The updates are almost certainly code signed, and double-checked before and after committing them to the car's flash or EEPROM. They won't be installed without the manufacturer's signature. If you trust the dealer, you can trust these updates as well.
The biggest potential flaw is in the update package communication software and installer. If it's not perfect, an attacker could use something like a buffer overrun technique to pwn your ride. That's the real risk.
Just because an update came over the phone doesn't mean it will crash your car. A bad dealer update could cause the same problem.
The main difference is the update mechanism may have a security flaw. But really, if your car can already get on line for any reason (traffic, directions, reservations, etc.) it already has a significant attack surface. This is just one more application that could let an attacker have his way with your vehicle.
I'm thinking disco ball + lasers. Have you seen the IR grid pattern projected by Kinect? Spray that same sort of pattern only with visible light, so everything is annoyingly speckled with very bright dots. Use multiple lasers. Reflect them off moving mirrors (a.k.a disco ball). Most cell phone cameras autoadjust to balance the contrast, and will end up with a scene that is simultaneously overexposed and underexposed.
If your riders are in a party mood, this is fine. If you're giving a lift to the Epileptics' Convention, be prepared to detour to the emergency room.
Yes, they're slow, but the effects can locally be violent as change happens. Warming of the ocean's waters could add energy to storms, or increase their frequency. I'm not saying Manila will be underwater next year due to the rising oceans, only that climate change increases the chances that it will be hit hard by a typhoon.
But as someone else pointed out below, if it can't be wielded, it's not a weapon. It could have the same destructive effects as a weapon, but it's not a weapon.
As an island nation, most Indonesians live within a few miles of a coast. A typhoon's impact ends within a few miles of a coast. Imagine a hurricane Sandy type event striking half the population centers of the country, not just one or two cities.
Interesting that you should mention "changing passwords on a regular basis" as a "horrible security flaw". Have you considered that changing passwords generally introduces more risk than it guards against, and doesn't actually have an effect on most actual hack attacks?
The attacker strikes with whatever credentials he finds, whenever he finds them. The second step of an attack is to create a separate back-door, so that if the first password is changed he's back in anyway. And how does an attacker find credentials? When someone's entering them, which includes changing them, or if someone's handling them. There is often a case when you have people who can't remember their newest recently cycled password who call the Help Desk. The phone drone resets it to something like "ForgottenPassword#1", then voicemails the chump with the temporary password. If a hacker's able to listen to their voicemail, he simply calls in a phony forgotten password request and it's Winner, Winner, Chicken Dinner!
So what does changing the password every 30 days actually protect against? I suppose if you wrote the password on your blog, then in 31 days you're safe. Of course, if you wrote the password on your blog, I don't think password rotation should be your highest priority for fixing your security issues. Do you honestly think hackers have machines that can crack passwords in 31 days, but not 30? Either he can crack it in an hour or less, or he likely can't crack it at all and won't bother trying.
Changing passwords periodically was only a good idea when there was one password shared by many people, and you had to exclude your former colleagues. But those days ended back with moats and longbowmen on the castle walls. In these modern days of electronic passwords that are never shared, it's a ritualistic holdover with negative consequences.
The radio announcer said last night that the Palestinians and the Israelis might come to a peace deal real soon now, because it appears to be the only way they can get Kerry to shut up.
A few seconds of video, literature, a couple of memoirs and Google Earth helped locate a secret North Korean military plant
More like "helped a couple of bloggers locate...". There's no reason to doubt that the US and China already knew about it. Still says a lot about how much information is online these days.
The thing I wonder about is if making this information public did much damage to Western military plans. Assuming the West knew about it, they already had it loaded into their targeting systems. If the DPRK believed this factory was secret, they would be unaware that the hammer was poised to smash it. Now they may rebuild it in a new secret location, and until it's rediscovered by the intelligence agencies, it may not be properly targeted.
Umm... wrong. That's not how the amendments to the Constitution work. "Back in the old days" means back before they were challenged and found unconstitutional - they were never legal.
And the Colonies you refer to were exactly that: Colonies of England, back before we declared our independence, and before we drafted our Constitution.
If the majority of people think that Creationism should be taught in public schools, they have only two legal paths to follow: either respect the Constitution and not teach the subject, or amend the Constitution.
What's wrong with Internet of Things? There are many "things" and they are now on the "Internet", even things that we never really expected to be online before. It carries meaning in a few short words.
I took some on-line courses through a work-reimbursement program. The repayment of the tuition came with a catch: you had to score a B or better to be reimbursed. While neither the money nor the grades were an issue for me, I had co-workers in India for whom the full cost of the tuition would have been a financially crippling blow. And their scores were right on that edge. I remember more than one occasion where we had conference calls that were dominated by one or two people arguing vociferously over a few points so they could get up into the B range. Those people would be filing grievance after grievance, and those formal requests are draining on both a professor's time and patience.
I have found there are a lot of students on the ragged edge of a grade, with only a point or two separating them from a letter grade difference. If that student is told one week before finals "you have 89.9%, you are two points shy of an A", they will go whining to the prof asking about some minor detail on the first week's homework. I promise you the prof isn't going to remember the details from a homework assignment he graded 8 weeks ago. Multiply that question by every third student in the class, and it's going to play havoc with the prof's workload.
When my son entered high school, the principal gave parents a talk on Advanced Placement (AP) courses and college admissions. Someone asked "Isn't it better for my son to take an easy class and get an A than to take a hard AP class and get a B?" The principal replied: "it's better for him to take a hard class and get an A, because those are the people he will be competing against."
Those of us raised by good parents have always felt that way. It's never been a problem.
Those of you raised by good parents were trusted with responsibility for your own actions, and didn't need constant monitoring. If you weren't in trouble, you weren't monitored.
Also, SI is used in all but three countries. Don't you think those three countries might have done things wrong?
The only thing we (I'm an American) did wrong was to not convert to metric before the world was plunged into WWII. During the war, we produced millions of fabricating tools and machines to create war materiel - tanks, planes, guns, etc. After the war, all those micrometers, calipers, lathes, grinders, mills, and drills remained in metalworking shops across America. They all still had Imperial units stamped on their scales. They were held together with screw threads based on ANSI standards and Imperial measurements. They were build around drive screws that would move the table precisely one inch of throw for every ten revolutions of the drive worm. They had cams that would move a tool precisely.001 inches per revolution. The Imperial measurement system was literally cast in steel throughout America during the war.
These tools then fueled the expansion of the American economy throughout the postwar period. (Many of them are still working today, and still power today's machine shops -- it turns out that a 5 ton cast iron lathe bed doesn't wear out very fast.) Imperial units were then and still are deeply embedded in American manufacturing.
Along came the 1970s, and along came a big push for metrification. Schoolchildren were taught the metric system was the Best System Ever, while their parents told them the that metric was foreign nonsense and was stealing American jobs. The Pentagon actually tried to lead the way across the country, and fully adopted the metric system in order to interoperate with NATO forces. But the rest of the US manufacturers who were not producing mil-spec parts continued to crank out Imperial based products. Why? Because conversion isn't easy or cheap. Even if they could replace the lead screw in their lathes to move a metric-friendly 1 cm for every four turns of the shaft so they could make metric parts, they still needed Imperial capabilities to make replacement parts for old machinery. That would have meant needing two lathes, two micrometers, two calipers, and two sets of tools, all increasing the cost of conversion. It also would have meant extra inventories of all kinds of materials: 50cm tubing next to 2" tubing, etc. This was at a time when machine shops across America were shutting down as production was shipped overseas to Asia, so increasing their capital investment was simply not possible. So Imperial measurements remained.
Ironically, many of the American machine shops that managed to survive globalization did so by entering the CNC age. My old shop retrofitted their old change gear boxes with servomotor based systems. And CNC equipment can work on either metric or Imperial measurements with the flick of a configuration setting. Now that the survivors have modernized, it might be time to try again.
Don't know if it has anything to do with the beta, but the current beta-blockers are really disruptive idiots. I have no desire to read anything by people whining about the beta, ever, in any story (apart from this one). I would love to be able to set a list of text filters that I could add regexps to: "f... beta", "copypasta", "GNAA"; and any comment matching those (and all responses to those comments) would silently be rated -1.
Possible? Paid subscribers only? I'll happily pay for the ability to make these morons vanish.
Better traffic laws and better enforcement of those laws produce disciplined drivers - the only traffic police we encountered in Karnataka were standing in kiosks near busy intersections, or on foot near highway checkpoints. Better traffic signage, road markings, and standards of safe construction would make the road conditions predictable. Those improvements make driving much safer than the chaos we experienced, and without needing to rely on horns. But they're expensive. And I'm not sure you'd want to give up all the land we use for our roads.
Only if you're building a high tech facility. You can have unskilled laborers stacking stone walls, pushing wheelbarrows, and learning a trade while they're at it. They don't have to be efficient.
Of course this upsets the labor unions, because it takes away their jobs.
So why can't we get programs like the CCC and WPA back? They were a great investment. They put hundreds of thousands of people to work during the Great Depression, and the works projects they built back then are still being enjoyed by people today. Hard work is not welfare, but the money is equally wasted if it's poured into useless rocket motor testing towers.
Slashdot Mirror
The updates are almost certainly code signed, and double-checked before and after committing them to the car's flash or EEPROM. They won't be installed without the manufacturer's signature. If you trust the dealer, you can trust these updates as well.
The biggest potential flaw is in the update package communication software and installer. If it's not perfect, an attacker could use something like a buffer overrun technique to pwn your ride. That's the real risk.
Just because an update came over the phone doesn't mean it will crash your car. A bad dealer update could cause the same problem.
The main difference is the update mechanism may have a security flaw. But really, if your car can already get on line for any reason (traffic, directions, reservations, etc.) it already has a significant attack surface. This is just one more application that could let an attacker have his way with your vehicle.
I'm thinking disco ball + lasers. Have you seen the IR grid pattern projected by Kinect? Spray that same sort of pattern only with visible light, so everything is annoyingly speckled with very bright dots. Use multiple lasers. Reflect them off moving mirrors (a.k.a disco ball). Most cell phone cameras autoadjust to balance the contrast, and will end up with a scene that is simultaneously overexposed and underexposed.
If your riders are in a party mood, this is fine. If you're giving a lift to the Epileptics' Convention, be prepared to detour to the emergency room.
...you say Belkin,
let's watch your house get hacked.
Maybe. If you're a good teacher, it's possible they could use you. Why not check them out?
Yes, they're slow, but the effects can locally be violent as change happens. Warming of the ocean's waters could add energy to storms, or increase their frequency. I'm not saying Manila will be underwater next year due to the rising oceans, only that climate change increases the chances that it will be hit hard by a typhoon.
But as someone else pointed out below, if it can't be wielded, it's not a weapon. It could have the same destructive effects as a weapon, but it's not a weapon.
As an island nation, most Indonesians live within a few miles of a coast. A typhoon's impact ends within a few miles of a coast. Imagine a hurricane Sandy type event striking half the population centers of the country, not just one or two cities.
And the army needs the soldiers to concentrate on their missions, and not plundering the local countryside for food, or even scrounging for snakes.
Interesting that you should mention "changing passwords on a regular basis" as a "horrible security flaw". Have you considered that changing passwords generally introduces more risk than it guards against, and doesn't actually have an effect on most actual hack attacks?
The attacker strikes with whatever credentials he finds, whenever he finds them. The second step of an attack is to create a separate back-door, so that if the first password is changed he's back in anyway. And how does an attacker find credentials? When someone's entering them, which includes changing them, or if someone's handling them. There is often a case when you have people who can't remember their newest recently cycled password who call the Help Desk. The phone drone resets it to something like "ForgottenPassword#1", then voicemails the chump with the temporary password. If a hacker's able to listen to their voicemail, he simply calls in a phony forgotten password request and it's Winner, Winner, Chicken Dinner!
So what does changing the password every 30 days actually protect against? I suppose if you wrote the password on your blog, then in 31 days you're safe. Of course, if you wrote the password on your blog, I don't think password rotation should be your highest priority for fixing your security issues. Do you honestly think hackers have machines that can crack passwords in 31 days, but not 30? Either he can crack it in an hour or less, or he likely can't crack it at all and won't bother trying.
Changing passwords periodically was only a good idea when there was one password shared by many people, and you had to exclude your former colleagues. But those days ended back with moats and longbowmen on the castle walls. In these modern days of electronic passwords that are never shared, it's a ritualistic holdover with negative consequences.
Submitter and editors either do not know what "popular resistance" means, or deliberately spun this post.
It's obvious: popular resistance = popular voltage / popular current.
But I can't help but wonder if the author intended to refer to popular impedance.
It's a science of extracting money from gullible people.
Nope, it's an art.
I think it's engineering. It's repeatable and testable.
The radio announcer said last night that the Palestinians and the Israelis might come to a peace deal real soon now, because it appears to be the only way they can get Kerry to shut up.
A few seconds of video, literature, a couple of memoirs and Google Earth helped locate a secret North Korean military plant
More like "helped a couple of bloggers locate...". There's no reason to doubt that the US and China already knew about it. Still says a lot about how much information is online these days.
The thing I wonder about is if making this information public did much damage to Western military plans. Assuming the West knew about it, they already had it loaded into their targeting systems. If the DPRK believed this factory was secret, they would be unaware that the hammer was poised to smash it. Now they may rebuild it in a new secret location, and until it's rediscovered by the intelligence agencies, it may not be properly targeted.
Umm... wrong. That's not how the amendments to the Constitution work. "Back in the old days" means back before they were challenged and found unconstitutional - they were never legal.
And the Colonies you refer to were exactly that: Colonies of England, back before we declared our independence, and before we drafted our Constitution.
If the majority of people think that Creationism should be taught in public schools, they have only two legal paths to follow: either respect the Constitution and not teach the subject, or amend the Constitution.
What's wrong with Internet of Things? There are many "things" and they are now on the "Internet", even things that we never really expected to be online before. It carries meaning in a few short words.
At least it's not stupidly cute.
I took some on-line courses through a work-reimbursement program. The repayment of the tuition came with a catch: you had to score a B or better to be reimbursed. While neither the money nor the grades were an issue for me, I had co-workers in India for whom the full cost of the tuition would have been a financially crippling blow. And their scores were right on that edge. I remember more than one occasion where we had conference calls that were dominated by one or two people arguing vociferously over a few points so they could get up into the B range. Those people would be filing grievance after grievance, and those formal requests are draining on both a professor's time and patience.
I have found there are a lot of students on the ragged edge of a grade, with only a point or two separating them from a letter grade difference. If that student is told one week before finals "you have 89.9%, you are two points shy of an A", they will go whining to the prof asking about some minor detail on the first week's homework. I promise you the prof isn't going to remember the details from a homework assignment he graded 8 weeks ago. Multiply that question by every third student in the class, and it's going to play havoc with the prof's workload.
When my son entered high school, the principal gave parents a talk on Advanced Placement (AP) courses and college admissions. Someone asked "Isn't it better for my son to take an easy class and get an A than to take a hard AP class and get a B?" The principal replied: "it's better for him to take a hard class and get an A, because those are the people he will be competing against."
Good advice.
"mil-spec" is the abbreviation for "military specifications", and has nothing to do with the unit of measure called the 'mil'.
And read the comment more closely: 10 turns per inch and 1 turn per 2.5 mm are fairly close to each other.
Those of us raised by good parents have always felt that way. It's never been a problem.
Those of you raised by good parents were trusted with responsibility for your own actions, and didn't need constant monitoring. If you weren't in trouble, you weren't monitored.
Also, SI is used in all but three countries. Don't you think those three countries might have done things wrong?
The only thing we (I'm an American) did wrong was to not convert to metric before the world was plunged into WWII. During the war, we produced millions of fabricating tools and machines to create war materiel - tanks, planes, guns, etc. After the war, all those micrometers, calipers, lathes, grinders, mills, and drills remained in metalworking shops across America. They all still had Imperial units stamped on their scales. They were held together with screw threads based on ANSI standards and Imperial measurements. They were build around drive screws that would move the table precisely one inch of throw for every ten revolutions of the drive worm. They had cams that would move a tool precisely .001 inches per revolution. The Imperial measurement system was literally cast in steel throughout America during the war.
These tools then fueled the expansion of the American economy throughout the postwar period. (Many of them are still working today, and still power today's machine shops -- it turns out that a 5 ton cast iron lathe bed doesn't wear out very fast.) Imperial units were then and still are deeply embedded in American manufacturing.
Along came the 1970s, and along came a big push for metrification. Schoolchildren were taught the metric system was the Best System Ever, while their parents told them the that metric was foreign nonsense and was stealing American jobs. The Pentagon actually tried to lead the way across the country, and fully adopted the metric system in order to interoperate with NATO forces. But the rest of the US manufacturers who were not producing mil-spec parts continued to crank out Imperial based products. Why? Because conversion isn't easy or cheap. Even if they could replace the lead screw in their lathes to move a metric-friendly 1 cm for every four turns of the shaft so they could make metric parts, they still needed Imperial capabilities to make replacement parts for old machinery. That would have meant needing two lathes, two micrometers, two calipers, and two sets of tools, all increasing the cost of conversion. It also would have meant extra inventories of all kinds of materials: 50cm tubing next to 2" tubing, etc. This was at a time when machine shops across America were shutting down as production was shipped overseas to Asia, so increasing their capital investment was simply not possible. So Imperial measurements remained.
Ironically, many of the American machine shops that managed to survive globalization did so by entering the CNC age. My old shop retrofitted their old change gear boxes with servomotor based systems. And CNC equipment can work on either metric or Imperial measurements with the flick of a configuration setting. Now that the survivors have modernized, it might be time to try again.
Don't know if it has anything to do with the beta, but the current beta-blockers are really disruptive idiots. I have no desire to read anything by people whining about the beta, ever, in any story (apart from this one). I would love to be able to set a list of text filters that I could add regexps to: "f... beta", "copypasta", "GNAA"; and any comment matching those (and all responses to those comments) would silently be rated -1.
Possible? Paid subscribers only? I'll happily pay for the ability to make these morons vanish.
Better traffic laws and better enforcement of those laws produce disciplined drivers - the only traffic police we encountered in Karnataka were standing in kiosks near busy intersections, or on foot near highway checkpoints. Better traffic signage, road markings, and standards of safe construction would make the road conditions predictable. Those improvements make driving much safer than the chaos we experienced, and without needing to rely on horns. But they're expensive. And I'm not sure you'd want to give up all the land we use for our roads.
Only if you're building a high tech facility. You can have unskilled laborers stacking stone walls, pushing wheelbarrows, and learning a trade while they're at it. They don't have to be efficient.
Of course this upsets the labor unions, because it takes away their jobs.
So why can't we get programs like the CCC and WPA back? They were a great investment. They put hundreds of thousands of people to work during the Great Depression, and the works projects they built back then are still being enjoyed by people today. Hard work is not welfare, but the money is equally wasted if it's poured into useless rocket motor testing towers.