Okay, so there is another possibly vulnerability. Hidden transmitter that the victim walks past... But it seems like a bit of a movie plot kinda threat. If you could hide a transmitter somewhere that it is close enough to work and also make sure it can't be traced back to you, there are probably easier things you could do to get at your victim.
I'm not dismissing the danger, I'm asking what are the risks that a random person fitted with a "smart" pacemaker or whatever has to consider. So far it mostly seems like elaborate and unreliable assassination methods. Maybe someone could steal some of your medical data somehow, but how (attack the doctor's PC?) and what is the risk of them having it?
Isn't this one of the problems that HTTPs is supposed to fix? The wifi might be bugged, but you can verify you are really talking to the bank and then establish a secure connection over HTTPs and your details are protected.
If it were any other way you would be pretty much screwed because your packets have to pass through many untrusted servers on their way to the bank.
If Europe gives up on diesel, they will need to spend billions to build new or to retrofit refineries, or else take a hit and export the diesel.
Europe is moving away from oil as a fuel in general. Countries that can see that coming are pushing harder for it, with announced cut-off dates for the sale of combustion engine vehicles (outside of specialist applications).
It's a shame German car manufacturers put so much effort into diesel instead of hybrids and pure EVs. I guess they didn't have the vision that some Japanese manufacturers and Tesla did.
As I understand it some implantable devices have short range radios, mostly NFC based because anything else will run down the battery too fast and changing it isn't exactly easy. It's not like people's pacemakers are connected directly to the internet or anything.
So potentially they could be harmed by a very close range attack... But it seems like there are plenty of other, easier ways to harm people at that range. It's not even stealthy, because if someone's pacemaker randomly gets exploited anyone stood near them is going to be a suspect. I suppose maybe the attack could involve some sort of time delay.
The other vulnerable part of the system is the bit doctors use to read data from the device and reprogram it. It could be infected and reprogrammed to do some damage. I guess it could even target an individual if the serial number of their device was known.
I'm not including the usual "don't stand next to any big microwave emitter" type vulnerabilities, those aren't new and affect non-connected devices too.
We have to be pragmatic. We can do a lot to reduce power consumption, but ultimately we still need a lot of it. So we can build wind turbines or we can build nuclear and coal and gas power. In the scheme of things, while we should do everything we can to protect birds, it's still better than building another nuclear plant (which will kill at least as many).
I agree that TFA isn't the best... It could include information about all that stuff. I'm almost tempted to archive links for when this kind of thing comes up, but the problem is they become stale and link dumping is the favourite tactic of the post-truth brigade.
I'd suggest getting a separate wifi AP. There are a few advantages. It's easy to upgrade when a new standard becomes available, you can position it ideally rather than where you want the router to be, it's easier to isolate and compromising it doesn't compromise your main router...
Considering how much you save with one of these, you could get a really nice Ubiquity AP or something like that.
I'm still on 8.1. I've been trying so hard to move to Linux... It seems like it should be ideal for me, but I just keep running into issues. I might eventually get there, hopefully.
Even 2019 is probably too early. There will either be a transition period lasting several years, or there will be a cliff edge and our economic bus will go flying over it.
It's widely acknowledged in the UK that successive governments have fiddled the numbers by quietly redefining unemployment over the decades. It's the same as inflation - when the government needs to get it down, they redefine it to include things that are not suffering price inflation as much.
It's also worth noting that the unemployment rate doesn't include people who are under-employed, like people on zero hour contracts or in part time work or forced into self-employment who want full time.
Sometimes there are good reasons to redefine these things. Sometimes the government does stuff that genuinely helps people. Mostly it's just lies, if not outright then by omission or cherry picking. That's why we moved into the post-truth era of UK politics shortly before Brexit. No-one believes any statistics any more, including unemployment figures.
Some of those jobs are moving to Europe now too. Financial institutions are already moving jobs, or planning to do so. The politicians can't reassure them, because they can't guarantee a deal until 2019 just before we leave, so these companies are forced to put contingency plans in place and it's also an opportunity for them to consider moving business elsewhere anyway.
Seems very expensive for what it is... If you go on AliExpress and search for "x86 router" or "arm router" you will find hundreds of options costing less than 1/3rd as much. For example: https://www.aliexpress.com/ite...
Celeron J1900 (quad core, 2.4GHz) 1x DDR RAM RAM socket Intel chipset mSATA SSD slot 4 Intel I211AT gigabit LAN ports 3x USB 2.0 1x USB 3.0 2x MiniPCIe ports 10W max power consumption
The case has holes for wifi antennas, which you can order with it. It's pretty much a standard PC so will run whatever Linux or even Windows OS you want. It's got VGA as well which can be handy for an emergency shell.
You could add a really simple UPS with a 12V lead acid battery and a few diodes too.
"Uh, yeah, I, er, spilt my coffee (0% alcohol content) on the â100,000 flight console because a drone startled me. And blinded me with its illegal eBay laser pointer. And touched the co-pilots arse... See I was just trying to grab it, the drone I mean, that's why my hand was down there."
Get one of those fire-proof LiPo charging bags off eBay for a few bucks, then put on your oven mitts and carry it into the Apple store, smoking away*, with a pair of tongs. If you can borrow a hazmat suit, even better.
When the "genius" asks what's going on, you can tell them that they told you to bring this bomb in for a battery replacement good luck it's their problem now.
I actually design products that use batteries and one absolute requirement is that they fail in a safe manner. Short of ridiculous abuse like throwing the thing in a fire, if they get slammed around or dropped etc. they need to not explode or catch fire.
We mostly use NiMH cells when we need to recharge, because it's easier to ship and safer than LiPo. We do use lithium primary (non-rechargeable) cells though, and the products are designed so that if they do start venting hydrogen or heating up they will fail in a way that dissipates the gas and heat safely.
Having said that, whenever Apple has had battery problems they have always turned out to be third party replacements or abuse, and if the iPhone 4s was badly designed I think we would know about it by now.
Last week another company set up an FTP server for one of our older products to send data to. I know, FTP, but this thing predates my joining the company and it does actually work quite well. Anyway, they were having trouble so we logged in and found ourselves dumped into the root of their Linux server. We could see everything and seemed to be running at root.
I emailed them about it and they said it was fine because the machine was "isolated".
My policy is to report the bug if the company has a reasonable looking bug bounty programme. Such a programme demonstrates that they probably have the right attitude, and even if it's just a trap you can point to it in court as evidence of your good faith.
If there is no bug bounty programme I'll either ignore it or report it anonymously to a relevant mailing list. If the company has a contact email address (not a web form) then I'll CC them in.
Anything else is too risky. If you want responsible disclosure, be open about it, set up a proper mechanism and offer at least a token amount of cash.
I can't see how it could really work with cats. Cat communication is mostly non-verbal, so it would need a camera to look at them and good luck getting that to work with black cats. My cat is all black and it's really hard to get good photos of him with even a DSLR, let alone a phone camera.
Kittens do vocalize more than adults, but mostly to get the attention of their mother rather than communicate what they want. When they grow up the naturally stop using their voices, except when trying to intimidate other cats. Domesticated cats often learn to talk to humans because it's a very effective way to get a response, but they aren't really saying anything, just making a noise that causes their staff to pay attention. In other words it's little more than what a human communicates by ringing a bell to summon their servants.
To understand what the cat is feeling you need to look at it and observe its behaviour. Even then, they tend to communicate things like "I want to be fed" by simply going to the place where they are normally fed or sitting on your face until you get out of bed.
It can be very hard to prove specific crimes to the required standard for the police to take an interest, but it's usually much easier to show that there was an atmosphere of sexual harassment. Emails, witness statements, text messages, evaluations etc.
That's why these things usually go the civil suit route. Emails can be saved, proving someone touched you when no one else was around is nearly impossible.
Okay, so there is another possibly vulnerability. Hidden transmitter that the victim walks past... But it seems like a bit of a movie plot kinda threat. If you could hide a transmitter somewhere that it is close enough to work and also make sure it can't be traced back to you, there are probably easier things you could do to get at your victim.
I'm not dismissing the danger, I'm asking what are the risks that a random person fitted with a "smart" pacemaker or whatever has to consider. So far it mostly seems like elaborate and unreliable assassination methods. Maybe someone could steal some of your medical data somehow, but how (attack the doctor's PC?) and what is the risk of them having it?
Isn't this one of the problems that HTTPs is supposed to fix? The wifi might be bugged, but you can verify you are really talking to the bank and then establish a secure connection over HTTPs and your details are protected.
If it were any other way you would be pretty much screwed because your packets have to pass through many untrusted servers on their way to the bank.
If Europe gives up on diesel, they will need to spend billions to build new or to retrofit refineries, or else take a hit and export the diesel.
Europe is moving away from oil as a fuel in general. Countries that can see that coming are pushing harder for it, with announced cut-off dates for the sale of combustion engine vehicles (outside of specialist applications).
It's a shame German car manufacturers put so much effort into diesel instead of hybrids and pure EVs. I guess they didn't have the vision that some Japanese manufacturers and Tesla did.
Remind us again what the down sides to limiting vehicle emissions are.
What are the actual risks here?
As I understand it some implantable devices have short range radios, mostly NFC based because anything else will run down the battery too fast and changing it isn't exactly easy. It's not like people's pacemakers are connected directly to the internet or anything.
So potentially they could be harmed by a very close range attack... But it seems like there are plenty of other, easier ways to harm people at that range. It's not even stealthy, because if someone's pacemaker randomly gets exploited anyone stood near them is going to be a suspect. I suppose maybe the attack could involve some sort of time delay.
The other vulnerable part of the system is the bit doctors use to read data from the device and reprogram it. It could be infected and reprogrammed to do some damage. I guess it could even target an individual if the serial number of their device was known.
I'm not including the usual "don't stand next to any big microwave emitter" type vulnerabilities, those aren't new and affect non-connected devices too.
You can disagree with their arguments, but there's no need to lie about them and make a straw man... Unless you don't have a real counter argument.
We have to be pragmatic. We can do a lot to reduce power consumption, but ultimately we still need a lot of it. So we can build wind turbines or we can build nuclear and coal and gas power. In the scheme of things, while we should do everything we can to protect birds, it's still better than building another nuclear plant (which will kill at least as many).
I agree that TFA isn't the best... It could include information about all that stuff. I'm almost tempted to archive links for when this kind of thing comes up, but the problem is they become stale and link dumping is the favourite tactic of the post-truth brigade.
I'd suggest getting a separate wifi AP. There are a few advantages. It's easy to upgrade when a new standard becomes available, you can position it ideally rather than where you want the router to be, it's easier to isolate and compromising it doesn't compromise your main router...
Considering how much you save with one of these, you could get a really nice Ubiquity AP or something like that.
I'm still on 8.1. I've been trying so hard to move to Linux... It seems like it should be ideal for me, but I just keep running into issues. I might eventually get there, hopefully.
Even 2019 is probably too early. There will either be a transition period lasting several years, or there will be a cliff edge and our economic bus will go flying over it.
It's widely acknowledged in the UK that successive governments have fiddled the numbers by quietly redefining unemployment over the decades. It's the same as inflation - when the government needs to get it down, they redefine it to include things that are not suffering price inflation as much.
It's also worth noting that the unemployment rate doesn't include people who are under-employed, like people on zero hour contracts or in part time work or forced into self-employment who want full time.
Sometimes there are good reasons to redefine these things. Sometimes the government does stuff that genuinely helps people. Mostly it's just lies, if not outright then by omission or cherry picking. That's why we moved into the post-truth era of UK politics shortly before Brexit. No-one believes any statistics any more, including unemployment figures.
Some of those jobs are moving to Europe now too. Financial institutions are already moving jobs, or planning to do so. The politicians can't reassure them, because they can't guarantee a deal until 2019 just before we leave, so these companies are forced to put contingency plans in place and it's also an opportunity for them to consider moving business elsewhere anyway.
I don't like the way you can "buy" a product, and then the manufacturer remotely disables some of the functionality you paid for.
Not upgrading is not a viable option, because you need security patches.
Seems very expensive for what it is... If you go on AliExpress and search for "x86 router" or "arm router" you will find hundreds of options costing less than 1/3rd as much. For example: https://www.aliexpress.com/ite...
Celeron J1900 (quad core, 2.4GHz)
1x DDR RAM RAM socket
Intel chipset
mSATA SSD slot
4 Intel I211AT gigabit LAN ports
3x USB 2.0
1x USB 3.0
2x MiniPCIe ports
10W max power consumption
The case has holes for wifi antennas, which you can order with it. It's pretty much a standard PC so will run whatever Linux or even Windows OS you want. It's got VGA as well which can be handy for an emergency shell.
You could add a really simple UPS with a 12V lead acid battery and a few diodes too.
You probably could use an Arduino...
http://lallafa.de/blog/amiga-p...
A Raspberry Pi makes a reasonable router. The main limitation is the speed of USB-Ethernet adaptors. They are sub 5W and cheap too.
"Uh, yeah, I, er, spilt my coffee (0% alcohol content) on the â100,000 flight console because a drone startled me. And blinded me with its illegal eBay laser pointer. And touched the co-pilots arse... See I was just trying to grab it, the drone I mean, that's why my hand was down there."
Get one of those fire-proof LiPo charging bags off eBay for a few bucks, then put on your oven mitts and carry it into the Apple store, smoking away*, with a pair of tongs. If you can borrow a hazmat suit, even better.
When the "genius" asks what's going on, you can tell them that they told you to bring this bomb in for a battery replacement good luck it's their problem now.
* dry ice works great for this
I actually design products that use batteries and one absolute requirement is that they fail in a safe manner. Short of ridiculous abuse like throwing the thing in a fire, if they get slammed around or dropped etc. they need to not explode or catch fire.
We mostly use NiMH cells when we need to recharge, because it's easier to ship and safer than LiPo. We do use lithium primary (non-rechargeable) cells though, and the products are designed so that if they do start venting hydrogen or heating up they will fail in a way that dissipates the gas and heat safely.
Having said that, whenever Apple has had battery problems they have always turned out to be third party replacements or abuse, and if the iPhone 4s was badly designed I think we would know about it by now.
Last week another company set up an FTP server for one of our older products to send data to. I know, FTP, but this thing predates my joining the company and it does actually work quite well. Anyway, they were having trouble so we logged in and found ourselves dumped into the root of their Linux server. We could see everything and seemed to be running at root.
I emailed them about it and they said it was fine because the machine was "isolated".
My policy is to report the bug if the company has a reasonable looking bug bounty programme. Such a programme demonstrates that they probably have the right attitude, and even if it's just a trap you can point to it in court as evidence of your good faith.
If there is no bug bounty programme I'll either ignore it or report it anonymously to a relevant mailing list. If the company has a contact email address (not a web form) then I'll CC them in.
Anything else is too risky. If you want responsible disclosure, be open about it, set up a proper mechanism and offer at least a token amount of cash.
This is much worse. CNN didn't go through with its threat.
I can't see how it could really work with cats. Cat communication is mostly non-verbal, so it would need a camera to look at them and good luck getting that to work with black cats. My cat is all black and it's really hard to get good photos of him with even a DSLR, let alone a phone camera.
Kittens do vocalize more than adults, but mostly to get the attention of their mother rather than communicate what they want. When they grow up the naturally stop using their voices, except when trying to intimidate other cats. Domesticated cats often learn to talk to humans because it's a very effective way to get a response, but they aren't really saying anything, just making a noise that causes their staff to pay attention. In other words it's little more than what a human communicates by ringing a bell to summon their servants.
To understand what the cat is feeling you need to look at it and observe its behaviour. Even then, they tend to communicate things like "I want to be fed" by simply going to the place where they are normally fed or sitting on your face until you get out of bed.
It can be very hard to prove specific crimes to the required standard for the police to take an interest, but it's usually much easier to show that there was an atmosphere of sexual harassment. Emails, witness statements, text messages, evaluations etc.
That's why these things usually go the civil suit route. Emails can be saved, proving someone touched you when no one else was around is nearly impossible.