Domain: philosecurity.org
Stories and comments across the archive that link to philosecurity.org.
Comments · 10
-
Re:Fine, I'll bite
This is the part where I suggest you read this interview with a guy who wrote malware: http://philosecurity.org/2009/01/12/interview-with-an-adware-author
The majority of malware is written for Windows for two, simultaneous reasons: most people run Windows, and it's an easy target. It's both at the same time.
Running some form of GNU/Linux distro doesn't magically absolve you from security issues, but it's a decent first step.
-
Re:unlikely
But "spoofing" GPS signals is a great deal more challenging. [...] If they were able to pull THAT off, they deserve the drone. and a pat on the back.
GPS spoofing has been done publicly at long ranges since 2008. Even back then it could be done at nearly a mile away, and I bet the technology has advanced since then. Surely Iran has been researching this area heavily since GPS is one of the greatest advantages of the US military.
-
Re:A movie, you say
The original blog has details on the mitigations in such an attack. They don't discuss the military applications of GPS. When the DoD deployed GPS, they designed it to be secure enough that the military receivers are not susceptible to either (1) relay attacks or (2) spoofing attacks.
It is those military techniques that you must use to correctly implement what I'm suggesting in the first place. -
Re:Already used in the UK
Are GPS transmissions signed, cryptographically?
Considering how weak the signal is, I would think you could plop a transmitter next to the monitoring device fool it into thinking you are sitting at home.
Ah, here's an article on hijacking trucks with GPS/onstar equipment.
-
What real Copy?
Did anyone read/find the article cited? "An error occurred while loading http://www.philosecurity.org/ Unknown host www.philosecurity.org" rws
-
Re:I guess they won't know too much now...
Try one of the following:
I hope someone will mirror the PDF somewhere.
-
Re:XP forever
The trouble is not mainly that people didn't install an available patch. It's that no-one trusts Microsoft patches not to break things by accident or malice (I'm counting WGA as malice).
And in any case, it isn't just that Windows is more popular - it really is more insecure than Unix by design. Windows is a skanky ho', going out in the bad part of town drunk and stoned with no pants on and saying "what could possibly go wrong?"
-
Complacency is a disease
A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
-
Re:Seriously
Leave him alone! Dude already looks like he's got chicken drumsticks for legs.
-
NSA - Another Blow Against Internet Anonymity
"Back in 2005, the same NSA inventor, Michael Reifer, and a colleague were granted a patent called 'Method for Geolocating Logical Network Addresses'... It was a technique for matching IP addresses to physical geographical locations, based solely on packet timing information. One hurdle for geolocating IP addresses using this technique is that content filters, firewalls and other devices can add to the latency time of a route, thus skewing the results and diminishing the accuracy. Furthermore, attackers could intercept and retransmit traffic, also skewing results. To effectively geolocate an IP address, the NSA would need more information about the devices on the path.
"Enter last week's patent by the same inventor, 'Method of detecting an intermediary communication device,' (Michael Reifer). This new patent is built on the same general technique- it uses timing information alone to detect stepping stones on a path, and identify their functions. Using this second patent in conjunction with the first, the NSA could track Internet users with better accuracy, and also maintain an increasingly comprehensive map of Internet topology and devices."
http://philosecurity.org/2008/12/29/nsa-another-blow-against-internet-anonymity