Is the newest version deployed everywhere?
on
GSM Decryption Published
·
· Score: 4, Informative
The weaknesses of this algorithm are well-known and a new version that fixes those issues has been available for a long time. Now, does anyone knows whether this new version has been deployed everywhere? Who is still relying on the older version?
BTW, the algorithm used by 3G networks is different. It is based on AES and the design is publically available.
How is this money wasted? It's a lot of work to produce a spectacularly failing projet. All those programmers and project managers are not free you know. They have to pay their mortgage like everyone else.
Encrypting a hard drive protects the confidentiality of its data. It does not prevent you from cloning the hard drive i.e. it does not protect the authenticity of the hard drive.
In many applications that use RFID tags, authenticity is much more important than confidentiality. Those researchers seem to propose a way to authenticate the RFID tag using its "fingerprint". What I'm saying is that a dynamic challenge-response scheme is much more practical and more reliable.
If you want a secure challenge/response mechanism it would require much more power, an active tag would be required.
An active RFID tag (i.e. a battery powered tag) is not required. Just look at DESFire cards: probably not as cheap as passive RFID tags but they can handle a simple challenge/response mechanism. If you want something more beefy, look at the DDA mechanism specified by EMV and used by Visa and Mastercard: it uses RSA with 3 levels of public keys. It works just fine on simple microprocessor-based contactless cards.
Just use a sensible crypographic authentication mechanism and be done with it. I guess that it is interesting from a "pure science" point of view but I'm not quite sure that this should be used to detect fake passports.
The fact that reading comics promotes litteracy is pretty obvious to anyone living anywhere with a strong "comic book" culture such as Japan, South Korea or French-speaking countries. The problem is that most US comic books are not very good, and the good ones are not targeted as kids (mostly).
Well there's really no debate about Verhoeven's goals. Now, unlike you I do like this movie, probably because I love this cheesy side. Totall Recall and Robocop were quite similar in this regard.
Now why did he decided to adapt the book instead of coming up with his very own story? I don't know. I mean, Starship Trooper is no Harry Potter, it was not a strong franchise. I think that Verhoeven started reading the book, liked the basic idea and bought the rights on the cheap instead of taking the risk of being accused of plagiarism. He also probably loved the idea of Heinlein fans being lured in a movie theater to endure a two-hour long assault on militarism.
Now if you want to watch a really bad movie, locate a copy of Starship Troopers 2. And while I was researching this post, I discovered that there is a Starship Troopers 3. God help us all.
Do you have some hard facts about the history of the scenario of Starship Troopers (the movie)? It's been a while since I read the book but it seems to me that it followed the book quite closely (more than "I, Robot" anyway, this one was really screwed up). However it's obvious that Verhoeven used this movie to express, let's say, a different point of view than Heinlein's. Lots of people complained about the missing "power armors" but I think that Verhoeven simply wanted to make the soldiers more vulnerable, in order to strenghten his arguments regarding the top brass.
In "Explorers on the Moon" (released in 1954), Tintin and Snowy start to explore a cave and fall in a huge cavern whose floor is totally covered by smooth, sloping ice. Funny how his idea was spot-on.
1) The South Korea's Games Rating Board is supposed to certify every game. 2) The Jesus Phone is finally about to be launched in South Korea and it will be widely popular for lots of reasons (you can trust me on this one).
I like to use my blog to rant about unusable products and deceptive practices. Once I got a call from someone working for a large online retailer regarding a post where I labelled one of their practices as a "fraud". Technically it wasn't because the issue was not settled by a court (but another similar company was condemned for a very similar practice). He was very business-like but a bit pushy, so I googled his name. Turns out that he's basically in charge of responding to all the online criticism aimed at his company (a busy job). However, he really seemed to have to power to solve the issues faced by the complainers (misdeliveries, lateness...) so I guess that makes him "one of the good guys." Of course the very existence of such a position shows that the company is not doing a perfect job at handling customer complaints through standard channels (unlike, say, Amazon). Nevertheless, he was very upfront upon the fact that his job was to maintain the online reputation of his firm. If you do not complain online, well, he's not going to help you and you will be stuck with your problem.
Now, of course, I would totally buy from this retailer again because if I had an problem, I could since call this guy (his number is everywhere) and have it solved quickly.
I guess that my point is that it's hard to tell whether your technology will help us or enslave us.
1) The South Korea's Games Rating Board is supposed to certify every game. 2) The Jesus Phone is finally about to be launched in South Korea and it will be widely popular for lots of reasons (you can trust me on this one).
If you worked for an "established" company, i.e. a brick&mortar casino or a maker of slot machines, it should not be a problem. I'm sure that the gambling industry faces lots of interesting challenges (i.e. random number generation, security, following regulations...) Now, if you worked in the shadier side of the industry (online "casinos", "yOu already W0N 1ooo dollrs" emails and the like), well, that could be a problem with many potential employers.
In theory, Java Midlets are not so bad. The problem lies in the complexity of the ecosystem: 1) Lots of J2ME phones means lots of incompatible implementations. 2) The committees in charge of defining the technical specifications moves at a glacial pace. 3) Provisionning and payment systems are outside of the scope of J2ME, so everyone had to build their own. 4) The list goes on and on.
J2ME failed but I'm not sure that it ever had a chance to succeed. But don't blame Java. Blackberry phones are 100% Java (except the kernel) and they are doing OK. Why? Because a single company designs the phones, the OS and the APIs for the applications and came up with a relatively simple way to application developers to make money. Humm, it reminds me of someone, but who?
LDLC, a large French retailer that you've probably never heard about, does the exact same thing. I wrote a "so-so" review for their "house brand" USB Hub (it crashed once in a while) and the review never made it to the website... Simply put, I don't trust "user reviews" anymore and I buy brand-name hardware.
Many kids in Asian countries also spend a lot of time at private institutes, after their regular classes.
Nevertheless, yes, American kids no not work hard enough to compete on a global level. The Economist had an article about this very issue a few months ago.
In nature, an ant can get infected by many kinds of fungus, and when they return to the colony or meet another ant, the fungus can spread to another host.
Similarly, deploying this kind of "digital agents systems" opens another path of transmission for viruses and worms.
It's nice to see that some people are still active in this research area, but does anyone knows of a product that actually use such a principle for real?
The employees that receive those offers should be careful. Apple is deeply committed to their stores, they are not going to disappear overnight. On the other hand, who knows how long those "Windows" stores are going to be open? And what are those stores going to sell again?
If you jump ship now, you may very well end up with a stain on your résumé when one anonymous exec at Microsoft decides (for some reason) to close all those stores.
I bought only two "mainstream" CDs last year: in both cases the CD came in a flimsy paper case with a one-page booklet. I'm talking about a new album here, from a famous artist, not a single and not a re-re-re-release. So the "an album is a piece of art" argument is getting past its prime. Especially when the cover is not all that hot.
On the other hand, the price of the actual CD on Amazon is usually competitive with the price on iTunes (or even cheaper sometimes), so I will keep on buying actual CDs even if I only uses them once, when I rip them as FLAC files. My last "standalone" CD player broke at one point between 2002 and 2008 and I never replaced it. Between that and my favorite radio streaming at 128k, a computer and a decent pair of amplified speakers is all I will ever need.
Reselling those CDs is an option, but with the current prices spiralling down toward 7 or 8 euros per album, with shipping you're only going to make one or two euros on the sale. It is not always worth the shot.
Samsung ST1000: 12 Megapixels, Wifi, GPS. 3G is a difficult feature to sell since it requires a subscription to a mobile network and that's expensive if you only use it from time to time.
This camera is a point&shoot. I guess that anyone carrying a DSLR would not mind carrying a separate GPS module.
When I start a new professional project, I pick the most productive language for the job, according to the circumstances. Usually it's Java because this is the language that everyone in my industry is going to know. In another industry, I guess that I would have to use C, C# or Fortran.
Now, Java is a reasonably efficient language and I like programming in it. Some of my colleagues cringe and prefer to use obscure languages instead, such as OCaml or (Deity forbid), a language they defined themselves. And the moment they quit you are stuck with thousands and thousands of line of code that no one else can understand.
The gist is simple: Python and Ruby are fine languages, but when you're programming for a living, "fun" is usually trumped by more important considerations, such as being able to find another programmer to maintain the code.
Unless there have been leeps and bounds in smart card technology in the past couple of years [...]
Yes, there have been. But one has to keep in mind that security is expensive and that only some applications warrant an investement in modern, secure cards. Govermental ID is certainly one of them.
Slashdot Mirror
The weaknesses of this algorithm are well-known and a new version that fixes those issues has been available for a long time. Now, does anyone knows whether this new version has been deployed everywhere? Who is still relying on the older version?
BTW, the algorithm used by 3G networks is different. It is based on AES and the design is publically available.
How is this money wasted? It's a lot of work to produce a spectacularly failing projet. All those programmers and project managers are not free you know. They have to pay their mortgage like everyone else.
Encrypting a hard drive protects the confidentiality of its data. It does not prevent you from cloning the hard drive i.e. it does not protect the authenticity of the hard drive.
In many applications that use RFID tags, authenticity is much more important than confidentiality. Those researchers seem to propose a way to authenticate the RFID tag using its "fingerprint". What I'm saying is that a dynamic challenge-response scheme is much more practical and more reliable.
Crypto is not only about encrypting data.
An active RFID tag (i.e. a battery powered tag) is not required. Just look at DESFire cards: probably not as cheap as passive RFID tags but they can handle a simple challenge/response mechanism. If you want something more beefy, look at the DDA mechanism specified by EMV and used by Visa and Mastercard: it uses RSA with 3 levels of public keys. It works just fine on simple microprocessor-based contactless cards.
Just use a sensible crypographic authentication mechanism and be done with it. I guess that it is interesting from a "pure science" point of view but I'm not quite sure that this should be used to detect fake passports.
The fact that reading comics promotes litteracy is pretty obvious to anyone living anywhere with a strong "comic book" culture such as Japan, South Korea or French-speaking countries. The problem is that most US comic books are not very good, and the good ones are not targeted as kids (mostly).
Well there's really no debate about Verhoeven's goals. Now, unlike you I do like this movie, probably because I love this cheesy side. Totall Recall and Robocop were quite similar in this regard.
Now why did he decided to adapt the book instead of coming up with his very own story? I don't know. I mean, Starship Trooper is no Harry Potter, it was not a strong franchise. I think that Verhoeven started reading the book, liked the basic idea and bought the rights on the cheap instead of taking the risk of being accused of plagiarism. He also probably loved the idea of Heinlein fans being lured in a movie theater to endure a two-hour long assault on militarism.
Now if you want to watch a really bad movie, locate a copy of Starship Troopers 2. And while I was researching this post, I discovered that there is a Starship Troopers 3. God help us all.
I really wonder how many people on /. will get this one.
Do you have some hard facts about the history of the scenario of Starship Troopers (the movie)? It's been a while since I read the book but it seems to me that it followed the book quite closely (more than "I, Robot" anyway, this one was really screwed up). However it's obvious that Verhoeven used this movie to express, let's say, a different point of view than Heinlein's. Lots of people complained about the missing "power armors" but I think that Verhoeven simply wanted to make the soldiers more vulnerable, in order to strenghten his arguments regarding the top brass.
In "Explorers on the Moon" (released in 1954), Tintin and Snowy start to explore a cave and fall in a huge cavern whose floor is totally covered by smooth, sloping ice. Funny how his idea was spot-on.
1) The South Korea's Games Rating Board is supposed to certify every game.
2) The Jesus Phone is finally about to be launched in South Korea and it will be widely popular for lots of reasons (you can trust me on this one).
But because of 1), the South Korean AppStore will not include games...
Yes, a state can do that.
[Already posted in a similar story a few days ago.]
I like to use my blog to rant about unusable products and deceptive practices. Once I got a call from someone working for a large online retailer regarding a post where I labelled one of their practices as a "fraud". Technically it wasn't because the issue was not settled by a court (but another similar company was condemned for a very similar practice). He was very business-like but a bit pushy, so I googled his name. Turns out that he's basically in charge of responding to all the online criticism aimed at his company (a busy job). However, he really seemed to have to power to solve the issues faced by the complainers (misdeliveries, lateness...) so I guess that makes him "one of the good guys." Of course the very existence of such a position shows that the company is not doing a perfect job at handling customer complaints through standard channels (unlike, say, Amazon). Nevertheless, he was very upfront upon the fact that his job was to maintain the online reputation of his firm. If you do not complain online, well, he's not going to help you and you will be stuck with your problem.
Now, of course, I would totally buy from this retailer again because if I had an problem, I could since call this guy (his number is everywhere) and have it solved quickly.
I guess that my point is that it's hard to tell whether your technology will help us or enslave us.
1) The South Korea's Games Rating Board is supposed to certify every game.
2) The Jesus Phone is finally about to be launched in South Korea and it will be widely popular for lots of reasons (you can trust me on this one).
But because of 1), the South Korean AppStore will not include games... Now that's not keeping up with the times.
If you worked for an "established" company, i.e. a brick&mortar casino or a maker of slot machines, it should not be a problem. I'm sure that the gambling industry faces lots of interesting challenges (i.e. random number generation, security, following regulations...) Now, if you worked in the shadier side of the industry (online "casinos", "yOu already W0N 1ooo dollrs" emails and the like), well, that could be a problem with many potential employers.
In theory, Java Midlets are not so bad. The problem lies in the complexity of the ecosystem:
1) Lots of J2ME phones means lots of incompatible implementations.
2) The committees in charge of defining the technical specifications moves at a glacial pace.
3) Provisionning and payment systems are outside of the scope of J2ME, so everyone had to build their own.
4) The list goes on and on.
J2ME failed but I'm not sure that it ever had a chance to succeed. But don't blame Java. Blackberry phones are 100% Java (except the kernel) and they are doing OK. Why? Because a single company designs the phones, the OS and the APIs for the applications and came up with a relatively simple way to application developers to make money. Humm, it reminds me of someone, but who?
LDLC, a large French retailer that you've probably never heard about, does the exact same thing. I wrote a "so-so" review for their "house brand" USB Hub (it crashed once in a while) and the review never made it to the website... Simply put, I don't trust "user reviews" anymore and I buy brand-name hardware.
Many kids in Asian countries also spend a lot of time at private institutes, after their regular classes.
Nevertheless, yes, American kids no not work hard enough to compete on a global level. The Economist had an article about this very issue a few months ago.
Well, we already have bit rot.
In nature, an ant can get infected by many kinds of fungus, and when they return to the colony or meet another ant, the fungus can spread to another host.
Similarly, deploying this kind of "digital agents systems" opens another path of transmission for viruses and worms.
It's nice to see that some people are still active in this research area, but does anyone knows of a product that actually use such a principle for real?
The employees that receive those offers should be careful. Apple is deeply committed to their stores, they are not going to disappear overnight. On the other hand, who knows how long those "Windows" stores are going to be open? And what are those stores going to sell again?
If you jump ship now, you may very well end up with a stain on your résumé when one anonymous exec at Microsoft decides (for some reason) to close all those stores.
It was just a sheet folded in half.
I bought only two "mainstream" CDs last year: in both cases the CD came in a flimsy paper case with a one-page booklet. I'm talking about a new album here, from a famous artist, not a single and not a re-re-re-release. So the "an album is a piece of art" argument is getting past its prime. Especially when the cover is not all that hot.
On the other hand, the price of the actual CD on Amazon is usually competitive with the price on iTunes (or even cheaper sometimes), so I will keep on buying actual CDs even if I only uses them once, when I rip them as FLAC files. My last "standalone" CD player broke at one point between 2002 and 2008 and I never replaced it. Between that and my favorite radio streaming at 128k, a computer and a decent pair of amplified speakers is all I will ever need.
Reselling those CDs is an option, but with the current prices spiralling down toward 7 or 8 euros per album, with shipping you're only going to make one or two euros on the sale. It is not always worth the shot.
Samsung ST1000: 12 Megapixels, Wifi, GPS. 3G is a difficult feature to sell since it requires a subscription to a mobile network and that's expensive if you only use it from time to time.
This camera is a point&shoot. I guess that anyone carrying a DSLR would not mind carrying a separate GPS module.
When I start a new professional project, I pick the most productive language for the job, according to the circumstances. Usually it's Java because this is the language that everyone in my industry is going to know. In another industry, I guess that I would have to use C, C# or Fortran.
Now, Java is a reasonably efficient language and I like programming in it. Some of my colleagues cringe and prefer to use obscure languages instead, such as OCaml or (Deity forbid), a language they defined themselves. And the moment they quit you are stuck with thousands and thousands of line of code that no one else can understand.
The gist is simple: Python and Ruby are fine languages, but when you're programming for a living, "fun" is usually trumped by more important considerations, such as being able to find another programmer to maintain the code.
Yes, there have been. But one has to keep in mind that security is expensive and that only some applications warrant an investement in modern, secure cards. Govermental ID is certainly one of them.