Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.
They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.
I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.
If you have been living under a rock AND you cannot laugh at an innocent pop culture joke like this, you might not be aware that the next in the ongoing series of Avengers prequel movies came out this weekend and you should criticize this comment right away.
I'm just saying that sometimes twisting an audience's preconceptions by turning things upside-down can make for a good movie.
That would highly depend on who's the target audience. For the huge majority, I don't think that feeling uncomfortable about their preconceptions or getting the impression that a movie is sympathizing with Nazis would make them call it a good movie.For some minorities, in the other hand, it could well be acclaimed.
Which type of target (huge majority vs. some minority) an industry is more likely to choose?
To me, there's only one reason why blockbusters are blockbusters: they please a huge number of people willing to pay the theater price to watch it.
Hey, the expert is showing exactly how this type of vulnerability can "happen". Having experts like that on their investigation team shows exactly how well assisted Citigroup is regarding security.
It makes me wonder how many more vulnerabilities as "hard to prepare" as that one are there...
That, or maybe the "expert" is actually one of the hackers playing a double-prank on Citigroup. After all, he remained anonymous...
So what you're saying is that nobody, NOBODY, could think of an alternative such as:
- Please come over and copy the file into your preferred USB-based media. - Please send us your preferred USB-based media by mail, with prepaid return envelope, so we can send you a copy. - Please give us an external storage connected to the Internet so we can upload it by SFTP. -...
Instead, the solution they naturally came up with is:
- Print 24k pages, it's less expensive than uploading the original ELECTRONIC version somewhere. Anyone wishing a copy must come over and COPY them on their expense.
And that out of sheer ignorance or an attempt to profit? No malice at all?
And this somehow should not stain the image of this potential future candidate to president of the USA?
Would you please clarify if you're implying that Sarah Palin isn't following this release at all and that her subordinates took the, how to say... curious decision to waste 20000+ pages of paper instead of sharing a copy of the originally electronic format all by themselves?
If yes, how is this any less... strange on Sarah Palin for not asking the question herself on why it's being done so? If not, then what?
An untoward fear of death, avoidable only by trading away precious rights, is the mark of cowardice and denigrates the sacrifices of all those who understood that dying for your rights isn't worse than not having the rights.
That argument can be used anywhere. It's the same type of "emotionally supported" bull you criticize. For example, should the British had sent their last men to die fighting the insurgent Founding Fathers to defend their "right" to have a colony?
Would you die to defend the right to have a slave?
Some such rights may conflict with other people's rights, like to not be condemned to life on a wheelchair because of irresponsible people abusing such rights. A sane society may decide that certain individual rights are less important than other people's and revoke them.
The rightful defense of any right should show that it doesn't conflict with other people's rights, or why it's more important than other people's.
Yours looks like a selfish attempt to protect the status quo.
The freedom to be innocent before proven guilty. The freedom of illegal searches and seizures. The freedom to not be stopped for no reason and explain what you're doing.
None of these freedoms are hurt by any of this. You're still innocent (if you're not drunk). There's no illegal search or seizure and you're not asked to explain what you're doing, just show that your alcohol levels are acceptable for driving, because there's no license plate that does it for you.
The idea that you need to stop everyone and check everyone is absurd.
Only if you're a Natural Selection extremist*. To all others, the annoyance of this 5 minute stop is worth avoiding some nasty accidents.
* Natural Selection extremist: let life alone select who's fit to live.
I'm not a fan of Apple's policies, but I'm shocked at the selfishness of most comments.
The idea of limiting alcohol consumption before driving is to avoid accidents. The idea of these devices is to help enforce such limits.
Regardless of the info existing, being legal or illegal, if you know exactly where these devices are, how likely are you going to respect the limits instead of just avoiding the devices?
What kind of freedom is really being defended here?
No, but it's still stupid in that all you do is pay people according to their popularity, and give no consideration to what works are actually being read by specific people.
Er, yeah, that is how government works. We do things collectively and not everyone uses every service or benefits from every project. If they build a road in a different city to the one you live in do you get upset about your tax dollars being spent with no regard from who they came from?
Not only that, but the current model (revenue based on number of books sold) does exactly that: favors popularity.
Unless gstoddart thinks that today, somehow, somebody who sells only one book can have a revenue compatible with a best seller?
I'm pretty sure that installing software when a CD is inserted, for the purposes of copyright protection, however failworthy and undesirable... is not hacking. Not even when you falsely apply the 'rootkit' label to that particular software and somehow by association will it into being a 'hack'.
Geepers, thank you for clearing that out. I was so sure that such kind of practice (secretly installing software with backdoors on other people's computers) was called hacking, and the vector was called Trojan horse...
What about it? He comes and goes to the wheelchair every few years in the comics. Maybe there will be an X-Men: Space Class with the Xiar and he'll walk again...
RMS is willing to accept conditions on his travel and speaking plans that he would find completely unacceptable in software.
I'd have the EXACT same position if you swapped the roles of the Palestinians and Israelis, or if it were two other random groups who happen to be geographically proximate and don't like each other.
At least that's coherent.
The weak link in this parallel is that these Palestinians are not prohibiting him from passing on his message. Anyone can still read and probably listen to his positions on free software online or make their own arrangements to have him in person.
Transposing that to software would be like paying him for delivering free software on your doorstep, in person, and hearing that your money would be paying for the same delivery to your disaffection who can very well pay for their own hard copies or negotiate sharing the fees.
Because some Palestinians invited him to speak and are paying for all his expenses. Because some Palestinians are not happy that their money would end up funding his speaks in Israel and would rather not pay anything if he chooses to do so. Because some Israeli can make arrangements for another visit (but instead insist in playing the hypocrisy card). Considering that if he accepts the Palestinian terms he will do what was originally agreed: talk to these Palestinians. Considering that if he doesn't accept the terms he wouldn't go to Israel anyway.
And I'm sure you can do some research and find cases where some such power-editors had strange reasons to veto some articles/changes/people.
If that is true then you must ask yourself why those who criticize wikipedia and make wild claims regarding prepotent administrators never manage to point out a single case where that took place.(...)
Sigh. I've already checked, you could have done it too. That's what I meant with my original statement. Here. One interesting example.
The most important thing to retain is that this kind of problem should not be a surprise. As I said before, nothing is perfect. Abuse of power exists wherever there is power. But if this kind of problem only affects a fairly small percentage of articles/people, it's far from being a reason to discredit the whole system.
Internet? Heck, make our Planet a World Wonder. It changed our lives since day 0, had been around for longer than we had, still got plenty of wonderful things unknown to us...
Although I agree to most of your points, I have a hard time believing that you don't understand people's references to "editors" as meaning those which are part of the "inner circle" with special powers to do things like locking articles or banning people.
And I'm sure you can do some research and find cases where some such power-editors had strange reasons to veto some articles/changes/people.
That said, I find it hard to believe that I'm the only person who trusts Wikipedia for one of my first sources of general knowledge. Or the only person who finds its drawbacks not worse than those of any encyclopedia but its advantages a lot, lot greater.
I'm sorry for those who tried to contribute and had problems. Nothing is perfect, not even any of the already chosen World Wonders.
I do believe that Wikipedia is one of the greatest assets that humanity got today and its usefulness is infinitely bigger than all World Wonders combined.
Slashdot Mirror
Except in Soviet Russia...
Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.
They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.
I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.
Hey! I have a better one!
If you have been living under a rock AND you cannot laugh at an innocent pop culture joke like this , you might not be aware that the next in the ongoing series of Avengers prequel movies came out this weekend and you should criticize this comment right away .
I'm just saying that sometimes twisting an audience's preconceptions by turning things upside-down can make for a good movie.
That would highly depend on who's the target audience. For the huge majority, I don't think that feeling uncomfortable about their preconceptions or getting the impression that a movie is sympathizing with Nazis would make them call it a good movie.For some minorities, in the other hand, it could well be acclaimed.
Which type of target (huge majority vs. some minority) an industry is more likely to choose?
To me, there's only one reason why blockbusters are blockbusters: they please a huge number of people willing to pay the theater price to watch it.
Well, (-1, Overrated) works pretty well as a defense against those types.
Wouldn't that be -1 Overreacted?
And isn't this thread a -1 Offtopic already? :)
Interesting line of defense... "Sir, that's not my email! It must have been planted by a hacker!"
And the worst part is that it could raise a reasonable doubt.
And hopefully the EFF.
By the way nedlohs, remind me to never trade with you.
Hey, the expert is showing exactly how this type of vulnerability can "happen". Having experts like that on their investigation team shows exactly how well assisted Citigroup is regarding security.
It makes me wonder how many more vulnerabilities as "hard to prepare" as that one are there...
That, or maybe the "expert" is actually one of the hackers playing a double-prank on Citigroup. After all, he remained anonymous...
So what you're saying is that nobody, NOBODY, could think of an alternative such as:
- Please come over and copy the file into your preferred USB-based media. ...
- Please send us your preferred USB-based media by mail, with prepaid return envelope, so we can send you a copy.
- Please give us an external storage connected to the Internet so we can upload it by SFTP.
-
Instead, the solution they naturally came up with is:
- Print 24k pages, it's less expensive than uploading the original ELECTRONIC version somewhere. Anyone wishing a copy must come over and COPY them on their expense.
And that out of sheer ignorance or an attempt to profit? No malice at all?
And this somehow should not stain the image of this potential future candidate to president of the USA?
Would you please clarify if you're implying that Sarah Palin isn't following this release at all and that her subordinates took the, how to say... curious decision to waste 20000+ pages of paper instead of sharing a copy of the originally electronic format all by themselves?
If yes, how is this any less... strange on Sarah Palin for not asking the question herself on why it's being done so?
If not, then what?
Thank you.
An untoward fear of death, avoidable only by trading away precious rights, is the mark of cowardice and denigrates the sacrifices of all those who understood that dying for your rights isn't worse than not having the rights.
That argument can be used anywhere. It's the same type of "emotionally supported" bull you criticize. For example, should the British had sent their last men to die fighting the insurgent Founding Fathers to defend their "right" to have a colony?
Would you die to defend the right to have a slave?
Some such rights may conflict with other people's rights, like to not be condemned to life on a wheelchair because of irresponsible people abusing such rights. A sane society may decide that certain individual rights are less important than other people's and revoke them.
The rightful defense of any right should show that it doesn't conflict with other people's rights, or why it's more important than other people's.
Yours looks like a selfish attempt to protect the status quo.
The freedom to be innocent before proven guilty. The freedom of illegal searches and seizures. The freedom to not be stopped for no reason and explain what you're doing.
None of these freedoms are hurt by any of this. You're still innocent (if you're not drunk). There's no illegal search or seizure and you're not asked to explain what you're doing, just show that your alcohol levels are acceptable for driving, because there's no license plate that does it for you.
The idea that you need to stop everyone and check everyone is absurd.
Only if you're a Natural Selection extremist*. To all others, the annoyance of this 5 minute stop is worth avoiding some nasty accidents.
* Natural Selection extremist: let life alone select who's fit to live.
And it seemed to appeal to the right public...
I'm not a fan of Apple's policies, but I'm shocked at the selfishness of most comments.
The idea of limiting alcohol consumption before driving is to avoid accidents. The idea of these devices is to help enforce such limits.
Regardless of the info existing, being legal or illegal, if you know exactly where these devices are, how likely are you going to respect the limits instead of just avoiding the devices?
What kind of freedom is really being defended here?
No, but it's still stupid in that all you do is pay people according to their popularity, and give no consideration to what works are actually being read by specific people.
Er, yeah, that is how government works. We do things collectively and not everyone uses every service or benefits from every project. If they build a road in a different city to the one you live in do you get upset about your tax dollars being spent with no regard from who they came from?
Not only that, but the current model (revenue based on number of books sold) does exactly that: favors popularity.
Unless gstoddart thinks that today, somehow, somebody who sells only one book can have a revenue compatible with a best seller?
I'm pretty sure that installing software when a CD is inserted, for the purposes of copyright protection, however failworthy and undesirable... is not hacking. Not even when you falsely apply the 'rootkit' label to that particular software and somehow by association will it into being a 'hack'.
Geepers, thank you for clearing that out. I was so sure that such kind of practice (secretly installing software with backdoors on other people's computers) was called hacking, and the vector was called Trojan horse...
What about it? He comes and goes to the wheelchair every few years in the comics. Maybe there will be an X-Men: Space Class with the Xiar and he'll walk again...
RMS is willing to accept conditions on his travel and speaking plans that he would find completely unacceptable in software.
I'd have the EXACT same position if you swapped the roles of the Palestinians and Israelis, or if it were two other random groups who happen to be geographically proximate and don't like each other.
At least that's coherent.
The weak link in this parallel is that these Palestinians are not prohibiting him from passing on his message. Anyone can still read and probably listen to his positions on free software online or make their own arrangements to have him in person.
Transposing that to software would be like paying him for delivering free software on your doorstep, in person, and hearing that your money would be paying for the same delivery to your disaffection who can very well pay for their own hard copies or negotiate sharing the fees.
Let me get this straight.
Because some Palestinians invited him to speak and are paying for all his expenses.
Because some Palestinians are not happy that their money would end up funding his speaks in Israel and would rather not pay anything if he chooses to do so.
Because some Israeli can make arrangements for another visit (but instead insist in playing the hypocrisy card).
Considering that if he accepts the Palestinian terms he will do what was originally agreed: talk to these Palestinians.
Considering that if he doesn't accept the terms he wouldn't go to Israel anyway.
Because of all that, he's hypocritical?
I'm baffled by this kind of logic.
And I'm sure you can do some research and find cases where some such power-editors had strange reasons to veto some articles/changes/people.
If that is true then you must ask yourself why those who criticize wikipedia and make wild claims regarding prepotent administrators never manage to point out a single case where that took place.(...)
Sigh. I've already checked, you could have done it too. That's what I meant with my original statement. Here. One interesting example.
The most important thing to retain is that this kind of problem should not be a surprise. As I said before, nothing is perfect. Abuse of power exists wherever there is power. But if this kind of problem only affects a fairly small percentage of articles/people, it's far from being a reason to discredit the whole system.
Here are some more interesting reading.
I'm sorry, I don't have mod points, only these: ++++++++++++
Short term vs. long term.
Internet? Heck, make our Planet a World Wonder. It changed our lives since day 0, had been around for longer than we had, still got plenty of wonderful things unknown to us...
Now, back to the topic...
Although I agree to most of your points, I have a hard time believing that you don't understand people's references to "editors" as meaning those which are part of the "inner circle" with special powers to do things like locking articles or banning people.
And I'm sure you can do some research and find cases where some such power-editors had strange reasons to veto some articles/changes/people.
That said, I find it hard to believe that I'm the only person who trusts Wikipedia for one of my first sources of general knowledge. Or the only person who finds its drawbacks not worse than those of any encyclopedia but its advantages a lot, lot greater.
I'm sorry for those who tried to contribute and had problems. Nothing is perfect, not even any of the already chosen World Wonders.
I do believe that Wikipedia is one of the greatest assets that humanity got today and its usefulness is infinitely bigger than all World Wonders combined.
If I understand the critic correctly, the alternative would be to put each and every decision taken by the government to a national ballot.
Are you complaining that (1) there are no options (all current politicians are bad) or (2) people choose the bad ones?
If it's (1), make yourself a candidate... do you think "new" politicians will magically appear just because you wish them to?
If it's (2), sorry, but that's democracy.