In which case the malware is already running on the machine. Considering the point of adding your malware to autorun was to get it running on the machine, I'm not sure this is a significant security risk.
That is spying. You'll clearly see in the post you responded to and TFS the term "filtering", which requires that you also block access to particular content.
They don't actually claim that it's a Linux vulnerability. It's a chipset vulnerability that happens to be incredibly easy to take advantage of on Linux, since the kernel already provides a convenient interface to the necessary hardware (rather than having to do it the hard way).
Note that TFA doesn't mention Linux. The Microsoft Subnet article does, but that's not too surprising. (Note that the Invisible Things guys primarily release proofs-of-concept for Linux.)
No, stealing the car is a privilege escalation exploit (and potentially a remote code execution exploit first).
This is a rootkit -- which is like deciding what to do with the car after you've stolen it. There are lots of simple, straightforward approaches -- stealing the battery, stealing the stereo, or taking it to a chop shop. You get something, but the owner of the car certainly notices, and once you've stolen the battery and left, your interaction with the car is done. You could steal the car and sell it (bigger payoff), but the chances of getting caught are much higher. This is more like using your access to the car to make a duplicate of the keys and install a hidden tracking device. If all you want is to steal the battery, it's much too complicated. But, it allows you to take what you want when you want it, and gather potentially-useful information (depending on the car's owner) without detection.
If you have root you can plant a root kit in any number of ways, heck just replace the kernel if you want.
Replacing the kernel tends to trigger systems designed to catch intrusions, as it's painfully obvious. Running your malware persistently without being detected by the system is the point of a rootkit.
You can reasonably accurately measure the health and capacity of the battery. Presumably the recharging stations would do this, would give you the option of purchasing limited-charge batteries, and would charge you less for them.
I'm not familiar with the specific technology here, but most of these heat-recapture systems are Peltier systems. Compared to their power output, for something the size of a car, they're fairly light. Some of them are cheap enough to make -- they're what runs solid-state cooler chests -- but I'm only really familiar with research models (which are hard to price).
It's a constant fraction depending on the temperature difference between the heat source and heat sink. (Plus, many factors that come into play in real system.) This figure comes from thermodynamics.
It may have achieved 97% fuel use, which is very good, but it most certainly did not achieve 97% mass to energy conversion. (I'd have to check, but I'm fairly certain that's not even theoretically possible with the nuclear reactions used.)
They own the paper -- the instrument of trade -- but not the wealth it represents. So they can take paper notes in exchange for paper notes of equal value.
There certainly are large-scale processes where quantum mechanical effects are evident. I can think of a number off the top of my head. (Schroedinger's cat is not one. That's a thought-experiment.)
That's an entirely different matter from "the fact that a large-scale process is composed of quantum processes does not imply that quantum-mechanical effects are evident in the large-scale process".
I think there's already a database of this. At least, my state, which has a lot of different local tax rates, has a table of all the local tax rates. It's not actually all that complicated -- though it is annoying.
"Relevant" is inspecific. You could claim that since the large-scale process depends ultimately on a quantum process, the quantum mechanics is certainly relevant. That does not mean the large-scale process necessarily has any characteristics of a quantum process.
Technically, an arbitrary physical process (like the functioning of the brain) is based on smaller-scale subprocesses that eventually boil down to quantum-scale interactions.
To claim that this implies that quantum-mechanical behavior would be evident in the larger-scale process shows a misunderstanding of the physics.
That's a bold assumption. Hack to do what? If you get to assume you have complete control over their card readers, you really should just capture there PIN while you're there, rather than guessing.
Actually, if you're writing malcode, the fact that Mac OS X is not Windows XP *is* the problem. It's not just that they have different executable formats and system calls. Regardless of the number or severity of exploits, they have completely separate exploits.
I'm going to go out on a limb and guess that it'll be because they, just like nearly every other piece of malware out there, are only capable of running on a single platform -- regardless of the actual security of that platform.
Slashdot Mirror
In which case the malware is already running on the machine. Considering the point of adding your malware to autorun was to get it running on the machine, I'm not sure this is a significant security risk.
That is spying. You'll clearly see in the post you responded to and TFS the term "filtering", which requires that you also block access to particular content.
They don't actually claim that it's a Linux vulnerability. It's a chipset vulnerability that happens to be incredibly easy to take advantage of on Linux, since the kernel already provides a convenient interface to the necessary hardware (rather than having to do it the hard way).
Note that TFA doesn't mention Linux. The Microsoft Subnet article does, but that's not too surprising. (Note that the Invisible Things guys primarily release proofs-of-concept for Linux.)
If only there was a Wikipedia page that explained what a rootkit is and why malware would use one!
No, stealing the car is a privilege escalation exploit (and potentially a remote code execution exploit first).
This is a rootkit -- which is like deciding what to do with the car after you've stolen it. There are lots of simple, straightforward approaches -- stealing the battery, stealing the stereo, or taking it to a chop shop. You get something, but the owner of the car certainly notices, and once you've stolen the battery and left, your interaction with the car is done. You could steal the car and sell it (bigger payoff), but the chances of getting caught are much higher. This is more like using your access to the car to make a duplicate of the keys and install a hidden tracking device. If all you want is to steal the battery, it's much too complicated. But, it allows you to take what you want when you want it, and gather potentially-useful information (depending on the car's owner) without detection.
If you have root you can plant a root kit in any number of ways, heck just replace the kernel if you want.
Replacing the kernel tends to trigger systems designed to catch intrusions, as it's painfully obvious. Running your malware persistently without being detected by the system is the point of a rootkit.
You can reasonably accurately measure the health and capacity of the battery. Presumably the recharging stations would do this, would give you the option of purchasing limited-charge batteries, and would charge you less for them.
they're not very efficient at all, they don't last forever, and they're not particularly cheap
So... like an internal combustion engine, then?
I'm not familiar with the specific technology here, but most of these heat-recapture systems are Peltier systems. Compared to their power output, for something the size of a car, they're fairly light. Some of them are cheap enough to make -- they're what runs solid-state cooler chests -- but I'm only really familiar with research models (which are hard to price).
It's a constant fraction depending on the temperature difference between the heat source and heat sink. (Plus, many factors that come into play in real system.) This figure comes from thermodynamics.
It may have achieved 97% fuel use, which is very good, but it most certainly did not achieve 97% mass to energy conversion. (I'd have to check, but I'm fairly certain that's not even theoretically possible with the nuclear reactions used.)
Not possible in theory? You should tell the authors of the linked paper that describe how to do it in theory.
They own the paper -- the instrument of trade -- but not the wealth it represents. So they can take paper notes in exchange for paper notes of equal value.
There certainly are large-scale processes where quantum mechanical effects are evident. I can think of a number off the top of my head. (Schroedinger's cat is not one. That's a thought-experiment.)
That's an entirely different matter from "the fact that a large-scale process is composed of quantum processes does not imply that quantum-mechanical effects are evident in the large-scale process".
I think there's already a database of this. At least, my state, which has a lot of different local tax rates, has a table of all the local tax rates. It's not actually all that complicated -- though it is annoying.
No, but the Royal Society does have a Proceedings A in addition to a Proceedings B.
"Relevant" is inspecific. You could claim that since the large-scale process depends ultimately on a quantum process, the quantum mechanics is certainly relevant. That does not mean the large-scale process necessarily has any characteristics of a quantum process.
Technically, an arbitrary physical process (like the functioning of the brain) is based on smaller-scale subprocesses that eventually boil down to quantum-scale interactions.
To claim that this implies that quantum-mechanical behavior would be evident in the larger-scale process shows a misunderstanding of the physics.
And no quantum mechanics does not apply to this research.
True. But they don't say that it does -- they say that they applied a model from quantum mechanics, which is another thing entirely.
Quantum mechanics is not random;
Essentially false.
it's predictable and understandable
Mostly true.
Didn't even bother to read the summary, then?
That's a bold assumption. Hack to do what? If you get to assume you have complete control over their card readers, you really should just capture there PIN while you're there, rather than guessing.
I'm sure that they meant the latter. As you point out, though, the "through space" bit isn't really all that helpful.
Actually, if you're writing malcode, the fact that Mac OS X is not Windows XP *is* the problem. It's not just that they have different executable formats and system calls. Regardless of the number or severity of exploits, they have completely separate exploits.
I'm going to go out on a limb and guess that it'll be because they, just like nearly every other piece of malware out there, are only capable of running on a single platform -- regardless of the actual security of that platform.
If they're using their system to share the data to others, access to the key is not necessarily difficult to come by.