be disabled, is found in all versions of the
Rugged Operating System made by RuggedCom, according to independent
researcher Justin W. Clarke who works in the energy sector. The login
credentials for the backdoor include a static username, “factory,” that was
assigned by the vendor and can’t be changed by customers, and a dynamically
generated password that is based on the individual MAC address, or media
access control address, for any specific device.
What's particularly insidious about this situation is that users' systems could be infected with DNS Trojan for long periods, which resulted in their Internet activity being diverted through compromised DNS servers and opening up vulnerabilities to even more infections, without users even being aware of what was happening.
When the related server systems were seized, it created a quandary. If the servers were simply disconnected, all user systems currently infected with the trojan would no longer resolve Internet domain names to addresses, and would for all practical purposes be "cut off" from the Internet.
-- Lauren Weinstein
on the DNS Charger trojan
to post comments)