It depends on the encryption being unbreakable. If it's possible to break the encryption you can get a passport-valid photo, fingerprints, social security id, and other personal identifiable information. It's a gold mine for identity thieves, and you only need to be close enough to read it.
Just searching google gives a clear indication that the encryption is breakable.
It might make the Passport safer, but it's certainly not preventing identity theft.
1) Get an HackRF
2) Create a script that detects drones
3) Inject random flight commands
4) ??
5) Profit!
:)
Severity not understood by media or most people
on
Hacking USB Firmware
·
· Score: 3, Insightful
This is slashdot and even here many people do not understand what this is all about.
People tend to think it's only a virus that is written to a flashdrive and it's not really that new or big of a threat, or that someone will create a usb-"firewall".
The fact that this vulnerability can be exploited in so many different ways, and even be persistent on a computer after infection (internal usb devices like webcam can be infected) makes it almost impossible to mitigate
And when a system is compromised all internal usb controllers can be infected (Webcam, SD card reader, etc).
So reinstalling a system after a breach is not enough anymore...
Well they did do some amazing stuff. Like the obelisks. 30 meter granite so perfectly carved that is stands upright on its own. Without any powertools...
Listening to the Ancient Egypt lectures by Prof. Bob Brier I got the impression that farmers built pyramids during the time when the Nile flooded. It flooded every year and farmers didn't really have that much to do then.
Not as slaves, but as a tribute to the current ruling Pharao
On a side note: I think it's pretty amazing that these pyramids where built almost 4500 years ago and are still standing. They where the tallest man-made structure until the Eiffel tower was built in 1887.
I tried using SpiderOak, but it was a bit too slow for me atm. What I really needed was a off-site backup, so I ended up with Amazon Glacier with client side encryption. Can't beat the price:)
I have dropbox too, and it's ok for it's use. Just have to realize that everything you upload to them is not private anymore.
I wish more services did secure by default and option to reduce security for wanted features.
I'd argue that _not_ using Amazon would give the business a bit more control.
Also; computers are usually replaced based on service rather than performance these days. If a company buys a dell laptop with 3 years on site service, then it's most likelly replaced after 3 years just because it need a SLA to go with it. And a new computer with SLA cost almost the same as an old computer with SLA.
The real problem is with the x86 architecture. As long as it's possible to hijack threads and inject code to running processes it doesn't matter what the filesystem allows or not.
Creating a secure system would need a different architecture to begin with. the way stack is handled in x86 is just asking for buffer overflow exploits.
I wonder if the flash-BIOS-procedure is part of the firmware that are being replaced when flashing. Then you might actually prevent any reflashing of BIOS. Or just extract the version number for the new flash to make it look like the update was done.
Don't be so negative about someone trying to get more people to run a linux installation.
Most people would never get a Pentium 4 for free and then start installing and configuring a webserver on it
But buying a ready configured Raspberry Pi and pluggin it in.. that is doable for many.
The obvious benefints are less noise, power usage, space needed and the ability to hide it behind the TV.
But don't underestimate the amount of PR a project like this could get.
I'm capable to both configure and run a server, but as I see it this should be solved in a different way than just run a full home server. I wouldn't want to run a server for everyone, and most people can't do it themselves. So it would need to be something a bit simpler.
Keeping it simple enough that enyone could just plug a device like this into their network and have everything just work.
Preferably without too much framework software. Running gigabytes of software to do something this simple is just a security risk.
But as you say, If something like this became successfull it would be a target for google, facebook and quite a few other companies.
btw:
I'm a professional developer and I run Gentoo as my main OS on my laptop:)
I've been thinking about setting up a home server for some time now, but then I took a step back and think about what I really wanted to achieve.
What I really would like (I'm not on facebook) is a simple way to share information with my family (who lives all over the country) and friends. And I'd prefer it not be hosted on the internet or with a company that makes money of my information.
Just a simple way to share information with a select few people.
A full fledge home server would be overkill, and it would have to serve as a host to others in my family also. That would be too much work.
But a raspberry pi in each home, working as something inbetween a home server and just a vpn with some bells and whistles might do the trick.
Maybe it's time to start coding something at home again:)
If this, or anything simmilar, becomes a success then Comcast might just have to adjust their TOS:)
Where I live it is fairly common to use VPN into your home network, so if they scan open ports they will find one. But it seems like they don't really care as long as you don't use it for comercial purposes. But it's not Comcast..
That is true and a good point.
I know people like to bash./ (pun intended), but it's actually amazing that it's possible to have a discussion on religion online these days. The article is mostly flamebait and some of the comments aswell. But I see some really excellent comments here and perspectives that I didn't think of before.
It's a way to explain people how to live, yes, but I wouldn't call people stupid/ignorant bacuse of it. Living in a society you need common rules/laws and those rules needs to be explained and taught.
I think that "be nice and don't hurt others" was an original purpose as well.
It's a creative way to make "laws" that apply to all people. Soldiers, rulers and farmers. In theory at least.
We had a professor who started out writing all kinds of stuff on the board, and after a while he asked if we had written it down.
Most of us said: "Yes"
He then asked: "Why?"
Then he proceeded to tell us that he had written down random stuff that had nothing to do with the topic. The point of this exercise was to make us think about what we wrote down. Write it down in our own language and ask questions if we don't understand something. Because if we didn't understand it during the lecture, we wouldn't understand it when reviewing notes later on.
I used to think that myself. But then I started researching some facts and now I'm not so sure.
Calories used to be calculated based on how much heat it produced when burned. Since we don't crap ashes it would seem that this process is a bit inaccurate.
Also; the body needs some fattcy acids (ex. Omega-3) that it can't produce itself. What happens when the food you eat contains these acids? are they converted to energy or are they being used in a different manner?
I don't think this is as simple as some people think.
It seems tuffmail had the same issue at aprox the same time, but they doesn't seem to be located on the same network as slashdot. http://status.tuffmail.net/
That is true. They probable need to adjust the pricing a bit before hitting the US marked.
The reason for my comment was to highlight that the marked in Norway is very different from the US marked. And these figures is probably taken from the initial buisnesscase in Norway.
There are more factors than just economy and enviromental issues. You have several perks as an electric-car driver in Norway:
1) Free parking downtown (not inkluding privatly owned parkinspaces)
2) No yearly fee (aprox. $500/year for regular cars)
3) You can drive in the special taxi/bus-lane, and thus save yourself time in rush-hour traffic
4) No fee to enter the major cities (20NOK/$3.5 to drive into cities).
5) Many of the bigger malls/shoppingcenters provide free electricity while parking (no parkingfee either).
Slashdot Mirror
It depends on the encryption being unbreakable. If it's possible to break the encryption you can get a passport-valid photo, fingerprints, social security id, and other personal identifiable information. It's a gold mine for identity thieves, and you only need to be close enough to read it. Just searching google gives a clear indication that the encryption is breakable.
It might make the Passport safer, but it's certainly not preventing identity theft.
How about we stop using RFID to transfer important (identity theft type) data?
1) Get an HackRF
:)
2) Create a script that detects drones
3) Inject random flight commands
4) ??
5) Profit!
This is slashdot and even here many people do not understand what this is all about.
People tend to think it's only a virus that is written to a flashdrive and it's not really that new or big of a threat, or that someone will create a usb-"firewall".
The fact that this vulnerability can be exploited in so many different ways, and even be persistent on a computer after infection (internal usb devices like webcam can be infected) makes it almost impossible to mitigate
And when a system is compromised all internal usb controllers can be infected (Webcam, SD card reader, etc).
So reinstalling a system after a breach is not enough anymore...
Well they did do some amazing stuff. Like the obelisks. 30 meter granite so perfectly carved that is stands upright on its own. Without any powertools...
Listening to the Ancient Egypt lectures by Prof. Bob Brier I got the impression that farmers built pyramids during the time when the Nile flooded. It flooded every year and farmers didn't really have that much to do then.
Not as slaves, but as a tribute to the current ruling Pharao
On a side note: I think it's pretty amazing that these pyramids where built almost 4500 years ago and are still standing. They where the tallest man-made structure until the Eiffel tower was built in 1887.
I tried using SpiderOak, but it was a bit too slow for me atm. What I really needed was a off-site backup, so I ended up with Amazon Glacier with client side encryption. Can't beat the price :)
I have dropbox too, and it's ok for it's use. Just have to realize that everything you upload to them is not private anymore.
I wish more services did secure by default and option to reduce security for wanted features.
"Then again, we have another law that lets women go topless on hot days."
You need a law that let you do things?
That is scary.
Control by the business or by Amazon?
I'd argue that _not_ using Amazon would give the business a bit more control.
Also; computers are usually replaced based on service rather than performance these days. If a company buys a dell laptop with 3 years on site service, then it's most likelly replaced after 3 years just because it need a SLA to go with it. And a new computer with SLA cost almost the same as an old computer with SLA.
The real problem is with the x86 architecture. As long as it's possible to hijack threads and inject code to running processes it doesn't matter what the filesystem allows or not.
Creating a secure system would need a different architecture to begin with. the way stack is handled in x86 is just asking for buffer overflow exploits.
Actually, if I remember correclty, you can change a dll after it has been signed. At least for everything in .net.
As shown by Jon Mccoy here:
http://vimeo.com/43536532
I wonder if the flash-BIOS-procedure is part of the firmware that are being replaced when flashing. Then you might actually prevent any reflashing of BIOS. Or just extract the version number for the new flash to make it look like the update was done.
Don't be so negative about someone trying to get more people to run a linux installation.
Most people would never get a Pentium 4 for free and then start installing and configuring a webserver on it
But buying a ready configured Raspberry Pi and pluggin it in.. that is doable for many.
The obvious benefints are less noise, power usage, space needed and the ability to hide it behind the TV.
But don't underestimate the amount of PR a project like this could get.
How do they define "server"?
It is any open port? even VPN into your router?
I'm capable to both configure and run a server, but as I see it this should be solved in a different way than just run a full home server. I wouldn't want to run a server for everyone, and most people can't do it themselves. So it would need to be something a bit simpler.
:)
Keeping it simple enough that enyone could just plug a device like this into their network and have everything just work.
Preferably without too much framework software. Running gigabytes of software to do something this simple is just a security risk.
But as you say, If something like this became successfull it would be a target for google, facebook and quite a few other companies.
btw:
I'm a professional developer and I run Gentoo as my main OS on my laptop
I've been thinking about setting up a home server for some time now, but then I took a step back and think about what I really wanted to achieve. What I really would like (I'm not on facebook) is a simple way to share information with my family (who lives all over the country) and friends. And I'd prefer it not be hosted on the internet or with a company that makes money of my information.
:)
Just a simple way to share information with a select few people.
A full fledge home server would be overkill, and it would have to serve as a host to others in my family also. That would be too much work. But a raspberry pi in each home, working as something inbetween a home server and just a vpn with some bells and whistles might do the trick.
Maybe it's time to start coding something at home again
If this, or anything simmilar, becomes a success then Comcast might just have to adjust their TOS :)
Where I live it is fairly common to use VPN into your home network, so if they scan open ports they will find one. But it seems like they don't really care as long as you don't use it for comercial purposes. But it's not Comcast..
That is true and a good point. I know people like to bash ./ (pun intended), but it's actually amazing that it's possible to have a discussion on religion online these days. The article is mostly flamebait and some of the comments aswell. But I see some really excellent comments here and perspectives that I didn't think of before.
It's a way to explain people how to live, yes, but I wouldn't call people stupid/ignorant bacuse of it. Living in a society you need common rules/laws and those rules needs to be explained and taught.
I think that "be nice and don't hurt others" was an original purpose as well. It's a creative way to make "laws" that apply to all people. Soldiers, rulers and farmers. In theory at least.
We had a professor who started out writing all kinds of stuff on the board, and after a while he asked if we had written it down.
Most of us said: "Yes"
He then asked: "Why?"
Then he proceeded to tell us that he had written down random stuff that had nothing to do with the topic. The point of this exercise was to make us think about what we wrote down. Write it down in our own language and ask questions if we don't understand something. Because if we didn't understand it during the lecture, we wouldn't understand it when reviewing notes later on.
Helped me a lot.
I used to think that myself. But then I started researching some facts and now I'm not so sure. Calories used to be calculated based on how much heat it produced when burned. Since we don't crap ashes it would seem that this process is a bit inaccurate.
Also; the body needs some fattcy acids (ex. Omega-3) that it can't produce itself. What happens when the food you eat contains these acids? are they converted to energy or are they being used in a different manner?
I don't think this is as simple as some people think.
It seems tuffmail had the same issue at aprox the same time, but they doesn't seem to be located on the same network as slashdot.
http://status.tuffmail.net/
I find that a bit odd.
That is true. They probable need to adjust the pricing a bit before hitting the US marked.
The reason for my comment was to highlight that the marked in Norway is very different from the US marked. And these figures is probably taken from the initial buisnesscase in Norway.
There are more factors than just economy and enviromental issues. You have several perks as an electric-car driver in Norway:
1) Free parking downtown (not inkluding privatly owned parkinspaces)
2) No yearly fee (aprox. $500/year for regular cars)
3) You can drive in the special taxi/bus-lane, and thus save yourself time in rush-hour traffic
4) No fee to enter the major cities (20NOK/$3.5 to drive into cities). 5) Many of the bigger malls/shoppingcenters provide free electricity while parking (no parkingfee either).