I'm pretty sure the Air Force doesn't give a flying fcuk whether or not the firmware's illegal.
Right, because they do whatever they want. Obviously you've never worked for the DoD so im not sure what you're basing your assumption on.
It's not like Sony has the balls to sue them (and by extension, the US Government) for it...
Yeah...because no-one ever sued the US government did they.
You're right, I haven't, so I'm just basing it on them being given leniency due to their 'role in protecting the nation and the insignificant nature of the crime committed'. Yes, I do think hacking a bunch of PS3s they bought so should be free to do with them as they please, is an insignificant 'crime'.
As for suing the government, yes, I know it happened several times, but most of the time for breaches of human rights (the voting rights and other equality cases spring to mind), not for copyright infringement, and especially not a in a lawsuit against the armed forces. I'm not that intimately familiar with US law, but in Hungary, members the armed forces can only be brought to court in a military court, and I'm not sure that has the laws to deal with a copyright infringement case in the first place...
I'm pretty sure the Air Force doesn't give a flying fcuk whether or not the firmware's illegal. It's not like Sony has the balls to sue them (and by extension, the US Government) for it...
This is why i don't understand that so many people are so obsessed with the idea of running homebrew or emulators or w/e on their consoles...
Why can't you just use your PC? Everything you need is available there...
But maybe not at 'maximum power'. The PS3's Cell processor is ideal for parallel applications, such as code breaking, or massive number crunching. The US military used to have a cluster of PS3's running Linux for massively parallel computation before Sony nixed the option. Maybe they'll download Kakaroto's firmware, if the haven't figured out the root key by themselves already.
I was referring to longer distance as in intercontinental. Ideally, one landmass can be covered with the access points that form the mesh, so no landlines would be needed, with the APs passing the connections among each other wirelessly or via privately laid landlines. This way, only intercontinental connections are problematic to implement.
I believe radio that can be bounced from the ionosphere to reach over the horizon would be prohibitively expensive, as well as slow and jammable.
In which case, unless we accept insular communities, this might not really work out. Any suggestions to improve?
My two cents would be a re-implementation of Freenet.
People who want to use it set up an access point that patches into a wireless p2p network, and lets the machines interconnect, strictly via the freenet protocol, which is sandboxed in the client-server (to keep unwanted attacks out). For longer distance connection, at the expense of speed, a regular phone line could be used, with modems at both ends. The server runs a directory of logically (therefore geographically) neighboring nodes, and replicates a global directory, showing which site is available on which nodes, as well as replicating part of the content to ensure redundancy. The client looks up the nodes serving the requested content from the directory, and pulls in the content from as many nodes as possible (to avoid overloading any given link in the network).
This should form a fully connected graph, which also makes it highly redundant, as a downed access point can be simply routed around as long as there's another one in range, and the content is distributed in the entire cloud along with routing information, making it as decentralized as possible, ensuring that no single entity can control the network.
DISCLAIMER: I am not a network engineer, but I take full responsibility for any errors/flaws/fallacies in the description given above. Tear it apart, Slashdot!
From nations such as China ignoring our IP to bigger International Corporations roping off the industry to prevent newcomers from competing; I'd say the whole damn system is just broken. I think many of us can agree to that. The real question is, what can we replace it with? Or, should be just drop the whole damn thing and hope for the best? I tend to think the latter, I'm not 100% sure about that.
I say first off, nuke the entire backlog of patents the office has with a REJECTED stamp, then hire some competent workforce, who actually check the background and decide whether it's actually new or even if new, not obvious. If obvious, kill it with fire, regardless of who filed it.
If shit hits the ceiling fan, I'm gonna be seeking out V and helping him throttle our PM. Lacking a V, I'll get one of those masks from Anonymous, as much as I despise them...
Being another Hungarian, I am sort of two minds regarding this act.
On the one hand, it is certainly a step away from democracy, and a rather large one at that. The government, already piling mistake upon mistake, could not have chosen a worse time to pass this act: the first day of our European Union presidency will go down in memory as 'The day censorship was reinstated', even after Angela Merkel voiced concerns that Hungary might not be ready for the presidency after passing such laws.
On the other hand, the law seems to be at least partially unenforceable: granted, the Media Authority has the power to "order the suspension of broadcasting", but given that while the government does own the airwaves, it does not, by definition, own the internet. Thus, this power cannot be exercised, even though failure to comply may result in the a de facto ban as the broadcaster is stricken from the national registry (but will probably be able to continue its activities online). Not to mention that jurisdiction on the internet seems to be a gray area even today. There exist no codified laws or practices on where a lawsuit may be brought against online entities: in the jurisdiction where the server resides, where the entity is headquartered, or where the offender or offended is?
On the gripping hand, however, this is hardly a relief for those news outlets that still depend on printed press, which, to my knowledge, include all media organs with the exception of two larger online news portals. Also of note is the fact that fines may be appealed, as is customary... after they were paid. This will likely encourage self-censorship, as it will be significantly easier to comply with the regulations than to pay the fine, then go through legal trouble to potentially lose the lawsuit.
While these measures are certainly harsh, I am glad that we are not yet anywhere near the level of China or Iran. Although, with our drunk-on-power prime minister and his loyal-to-a-fault followers, that may yet come to pass in the new constitution to be approved this year.
A disclaimer regarding any judicial inaccuracies: I am not a lawyer, and have only taken introductory law courses during my studies.
Once again, the limiting factor is hardly money in that case, if your company needs the info that desperately, they will invest in a ~$50,000 unit built specifically for this purpose so their agents won't have to muck about with hacked phones.
This is mainly a wake-up call for providers, saying "Look, we can do this. Put terrorists and internet together with this, and you get...?". It's saying that eavesdropping is affordable, but the required technical knowledge and skills still place it outside an average person's reach, and those with the proper knowledge probably knew this was possible already, this being only a confirmation of their theories.
I restate: if you need to do it discreetly, you're more than likely to have the resources to do it professionally, whether you're secret service or doing industrial espionage; if you don't have the resources (technological or monetary), you're probably not in a position that requires a lot of discretion anyway.
In which case you usually have access to the required equipment already. Face it, if you need to stay in the shadows, you're usually with the secret services, and you have the budget and the technicians to pull it off without this hack, or you just approach the provider. If you don't have access to the stuff, you likely don't actually need the data, or you can afford to get in his face about it, and use rubber hose cryptanalysis to extract the information.
It won't go there. Read the article: needs two phones, knowing your target's location, restricted to a single targeted phone and one conversation start-to-finish. Nothing more.
The problem with dedicated codecs and Skype is that they only communicate with themselves. Even Skype drops the encryption when dialing a non-skype number, since the other end lacks the algorithms to decrypt the data. But you're most likely right about the CPU.
The governments own the airwaves, if they really wanted surveillance, they could just swagger up to the Telcos and say "Give us a live feed or we revoke your permits!". What I meant by the "would not solve anything" is that if I want to get something out of you, I will, whether it's by listening in on your phone calls or beating the everliving crap out of you. Personally, if someone is going to steal data from me, at least they could have the decency to do it the painless-and-likely-won't-even-notice way.
Anyway, the police can legally tap the cellphone networks during a criminal investigation, and so can the secret services with the properly authorized warrant (here in Hungary, authorized by the Minister of the Interior). I suspect the system is similar in any given country, except for China and North Korea.
Most of our phone calls could be secure, if we wanted that.
Or if manufacturers and carriers would either let us do the required hacking or do it themselves, and even then, Average Joe doesn't need such security or want to bother setting it up. Just imagine: you get a cell number from an overseas contact in an email. If you then wanted a secure conversation, you'd need to meet up in person to synch OTPs, at which point the whole cryptographic scheme would be pretty much moot.
RTFA, please, both from the summary and from my comment. In order to carry out this attack, you need to target a single phone on the network, and know both the number and the location. You can't eavesdrop on the general traffic. Like I said, there's no threat of this turning into a StreetView incident.
Tell me which one is harder:
a) going through the trouble to get a proper phone, rewrite and reflash the firmware, locate your phone, probe it, the listen keep sending silent messages to keep myself updated on the session key and finally after a lot of waiting around, eavesdrop in on a single one-minute conversation, or
b)kidnapping you, drugging you, and hitting you with a $5 monkey wrench until you tell me what I want to know?
The carrier isn't the weakest point in the link if you want to get the info, it's the humans. And like I said, if you have to be discreet about it, you're already more than likely to have access to the equipment to do it professionally.
The main problem here isn't really cryptographic, but economic: mobile carriers have no vested interest in protecting the privacy of their customers, since the Average Joe doesn't care about it either way, and for those who do, there exist specialized encrypted phones (which, I might add, can all be subverted by hackers with the least bit of determination). This article states that of the two keys being used, the one used to authenticate the SIM towards the provider is very strong, because the providers have an interest in keeping that secure, while the key protecting individual sessions is weak, since it doesn't need to be strong.
Using strong crypto in the handsets would likely require a more powerful CPU or a dedicated chip, raising the cost and the complexity, making it unattractive to the manufacturers and providers. Also, it wouldn't solve a damn thing, as it would merely shift the focus from eavesdropping to more... direct methods of obtaining the required information, since a cypher is only as strong as the weakest point, in this case the human endpoints.
Also, I doubt government agencies are startled at this announcement. I worked at the Hungarian Foreign Ministry, and I had at least one call eavesdropped, and one call actually hijacked by having a third party speak on the line for both of us to hear. The article makes it clear that in order for this to work, you need to know your target and track it for some time, making it impossible to just 'go around snooping in on others' and have this turn into another Google StreetView incident.
Cities heated by servers would be a good start to get the future into today's world, and smart traffic grids should have been implemented some time last decade (2001-2010, now that we're heading out of it...)
3D phones? I'd pay money for something like V's headset from Ultraviolet. Or the disposable printed cellphone too, which can double as an autopilot for her car.
Also, it's used standalone as identification, so maybe we could get unforgeable (or at least VERY hard to forge) IDs.
Not a problem. I can get lots of your DNA. Without you even knowing it.
I'm guessing you're referring to covertly collected hair or skin samples. If someone's watching who touches them and how, those aren't that easy to get. Also, the DNA is likely to be incomplete or deteriorated from exposure, unlike that extracted from a blood sample or a tissue swab.
I was thinking more along the lines of Ultraviolet, where a blood sample is used to sign a receipt of sorts: grip pen tightly, it draws a small sample, then sign your signature in blood to confirm identity both via DNA and signature.
Also, it's used standalone as identification, so maybe we could get unforgeable (or at least VERY hard to forge) IDs.
You remember how Google was fined for $1 recently on a similar privacy violation case regarding Street View? I'm no lawyer, but if I understand the American legal system right, that was precedent, and now further Street View privacy cases will have similarly "high" rewards for the people initiating them.
Slashdot Mirror
I'm pretty sure the Air Force doesn't give a flying fcuk whether or not the firmware's illegal.
Right, because they do whatever they want. Obviously you've never worked for the DoD so im not sure what you're basing your assumption on.
It's not like Sony has the balls to sue them (and by extension, the US Government) for it...
Yeah...because no-one ever sued the US government did they.
You're right, I haven't, so I'm just basing it on them being given leniency due to their 'role in protecting the nation and the insignificant nature of the crime committed'. Yes, I do think hacking a bunch of PS3s they bought so should be free to do with them as they please, is an insignificant 'crime'.
As for suing the government, yes, I know it happened several times, but most of the time for breaches of human rights (the voting rights and other equality cases spring to mind), not for copyright infringement, and especially not a in a lawsuit against the armed forces.
I'm not that intimately familiar with US law, but in Hungary, members the armed forces can only be brought to court in a military court, and I'm not sure that has the laws to deal with a copyright infringement case in the first place...
F-117s don't count because they were retired years ago...
I'm pretty sure the Air Force doesn't give a flying fcuk whether or not the firmware's illegal. It's not like Sony has the balls to sue them (and by extension, the US Government) for it...
This is why i don't understand that so many people are so obsessed with the idea of running homebrew or emulators or w/e on their consoles...
Why can't you just use your PC? Everything you need is available there...
But maybe not at 'maximum power'. The PS3's Cell processor is ideal for parallel applications, such as code breaking, or massive number crunching. The US military used to have a cluster of PS3's running Linux for massively parallel computation before Sony nixed the option. Maybe they'll download Kakaroto's firmware, if the haven't figured out the root key by themselves already.
I was referring to longer distance as in intercontinental. Ideally, one landmass can be covered with the access points that form the mesh, so no landlines would be needed, with the APs passing the connections among each other wirelessly or via privately laid landlines. This way, only intercontinental connections are problematic to implement.
I believe radio that can be bounced from the ionosphere to reach over the horizon would be prohibitively expensive, as well as slow and jammable.
In which case, unless we accept insular communities, this might not really work out. Any suggestions to improve?
Transmitters over 20dB are tied to a government permit to operate.
My two cents would be a re-implementation of Freenet.
People who want to use it set up an access point that patches into a wireless p2p network, and lets the machines interconnect, strictly via the freenet protocol, which is sandboxed in the client-server (to keep unwanted attacks out). For longer distance connection, at the expense of speed, a regular phone line could be used, with modems at both ends.
The server runs a directory of logically (therefore geographically) neighboring nodes, and replicates a global directory, showing which site is available on which nodes, as well as replicating part of the content to ensure redundancy.
The client looks up the nodes serving the requested content from the directory, and pulls in the content from as many nodes as possible (to avoid overloading any given link in the network).
This should form a fully connected graph, which also makes it highly redundant, as a downed access point can be simply routed around as long as there's another one in range, and the content is distributed in the entire cloud along with routing information, making it as decentralized as possible, ensuring that no single entity can control the network.
DISCLAIMER: I am not a network engineer, but I take full responsibility for any errors/flaws/fallacies in the description given above. Tear it apart, Slashdot!
From nations such as China ignoring our IP to bigger International Corporations roping off the industry to prevent newcomers from competing; I'd say the whole damn system is just broken. I think many of us can agree to that. The real question is, what can we replace it with? Or, should be just drop the whole damn thing and hope for the best? I tend to think the latter, I'm not 100% sure about that.
I say first off, nuke the entire backlog of patents the office has with a REJECTED stamp, then hire some competent workforce, who actually check the background and decide whether it's actually new or even if new, not obvious. If obvious, kill it with fire, regardless of who filed it.
That's just my two cents, though...
Indeed there is, at UserFriendly.org
If shit hits the ceiling fan, I'm gonna be seeking out V and helping him throttle our PM. Lacking a V, I'll get one of those masks from Anonymous, as much as I despise them...
Being another Hungarian, I am sort of two minds regarding this act.
On the one hand, it is certainly a step away from democracy, and a rather large one at that. The government, already piling mistake upon mistake, could not have chosen a worse time to pass this act: the first day of our European Union presidency will go down in memory as 'The day censorship was reinstated', even after Angela Merkel voiced concerns that Hungary might not be ready for the presidency after passing such laws.
On the other hand, the law seems to be at least partially unenforceable: granted, the Media Authority has the power to "order the suspension of broadcasting", but given that while the government does own the airwaves, it does not, by definition, own the internet. Thus, this power cannot be exercised, even though failure to comply may result in the a de facto ban as the broadcaster is stricken from the national registry (but will probably be able to continue its activities online).
Not to mention that jurisdiction on the internet seems to be a gray area even today. There exist no codified laws or practices on where a lawsuit may be brought against online entities: in the jurisdiction where the server resides, where the entity is headquartered, or where the offender or offended is?
On the gripping hand, however, this is hardly a relief for those news outlets that still depend on printed press, which, to my knowledge, include all media organs with the exception of two larger online news portals. ... after they were paid. This will likely encourage self-censorship, as it will be significantly easier to comply with the regulations than to pay the fine, then go through legal trouble to potentially lose the lawsuit.
Also of note is the fact that fines may be appealed, as is customary
While these measures are certainly harsh, I am glad that we are not yet anywhere near the level of China or Iran. Although, with our drunk-on-power prime minister and his loyal-to-a-fault followers, that may yet come to pass in the new constitution to be approved this year.
A disclaimer regarding any judicial inaccuracies: I am not a lawyer, and have only taken introductory law courses during my studies.
Once again, the limiting factor is hardly money in that case, if your company needs the info that desperately, they will invest in a ~$50,000 unit built specifically for this purpose so their agents won't have to muck about with hacked phones.
This is mainly a wake-up call for providers, saying "Look, we can do this. Put terrorists and internet together with this, and you get...?". It's saying that eavesdropping is affordable, but the required technical knowledge and skills still place it outside an average person's reach, and those with the proper knowledge probably knew this was possible already, this being only a confirmation of their theories.
I restate: if you need to do it discreetly, you're more than likely to have the resources to do it professionally, whether you're secret service or doing industrial espionage; if you don't have the resources (technological or monetary), you're probably not in a position that requires a lot of discretion anyway.
In which case you usually have access to the required equipment already.
Face it, if you need to stay in the shadows, you're usually with the secret services, and you have the budget and the technicians to pull it off without this hack, or you just approach the provider. If you don't have access to the stuff, you likely don't actually need the data, or you can afford to get in his face about it, and use rubber hose cryptanalysis to extract the information.
It won't go there. Read the article: needs two phones, knowing your target's location, restricted to a single targeted phone and one conversation start-to-finish. Nothing more.
The problem with dedicated codecs and Skype is that they only communicate with themselves. Even Skype drops the encryption when dialing a non-skype number, since the other end lacks the algorithms to decrypt the data. But you're most likely right about the CPU.
The governments own the airwaves, if they really wanted surveillance, they could just swagger up to the Telcos and say "Give us a live feed or we revoke your permits!". What I meant by the "would not solve anything" is that if I want to get something out of you, I will, whether it's by listening in on your phone calls or beating the everliving crap out of you. Personally, if someone is going to steal data from me, at least they could have the decency to do it the painless-and-likely-won't-even-notice way.
Anyway, the police can legally tap the cellphone networks during a criminal investigation, and so can the secret services with the properly authorized warrant (here in Hungary, authorized by the Minister of the Interior). I suspect the system is similar in any given country, except for China and North Korea.
Most of our phone calls could be secure, if we wanted that.
Or if manufacturers and carriers would either let us do the required hacking or do it themselves, and even then, Average Joe doesn't need such security or want to bother setting it up. Just imagine: you get a cell number from an overseas contact in an email. If you then wanted a secure conversation, you'd need to meet up in person to synch OTPs, at which point the whole cryptographic scheme would be pretty much moot.
RTFA, please, both from the summary and from my comment. In order to carry out this attack, you need to target a single phone on the network, and know both the number and the location. You can't eavesdrop on the general traffic. Like I said, there's no threat of this turning into a StreetView incident.
Tell me which one is harder:
a) going through the trouble to get a proper phone, rewrite and reflash the firmware, locate your phone, probe it, the listen keep sending silent messages to keep myself updated on the session key and finally after a lot of waiting around, eavesdrop in on a single one-minute conversation, or
b)kidnapping you, drugging you, and hitting you with a $5 monkey wrench until you tell me what I want to know?
The carrier isn't the weakest point in the link if you want to get the info, it's the humans. And like I said, if you have to be discreet about it, you're already more than likely to have access to the equipment to do it professionally.
The main problem here isn't really cryptographic, but economic: mobile carriers have no vested interest in protecting the privacy of their customers, since the Average Joe doesn't care about it either way, and for those who do, there exist specialized encrypted phones (which, I might add, can all be subverted by hackers with the least bit of determination). This article states that of the two keys being used, the one used to authenticate the SIM towards the provider is very strong, because the providers have an interest in keeping that secure, while the key protecting individual sessions is weak, since it doesn't need to be strong.
... direct methods of obtaining the required information, since a cypher is only as strong as the weakest point, in this case the human endpoints.
Using strong crypto in the handsets would likely require a more powerful CPU or a dedicated chip, raising the cost and the complexity, making it unattractive to the manufacturers and providers. Also, it wouldn't solve a damn thing, as it would merely shift the focus from eavesdropping to more
Also, I doubt government agencies are startled at this announcement. I worked at the Hungarian Foreign Ministry, and I had at least one call eavesdropped, and one call actually hijacked by having a third party speak on the line for both of us to hear. The article makes it clear that in order for this to work, you need to know your target and track it for some time, making it impossible to just 'go around snooping in on others' and have this turn into another Google StreetView incident.
Obligatory XKCD: Recipes and Genetic Algorithms
sudo mod parent -1.
Cities heated by servers would be a good start to get the future into today's world, and smart traffic grids should have been implemented some time last decade (2001-2010, now that we're heading out of it...)
3D phones? I'd pay money for something like V's headset from Ultraviolet. Or the disposable printed cellphone too, which can double as an autopilot for her car.
Also, it's used standalone as identification, so maybe we could get unforgeable (or at least VERY hard to forge) IDs.
Not a problem. I can get lots of your DNA. Without you even knowing it.
I'm guessing you're referring to covertly collected hair or skin samples. If someone's watching who touches them and how, those aren't that easy to get. Also, the DNA is likely to be incomplete or deteriorated from exposure, unlike that extracted from a blood sample or a tissue swab.
I was thinking more along the lines of Ultraviolet, where a blood sample is used to sign a receipt of sorts: grip pen tightly, it draws a small sample, then sign your signature in blood to confirm identity both via DNA and signature.
Also, it's used standalone as identification, so maybe we could get unforgeable (or at least VERY hard to forge) IDs.
You remember how Google was fined for $1 recently on a similar privacy violation case regarding Street View? I'm no lawyer, but if I understand the American legal system right, that was precedent, and now further Street View privacy cases will have similarly "high" rewards for the people initiating them.