But to commit intentional murder or violence in a conventional way (usually) requires you to be present in the jurisdiction where the crime occurred, so at least in this new arena, it's entirely conceivable that an "attacker" (literally) could cause bodily injury, even death, without setting foot into any jursidiction where they have the "risk" of being apprehended or even extradited.... that is, if you can even determine who the attacker was, or even if you can distinguish that there was a malicious actor involved, in the first place, and not just some random bug in the software...
There is the concept of systems engineering with regard to "safety of life", which should be respected here. That is, the security of your aorta tele-surgery is arguable more important than your wristwatch's cloud calendar. This sort of thing should be subject to rigorous testing and code review, and in general have higher standards, e.g., MISRA C.
Prolific has had this problem for a while with PL2303 chipset counterfeits. They started a terrible shoot-the-completely-unaware-user campaign: Starting a few years back with XP drivers, they started giving a nondescript "error 10" and refusing to start the driver when a counterfeit chip was loaded. On recent mac versions of the driver, they fail even more silently - just not transferring any bits. The funny thing is, the counterfeits usually work well when not on a crippled version of the prolific driver (or an open source). Consumers here don't know the difference and just say - wow I have a crappy cable that doesnt work at all.
Would have been much better if they just displayed a message stating the facts when they detected a non-genuine cable - something to the effect of "hey we have detected a counterfeit chip in your cable - return to the dealer/vendor/manufacturer."
This would have been totally more effective at putting back-pressure against using counterfeits on the manufacturing/supply chain... Alas - I guess it's cause I dont have an MBA that I can't see the wisdom in these tactics...
yeah, in 20 years, i suspect being a millionaire would be like what it is today to earn a "six-figure income" - which is B.F.D. I remember when I was a kid in the 80's, a "six figure income" was meaningful. Now in some places where software development is a common trade (cough: silicon valley), six figures is just-getting-by
and it wont be worth what it is today in the future.. look at that gold price... someone mentioned the price of gold should be looked at less as a "price of gold" as much as a measure of the devaluation of the dollar over time...
"Effectively, they are taking away functionality that I have already paid for."
You mean to say that you already paid DynDNS for service? If so, I dont see how this affects you, as you are a paying customer. If you are talking about something you paid to a hardware/software company for a router which had dyndns feature - generating value for the said router vendor, but no revenue for dyndns - I'm not sure I understand the fairness in your argument.
And if you are really serious about finding backdoors, etc, you wont just pore over the source code, but do a thorough analysis side-by-side with the disassembled binaries in IDA, and look for unexpected things...
^ this one. ding ding ding. Paraphrasing old Brucie on this: Why would an attacker spend time trying to get through your steel-plated triple-deadbolted front door, when they can throw a rock through your kitchen window and crawl in?
All it takes are some unchallengeable secret court orders, and off to your nearest cloud/service provider to suck down all your datas.
Why backdoor just one brand of compiler (since there are several), when you could backdoor the architecture? I'm pretty sure there is a special sequence of intel instructions which open the unicorn gate, and pipe a copy of all memory writes to NSA's server.
It's worse than just that. Starting my gripe: I wanted to buy a $2.80 rubber dust cap (for the usb and hdmi ports) on the side of my nikon d3100. That is one of the very few "user replaceable" parts that "Nikon Parts" website sells. The shipping on the $2.80 rubber cap? Try more than 10 dollars. I think it was 12 bucks or something to ship to Texas. Now that is a straight rip-off, but when I checked it seems that the "Nikon Parts" online store isn't really Nikon but being run by somebody else. So seems I cant even get parts from Nikon.
hrmm. When I buy certain chips/kits from TI's websites, it made me go through an export control interview and application. What if you are buying from a non-US distributor in a non-US country. Do US trade/export laws still apply?
You don't need to monitor every bluetooth device. You just need a decent sampling of users passing through points in your "system". This is just one of several ways you can uniquely identify a particular object to track overall flow of the herd.
Slashdot Mirror
But to commit intentional murder or violence in a conventional way (usually) requires you to be present in the jurisdiction where the crime occurred, so at least in this new arena, it's entirely conceivable that an "attacker" (literally) could cause bodily injury, even death, without setting foot into any jursidiction where they have the "risk" of being apprehended or even extradited. ... that is, if you can even determine who the attacker was, or even if you can distinguish that there was a malicious actor involved, in the first place, and not just some random bug in the software...
There is the concept of systems engineering with regard to "safety of life", which should be respected here.
That is, the security of your aorta tele-surgery is arguable more important than your wristwatch's cloud calendar.
This sort of thing should be subject to rigorous testing and code review, and in general have higher standards, e.g., MISRA C.
Is there such thing as a Turing Race ?!
That's the plotline for Team America 2, but don't think Sony's gonna carry that ;)
(was just starting a response when I saw this)
Prolific has had this problem for a while with PL2303 chipset counterfeits.
They started a terrible shoot-the-completely-unaware-user campaign:
Starting a few years back with XP drivers, they started giving a nondescript "error 10" and refusing to start the driver when a counterfeit chip was loaded. On recent mac versions of the driver, they fail even more silently - just not transferring any bits. The funny thing is, the counterfeits usually work well when not on a crippled version of the prolific driver (or an open source).
Consumers here don't know the difference and just say - wow I have a crappy cable that doesnt work at all.
Would have been much better if they just displayed a message stating the facts when they detected a non-genuine cable - something to the effect of "hey we have detected a counterfeit chip in your cable - return to the dealer/vendor/manufacturer."
This would have been totally more effective at putting back-pressure against using counterfeits on the manufacturing/supply chain...
Alas - I guess it's cause I dont have an MBA that I can't see the wisdom in these tactics...
yeah, in 20 years, i suspect being a millionaire would be like what it is today to earn a "six-figure income" - which is B.F.D.
I remember when I was a kid in the 80's, a "six figure income" was meaningful. Now in some places where software development is a common trade (cough: silicon valley), six figures is just-getting-by
and it wont be worth what it is today in the future..
look at that gold price... someone mentioned the price of gold should be looked at less as a "price of gold" as much as a measure of the devaluation of the dollar over time...
"Effectively, they are taking away functionality that I have already paid for."
You mean to say that you already paid DynDNS for service? If so, I dont see how this affects you, as you are a paying customer.
If you are talking about something you paid to a hardware/software company for a router which had dyndns feature - generating value for the said router vendor, but no revenue for dyndns - I'm not sure I understand the fairness in your argument.
In Kapitalist Amerika, TV watches YOU!
Thank you, for devolving this into a Monty Python joke!
+1
lolz you beat me to it!
I was going to say
"the other 30% get it from Fox News. Source: Fox News"
Just another payola scam, nothing to see here folks...
another example:
http://en.wikipedia.org/wiki/Salina_Pumped_Storage_Project
I believe this is where Google has a datacenter that consumes hydroelectric power.
And if you are really serious about finding backdoors, etc, you wont just pore over the source code, but do a thorough analysis side-by-side with the disassembled binaries in IDA, and look for unexpected things...
^ this one. ding ding ding.
Paraphrasing old Brucie on this:
Why would an attacker spend time trying to get through your steel-plated triple-deadbolted front door, when they can throw a rock through your kitchen window and crawl in?
All it takes are some unchallengeable secret court orders, and off to your nearest cloud/service provider to suck down all your datas.
It's always interesting to see what (some of the best attempts at) intentional code obfuscation can look like:
http://www.ioccc.org/
Why backdoor just one brand of compiler (since there are several), when you could backdoor the architecture?
I'm pretty sure there is a special sequence of intel instructions which open the unicorn gate, and pipe a copy of all memory writes to NSA's server.
because Sang Mun == anagram for "Man Guns"
And you will not take any pictures, play any games, listen to music, or work on a computer! ;)
It's worse than just that. Starting my gripe:
I wanted to buy a $2.80 rubber dust cap (for the usb and hdmi ports) on the side of my nikon d3100. That is one of the very few "user replaceable" parts that "Nikon Parts" website sells. The shipping on the $2.80 rubber cap? Try more than 10 dollars. I think it was 12 bucks or something to ship to Texas. Now that is a straight rip-off, but when I checked it seems that the "Nikon Parts" online store isn't really Nikon but being run by somebody else. So seems I cant even get parts from Nikon.
hrmm. When I buy certain chips/kits from TI's websites, it made me go through an export control interview and application.
What if you are buying from a non-US distributor in a non-US country. Do US trade/export laws still apply?
Chinese AC troll?
http://www.washingtonpost.com/world/national-security/in-china-business-travelers-take-extreme-precautions-to-avoid-cyber-espionage/2011/09/20/gIQAM6cR0K_story.html
FTW: global warming is a hoax!!!
http://www.schneier.com/blog/archives/2012/02/computer_securi_2.html
http://www.homelandsecuritynewswire.com/us-government-recommends-weighing-laptop-and-after-visit-china
http://www.schneier.com/blog/archives/2009/07/laptop_security.html
https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices
You don't need to monitor every bluetooth device. You just need a decent sampling of users passing through points in your "system". This is just one of several ways you can uniquely identify a particular object to track overall flow of the herd.