Hey, you gave great info. Thanks for posting, even as an AC.:)
Wouldn't these be susceptible to the same type of attacks as the ones that steal access card data. You know, the proximity cards that you have to swipe within an inch or so of the scanner on a secure room door. Weren't they proven to be readable from 10' or so with the right equipment, which would fit in a person's pocket? They're the same idea. An inductive loop in the card which powers the chip to transmit it's ID, which has to be within range of the scanner to work.
I use one on a regular basis. It's on my tags lanyard, where I have 5 different cards (each for a special purpose). All I have to do is flip the right card out, and almost touch it to the scanner to make it work. If I leave them all together, they all energize and conflict.
I'm making a lot of assumptions, but I'm curious. Hopefully I'll never need a pacemaker to have to ask the doc about it.:)
I was thinking that boosting the signal would increase the range. Any encryption would still need to be worked around.
I'm confused by your statements. You say that you can't comment on the RF communications of Medtronics, but then you say the communication isn't RF. If it's not wired, and it's not RF, how does it talk? Electrical impulses through the skin, using the body as the conductor?
It's ok if you can't say, I understand.:) At least we got more of an expert opinion in here than we usually do.:)
Can you find citations for those last two? The first two, there are so many vehicle recalls, I can't even begin to guess which ones they are.
It seems unreasonable for the gear to retract while on the ground. Well, it would depend on the aircraft. If the gear retracted horizontally, the hydraulics would have to pull the weight of the aircraft sideways against the tires. So... I called a friend who's a pilot. He's flown more planes than I've driven cars, and he's flown more years than I've been alive (sorry for calling you old, I know you'll see this). He said there was a problem like that in WWII era aircraft. He hasn't heard of anything like it in anything resembling modern aircraft.
On the second one, I remember that one. It was a girl in the US. I believe she was driving a Saturn. She had tried to return it as a lemon, mostly because she couldn't afford it. She ended up calling 911 one day saying she couldn't stop the car. The police found her circling at about 15mph in a parking lot. She claimed she couldn't:
1) get it out of gear (put it in neutral) 2) push the brakes hard enough to slow down 3) turn off the key 4) active the emergency brake
The police watched her circle for an hour or so. It was the safest thing to do, since she wasn't an immediate danger to anyone (circling in an empty parking lot is relatively safe). The car eventually ran out of gas. A service tech from the dealership was there with a can of gas. He put gas in it, started it up, and it drove normally.
Wow, a response from someone who actually knows something about the topic? Isn't there a rule against that here?:)
So, I guess you're the only person that I've run across so far that I could possibly ask questions...
The article said that the data is unencrypted, but needs physical contact to the chest due to the low power transmitter. Could that be overcome with high gain equipment?
Like with WiFi, I put a 200mw card on a 24dBi antenna, and maintained a connection to a device at over a mile, where the device on the other side that was only suppose to have a 300 foot range. That's assuming I wanted to maintain a full duplex connection.
Would it be assumable that the "hack" could broadcast a high power update. For example, a 1w transmitter, with a high gain antenna, repeatedly sending the update "max bpm=4" would be a fatality. I could assume that it isn't quite so easy, but even if it's a multi-step process, if those are known steps the correct updates could be sent. For example, if it was "go to update mode" --> "update max bpm" --> "set max bpm", those could be sent in sequence with the appropriate delays in place. Think a chat or expect script.
With the encryption that you say your company uses, wouldn't it simply be a matter of acquiring a single sending device, and reverse engineering it? While hospitals seem secure, people end up in places they don't belong, or can socially engineer themselves in. How hard is it to get on the janitorial staff, and come into work one day with a lock pick set, and walk out with the programmer?
All these are silly questions, since if you can get in range for a decent power transmitter, an assassination could be done so many other ways. It would simply leave less of a fingerprint for someone to follow, and give the person more time to get away before his action is noticed. I'm assuming a high profile figure, not your average patient.
Really, it wouldn't become a problem anyways, until someone sat outside a cardiac care unit and swept the place with a high power signal. One instance like that is enough to say there's a real problem. Then again, how long were patients told to avoid microwave ovens, and how many problems happened before the notices started going out?
I don't want this to sound like the obligatory "me too" posting, but where do I sign up?
I've done quite a bit of network security. One of the sites I worked for had amazingly high traffic (millions of web viewers daily) and was constantly bombarded by attacks. In the late 90's, I'd cite 10 per second. That rate kept going up, but their success rate remained 0. Those ranged from basic DoS to well constructed intrusion attempts.
I kept our network secure through good firewall rules and access controls. On a fairly regular basis, I was asked to help with intrusions on other people's networks, where I'd identify, isolate, clean up, and protect. It was always interesting (bordering on fun) to see how they were doing things, and protect against those actions.
I know my methodology wouldn't be the same as the USAF method, but it's real world experience to make the "bad guys" go away. Unfortunately, retaliation was not an option, as a civilian I have no legal protection in such actions.
I cannot enlist in the US Armed Forces, as I've had surgery done on one of my eyes, and this restricts my ability to enlist. In a field like this, I am good. I say good, because I know there are people better than me, they're just very rare to meet.
My site (in my header) should give sufficient information to find me. Just don't park a black helicopter over my house, it annoys the neighbors.:) (Been there, done that, have the video of it). You should already have a file on me, marked "mostly harmless".
I've traveled a few times with firearms in my luggage. It did expedite me to getting my checked luggage looked at, but the rest of the trip went normally.
The only odd part was, I had to unlock the case the gun was in, show them that it wasn't loaded, and then put it all back. While I'm very comfortable with firearms, holding a gun in an airport seems like a good way to get myself shot, which would suck since I didn't even have ammo.:)
I'd hate for one of them to wander off. Guns are kinda expensive, and I'd hate to lose any of mine.
I know. Actually, the zipper is usually more likely to give way than the lock, but since most luggage is soft these days, a box cutter will open almost any of them very nicely, and faster than fiddling with the zipper anyways.:)
I had TSA approved locks. They survived about 3 trips. On the last trip, when I got my bags, I found the cut locks in the bottom of the bags, with the TSA advisory that the bag had been searched.
So much for doing the "right" thing. I just gave up locking them. The only people I worry about stealing from my bags are the people who can open those locks anyways.
I've been through a *LOT* of airports in the US. Pretty much every major airport.
I've only ever been asked once to turn on my laptop, and that was pre-9/11. I was leaving Detroit for Amsterdam. The funny thing was, the battery was dead. I told the security guy, if he could walk me over to a power outlet, I could plug it in, and turn it on for him. Otherwise, he was out of luck. He didn't make me, but we did chitchat about my work for a while. I worked at an adult company, and he was familiar with the company, so it made for an unusual conversation, but it was neat talking to a fan of the site. With several million daily viewers, it wasn't unexpected to bump into a few regular viewers, I just didn't expect it.
The police may escalate force by one step. It is preferred to keep it at the lowest and most lethal level possible. Spraying with water is a valid use to quell a disruption, because it is much less lethal than physical force (hands, batons, etc), tasers, mace, or firearms.
There are a few comments on your message, which I'll clarify to the best of my knowledge.
Assault is the threat to commit an action, usually a bodily harm.
Battery is any non-consensual touching.
So assault and battery would be saying "I'm going to kick your butt", and then doing it.:)
Aggravated can be used with either word, indicating a weapon of some sort was used.
Most of the definition of assault is the belief that the accused could actually do the action they claim they can do. For example, there was a 70-something drunk outside my office one night. I didn't want to hurt him, but he was threatening me. I called the police, because I was afraid I'd hurt him if I pushed him over. He threatened everything from a physical beating, to killing me. The police heard it when they got there, so there was no question to if it had been said.
At the time, I was in my late 20's in good shape. The police asked me if I wanted to press charges. We both knew it wouldn't stick in court. Little old 70-something drunk vs me, no matter how angry he was wouldn't have been able to put up a fight of any sort. Even if he had a gun in one hand and a knife in the other, he was too uncoordinated to carry out his threats.
So, how does this relate?
The operator of the robot is using a weapon. It is a device which has the implied force to cause harm. He is threatening people with it's force, which in itself is aggravated assault. When he sprays them with the water, it has now become aggravated battery. If he was justified is questionable. Spraying someone with a water hose because they were standing on a sidewalk near his property is very questionable. A sidewalk is public property. It would be up to the police to decide if a citation would be issued, and then to the courts to decide if said person would be convicted of any crime.
It's never up to the individual to make such decisions. So, although IANAL, it would seem obvious that the person in control of the robot is opening himself up for huge liability.
If local law enforcement decides to act on it for criminal action is doubtful. They seem pleased that he is helping. Charges may be brought up though, which can still land him in court, if the DA/ADA is looking for some bad press though. There may be civil charges which would only involve the individuals and the courts. Based on who he's harassing, I doubt that would happen, but it could.
I'm sitting outside, by myself, away from anyone else (because maybe I'm just freakin' antisocial sometimes, ok?). Someone who DOESN'T smoke happens to walk where I am. That is, goes out of their way to walk through what's obviously a smoking area, which isn't a normal traffic route, and then complains that I'm smoking.
It's fine an all, I usually pull out another cigarette, and offer it to them. When they give me a disgusted look, I light the second one, to get a good running start on chain smoking. Kinda sucks if I just lit the first one, but hey, whatever.:)
This reminds me of the real early days of web sites. Just past when people were excited about being able to put "hello world" up, and when they started charging people for content.
"Secure" pages, were usually some obscure web page under the main site. Security was that your members are was called http://example.com/members_mysecret .
And then people started getting smarter. Oh my gosh, that.htaccess actually can actually control access. But what do we do about the crappy billing company that doesn't actually give you login information, they just tell you to protect by HTTP_REFERER?:)
If this happened on all the super-kewl-elite hax0r sites, then the good old C&D wouldn't be doing much good, they'd be crying about how the hackers have infiltrated their security.
So my advice. Suck it up, and hire someone who knows at least something about security, and make your application work securely, if you don't want the whole world to use your content.:) You can't blame Howard for your own security problem. Would "Bank of America" be able to blame the hackers, if there was a super secret file called http://bankofamerica.com/all_customer_info.3.7.2008.zip ?
Well.... It's not free. Like a few other people said, you're suppose to pay. There is a free version for one person to try. Deploying it on all your machines, or on your whole network is a no-no. Really, you should support 'em, if you like it anyways.
But, with what you're saying.. I went to my mother-in-laws place, and there were 2 badly virus infected machines, and 2 that were "ok".
Avast did a pretty good job cleaning one up, but there was one pesky virus that it couldn't actually manage to kill. I resorted to the "Trinity Rescue Kit" (yes free, you should donate if you use it).
The second was pretty much DOA. All the DLL's and EXE's had been removed. I did let the TRK run against that, and found something like 12,000 virus infected files. It looked like a bot slave for the P2P networks. Thousands of files with names like things people may search, but were actually viruses.
Now for the two "ok" machines. One had no antivirus, but was actually ok.:) It was a laptop, so it wasn't used much.
The second was a desktop, which was used frequently. It has Symantec's crap running. I let it scan itself, and it registered that all was fine. Being that I don't trust a computer illiterate person who's been using this computer for a couple years to have not gotten anything, I uninstalled all the Symantec crap (That was a long process), and then installed Avast. It found two. Spybot found a few things too. I left her running Avast and SpyBot, and I feel secure that next time I have a look around, her machines will be clean.
I was born in '73. I do remember it being out occasionally.
I grew up in a rural area, which meant not too many people were fiddling around with our equipment. Once the wire was run, assuming no one accidentally cut it or knocked down a telephone pole, things ran great.
Now, quality of service had a lot to be desired. We couldn't upgrade to a touch tone phone until the late 80's. That made it a pain in the butt to BBS with, since I had to ATDP instead of ATDT.:) My friends would ask "why does your modem click", and I'd have to explain how ancient our circuits were. It wasn't until the early 90's where I could maintain a decent speed connection.
It was noticeable even on voice calls. We frequently asked the caller to repeat what they were saying.
Then again, I do that now on the cell phones. Instead of "line noise, please repeat", it's "bad signal, please repeat".
Power in Florida has gotten almost more reliable than the phones. Do a google search for "Lightning Capital of the World", and you'll find the area I grew up in.:) They've improved redundancy and surge suppression at both the power stations and homes. Now, it's usually a matter of seconds during an outage, not hours.
When I was growing up (in rural nowhere), we'd frequently have 6+ hour outages. Maybe it's because I've lived in metro areas since then, but even a 5 minute outage is a significant event. I put a UPS on one of my home machines (that must stay up), and I really only need it to handle about 5 seconds at most. A 5 second outage on a machine that's been running a task for 3-4 days is pretty damned significant.:)
But, the middle doors aren't doors, those are emergency exit windows.:)
Many planes have forward and rear doors on both sides. The rear doors are frequently used by staff and maintenance folks. You gotta get the bodies off somehow.
The only door I've ever seen used for regular service is the forward port door (like, left side). It always seems easier when it's located to the rear of first class. Some of the larger planes are this way. It would seem to make sense to utilize all the openings, rather than just one. It may actually get some fresh air in there between flights too.
Sometimes the late passenger isn't the passenger's fault.
I've been left with 15 minutes to get to my second flight, when my first flight touched the ground. I have yet to miss a flight like that, and I have only begged once for them to reopen the door.:)
Last week in Vegas, we got off our first flight, and had 90 minutes to get to the second one. We went to the departure gate, and verified the sign still said our flight and destination, so we went to eat. With about 20 minutes of boarding time left, we showed back up to the same gate, which was now closed. No agents, no passengers, nothing. I checked the boards. It had been moved to another gate in another area of the airport. We made it with about 5 minutes of boarding left (about 15 passengers still in the boarding area).
Now, am I suppose to really camp out at the gate for the full 90 minutes? No way. Was I suppose to know that what should have been a 30 minute meal in any somewhat capable restaurant would take 70 minutes? (btw, "Chili's Too!") They weren't even busy, they were just pathetically slow.
We had intended to blow $1 on the slot machines, and didn't even get a chance, because the restaurant was so damned slow.:)
When I'm traveling alone, I always ask for first class upgrades. They usually come in from $50 to $125, depending on where I'm flying to and how many segments there are. If I'm traveling with my wife, it's a little trickier, since the upgrade seats won't always be together. We make coach more comfortable by raising the armrests. No, no mile high club stuff.:)
Being seated in first class first means that I get on first, or whenever I arrive. As soon as I sit down, I get served a drink. Whatever drink. I've had 3 mixed drinks on a slow boarding before. They just have to collect the drinks for takeoff. I had a few more during the flight, so I wasn't exactly walking straight by the time we landed.
I tend to sleep on planes. When I miss the meal service (which happens a lot), The steward/stewardess usually tells me when I wake up, and they've held my meal for me. And yes, the 1st class food is MUCH better than the coach food.
The other comment of the overhead storage is wrong. Every airline I've been on is very pissy about who can put things in the first class overhead storage. Usually coach passengers cannot put their items in the first class overhead storage. I believe this is mostly because they don't allow coach passengers to go into the first class area during the flight.
What I find really funny is, quite a few times I've flown with only one or two other passengers in first class, even when it was a $100 or less upgrade. I always tell my friends, "ask for the first class upgrade."
I've only ONCE had a problem with it. Unfortunately, I can't remember the airline. At the time, I was flying about once a week, so I was racking up air miles. I was flying from Florida to Los Angeles (LAX). Between mechanical problems and weather problems, I sat around at the airport for almost 12 hours. I finally got them to get me back to LA somehow, which ended up being through DC. They couldn't get me into first class, even though I was rather irate at this point. They said I could try to upgrade the DC to LA flight, but I'd have to do that in DC. Ok, 2 hour layover, plenty of time.
When I got to DC, there were seats available. They said I could either pay with air miles, or dollars. I had $800 cash in my pocket, plus my bank cards. I knew it was bad news when the guy wrote down the number on a piece of paper and slid it to me. $1,500 to upgrade the ticket. I had some less than kind words to say to him as I left the counter.
The seats I had were terrible anyways. Like, my butt went numb on both flights about 30 minutes in. The ride was terrible. On the second flight, they were nice enough to move me to an exit row. It wasn't until after we took off that I realized, they had done it to put me by an air marshal.:) Hey, whatever. It's gotta be one of the safest seats on the flight. He was bitching about the flight too, so I know I wasn't the only one.
I fly a lot too. I book whatever airline is going to get me there cheapest, fastest, and at the right time, so I don't have a bunch of miles on particular airlines.
I carry a pretty hefty laptop bag, and depending on the city and season a fairly large jacket. The laptop bag is a roller bag, so I can usually get it stuffed under the seat ahead of me just as I sit down. My jacket usually doesn't come off until after I'm seated, but I leave it under me, so no big deal.
I know *EXACTLY* the passengers you're talking about though. The guy standing in the aisle, digging through his bag in the overhead storage, trying to find that one important thing that he can't live without until we're in the air. Or the folks who are confused by the concept of "sit down, shut up, we're leaving."
"Can I have a...." Ask after we take off, dammit.
Inexperienced travelers are so obvious. Sometimes I don't mind though. Like a cute 18 year old girl flying off to college by herself for the first time? Sure, I'll show you how to put your seat belt on. Care to join the mile high club too?:)
Ooohh, I'm so bad. Luckily (for various reasons) I keep those comments quietly in the back of my head, with all other evil things.
I just sent a recommendation to a very large site (daily peak bandwidth > 3Gb/s). I suggested that they drop in a.htaccess to redirect all their heavy content (pictures), and see how long Yahoo lets them play.:)
If company X says that anything created or innovated on company time belongs to the company, prove that you thought of it or about it off of work hours.
While the idea is great that you own your thoughts, when it's you versus the company, you're going to lose in court. At very least, you'll go broke trying to keep from losing.
As a friend of mine said, we'll never be "on top" until we're running our own companies. As long as we're working for someone else, they'll be the ones profiting from what we do, and we'll be gratefully accepting the scraps that they throw down to us.
For example, a company profits $50,000,000/yr. The highest paid staff makes $125,000/yr. The average staff makes $50,000/yr, and there are a dozen staffers, that means if every staff member takes every penny that they earned in the year and tried to fight the company in court, it's still only $600,000 versus $50,000,000. Sure, you may be right, or you may be wrong, but it'll end up in court, and then drawn out, and eventually if you do win it will be appealed.
Us average people can't win against our companies, simply because we innovated any ideas while working there, on their dime.
So, stay far far away from innovating anything resembling company related, while working at the company.
The coding was hard. That was insignificant. I've actually revisited it for fun recently, but "abandon" the code with someone else. If they were to trip over it, and continue it, I can't say that I remember leaving it there.:)
The hard part wasn't collecting the data, or even analyzing it. It was when I tried to show it in a graphical representation that was useful. At the time, all the routes I tested (all of our servers, some friend's servers, and the root nameservers) showed about 300 to 400 routers. It wasn't *that* hard to extrapolate where each was, at least down to a city. The hard part was overlaying it on a map that would be useful. Mind you, this is 10 years or so ago.
I was making progress, but that's when the boss got his lawyer involved, and they wrote up the contract saying 5%. Being that the boss was now holding 95% of any "profit" for doing absolutely nothing, he said he contacted "experts" in the field (hrm), who indicated it would require an investment of something like $200,000 for hardware, which he wasn't prepared to do. He said I could continue to work on it, but he wasn't going to invest anything into it.
So much for my fun little side project. I was laid off 8 years later.
When I revisited it, it was much easier. Google Maps API is a wonderful toy. Unfortunately, my set of routers was now more like 3,000. I did a lot of "guessing". I used MaxMind GeoIP (Lite) to guess cities, but some providers it would show their home office or an arbitrary city that they serviced. I also used a very extensive set of rules to try to guess from hostnames what city they were implying it was. It got probably 90% of them right, which is good enough. That leaves 10% to write better hostname rules for.
It would have must needed staffers or volunteers to readjust new routers to their real city. If it became big enough, I'm sure providers would give city locations to us. They probably wouldn't be willing to say street addresses, but that's a little too fine of detail anyways.
It made for some really neat maps, and provided some great insight when there were outages. Things are slow here? Well, they're not everywhere else. Because we were testing from enough points, and to quite a few more, the resulting grid showed quite a few major peering points.
But.....
In another conversation with the COO of the new employer, he reminded me that anything designed, worked on, or conceived while working in the employ of this company was company property. He went as far to say any projects that I may have been working on previously, but made any sort of innovation or advancement while working at that company now belonged to them. He said they would be willing to sign a waver for particular items, should I be able to show that the company had no interest.
I brought up another project to him. I'm a systems guy. I do everything in IT. This other project is COMPLETELY unrelated. He warned that I'd better have a journal of my work to show that I had done my work before, not during my employ with them.
That's ok, I didn't do a bit of work on it while I was there. They didn't pay me enough for the parts I required, so it's been sitting on the shelf at home.:) All my parts orders, and documentation showed work up until about 2 months before I started working there. I'm still waiting to be able to afford about $500 worth of parts, so I can start back up. And of course, once the prototype works, it'll revolutionize the world.:)
But, that doesn't solve anything. If anything, it would open him up for more liability.
There's the plausible deniability that he knew nothing, but if there had been a previous mention of intent to release it, that could show a motive. When it comes down to the corporations versus us little guys, and throwing lawyers in the mix, we'll almost always lose.
More than likely, your idea is property of that company. Not only the code you wrote while you were there, but any ideas that you formed during the same period.
For example, I had an idea while working for one company. It was to be an internet monitoring software, that would watch multiple points across as many providers as we could manage, map out the traceroutes, and show not only the common peers that those traceroutes passed through, but would effectively show when any peering point was having problems.
They grabbed hold of it, and offered me 5% of the "profits" of the company. That's the day I stopped working on it.
Technically (if they remember), they still own the idea. If I were to start working on it again for a commercial venture, they could lay claim to it. It's not a matter of what was written, but the idea behind it.
You may win in court, but it will be a long drawn out court battle that you probably can't afford to gamble with. If you win (which you may), you may win a lot. If you lose, you're going to lose a lot. Not only your legal fees, but their legal fees, and whatever the judgment is against you, as well as your intellectual property.
My advice is, when you have another great idea for something, STFU. Don't tell them anything. Wait until you're no longer under any sort of contract, and then "start" your development on it. You can start working on it on the side, but be very very careful that there's nothing to document that you were working on it during the period that your contract with another company is under effect.
You may want to re-read your contract too. It may not cover just what you conceptualize while as their employee, but anything for a period (6 months to a year, I've seen in various contracts) belongs exclusively to them.
Hey, you gave great info. Thanks for posting, even as an AC.
Wouldn't these be susceptible to the same type of attacks as the ones that steal access card data. You know, the proximity cards that you have to swipe within an inch or so of the scanner on a secure room door. Weren't they proven to be readable from 10' or so with the right equipment, which would fit in a person's pocket? They're the same idea. An inductive loop in the card which powers the chip to transmit it's ID, which has to be within range of the scanner to work.
I use one on a regular basis. It's on my tags lanyard, where I have 5 different cards (each for a special purpose). All I have to do is flip the right card out, and almost touch it to the scanner to make it work. If I leave them all together, they all energize and conflict.
I'm making a lot of assumptions, but I'm curious. Hopefully I'll never need a pacemaker to have to ask the doc about it.
I was thinking that boosting the signal would increase the range. Any encryption would still need to be worked around.
I'm confused by your statements. You say that you can't comment on the RF communications of Medtronics, but then you say the communication isn't RF. If it's not wired, and it's not RF, how does it talk? Electrical impulses through the skin, using the body as the conductor?
It's ok if you can't say, I understand.
Can you find citations for those last two? The first two, there are so many vehicle recalls, I can't even begin to guess which ones they are.
It seems unreasonable for the gear to retract while on the ground. Well, it would depend on the aircraft. If the gear retracted horizontally, the hydraulics would have to pull the weight of the aircraft sideways against the tires. So... I called a friend who's a pilot. He's flown more planes than I've driven cars, and he's flown more years than I've been alive (sorry for calling you old, I know you'll see this). He said there was a problem like that in WWII era aircraft. He hasn't heard of anything like it in anything resembling modern aircraft.
On the second one, I remember that one. It was a girl in the US. I believe she was driving a Saturn. She had tried to return it as a lemon, mostly because she couldn't afford it. She ended up calling 911 one day saying she couldn't stop the car. The police found her circling at about 15mph in a parking lot. She claimed she couldn't:
1) get it out of gear (put it in neutral)
2) push the brakes hard enough to slow down
3) turn off the key
4) active the emergency brake
The police watched her circle for an hour or so. It was the safest thing to do, since she wasn't an immediate danger to anyone (circling in an empty parking lot is relatively safe). The car eventually ran out of gas. A service tech from the dealership was there with a can of gas. He put gas in it, started it up, and it drove normally.
It was all user failure, not systems failure.
Wow, a response from someone who actually knows something about the topic? Isn't there a rule against that here? :)
So, I guess you're the only person that I've run across so far that I could possibly ask questions...
The article said that the data is unencrypted, but needs physical contact to the chest due to the low power transmitter. Could that be overcome with high gain equipment?
Like with WiFi, I put a 200mw card on a 24dBi antenna, and maintained a connection to a device at over a mile,
where the device on the other side that was only suppose to have a 300 foot range. That's assuming I wanted to maintain a full duplex connection.
Would it be assumable that the "hack" could broadcast a high power update. For example, a 1w transmitter, with a high gain antenna, repeatedly sending the update "max bpm=4" would be a fatality. I could assume that it isn't quite so easy, but even if it's a multi-step process, if those are known steps the correct updates could be sent. For example, if it was "go to update mode" --> "update max bpm" --> "set max bpm", those could be sent in sequence with the appropriate delays in place. Think a chat or expect script.
With the encryption that you say your company uses, wouldn't it simply be a matter of acquiring a single sending device, and reverse engineering it? While hospitals seem secure, people end up in places they don't belong, or can socially engineer themselves in. How hard is it to get on the janitorial staff, and come into work one day with a lock pick set, and walk out with the programmer?
All these are silly questions, since if you can get in range for a decent power transmitter, an assassination could be done so many other ways. It would simply leave less of a fingerprint for someone to follow, and give the person more time to get away before his action is noticed. I'm assuming a high profile figure, not your average patient.
Really, it wouldn't become a problem anyways, until someone sat outside a cardiac care unit and swept the place with a high power signal. One instance like that is enough to say there's a real problem. Then again, how long were patients told to avoid microwave ovens, and how many problems happened before the notices started going out?
I don't want this to sound like the obligatory "me too" posting, but where do I sign up?
:) (Been there, done that, have the video of it). You should already have a file on me, marked "mostly harmless".
I've done quite a bit of network security. One of the sites I worked for had amazingly high traffic (millions of web viewers daily) and was constantly bombarded by attacks. In the late 90's, I'd cite 10 per second. That rate kept going up, but their success rate remained 0. Those ranged from basic DoS to well constructed intrusion attempts.
I kept our network secure through good firewall rules and access controls. On a fairly regular basis, I was asked to help with intrusions on other people's networks, where I'd identify, isolate, clean up, and protect. It was always interesting (bordering on fun) to see how they were doing things, and protect against those actions.
I know my methodology wouldn't be the same as the USAF method, but it's real world experience to make the "bad guys" go away. Unfortunately, retaliation was not an option, as a civilian I have no legal protection in such actions.
I cannot enlist in the US Armed Forces, as I've had surgery done on one of my eyes, and this restricts my ability to enlist. In a field like this, I am good. I say good, because I know there are people better than me, they're just very rare to meet.
My site (in my header) should give sufficient information to find me. Just don't park a black helicopter over my house, it annoys the neighbors.
I've traveled a few times with firearms in my luggage. It did expedite me to getting my checked luggage looked at, but the rest of the trip went normally.
The only odd part was, I had to unlock the case the gun was in, show them that it wasn't loaded, and then put it all back. While I'm very comfortable with firearms, holding a gun in an airport seems like a good way to get myself shot, which would suck since I didn't even have ammo.
I'd hate for one of them to wander off. Guns are kinda expensive, and I'd hate to lose any of mine.
I know. Actually, the zipper is usually more likely to give way than the lock, but since most luggage is soft these days, a box cutter will open almost any of them very nicely, and faster than fiddling with the zipper anyways.
I had TSA approved locks. They survived about 3 trips. On the last trip, when I got my bags, I found the cut locks in the bottom of the bags, with the TSA advisory that the bag had been searched.
So much for doing the "right" thing. I just gave up locking them. The only people I worry about stealing from my bags are the people who can open those locks anyways.
I've been through a *LOT* of airports in the US. Pretty much every major airport.
I've only ever been asked once to turn on my laptop, and that was pre-9/11. I was leaving Detroit for Amsterdam. The funny thing was, the battery was dead. I told the security guy, if he could walk me over to a power outlet, I could plug it in, and turn it on for him. Otherwise, he was out of luck. He didn't make me, but we did chitchat about my work for a while. I worked at an adult company, and he was familiar with the company, so it made for an unusual conversation, but it was neat talking to a fan of the site. With several million daily viewers, it wasn't unexpected to bump into a few regular viewers, I just didn't expect it.
The police may escalate force by one step. It is preferred to keep it at the lowest and most lethal level possible. Spraying with water is a valid use to quell a disruption, because it is much less lethal than physical force (hands, batons, etc), tasers, mace, or firearms.
Civilians are not suppose to escalate force.
There are a few comments on your message, which I'll clarify to the best of my knowledge.
:)
Assault is the threat to commit an action, usually a bodily harm.
Battery is any non-consensual touching.
So assault and battery would be saying "I'm going to kick your butt", and then doing it.
Aggravated can be used with either word, indicating a weapon of some sort was used.
Most of the definition of assault is the belief that the accused could actually do the action they claim they can do. For example, there was a 70-something drunk outside my office one night. I didn't want to hurt him, but he was threatening me. I called the police, because I was afraid I'd hurt him if I pushed him over. He threatened everything from a physical beating, to killing me. The police heard it when they got there, so there was no question to if it had been said.
At the time, I was in my late 20's in good shape. The police asked me if I wanted to press charges. We both knew it wouldn't stick in court. Little old 70-something drunk vs me, no matter how angry he was wouldn't have been able to put up a fight of any sort. Even if he had a gun in one hand and a knife in the other, he was too uncoordinated to carry out his threats.
So, how does this relate?
The operator of the robot is using a weapon. It is a device which has the implied force to cause harm. He is threatening people with it's force, which in itself is aggravated assault. When he sprays them with the water, it has now become aggravated battery. If he was justified is questionable. Spraying someone with a water hose because they were standing on a sidewalk near his property is very questionable. A sidewalk is public property. It would be up to the police to decide if a citation would be issued, and then to the courts to decide if said person would be convicted of any crime.
It's never up to the individual to make such decisions. So, although IANAL, it would seem obvious that the person in control of the robot is opening himself up for huge liability.
If local law enforcement decides to act on it for criminal action is doubtful. They seem pleased that he is helping. Charges may be brought up though, which can still land him in court, if the DA/ADA is looking for some bad press though. There may be civil charges which would only involve the individuals and the courts. Based on who he's harassing, I doubt that would happen, but it could.
The ones I like better are when....
I'm sitting outside, by myself, away from anyone else (because maybe I'm just freakin' antisocial sometimes, ok?). Someone who DOESN'T smoke happens to walk where I am. That is, goes out of their way to walk through what's obviously a smoking area, which isn't a normal traffic route, and then complains that I'm smoking.
It's fine an all, I usually pull out another cigarette, and offer it to them. When they give me a disgusted look, I light the second one, to get a good running start on chain smoking. Kinda sucks if I just lit the first one, but hey, whatever.
This reminds me of the real early days of web sites. Just past when people were excited about being able to put "hello world" up, and when they started charging people for content.
.htaccess actually can actually control access. But what do we do about the crappy billing company that doesn't actually give you login information, they just tell you to protect by HTTP_REFERER? :)
:) You can't blame Howard for your own security problem. Would "Bank of America" be able to blame the hackers, if there was a super secret file called http://bankofamerica.com/all_customer_info.3.7.2008.zip ?
"Secure" pages, were usually some obscure web page under the main site. Security was that your members are was called http://example.com/members_mysecret .
And then people started getting smarter. Oh my gosh, that
If this happened on all the super-kewl-elite hax0r sites, then the good old C&D wouldn't be doing much good, they'd be crying about how the hackers have infiltrated their security.
It does make me feel nostalgic, thinking of the folks who thought http://example.com/members_mysecret would always protect them.
So my advice. Suck it up, and hire someone who knows at least something about security, and make your application work securely, if you don't want the whole world to use your content.
Well.... It's not free. Like a few other people said, you're suppose to pay. There is a free version for one person to try. Deploying it on all your machines, or on your whole network is a no-no. Really, you should support 'em, if you like it anyways.
But, with what you're saying.. I went to my mother-in-laws place, and there were 2 badly virus infected machines, and 2 that were "ok".
Avast did a pretty good job cleaning one up, but there was one pesky virus that it couldn't actually manage to kill. I resorted to the "Trinity Rescue Kit" (yes free, you should donate if you use it).
The second was pretty much DOA. All the DLL's and EXE's had been removed. I did let the TRK run against that, and found something like 12,000 virus infected files. It looked like a bot slave for the P2P networks. Thousands of files with names like things people may search, but were actually viruses.
Now for the two "ok" machines. One had no antivirus, but was actually ok.
The second was a desktop, which was used frequently. It has Symantec's crap running. I let it scan itself, and it registered that all was fine. Being that I don't trust a computer illiterate person who's been using this computer for a couple years to have not gotten anything, I uninstalled all the Symantec crap (That was a long process), and then installed Avast. It found two. Spybot found a few things too. I left her running Avast and SpyBot, and I feel secure that next time I have a look around, her machines will be clean.
I was born in '73. I do remember it being out occasionally.
:) My friends would ask "why does your modem click", and I'd have to explain how ancient our circuits were. It wasn't until the early 90's where I could maintain a decent speed connection.
:) They've improved redundancy and surge suppression at both the power stations and homes. Now, it's usually a matter of seconds during an outage, not hours.
:)
I grew up in a rural area, which meant not too many people were fiddling around with our equipment. Once the wire was run, assuming no one accidentally cut it or knocked down a telephone pole, things ran great.
Now, quality of service had a lot to be desired. We couldn't upgrade to a touch tone phone until the late 80's. That made it a pain in the butt to BBS with, since I had to ATDP instead of ATDT.
It was noticeable even on voice calls. We frequently asked the caller to repeat what they were saying.
Then again, I do that now on the cell phones. Instead of "line noise, please repeat", it's "bad signal, please repeat".
Power in Florida has gotten almost more reliable than the phones. Do a google search for "Lightning Capital of the World", and you'll find the area I grew up in.
When I was growing up (in rural nowhere), we'd frequently have 6+ hour outages. Maybe it's because I've lived in metro areas since then, but even a 5 minute outage is a significant event. I put a UPS on one of my home machines (that must stay up), and I really only need it to handle about 5 seconds at most. A 5 second outage on a machine that's been running a task for 3-4 days is pretty damned significant.
But, the middle doors aren't doors, those are emergency exit windows. :)
Many planes have forward and rear doors on both sides. The rear doors are frequently used by staff and maintenance folks. You gotta get the bodies off somehow.
The only door I've ever seen used for regular service is the forward port door (like, left side). It always seems easier when it's located to the rear of first class. Some of the larger planes are this way. It would seem to make sense to utilize all the openings, rather than just one. It may actually get some fresh air in there between flights too.
Sometimes the late passenger isn't the passenger's fault.
I've been left with 15 minutes to get to my second flight, when my first flight touched the ground. I have yet to miss a flight like that, and I have only begged once for them to reopen the door.
Last week in Vegas, we got off our first flight, and had 90 minutes to get to the second one. We went to the departure gate, and verified the sign still said our flight and destination, so we went to eat. With about 20 minutes of boarding time left, we showed back up to the same gate, which was now closed. No agents, no passengers, nothing. I checked the boards. It had been moved to another gate in another area of the airport. We made it with about 5 minutes of boarding left (about 15 passengers still in the boarding area).
Now, am I suppose to really camp out at the gate for the full 90 minutes? No way. Was I suppose to know that what should have been a 30 minute meal in any somewhat capable restaurant would take 70 minutes? (btw, "Chili's Too!") They weren't even busy, they were just pathetically slow.
We had intended to blow $1 on the slot machines, and didn't even get a chance, because the restaurant was so damned slow.
10x as much? Ha!
:)
:) Hey, whatever. It's gotta be one of the safest seats on the flight. He was bitching about the flight too, so I know I wasn't the only one.
When I'm traveling alone, I always ask for first class upgrades. They usually come in from $50 to $125, depending on where I'm flying to and how many segments there are. If I'm traveling with my wife, it's a little trickier, since the upgrade seats won't always be together. We make coach more comfortable by raising the armrests. No, no mile high club stuff.
Being seated in first class first means that I get on first, or whenever I arrive. As soon as I sit down, I get served a drink. Whatever drink. I've had 3 mixed drinks on a slow boarding before. They just have to collect the drinks for takeoff. I had a few more during the flight, so I wasn't exactly walking straight by the time we landed.
I tend to sleep on planes. When I miss the meal service (which happens a lot), The steward/stewardess usually tells me when I wake up, and they've held my meal for me. And yes, the 1st class food is MUCH better than the coach food.
The other comment of the overhead storage is wrong. Every airline I've been on is very pissy about who can put things in the first class overhead storage. Usually coach passengers cannot put their items in the first class overhead storage. I believe this is mostly because they don't allow coach passengers to go into the first class area during the flight.
What I find really funny is, quite a few times I've flown with only one or two other passengers in first class, even when it was a $100 or less upgrade. I always tell my friends, "ask for the first class upgrade."
I've only ONCE had a problem with it. Unfortunately, I can't remember the airline. At the time, I was flying about once a week, so I was racking up air miles. I was flying from Florida to Los Angeles (LAX). Between mechanical problems and weather problems, I sat around at the airport for almost 12 hours. I finally got them to get me back to LA somehow, which ended up being through DC. They couldn't get me into first class, even though I was rather irate at this point. They said I could try to upgrade the DC to LA flight, but I'd have to do that in DC. Ok, 2 hour layover, plenty of time.
When I got to DC, there were seats available. They said I could either pay with air miles, or dollars. I had $800 cash in my pocket, plus my bank cards. I knew it was bad news when the guy wrote down the number on a piece of paper and slid it to me. $1,500 to upgrade the ticket. I had some less than kind words to say to him as I left the counter.
The seats I had were terrible anyways. Like, my butt went numb on both flights about 30 minutes in. The ride was terrible. On the second flight, they were nice enough to move me to an exit row. It wasn't until after we took off that I realized, they had done it to put me by an air marshal.
I fly a lot too. I book whatever airline is going to get me there cheapest, fastest, and at the right time, so I don't have a bunch of miles on particular airlines.
I carry a pretty hefty laptop bag, and depending on the city and season a fairly large jacket. The laptop bag is a roller bag, so I can usually get it stuffed under the seat ahead of me just as I sit down. My jacket usually doesn't come off until after I'm seated, but I leave it under me, so no big deal.
I know *EXACTLY* the passengers you're talking about though. The guy standing in the aisle, digging through his bag in the overhead storage, trying to find that one important thing that he can't live without until we're in the air. Or the folks who are confused by the concept of "sit down, shut up, we're leaving."
"Can I have a
Inexperienced travelers are so obvious. Sometimes I don't mind though. Like a cute 18 year old girl flying off to college by herself for the first time? Sure, I'll show you how to put your seat belt on. Care to join the mile high club too?
Ooohh, I'm so bad. Luckily (for various reasons) I keep those comments quietly in the back of my head, with all other evil things.
I just sent a recommendation to a very large site (daily peak bandwidth > 3Gb/s). I suggested that they drop in a
Ownership is in the eyes of the beholder.
If company X says that anything created or innovated on company time belongs to the company, prove that you thought of it or about it off of work hours.
While the idea is great that you own your thoughts, when it's you versus the company, you're going to lose in court. At very least, you'll go broke trying to keep from losing.
As a friend of mine said, we'll never be "on top" until we're running our own companies. As long as we're working for someone else, they'll be the ones profiting from what we do, and we'll be gratefully accepting the scraps that they throw down to us.
For example, a company profits $50,000,000/yr. The highest paid staff makes $125,000/yr. The average staff makes $50,000/yr, and there are a dozen staffers, that means if every staff member takes every penny that they earned in the year and tried to fight the company in court, it's still only $600,000 versus $50,000,000. Sure, you may be right, or you may be wrong, but it'll end up in court, and then drawn out, and eventually if you do win it will be appealed.
Us average people can't win against our companies, simply because we innovated any ideas while working there, on their dime.
So, stay far far away from innovating anything resembling company related, while working at the company.
And when you're facing the difference of not being able to feed your family tomorrow or taking the job, the job is going to win.
So as I said before, keep quiet about your cool ideas, and "innovate" them after you can escape that environment.
Well, I dropped it for a variety of reasons.
:)
:) All my parts orders, and documentation showed work up until about 2 months before I started working there. I'm still waiting to be able to afford about $500 worth of parts, so I can start back up. And of course, once the prototype works, it'll revolutionize the world. :)
The coding was hard. That was insignificant. I've actually revisited it for fun recently, but "abandon" the code with someone else. If they were to trip over it, and continue it, I can't say that I remember leaving it there.
The hard part wasn't collecting the data, or even analyzing it. It was when I tried to show it in a graphical representation that was useful. At the time, all the routes I tested (all of our servers, some friend's servers, and the root nameservers) showed about 300 to 400 routers. It wasn't *that* hard to extrapolate where each was, at least down to a city. The hard part was overlaying it on a map that would be useful. Mind you, this is 10 years or so ago.
I was making progress, but that's when the boss got his lawyer involved, and they wrote up the contract saying 5%. Being that the boss was now holding 95% of any "profit" for doing absolutely nothing, he said he contacted "experts" in the field (hrm), who indicated it would require an investment of something like $200,000 for hardware, which he wasn't prepared to do. He said I could continue to work on it, but he wasn't going to invest anything into it.
So much for my fun little side project. I was laid off 8 years later.
When I revisited it, it was much easier. Google Maps API is a wonderful toy. Unfortunately, my set of routers was now more like 3,000. I did a lot of "guessing". I used MaxMind GeoIP (Lite) to guess cities, but some providers it would show their home office or an arbitrary city that they serviced. I also used a very extensive set of rules to try to guess from hostnames what city they were implying it was. It got probably 90% of them right, which is good enough. That leaves 10% to write better hostname rules for.
It would have must needed staffers or volunteers to readjust new routers to their real city. If it became big enough, I'm sure providers would give city locations to us. They probably wouldn't be willing to say street addresses, but that's a little too fine of detail anyways.
It made for some really neat maps, and provided some great insight when there were outages. Things are slow here? Well, they're not everywhere else. Because we were testing from enough points, and to quite a few more, the resulting grid showed quite a few major peering points.
But.....
In another conversation with the COO of the new employer, he reminded me that anything designed, worked on, or conceived while working in the employ of this company was company property. He went as far to say any projects that I may have been working on previously, but made any sort of innovation or advancement while working at that company now belonged to them. He said they would be willing to sign a waver for particular items, should I be able to show that the company had no interest.
I brought up another project to him. I'm a systems guy. I do everything in IT. This other project is COMPLETELY unrelated. He warned that I'd better have a journal of my work to show that I had done my work before, not during my employ with them.
That's ok, I didn't do a bit of work on it while I was there. They didn't pay me enough for the parts I required, so it's been sitting on the shelf at home.
But, that doesn't solve anything. If anything, it would open him up for more liability.
There's the plausible deniability that he knew nothing, but if there had been a previous mention of intent to release it, that could show a motive. When it comes down to the corporations versus us little guys, and throwing lawyers in the mix, we'll almost always lose.
More than likely, your idea is property of that company. Not only the code you wrote while you were there, but any ideas that you formed during the same period.
For example, I had an idea while working for one company. It was to be an internet monitoring software, that would watch multiple points across as many providers as we could manage, map out the traceroutes, and show not only the common peers that those traceroutes passed through, but would effectively show when any peering point was having problems.
They grabbed hold of it, and offered me 5% of the "profits" of the company. That's the day I stopped working on it.
Technically (if they remember), they still own the idea. If I were to start working on it again for a commercial venture, they could lay claim to it. It's not a matter of what was written, but the idea behind it.
You may win in court, but it will be a long drawn out court battle that you probably can't afford to gamble with. If you win (which you may), you may win a lot. If you lose, you're going to lose a lot. Not only your legal fees, but their legal fees, and whatever the judgment is against you, as well as your intellectual property.
My advice is, when you have another great idea for something, STFU. Don't tell them anything. Wait until you're no longer under any sort of contract, and then "start" your development on it. You can start working on it on the side, but be very very careful that there's nothing to document that you were working on it during the period that your contract with another company is under effect.
You may want to re-read your contract too. It may not cover just what you conceptualize while as their employee, but anything for a period (6 months to a year, I've seen in various contracts) belongs exclusively to them.