You've got to do something. You can do air traffic: relative small number of people, very well defined checkpoints, and a security mindset in place already.
Doing airport level security for concerts is much harder due to the great number of people that arrive within a very short time span. Also more costly as other than that one hour a week before the concert begins, all equipment is idle.
Here all plans come with voicemail service by default, but it must have been nearly a decade since anyone left me a voicemail, or since I left one. Nobody uses it. The last voicemails that I ever got were recorded ads - ads that start playing the moment the line is connected, so the voicemail recording starts somewhere midway the message.
I should check my phone to see whether I have voicemail even enabled. It probably is. If ever I get a voicemail, I hope the notification includes instructions on how to listen to it because otherwise I wouldn't know - and likely be too lazy to find out. Voicemail is passé, that's what WhatsApp is for nowadays.
they have to. Because it's taken as a truism in business that companies must do everything in their power up to the limits of legality to advance the shareholder's interests.
That statement is so yesterday. "Limits of legality" don't apply any more. Prime example: Uber, but they're just the most high-profile of the many companies that just don't care about what's legal and what's not.
The horsepower is the easy part (that's electric's strength). Maximum torque at low rpm. It's range you're looking for, and with cars getting good ranges with little more battery pack than their gas counterpart's gas tank, that's pretty promising for trucks.
How does your "need to own a car" clash with cars becoming electric and self-driving? That's a plus for you, less time wasted driving from A to B as you can spend your time doing something more useful.
The range is also such a non-issue. There are few if any places in the world where you would need that much range (maybe the Australian outback). Drive that 100 miles to the mall and back, twice in a row, and you're still not out of power with modern batteries. Now if you're actually going shopping at that mall your car is sitting idle - sucking up fresh electricity, of course. Why wait until your battery is nearly empty before refueling?
Truck drivers have their mandatory breaks. I don't think they're even allowed to do 400 miles non stop. Just use each and every of those 15-20 minute stops to top up the batteries.
A place that's 40 minutes outside of town by car, is considered "far away" by them and they find it hard to grasp the immediate freedom that a car affords you.
That's what taxis are for. Seriously. I don't have a car, and for those faraway places that are out of reach of public transit you just take a taxi. Much cheaper than maintaining your own car.
There is very little relationship between "the oil price" (which is actually about a very specific, rather high grade of crude) and how much you pay for gasoline at the pump. The per-barrel price may double, yet the pump price barely changes. It's the processing, distribution and local taxes that determine the price.
Maybe all those researchers will have to leave the US to go work in freer parts of the word - like China , or even Europe- where they can develop their products without such risks.
A sadder part of this security theatre: a few weeks ago when boarding a flight from Taiwan my father had to hand in the scissors of his first aid kit, which happened to be in his hand luggage. Short (about 5 cm blades) with round tips. Apparently a dangerous weapon.
It was sad to see how many much more dangerous weapons were sold after security.
First I noticed make-up kits, with glass mirrors. Makes for nice sharp shards.
Second chopsticks. Combined with a piece of sandpaper like those paper nail buffing boards it can make for a nice piercing weapon.
Then I realised they also sell big glass bottles, usually with some alcoholic substances in it. Break the bottom off of them, and they become pretty nasty weapons - popular in bar fights as well.
And finally we got nice metal cutlery on the flights. Even those knives (and the pointy forks!) looked more dangerous to me than those scissors. Or a bottle of water, for that matter.
I'm sure there are a lot more of these "innocent" items for sale, that can be turned into weapons in the blink of an eye. I just haven't thought about it really, I just looked around a bit while wondering why he had to hand in those scissors. A dedicated criminal would for sure be able to find many other options.
So why again aren't we allowed to bring small scissors? Security theatre optima forma!
Already working, no computers needed. Check out Ho Chi Minh City, old Saigon, a city of 8+ million people, 10 million motorcyclesâ, and about two dozen traffic lights.
Is that intentional, or due to other causes such as lack of money or an incompetent highways department?
What stops this would be attacker from obtaining a certificate for whatever phishing domain they register?
This green lock is no guarantee you are on the site you think you are. You'll have to open it and check the certificate details. Too much work for what I'd estimate at about 99.99% of the average computer users.
Ideally, people could run password managers on their PC's (optionally mirrored and encrypted in "the Cloud") that use a standardized web interface to talk to websites so you only remember your one manager password. But that requires a lot of different people working together to make that "the standard."
Ever heard of LastPass? That is doing exactly as you describe. Encrypted, mirrored in "the cloud", available from any device, autofill passwords, autologin most sites (so even easier than using a Facebook or Google login - especially as I'm not always logged in to those sites), can create and autofill random passwords for you, etc. There are more such password managers; no need for a worldwide standard to be able to use them conveniently. Having fields called "username" and "password" or so will do the job for the autofill.
Added bonus: it will log you in to google.com but not go0gle.com or so. With UTF-8 domain names there are lots of letter lookalikes, which easily fool a human but not a computer.
That's not true. You authenticate via Google, Facebook, LinkedIn, or whatever, and possibly give access to data in that account to the website you log in to. But that website has no access to any other site you logging in to with that Google, Facebook, LinkedIn, or whatever account. You only (partially) compromise your Google, Facebook, LinkedIn, or whatever account. The sites you log in to also have zero knowledge about your credentials,
That's what I'd hope for. But how can you be sure that this login page where you enter your credentials is actually served by Google/Facebook/etc? It's easy enough to fake this part, and for the web site to perform a MiM attack on your credentials. That's what these apps are apparently doing.
But you also need to use uBlock and Ghostery to block all those webbugs placed everywhere for Google, Facebook, LinkedIn, or whatever.
I haven't gone that far. I got a cookie self-destruct extension and ABP. Should help a lot - at least no more stray Facebook cookies they may track when I logged off (even though they claim they don't, rather make sure they can't). They'll have to try and profile my browser to know it's me - could be possible, still. Of course my IP is also not that random, it's dynamic and does change occasionally, every day or so.
The attack sounds quite obvious, thinking about it. Just fake the whole thing, and store the credentials in the process.
It's for me just another reason to avoid Google, Facebook, LinkedIn, or whatever login you can find on various web sites. I'd rather create a new account with unique password. Without direct link to any other web site, without giving them a chance to access to any of my info on the other web sites, without allowing Google and Facebook yet another vector of tracking me (why else are they offering that service?).
Someone using their Google credentials to log in to just about anything, has a big problem were there Google account to be compromised. All those sites suddenly become accessible. It maybe takes a bit of guesswork and luck from the attacker, but they already have the credentials. That's just no fun.
Admittedly the same could happen if my LastPass master password is compromised, but the chance of that is less as I know when to expect to have to enter it. It's a whole lot harder for any software to fake this. I bet it's not impossible, just much harder than setting up a genuine looking web site or app and asking me for it.
Correct me if I'm wrong here, but Google doesn't have to be involved AT ALL.
These folk are fishing for credentials, they're pretending to be a trustworthy web site, and pretend they're asking for Google credentials. This whole OAuth request is (can be) faked just as well. Just reject whatever the user inputs, after a few attempts they're likely to give up.
They could of course involve Google and actually use the given credentials behind the scenes to genuinely log in the user (doesn't look as suspect), all the while storing the credentials for later use. That would potentially make the attack work longer; the moment Google catches up it's on to plan B which is just storing the credentials (usually entered correctly anyway) and then telling the user the authentication failed.
The apps themselves may be distributed through the Google Play store - greater audience but high risk of being caught out - or through one of a myriad of alternative stores Google has no control over.
I guessed already I was simplifying a bit too much but the point is the data is there, unencrypted, it's a matter of tapping the signal, and pretending you're the display. Probably not easy but for sure it can be done, without dismantling a display: just have a word with the manufacturer to obtain some part. As they're all in China I'm sure you will be able to find one that can sell you the parts.
It will be quite the project but it takes just one determined hacker to get it done.
What's to stop authorities from planting evidence in case of a physical type of search, like when they have a warrant to search someone's home? Somehow it doesn't seem to be an issue, at least for the US police force, or the police of (most) other developed countries.
In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an e[n]crypted stream that only the screen can decrypt. You can only use a *cam* to record the actual screen as suggested above, not the stream itself.
Wouldn't it be possible to take apart a screen, remove the display unit, and connect the wiring that normally goes to the display to some kind of recording device? At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.
If I understand it correctly: any app that shows ads is a potential beacon. Not just the 200 or so that record the sounds, it's the ads that emit the sounds. As long as you use an app with ads (like most apps have), and are near someone with one such listening apps on their device, you may be tracked ultrasonically.
Slashdot Mirror
You've got to do something. You can do air traffic: relative small number of people, very well defined checkpoints, and a security mindset in place already.
Doing airport level security for concerts is much harder due to the great number of people that arrive within a very short time span. Also more costly as other than that one hour a week before the concert begins, all equipment is idle.
The bigger the package, the bigger the bomb that can be hidden in it. And as we all know, the bigger the bomb, the bigger the boom.
Here all plans come with voicemail service by default, but it must have been nearly a decade since anyone left me a voicemail, or since I left one. Nobody uses it. The last voicemails that I ever got were recorded ads - ads that start playing the moment the line is connected, so the voicemail recording starts somewhere midway the message.
I should check my phone to see whether I have voicemail even enabled. It probably is. If ever I get a voicemail, I hope the notification includes instructions on how to listen to it because otherwise I wouldn't know - and likely be too lazy to find out. Voicemail is passé, that's what WhatsApp is for nowadays.
they have to. Because it's taken as a truism in business that companies must do everything in their power up to the limits of legality to advance the shareholder's interests.
That statement is so yesterday. "Limits of legality" don't apply any more. Prime example: Uber, but they're just the most high-profile of the many companies that just don't care about what's legal and what's not.
The horsepower is the easy part (that's electric's strength). Maximum torque at low rpm. It's range you're looking for, and with cars getting good ranges with little more battery pack than their gas counterpart's gas tank, that's pretty promising for trucks.
How does your "need to own a car" clash with cars becoming electric and self-driving? That's a plus for you, less time wasted driving from A to B as you can spend your time doing something more useful.
The range is also such a non-issue. There are few if any places in the world where you would need that much range (maybe the Australian outback). Drive that 100 miles to the mall and back, twice in a row, and you're still not out of power with modern batteries. Now if you're actually going shopping at that mall your car is sitting idle - sucking up fresh electricity, of course. Why wait until your battery is nearly empty before refueling?
Truck drivers have their mandatory breaks. I don't think they're even allowed to do 400 miles non stop. Just use each and every of those 15-20 minute stops to top up the batteries.
A place that's 40 minutes outside of town by car, is considered "far away" by them and they find it hard to grasp the immediate freedom that a car affords you.
That's what taxis are for. Seriously. I don't have a car, and for those faraway places that are out of reach of public transit you just take a taxi. Much cheaper than maintaining your own car.
Gasoline won over steam power because it was cheaper and better. Electric will win over gasoline because it is cheaper and better.
Interestingly, in between steam and gasoline was electric. It didn't last long, gasoline took over quickly, some 150 years ago cars were electric.
One of the main obstacles must have been the batteries.
There is very little relationship between "the oil price" (which is actually about a very specific, rather high grade of crude) and how much you pay for gasoline at the pump. The per-barrel price may double, yet the pump price barely changes. It's the processing, distribution and local taxes that determine the price.
Maybe all those researchers will have to leave the US to go work in freer parts of the word - like China , or even Europe- where they can develop their products without such risks.
VR for all - except the US!
In most airports they confiscate lighters at the security gates...
A sadder part of this security theatre: a few weeks ago when boarding a flight from Taiwan my father had to hand in the scissors of his first aid kit, which happened to be in his hand luggage. Short (about 5 cm blades) with round tips. Apparently a dangerous weapon.
It was sad to see how many much more dangerous weapons were sold after security.
First I noticed make-up kits, with glass mirrors. Makes for nice sharp shards.
Second chopsticks. Combined with a piece of sandpaper like those paper nail buffing boards it can make for a nice piercing weapon.
Then I realised they also sell big glass bottles, usually with some alcoholic substances in it. Break the bottom off of them, and they become pretty nasty weapons - popular in bar fights as well.
And finally we got nice metal cutlery on the flights. Even those knives (and the pointy forks!) looked more dangerous to me than those scissors. Or a bottle of water, for that matter.
I'm sure there are a lot more of these "innocent" items for sale, that can be turned into weapons in the blink of an eye. I just haven't thought about it really, I just looked around a bit while wondering why he had to hand in those scissors. A dedicated criminal would for sure be able to find many other options.
So why again aren't we allowed to bring small scissors? Security theatre optima forma!
No need. All those Americans wanting to get back home are going to suffer the same restrictions.
Already working, no computers needed. Check out Ho Chi Minh City, old Saigon, a city of 8+ million people, 10 million motorcyclesâ, and about two dozen traffic lights.
Is that intentional, or due to other causes such as lack of money or an incompetent highways department?
What stops this would be attacker from obtaining a certificate for whatever phishing domain they register?
This green lock is no guarantee you are on the site you think you are. You'll have to open it and check the certificate details. Too much work for what I'd estimate at about 99.99% of the average computer users.
Ideally, people could run password managers on their PC's (optionally mirrored and encrypted in "the Cloud") that use a standardized web interface to talk to websites so you only remember your one manager password. But that requires a lot of different people working together to make that "the standard."
Ever heard of LastPass? That is doing exactly as you describe. Encrypted, mirrored in "the cloud", available from any device, autofill passwords, autologin most sites (so even easier than using a Facebook or Google login - especially as I'm not always logged in to those sites), can create and autofill random passwords for you, etc. There are more such password managers; no need for a worldwide standard to be able to use them conveniently. Having fields called "username" and "password" or so will do the job for the autofill.
Added bonus: it will log you in to google.com but not go0gle.com or so. With UTF-8 domain names there are lots of letter lookalikes, which easily fool a human but not a computer.
That's not true. You authenticate via Google, Facebook, LinkedIn, or whatever, and possibly give access to data in that account to the website you log in to. But that website has no access to any other site you logging in to with that Google, Facebook, LinkedIn, or whatever account. You only (partially) compromise your Google, Facebook, LinkedIn, or whatever account. The sites you log in to also have zero knowledge about your credentials,
That's what I'd hope for. But how can you be sure that this login page where you enter your credentials is actually served by Google/Facebook/etc? It's easy enough to fake this part, and for the web site to perform a MiM attack on your credentials. That's what these apps are apparently doing.
But you also need to use uBlock and Ghostery to block all those webbugs placed everywhere for Google, Facebook, LinkedIn, or whatever.
I haven't gone that far. I got a cookie self-destruct extension and ABP. Should help a lot - at least no more stray Facebook cookies they may track when I logged off (even though they claim they don't, rather make sure they can't). They'll have to try and profile my browser to know it's me - could be possible, still. Of course my IP is also not that random, it's dynamic and does change occasionally, every day or so.
The attack sounds quite obvious, thinking about it. Just fake the whole thing, and store the credentials in the process.
It's for me just another reason to avoid Google, Facebook, LinkedIn, or whatever login you can find on various web sites. I'd rather create a new account with unique password. Without direct link to any other web site, without giving them a chance to access to any of my info on the other web sites, without allowing Google and Facebook yet another vector of tracking me (why else are they offering that service?).
Someone using their Google credentials to log in to just about anything, has a big problem were there Google account to be compromised. All those sites suddenly become accessible. It maybe takes a bit of guesswork and luck from the attacker, but they already have the credentials. That's just no fun.
Admittedly the same could happen if my LastPass master password is compromised, but the chance of that is less as I know when to expect to have to enter it. It's a whole lot harder for any software to fake this. I bet it's not impossible, just much harder than setting up a genuine looking web site or app and asking me for it.
Correct me if I'm wrong here, but Google doesn't have to be involved AT ALL.
These folk are fishing for credentials, they're pretending to be a trustworthy web site, and pretend they're asking for Google credentials. This whole OAuth request is (can be) faked just as well. Just reject whatever the user inputs, after a few attempts they're likely to give up.
They could of course involve Google and actually use the given credentials behind the scenes to genuinely log in the user (doesn't look as suspect), all the while storing the credentials for later use. That would potentially make the attack work longer; the moment Google catches up it's on to plan B which is just storing the credentials (usually entered correctly anyway) and then telling the user the authentication failed.
The apps themselves may be distributed through the Google Play store - greater audience but high risk of being caught out - or through one of a myriad of alternative stores Google has no control over.
I guessed already I was simplifying a bit too much but the point is the data is there, unencrypted, it's a matter of tapping the signal, and pretending you're the display. Probably not easy but for sure it can be done, without dismantling a display: just have a word with the manufacturer to obtain some part. As they're all in China I'm sure you will be able to find one that can sell you the parts.
It will be quite the project but it takes just one determined hacker to get it done.
What's to stop authorities from planting evidence in case of a physical type of search, like when they have a warrant to search someone's home? Somehow it doesn't seem to be an issue, at least for the US police force, or the police of (most) other developed countries.
good stenography is undetectable.
Good stenography is perfectly readable - especially to the author.
What you're probably thinking of is the art of steganography, which is a very different thing.
In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an e[n]crypted stream that only the screen can decrypt.
You can only use a *cam* to record the actual screen as suggested above, not the stream itself.
Wouldn't it be possible to take apart a screen, remove the display unit, and connect the wiring that normally goes to the display to some kind of recording device? At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.
The ultimate analog hole.
If I understand it correctly: any app that shows ads is a potential beacon. Not just the 200 or so that record the sounds, it's the ads that emit the sounds. As long as you use an app with ads (like most apps have), and are near someone with one such listening apps on their device, you may be tracked ultrasonically.