It amazes me that I still haven't the faintest idea what the majority of these shows are even about. Advertisements I've seen on cartoon network are poor at best.
Hell, I've watched several episodes of Inuyasha and I still have no idea what it's about. Something about demons and his need to kill them. So I assume a handsome fox-eared demon-hunter surrounded by doe-eyed teenaged girls means a lot more than a simple drawing to them. I believe it's a direct cultural reference that I will never get because I'm not willing to fully immerse myself in Japan just to understand a few late-night cartoons.
I imagine it would be a similar situation if their culture had never heard of the judeo-christian mythos and we were to suddenly export cartoons of Santa Claus and the Easter Bunny. We have the backstory here based on our years of church, Sunday School, political debates over placement of the 10 commandments, etc, so we never consider explaining things like christmas trees, mistletoe, presents, etc. It's taken for granted that we know what they're all about.
So, what do you think the anime producers could have done to change the effects of piracy (besides your request to not continually deflate your inventory value?) Would your waiting to carry and distribute only box sets of the more esoteric items have worked?
Maybe I should ask a different way: what worked? What did you sell, and specifically what did you sell that turned the highest profits? Figurines? Books? Magazines? Single DVDs? Boxed sets? Or did you find that certain "lines" sold well across the spectrum, such as Inuyasha or Ghost in the Shell, but the more exotic titles never sold anything?
I guess I have no particular reason for asking, I'm certainly not an otaku. I watch some Ghost in the Shell:SAC because it's the only interesting anime I've ever seen -- Inuyasha simply makes no sense to me, (oh, look, a demon in piglet form) but it seems to always get the raves. And a friend got me to buy a Dominion tank corp book a while back. He sold me by saying "this is like the greatest anime ever, so you'll love it." It had interesting ideas, but, like the TV productions people complained about above, I did not find any backstory, or any reason to reread it. It just "was".
Perhaps the Japanese culture simply likes beautiful moving artwork, and considers "dialog and story" to be a lesser form of art, and so relegates it to the junior member of the staff. I dunno, I've simply decided it's not my cup of tea.
In any case, I'm still sorry to hear that you have to close your store.
TFA actually has this note on their internal research:
Glossary and Notes
High accuracy rate: Fujitsu's internal research resulted in false acceptance rate of less than 0.00008% and a false rejection rate of only 0.01%. The false acceptance rate is the rate at which someone other than the actual person is falsely recognized. The false rejection rate is the rate at which the actual person is not recognized accurately.
This is far and away the best biometric identification accuracy rate I've ever heard of in commercially available equipment. Yes, the FBI may have better stuff than I'd buy for $160, but my budget can't afford anywhere near $1,200 per scanner. Of course, Fujitsu hasn't announced a price on this unit yet. I guess we'll see.
I look at it and say "Well, it's time to buy a new chip, and I want it to last me about 3 years." My problem has usually been that of trying to hang on to some irrelevant piece of legacy hardware, so I end up downgrading the motherboard (and taking a downgraded processor to run on it.) Just last week I was still running an Athlon 2400 when I pulled the trigger on an Athlon64 4000+. I had PC3200 RAM (downclocked, but still not very stable on the old 2400) which I kept, and I bought a fast SATA hard drive.
But my probable screwup is that I have an ATI 9800 128MB AGP 8x video card. It's still a fairly decent card, and it's still retailing at about 60% of what I paid for it. But I had to buy a "lower end" mobo for the chip in order to get AGP support -- the industry has already moved this line forward to PCI express.
Anyway, the 4000+ was at the right price point for me. The 2400 was just not keeping up with the games anymore. (As a bonus, my compile speeds are now way faster!)
I'm glad you asked, because it forced me to do a bit of research. I discovered that I was mistaken about the abrasive properties, and I confused acid with enzymes. To answer your question I just googled for fingerprints pineapple I came up with this answer from a fruit researcher at the University of Georgia:
Bromelain is a proteolytic enzyme obtained from pineapple juice that has found several uses. Primarily, it is used to tenderize meat, similar to papain, the proteolytic enzyme derived from green papaya. It also chill-proofs beer, stabilizes latex paint, and tans leather. Being a protease, it can cause dermatitis on exposed skin. Several folk remedies of pineapple may stem from its bromelain content: anti-inflammatory, muscle relaxation, and the treatment of warts, abscesses, bruises, and ulcers. Pineapple workers are said to have no fingerprints due to the proteolytic action of bromelain on the skin. Juice from unripe fruit is said to be purgative, and also antihelmintic, perhaps due to the known nematicidal effects of bromelain.
I also spoke at length with a fingerprint scanner vendor when we were considering purchasing several thousand of them for a customer-facing system. He told me that about one percent of the population did not have fingerprints that could be reliably read by their scanners, and he admitted that their system was removed from the Hawaii locations because many people there work in the pineapple industry, and couldn't use their scanners.
So while neither of these sources are more than anecdotal, they do reinforce each other. I'd love to see actual published studies.
I'm sure if you were injured to the point where your bloodflow was significantly altered, you'd probably be able to get a note from your surgeon to give to your Info Security department requesting a "change of veins" scan.
Maybe you can convince the door guards that the giant pus-oozing gauzeball wrapped around your hand is causing the scanner to fail, so they'll just buzz you in anyway.
It's much better than fingerprint readers. For example, it's known that people who work in certain jobs (such as pineapple farming) actually have their fingerprints removed by the acids and the abrasion.
The device works by looking at the infrared radiation emitted by your warm blood in relationship to the relatively cool epidermis. Unless the layer of tough skin is also a thermal insulator, it'll probably be able to read them just fine. The thing they aren't advertising is it probably won't work when the ambient temperature is above 98.6 degrees Fahrenheit.
But if you RTFA, you'd see that their false rejection rates are 0.01%, or one in 10,000 incorrect rejections. That's pretty damned impressive for a biometric system.
What makes you think biometrics are better? Systems can be fooled.
Just like any other computer-based biometric system, it only starts with a scanner. Once you get past the handwaving (pun intended) it turns into bits and bytes, just like any other security token, such as a password. These systems will have weaknesses, it's the nature of systems. Look at all the components: palm reader camera, imaging software, algorithms to reduce a hand-print to a series of numbers, a database full of those numbers, a database full of "rights" to be granted based on those numbers, a signal to the turnstile or electric door lock to let you in, and networks and wires interconnecting all of those pieces.
To a bad guy, a wedge into any single component listed above might be enough to send "ACCESS GRANTED" to the door lock.
Yes, the same is true of any security system of any sort -- but for reasons I can't fathom, biometric-based security systems seem to give a higher "sense" of protection to the executives writing the checks.
Well, to an infrared vein scanner that works entirely by imaging the heat given off by your circulating blood, a severed hand will be every bit as valid as one made of wood.
Not that I expect the bad guys to be smart enough to know this up front (so we might still be losing a few hands to some idiots) but the entire technology functions as a liveness detector.
Please wait while we read your palm... hmm... your cat-5 line is very long, and is getting crosstalk... oh, yes... your gullibility line is quite full... umm, hm... I forsee many postings in this thread...
Sick as it may be, I recently read a possible future consumer application for "hyperthreading" or dual-core CPUs will be: 1 CPU to run your primary app, and the other CPU will run all your anti-virus, anti-spyware, spyware, file-sharing, etc, etc, etc.
Makes you crazy to see serious people making such stupid suggestions.
I've been told that the U.S. Army has "shoot here to destroy computer" stickers on their communications and cryptographic equipment, and that one of the things they're trained on is "what to destroy if the equipment is about to fall into enemy hands" and "how to destroy it".
I suspect it's actually a much easier problem to solve when your users' day jobs involve munitions.
Well, there was a widely announced attack on PGP discovered a few years back. An attacker covertly attached his public key to someone else's public key (which at that time could be done because the whole key wasn't checksummed and signed -- just the individual public keys.) As I recall, this was placed in the "Official Corporate Backdoor Public Key" position in the key. Then, when you got your recipients key, unless you were keen-eyed you might not notice that his public key was "extra-long". When you sent him a note, you encoded the session key not once but twice -- once to your recipient, and once to the attacker. It was then up to the attacker to intercept the encoded message, but they'd have no problem reading it.
Was this ever done? I don't remember if anyone ever announced any real-world attacks.
Well, I just went to Ensconce Data's web site and snooped for a bit. They worked with local researchers to come up with a nontoxic chemical that apparently will destroy the data in "minutes".
So they're officially not saying, but if they file a patent it'll be public knowledge. I'm still putting my money on ferric chloride, though.
It was kind of interesting watching their marketing video. They listed a dozen different user-selectable triggers that could be used to destroy the data, including movement from a fixed GPS point, removal of power and/or backup power, an included RF remote (up to 100 foot range), phone call, internet transmitted signal, physically tampering with the drive, picking the computer up off the ground, a certain number of invalid password attempts, biometric scanner, local alarm or security system trigger, and some special keyboard-entered key sequence.
TFA suggests "acid", but acid has a lot of unpleasant properties. I'd guess they could do something a bit more creative, such as a ferric chloride solution. That's the etchant I used as a kid to etch copper from circuit boards. Not that you'd want to drink it, but I occasionally got some on my skin. Turned it an odd shade of yellow, as I recall. No digits fell off, no skin was burned like it did with all the different acids I remember mishandling (the worst burn I ever got was with a highly concentrated acetic acid (the acid in vinegar!) used to mix up a photo stop-bath solution.)
I've long thought about having such a self-destructing drive based on injecting a ferric chloride flood into the platter space. Obviously, the first thing to do would be a few experiments to ensure that ferric chloride really does wash the magnetic media from the platters. Next, it would take something close to a clean-room to remove the cover from the drive and drill and install the reservoir and injector system. Finally, it would take some damn clever software and hardware to properly ensure that the drive would be destroyed only at the appropriate time.
[ My biggest reason for not doing this, however, is that I simply don't have anything worth protecting to that degree. If someone really really wants to see my tax records from 1997, well, I'm not about to sacrifice a $200 Western Digital Raptor to stop them. ]
All this hardware protection is moot, however, if you live in Minnesota and are accused of "Child Pornography." We recently made the news because a local pervert involved in one of these sicko rings had encrypted files on his drive. He never revealed the keys to the investigators, but the judge allowed the fact that he had encrypted files to be used as "evidence". This, of course, was not the only evidence -- the prosecution had witnesses and other investigative work that really proved he was scum. However, the simple fact of "hiding something" was abused to help convict him -- regardless of what he was hiding. I have no doubt that the same judge in the same case would have used the existance of a self-destructive mechanism (triggered or not) to be permitted as "evidence".
Boy, this brings back memories. I still have several 8x10 boxes of prints ranging from elementary school summer-school photography classes (we made our own cameras out of Kodak 128 plastic film carriers rubberbanded to folded cardboard) through junior and senior high, and then to college where I worked as an assistant in my school's photo lab. Cheap paper was the rule of the day, as money was a lot more scarce.
Fortunately I never gave away my enlarger or other equipment. I used it to teach the photography merit badge to my son's boy scout troop last year. I even found a box of unexposed paper. The paper was pretty slow to respond, and gave a soft, low contrast print, but it still worked well enough for our purposes.
All I could think of when I read that was this great quote by Darth Vader in SW IV: "Don't be too proud of this technological terror you've constructed."
There are ways, and more ways, and more ways around each and every roadblock you describe. Data can be encrypted, Base64 encoded and marked JPG or GIF. It can use full HTTP as its transport protocol, or possibly even HTTPS. It can be masked in dozens of ways.
What you've done is raised the bar "high enough" so that a "typical worm" doesn't have the smarts to launch an attack from your network. And that's a good thing, and a good idea. But as more and more people and companies adopt the same set of rules, the worm writers will adapt to their changing environment. Pretty soon they'll have worms modified to work around the roadblocks that "everyone" is using, just as we've seen the more sophisticated worms move beyond using IRC and start using other protocols.
I'm not saying you're doing the wrong thing. What I am saying is that you shouldn't rest on your past achievements, smug and certain that no worm can ever find its way around on your network. Please keep vigilant.
I know you're on a rant here:-) but I'd like to point out that if a worm finds one single hole in a perfectly homogeneous environment, then that worm is going to spread without limit.
I'd also like to point out that even corporations don't have perfectly homogenous environments. Servers, desktops, workstations for various tasks such as artists, marketers, developers, etc., all have different needs and usually have different OS and application configurations.
However, you're right in that commonality in equipment and infrastructure is a good thing in the corporate environment -- I couldn't imagine trying to keep 40,000 individual machines managed remotely unless most of them were identical. So I have 40,000 identical machines. My point is that if a worm finds its way onto any one of those 40,000 machines, the other 39,999 are fated to almost guaranteed infection should the worm find a way to discover them. It's not a case of "computers multiplying" but rather one of attack on the clones. Having those machines not running a very stripped-down, very well-understood version of an old OS (rather than the newest well-attacked version of a popular OS) helps provide some amount of immunity.
Also, I'd like to point out that a failure of 1, 100, or even 1,000 of the 40,000 machines I mentioned above will not only not cause our company distress, it definitely won't portend corporate collapse. Failure of equipment is both expected and planned-for. Data backup is continuous and highly redundant. With 40,000 machines in a network that each have hard drives rated for 30,000 hours MTBF, we're statistically assured that at least a dozen hard drives will fail every single day, and they do. We haven't filed chapter 11 as a result:-)
You said, And in reply to the GP. You can have perfectly secure software.
I have to theoretically disagree with you.
From a logic perspective, this statement is the equivalent of trying to prove a negative. The best you can say about a piece of software as complex as a browser is that "nobody has published a break yet in this exact version running in this environment on this operating system."
You can have "pretty good" software, you can have "excellent" software, you can even have "never, ever been broken" software, but you can't have "provably perfect" software in all but the most trivial of cases, (and even then things are suspect because of other potential issues: BIOS reliance, hardware manufacturing defects, etc.)
Streetlight software is a great example. It's about as close to a "perfect software" case as you can get. It's small enough that you can examine the entire state engine from end-to-end, and have peers examine it as well. Even so, they still have a separate set of monitoring hardware and software with the authority to shut the system down, because if that software breaks people could die.
I especially have nothing to worry about in traffic. I'm not on line with my PDA during my commute (I'm driving!) and if my cell phone doesn't pair up with my car stereo Bluetooth kit, well then I won't be answering the phone.
The first phase of the attack requires me, the human victim, to go through several steps. First and most important, I have to notice that Bluetooth isn't working. I then have to read the tiny screen of the phone to see what the error is, and decide that pairing is necessary. I then have to go through the entire manual pairing process, reading cryptic instructions and navigating unfamiliar menus with a thumb-joystick thing. I'm not so suicidal as to attempt any of the above from the driver's seat in traffic.
Nope, Bluetooth absolutely does not require the extra auth step. Without touching my phone, I can pick up my Tungsten and go online through my phone.
You can, however, set up your phone so that this extra auth step is required. But this exposes you to exactly the vulnerability mentioned in the paper:
6 Countermeasures
[... ]
Most Bluetooth devices save the link key (Kab) in non-volatile memory for future use. This way, when the same Bluetooth devices wish to communicate again, they use the stored link key. However, there is another mode of work, which requires entering the PIN into both devices every time they wish to communicate, even if they have already been paired before. This mode gives a false sense of security! Starting the pairing process every time increases the probability of an attacker eavesdropping on the messages transferred. We suggest not to use this mode of work.
After having read the actual paper and not just TFA, I see how the attack works. It's done in several steps.
1. The attacker sends an "oops I forgot our link key that we came up with way back whenever it was that we paired". The phone immediately stops talking with the device, because the device just reported "I can't be trusted."
2. The attacker waits for the human victim to notice that his devices don't work. Perhaps his phone says "please reenter pair code with device 'logitech keyboard'", or maybe it simply says "unknown device 'logitech keyboard'". The victim manually performs the pairing operation again between the devices. The pairing process exchanges a couple blocks of data between the machines. The attacker silently records the exchange.
3. The attacker runs a program that uses the sniffed exchange of pairing information, and establishes by brute force the value of the PIN used. He uses this to recreate the link key inside his PC. With a four digit PIN, this takes under a second. With a 7 digit PIN, it still only takes about a minute.
4. The attacker waits for the user to be done using the Bluetooth devices; typically this is indicated when the user closes the laptop or removes the headpiece. The attacker then sends the recorded ID of the laptop or headpiece along with the generated link key. The phone thinks the real laptop or headpiece is on line again, and establishes communications immediately. Spoofing commences.
Here's another interesting fact mentioned in the paper: step 1 is optional. If you pair your device every time you use it (instead of having the phone and the device remember each other,) the attacker doesn't have to force you to perform the pairing. All he requires is for you to perform the pairing so he can record it (as in step 2.) And as you pointed out, if you shut off your keyboard your phone will still be receptive to the attacker's spoof for up to 30 seconds. That's plenty of time to launch a new connection. After that, it's open season on your phone's ObEx to raid your stored numbers, pictures, sounds, whatever; making network connections on your phone using up your monthly data; making long-distance calls using your phone, etc.
The security suggestions of the paper's authors include "don't pair in a public place" and "don't use your devices in 'always require pairing' mode."
Hell, I've watched several episodes of Inuyasha and I still have no idea what it's about. Something about demons and his need to kill them. So I assume a handsome fox-eared demon-hunter surrounded by doe-eyed teenaged girls means a lot more than a simple drawing to them. I believe it's a direct cultural reference that I will never get because I'm not willing to fully immerse myself in Japan just to understand a few late-night cartoons.
I imagine it would be a similar situation if their culture had never heard of the judeo-christian mythos and we were to suddenly export cartoons of Santa Claus and the Easter Bunny. We have the backstory here based on our years of church, Sunday School, political debates over placement of the 10 commandments, etc, so we never consider explaining things like christmas trees, mistletoe, presents, etc. It's taken for granted that we know what they're all about.
So, what do you think the anime producers could have done to change the effects of piracy (besides your request to not continually deflate your inventory value?) Would your waiting to carry and distribute only box sets of the more esoteric items have worked?
Maybe I should ask a different way: what worked? What did you sell, and specifically what did you sell that turned the highest profits? Figurines? Books? Magazines? Single DVDs? Boxed sets? Or did you find that certain "lines" sold well across the spectrum, such as Inuyasha or Ghost in the Shell, but the more exotic titles never sold anything?
I guess I have no particular reason for asking, I'm certainly not an otaku. I watch some Ghost in the Shell:SAC because it's the only interesting anime I've ever seen -- Inuyasha simply makes no sense to me, (oh, look, a demon in piglet form) but it seems to always get the raves. And a friend got me to buy a Dominion tank corp book a while back. He sold me by saying "this is like the greatest anime ever, so you'll love it." It had interesting ideas, but, like the TV productions people complained about above, I did not find any backstory, or any reason to reread it. It just "was".
Perhaps the Japanese culture simply likes beautiful moving artwork, and considers "dialog and story" to be a lesser form of art, and so relegates it to the junior member of the staff. I dunno, I've simply decided it's not my cup of tea.
In any case, I'm still sorry to hear that you have to close your store.
This is far and away the best biometric identification accuracy rate I've ever heard of in commercially available equipment. Yes, the FBI may have better stuff than I'd buy for $160, but my budget can't afford anywhere near $1,200 per scanner. Of course, Fujitsu hasn't announced a price on this unit yet. I guess we'll see.
But my probable screwup is that I have an ATI 9800 128MB AGP 8x video card. It's still a fairly decent card, and it's still retailing at about 60% of what I paid for it. But I had to buy a "lower end" mobo for the chip in order to get AGP support -- the industry has already moved this line forward to PCI express.
Anyway, the 4000+ was at the right price point for me. The 2400 was just not keeping up with the games anymore. (As a bonus, my compile speeds are now way faster!)
Bromelain is a proteolytic enzyme obtained from pineapple juice that has found several uses. Primarily, it is used to tenderize meat, similar to papain, the proteolytic enzyme derived from green papaya. It also chill-proofs beer, stabilizes latex paint, and tans leather. Being a protease, it can cause dermatitis on exposed skin. Several folk remedies of pineapple may stem from its bromelain content: anti-inflammatory, muscle relaxation, and the treatment of warts, abscesses, bruises, and ulcers. Pineapple workers are said to have no fingerprints due to the proteolytic action of bromelain on the skin. Juice from unripe fruit is said to be purgative, and also antihelmintic, perhaps due to the known nematicidal effects of bromelain.
I also spoke at length with a fingerprint scanner vendor when we were considering purchasing several thousand of them for a customer-facing system. He told me that about one percent of the population did not have fingerprints that could be reliably read by their scanners, and he admitted that their system was removed from the Hawaii locations because many people there work in the pineapple industry, and couldn't use their scanners.
So while neither of these sources are more than anecdotal, they do reinforce each other. I'd love to see actual published studies.
Maybe you can convince the door guards that the giant pus-oozing gauzeball wrapped around your hand is causing the scanner to fail, so they'll just buzz you in anyway.
The device works by looking at the infrared radiation emitted by your warm blood in relationship to the relatively cool epidermis. Unless the layer of tough skin is also a thermal insulator, it'll probably be able to read them just fine. The thing they aren't advertising is it probably won't work when the ambient temperature is above 98.6 degrees Fahrenheit.
But if you RTFA, you'd see that their false rejection rates are 0.01%, or one in 10,000 incorrect rejections. That's pretty damned impressive for a biometric system.
Just like any other computer-based biometric system, it only starts with a scanner. Once you get past the handwaving (pun intended) it turns into bits and bytes, just like any other security token, such as a password. These systems will have weaknesses, it's the nature of systems. Look at all the components: palm reader camera, imaging software, algorithms to reduce a hand-print to a series of numbers, a database full of those numbers, a database full of "rights" to be granted based on those numbers, a signal to the turnstile or electric door lock to let you in, and networks and wires interconnecting all of those pieces.
To a bad guy, a wedge into any single component listed above might be enough to send "ACCESS GRANTED" to the door lock.
Yes, the same is true of any security system of any sort -- but for reasons I can't fathom, biometric-based security systems seem to give a higher "sense" of protection to the executives writing the checks.
At least this one won't be fooled by Jello.
Not that I expect the bad guys to be smart enough to know this up front (so we might still be losing a few hands to some idiots) but the entire technology functions as a liveness detector.
That'll be $25.00 please.
Makes you crazy to see serious people making such stupid suggestions.
And here is an example of the court applying exactly that pressure.
I suspect it's actually a much easier problem to solve when your users' day jobs involve munitions.
Was this ever done? I don't remember if anyone ever announced any real-world attacks.
So they're officially not saying, but if they file a patent it'll be public knowledge. I'm still putting my money on ferric chloride, though.
It was kind of interesting watching their marketing video. They listed a dozen different user-selectable triggers that could be used to destroy the data, including movement from a fixed GPS point, removal of power and/or backup power, an included RF remote (up to 100 foot range), phone call, internet transmitted signal, physically tampering with the drive, picking the computer up off the ground, a certain number of invalid password attempts, biometric scanner, local alarm or security system trigger, and some special keyboard-entered key sequence.
I've long thought about having such a self-destructing drive based on injecting a ferric chloride flood into the platter space. Obviously, the first thing to do would be a few experiments to ensure that ferric chloride really does wash the magnetic media from the platters. Next, it would take something close to a clean-room to remove the cover from the drive and drill and install the reservoir and injector system. Finally, it would take some damn clever software and hardware to properly ensure that the drive would be destroyed only at the appropriate time.
[ My biggest reason for not doing this, however, is that I simply don't have anything worth protecting to that degree. If someone really really wants to see my tax records from 1997, well, I'm not about to sacrifice a $200 Western Digital Raptor to stop them. ]
All this hardware protection is moot, however, if you live in Minnesota and are accused of "Child Pornography." We recently made the news because a local pervert involved in one of these sicko rings had encrypted files on his drive. He never revealed the keys to the investigators, but the judge allowed the fact that he had encrypted files to be used as "evidence". This, of course, was not the only evidence -- the prosecution had witnesses and other investigative work that really proved he was scum. However, the simple fact of "hiding something" was abused to help convict him -- regardless of what he was hiding. I have no doubt that the same judge in the same case would have used the existance of a self-destructive mechanism (triggered or not) to be permitted as "evidence".
What was worse is that I've got flash-click-to-play, and had to click a couple dozen (f)'s to see the site in all its painful flashy glory.
But it was definitely worth it. That's one of their best efforts in a long time.
If pro is the opposite of con, what is the opposite of progress? :-)
Fortunately I never gave away my enlarger or other equipment. I used it to teach the photography merit badge to my son's boy scout troop last year. I even found a box of unexposed paper. The paper was pretty slow to respond, and gave a soft, low contrast print, but it still worked well enough for our purposes.
There are ways, and more ways, and more ways around each and every roadblock you describe. Data can be encrypted, Base64 encoded and marked JPG or GIF. It can use full HTTP as its transport protocol, or possibly even HTTPS. It can be masked in dozens of ways.
What you've done is raised the bar "high enough" so that a "typical worm" doesn't have the smarts to launch an attack from your network. And that's a good thing, and a good idea. But as more and more people and companies adopt the same set of rules, the worm writers will adapt to their changing environment. Pretty soon they'll have worms modified to work around the roadblocks that "everyone" is using, just as we've seen the more sophisticated worms move beyond using IRC and start using other protocols.
I'm not saying you're doing the wrong thing. What I am saying is that you shouldn't rest on your past achievements, smug and certain that no worm can ever find its way around on your network. Please keep vigilant.
I'd also like to point out that even corporations don't have perfectly homogenous environments. Servers, desktops, workstations for various tasks such as artists, marketers, developers, etc., all have different needs and usually have different OS and application configurations.
However, you're right in that commonality in equipment and infrastructure is a good thing in the corporate environment -- I couldn't imagine trying to keep 40,000 individual machines managed remotely unless most of them were identical. So I have 40,000 identical machines. My point is that if a worm finds its way onto any one of those 40,000 machines, the other 39,999 are fated to almost guaranteed infection should the worm find a way to discover them. It's not a case of "computers multiplying" but rather one of attack on the clones. Having those machines not running a very stripped-down, very well-understood version of an old OS (rather than the newest well-attacked version of a popular OS) helps provide some amount of immunity.
Also, I'd like to point out that a failure of 1, 100, or even 1,000 of the 40,000 machines I mentioned above will not only not cause our company distress, it definitely won't portend corporate collapse. Failure of equipment is both expected and planned-for. Data backup is continuous and highly redundant. With 40,000 machines in a network that each have hard drives rated for 30,000 hours MTBF, we're statistically assured that at least a dozen hard drives will fail every single day, and they do. We haven't filed chapter 11 as a result :-)
I have to theoretically disagree with you.
From a logic perspective, this statement is the equivalent of trying to prove a negative. The best you can say about a piece of software as complex as a browser is that "nobody has published a break yet in this exact version running in this environment on this operating system."
You can have "pretty good" software, you can have "excellent" software, you can even have "never, ever been broken" software, but you can't have "provably perfect" software in all but the most trivial of cases, (and even then things are suspect because of other potential issues: BIOS reliance, hardware manufacturing defects, etc.)
Streetlight software is a great example. It's about as close to a "perfect software" case as you can get. It's small enough that you can examine the entire state engine from end-to-end, and have peers examine it as well. Even so, they still have a separate set of monitoring hardware and software with the authority to shut the system down, because if that software breaks people could die.
Nothing's perfect.
The first phase of the attack requires me, the human victim, to go through several steps. First and most important, I have to notice that Bluetooth isn't working. I then have to read the tiny screen of the phone to see what the error is, and decide that pairing is necessary. I then have to go through the entire manual pairing process, reading cryptic instructions and navigating unfamiliar menus with a thumb-joystick thing. I'm not so suicidal as to attempt any of the above from the driver's seat in traffic.
You can, however, set up your phone so that this extra auth step is required. But this exposes you to exactly the vulnerability mentioned in the paper:
- 1. The attacker sends an "oops I forgot our link key that we came up with way back whenever it was that we paired". The phone immediately stops talking with the device, because the device just reported "I can't be trusted."
-
2. The attacker waits for the human victim to notice that his devices don't work. Perhaps his phone says "please reenter pair code with device 'logitech keyboard'", or maybe it simply says "unknown device 'logitech keyboard'". The victim manually performs the pairing operation again between the devices. The pairing process exchanges a couple blocks of data between the machines. The attacker silently records the exchange.
-
3. The attacker runs a program that uses the sniffed exchange of pairing information, and establishes by brute force the value of the PIN used. He uses this to recreate the link key inside his PC. With a four digit PIN, this takes under a second. With a 7 digit PIN, it still only takes about a minute.
-
4. The attacker waits for the user to be done using the Bluetooth devices; typically this is indicated when the user closes the laptop or removes the headpiece. The attacker then sends the recorded ID of the laptop or headpiece along with the generated link key. The phone thinks the real laptop or headpiece is on line again, and establishes communications immediately. Spoofing commences.
Here's another interesting fact mentioned in the paper: step 1 is optional. If you pair your device every time you use it (instead of having the phone and the device remember each other,) the attacker doesn't have to force you to perform the pairing. All he requires is for you to perform the pairing so he can record it (as in step 2.) And as you pointed out, if you shut off your keyboard your phone will still be receptive to the attacker's spoof for up to 30 seconds. That's plenty of time to launch a new connection. After that, it's open season on your phone's ObEx to raid your stored numbers, pictures, sounds, whatever; making network connections on your phone using up your monthly data; making long-distance calls using your phone, etc.The security suggestions of the paper's authors include "don't pair in a public place" and "don't use your devices in 'always require pairing' mode."