Just deleting start and end of each trip is not good enough. Especially not if they just delete.1 of a mile at each end. Doing that still allows someone with sufficient access to the data to combine "likely trip combinations" and derive hidden information. To do it properly they'd need to cut all trips into anonymous pieces at fixed way points such that an onlooker cannot know whether any given car that came from A-Ville went on to B-Village or C-City. The level of granularity at which this needs to be done, would - amongst others - depend on the expected average trip length in the database.
Speaking as someone who is actually developing such a system: all those simple attacks have been thought of and can be addressed with ease. Thank you for your confidence in our technical abilities.
Actually, I'm amazed the senator is proposing to spend 154M$ on researching the feasibility of the idea. We literally have all the required technology in hand today already and it will be rolled out quite soon in grand scale in some other countries. There are already trial projects running with actual cars on the street.
Even if that were true - which it isn't - there still is a sweet spot. Imagine what else you could do with the money you do not spend on the 400$ card. If everyone does the same, as they do, demand for the expensive cards is low and what should be a $600 card according to your theory and could be a $800 one - considering the more expensive components - really has to be priced $1000 just to recover the development costs.
Beware: I'm a software engineer who worked up his way through the ranks in the electronics hardware industry and even obtained an MBA at age 41 - i.e. with real life experience under my belt, but even so I went for it. So unfortunately I'm sure to be hampered by some relevant experience and knowledge.:-)
Engineering always has been about finding the sweet spots, even in the days of gold plated contacts.
No, it's just nostalgia. We could still make all the old designs if we really wanted to, but they have been replaced by something better. And every generation believes it is better than its successor.
... only to be equally laughed at by its own successors when those "move on" or "return to their roots".
My 0.02$, living in the EU and having travelled to the former USSR: no laptop searches and no taking of fingerprints.
And yes, in my company we've also been told to take only clean laptops in/out of the US and how to have our data at hand nonetheless.
Re:Thwarted by properly designed online banking
on
Real-Time Keyloggers
·
· Score: 1
For starters, I don't think they roll on success (how would the device know, by the way?). -- Disclaimer: I'm holding one in my hand right now, so I'm pretty sure.;-)
But even if they would: the legitimate user would not be able to know the difference between a failure due to making a typo and a failure due to some hacker beating him to the line. So he'd assume the former and simply try again, not understanding that someone else is active at the same time. Providing such a false sense of security, doesn't sound like good design...
At work I didn't care about deleting stuff for privacy reasons. After all, those mails were work related. All I wanted in that context, was being able to continue to use my old e-mail client and it so happens that the easiest way to do that was to use fetchmail to retrieve all new mail and delete it from the server afterwards. The mails were simply stored as files on my UNIX account (the whole idea was that I insisted on using the unix command line friendly maildir format for storing mails). So the mails never even left the server room and they were automatically backed up as well.
On my home box I use a dedicated IMAP server, which allows any mail client to be used, but even so I set it up to still store the mails in maildir format.
I only mentioned the use of such a setup at work as a reply to the "you might overload the IMAP server" comment, nothing more.
I actually do run a Linux based server and additional spam filter of my own. Works just fine, so I don't see the need for getting a static address. If my ISP ever folds, I might reconsider, but until then I just want things to work and keep on working as they have done for ages without (even one-time) hassles.
With respect to the 70 seconds: I've been doing this for about 14 years now (POP initially, later IMAP). If my ISP has an issue with it, all they need to do is contact me. They don't seem to think it's needed. For about 7 years I've done the same at my previous employer because I wanted to keep on using my unsupported Linux mail client even after they switched to Exchange. The IT group there - that I had excellent links with - never complained either.
With respect to the delete/unlink: so what? This applies to any out-of-the box system, whatever you or your ISP use. Each and every mail that passes through somewhere can end up being stored as a temporary file, even if it is just stored until it can be forwarded from one SMTP server to the possibly "temporarily unavailable" destination.
The thing with my setup is that the file is logically deleted within minutes of arriving. I don't care if it takes days to clear the free blocks. There's a world of difference between a script kiddie data thief being able to read all my 14 years of mail at the click of a button, or him having to collect and piece together the free blocks to only get a few days worth of data with holes in it.
Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP.
Not in my case. I constantly (as in "every 70 seconds") download any newly arrived mail from my ISP to my own machine and then delete the copy on the server as soon as I have a local one. And I have every intention of keeping on doing this for as long as I'm mentally able to process e-mails. This way, they still don't have to break into my house again, but at least they have to break into my computer, where I can plug any holes and trace the log files.
Yes, my setup does mean that I can not easily read my e-mail when I'm not at/near home. But I honestly don't see the big need for that, even though I regularly spend the night in other locations (my dad's home, hotels during business trips,...). And I ever were to really expect some important mail at a time when I can't be at home, all that's required is to unplug the network cable before I leave and plug it back in afterwards. Big deal.
Of course all this does not solve the mass problem of computer illiterates who use gmail just because somebody they know knows somebody who told them that - unlike Microsoft - Google surely does not mean any evil. Trouble is, that most of those people are hooked by stuff that some "computer expert" tells them to do. If we were to tell them not to use their ISP as their personal archive and tell them how to set up their system properly, they mostly wouldn't even know the difference while still being much safer. So the real problem are not the unwashed masses, but the geeky/nerdy types who like to show off how they could in theory read mail while climbing the Everest and who tell mom and dad that this is what they need too in order to be trendy.
Here are some questions that are not answered by the FAQ:
What if all advisers die closely together with the owner? In case of a plane crash, for instance.
What if the owner develops a condition like Alzheimer's or if (s)he ends up in a coma for months before finally dying? Such a person would not be not able to keep the system up to date as advisers might die in the mean time, or as as e-mail addresses of those (s)he wants to send mail to change etc.
As I've spent only a few minutes thinking this through, I'm sure there are other failure modes for which the system might not have an answer.
End even not so small ones. A Mercedes C (Diesel) can do 1100+ km with a full tank as long as I stay out of city jams. 900 km is easy to do.
The highest range estimate I've "seen" (as in: after adding the remaining range indicated by the car to the distance driven since filling up) was just under around 1290. But I'm 100% sure that I could not have actually done that much, given the usual traffic conditions over here.
You're right about the A bomb, but they did have other things. Such as the Type XXI U-boat (fortunately it was ready too late, but that's in part because early in the war they slowed its development down in order to more quickly build more type VII and type IX boats). The V2 would also have helped if they'd had it before they were in a lost position anyway (note that I do not include the V1 in this list, as it was far too easy to kill). The ME-262 fighter would also have helped, if they'd focused more on it earlier on and if Hitler had not stupidly insisted that it also be made into a bomber.
Of course, the real problem for the Germans was that - strategically speaking - they were from the start doomed to loose sooner or later anyway. They simply did not have and could not hope to gain and keep the required resources to really take on all the countries that they did take on. But it could have taken much longer to get to the same outcome (or a worse one, since the US would in that case have had the A bomb in time for use in Europe)
General: USB socket is same width as RJ45 so you can slide a USB plug into the network port and it feels 'right', but gets you nowhere until you look and check!
Indeed. that's how I destroyed the (in addition badly positioned) RJ45 of the laptop that I'm typing this on.
The first bootprint was fuzzy by the time Apollo 11 left the moon. That's because it's a the bottom of the ladder. Two people came down that ladder that day and later went back up again. Maybe even multiple times each, although I suspect this was not the case during Apollo 11. Anyhow, I'm sure the crew inspected their lander for any obvious damages, which would make them walk all the way around it. I doubt they took special care to avoid stepping on this first boorprint.
Since the question only specifies "equipment" and not computer stuff in the understanding of today's whizkids, that would be my HP 15C calculator. I got that little gem in the autumn of 1983 or nearly 26 years ago. Amazingly, it is still only on it's second set of batteries (they are close to needing replacement, though). I love that calculator so much that, since about two years or so, I install a complete HP 15C emulator (including the looks) on every computer that I use. Nothing beats the real thing, however.
I know a guy who lost his complete PhD thesis when it was already well advanced and who then had to redo everything. His problem: he used our only LISP machine (yes, this was a very very very long time ago) to develop his work and then went on to write his dissertation on the same machine. The beast was backed up on daily basis by a sysadmin, but when Murphy called, all tapes turned out to be useless. The problem: All the time, the admin had been carefully putting in a new tape each evening and had been nicely labeling and classifying each tape the next morning. But... the backup program was never started, as he had no idea what to do with a LISP prompt and he thought that the procedure had been automated.
... and during installation on my good old 386 having to manually edit byte 508 (IIRC) of the boot sector in order to boot from the hard disk. Gosh, I'm getting old....
PS: That 386 box is still operational today (over 17 years later)! It's just not connected to anything anymore.
The key point is that it's a problem that will survive a complete reinstall. Of course, physical accessibility is a really major problem. But if, after an intrusion (or because you even just suspect that someone might have had physical access for no more than say 5 minutes), you positively remove physical access and reinstall the box as a precaution, the rootkit will still be there.
Proper management of security risks requires not only that you restrict physical access and feel good about having done so. It also requires you to have multiple layers of protection, just in case some piece of your armor unexpectedly fails after all. And, crucially, it requires you to be able to recover in case something illegal does happen despite all your efforts.
Of course I've heard of that. But if a government (in casu the one that we're dealing mostly with right now and that may well set a de-facto standard for all other countries that are watching the process very closely) by itself mandates that only systems be used in which location data does not leave the car, then this particular example of creep is unlikely to happen.
First and foremost: where did I say that the location data has to leave the car in the first place? Or in even in case it does: Where did I say that the entity processing the location data has any way to track who's car it is dealing with? Three words: "split data processing". A quite basic technique, actually, that has been known for a long time.
Slashdot Mirror
Just deleting start and end of each trip is not good enough. Especially not if they just delete .1 of a mile at each end. Doing that still allows someone with sufficient access to the data to combine "likely trip combinations" and derive hidden information. To do it properly they'd need to cut all trips into anonymous pieces at fixed way points such that an onlooker cannot know whether any given car that came from A-Ville went on to B-Village or C-City. The level of granularity at which this needs to be done, would - amongst others - depend on the expected average trip length in the database.
Amazing what a single Belgian can do, isn't it...
Indeed. For us - we're an EU company - it is official company policy to take only empty PCs across the US border (in either direction).
For completeness: We've also thought about the privacy topic. A lot, actually. This topic too can be solved in watertight ways.
Speaking as someone who is actually developing such a system: all those simple attacks have been thought of and can be addressed with ease. Thank you for your confidence in our technical abilities.
Actually, I'm amazed the senator is proposing to spend 154M$ on researching the feasibility of the idea. We literally have all the required technology in hand today already and it will be rolled out quite soon in grand scale in some other countries. There are already trial projects running with actual cars on the street.
Even if that were true - which it isn't - there still is a sweet spot. Imagine what else you could do with the money you do not spend on the 400$ card. If everyone does the same, as they do, demand for the expensive cards is low and what should be a $600 card according to your theory and could be a $800 one - considering the more expensive components - really has to be priced $1000 just to recover the development costs.
Beware: I'm a software engineer who worked up his way through the ranks in the electronics hardware industry and even obtained an MBA at age 41 - i.e. with real life experience under my belt, but even so I went for it. So unfortunately I'm sure to be hampered by some relevant experience and knowledge. :-)
Engineering always has been about finding the sweet spots, even in the days of gold plated contacts.
No, it's just nostalgia. We could still make all the old designs if we really wanted to, but they have been replaced by something better. And every generation believes it is better than its successor.
My 0.02$, living in the EU and having travelled to the former USSR: no laptop searches and no taking of fingerprints.
And yes, in my company we've also been told to take only clean laptops in/out of the US and how to have our data at hand nonetheless.
For starters, I don't think they roll on success (how would the device know, by the way?). -- Disclaimer: I'm holding one in my hand right now, so I'm pretty sure. ;-)
But even if they would: the legitimate user would not be able to know the difference between a failure due to making a typo and a failure due to some hacker beating him to the line. So he'd assume the former and simply try again, not understanding that someone else is active at the same time. Providing such a false sense of security, doesn't sound like good design...
At work I didn't care about deleting stuff for privacy reasons. After all, those mails were work related. All I wanted in that context, was being able to continue to use my old e-mail client and it so happens that the easiest way to do that was to use fetchmail to retrieve all new mail and delete it from the server afterwards. The mails were simply stored as files on my UNIX account (the whole idea was that I insisted on using the unix command line friendly maildir format for storing mails). So the mails never even left the server room and they were automatically backed up as well.
On my home box I use a dedicated IMAP server, which allows any mail client to be used, but even so I set it up to still store the mails in maildir format.
I only mentioned the use of such a setup at work as a reply to the "you might overload the IMAP server" comment, nothing more.
I actually do run a Linux based server and additional spam filter of my own. Works just fine, so I don't see the need for getting a static address. If my ISP ever folds, I might reconsider, but until then I just want things to work and keep on working as they have done for ages without (even one-time) hassles.
With respect to the 70 seconds: I've been doing this for about 14 years now (POP initially, later IMAP). If my ISP has an issue with it, all they need to do is contact me. They don't seem to think it's needed. For about 7 years I've done the same at my previous employer because I wanted to keep on using my unsupported Linux mail client even after they switched to Exchange. The IT group there - that I had excellent links with - never complained either.
With respect to the delete/unlink: so what? This applies to any out-of-the box system, whatever you or your ISP use. Each and every mail that passes through somewhere can end up being stored as a temporary file, even if it is just stored until it can be forwarded from one SMTP server to the possibly "temporarily unavailable" destination.
The thing with my setup is that the file is logically deleted within minutes of arriving. I don't care if it takes days to clear the free blocks. There's a world of difference between a script kiddie data thief being able to read all my 14 years of mail at the click of a button, or him having to collect and piece together the free blocks to only get a few days worth of data with holes in it.
Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP.
Not in my case. I constantly (as in "every 70 seconds") download any newly arrived mail from my ISP to my own machine and then delete the copy on the server as soon as I have a local one. And I have every intention of keeping on doing this for as long as I'm mentally able to process e-mails. This way, they still don't have to break into my house again, but at least they have to break into my computer, where I can plug any holes and trace the log files.
Yes, my setup does mean that I can not easily read my e-mail when I'm not at/near home. But I honestly don't see the big need for that, even though I regularly spend the night in other locations (my dad's home, hotels during business trips, ...). And I ever were to really expect some important mail at a time when I can't be at home, all that's required is to unplug the network cable before I leave and plug it back in afterwards. Big deal.
Of course all this does not solve the mass problem of computer illiterates who use gmail just because somebody they know knows somebody who told them that - unlike Microsoft - Google surely does not mean any evil. Trouble is, that most of those people are hooked by stuff that some "computer expert" tells them to do. If we were to tell them not to use their ISP as their personal archive and tell them how to set up their system properly, they mostly wouldn't even know the difference while still being much safer. So the real problem are not the unwashed masses, but the geeky/nerdy types who like to show off how they could in theory read mail while climbing the Everest and who tell mom and dad that this is what they need too in order to be trendy.
Here are some questions that are not answered by the FAQ:
As I've spent only a few minutes thinking this through, I'm sure there are other failure modes for which the system might not have an answer.
End even not so small ones. A Mercedes C (Diesel) can do 1100+ km with a full tank as long as I stay out of city jams. 900 km is easy to do. The highest range estimate I've "seen" (as in: after adding the remaining range indicated by the car to the distance driven since filling up) was just under around 1290. But I'm 100% sure that I could not have actually done that much, given the usual traffic conditions over here.
You're right about the A bomb, but they did have other things. Such as the Type XXI U-boat (fortunately it was ready too late, but that's in part because early in the war they slowed its development down in order to more quickly build more type VII and type IX boats). The V2 would also have helped if they'd had it before they were in a lost position anyway (note that I do not include the V1 in this list, as it was far too easy to kill). The ME-262 fighter would also have helped, if they'd focused more on it earlier on and if Hitler had not stupidly insisted that it also be made into a bomber.
Of course, the real problem for the Germans was that - strategically speaking - they were from the start doomed to loose sooner or later anyway. They simply did not have and could not hope to gain and keep the required resources to really take on all the countries that they did take on. But it could have taken much longer to get to the same outcome (or a worse one, since the US would in that case have had the A bomb in time for use in Europe)
General: USB socket is same width as RJ45 so you can slide a USB plug into the network port and it feels 'right', but gets you nowhere until you look and check!
Indeed. that's how I destroyed the (in addition badly positioned) RJ45 of the laptop that I'm typing this on.
The first bootprint was fuzzy by the time Apollo 11 left the moon. That's because it's a the bottom of the ladder. Two people came down that ladder that day and later went back up again. Maybe even multiple times each, although I suspect this was not the case during Apollo 11. Anyhow, I'm sure the crew inspected their lander for any obvious damages, which would make them walk all the way around it. I doubt they took special care to avoid stepping on this first boorprint.
Since the question only specifies "equipment" and not computer stuff in the understanding of today's whizkids, that would be my HP 15C calculator. I got that little gem in the autumn of 1983 or nearly 26 years ago. Amazingly, it is still only on it's second set of batteries (they are close to needing replacement, though). I love that calculator so much that, since about two years or so, I install a complete HP 15C emulator (including the looks) on every computer that I use. Nothing beats the real thing, however.
Ever heard of getting into a coma due to an accident and yet recovering weeks later?
I know a guy who lost his complete PhD thesis when it was already well advanced and who then had to redo everything. His problem: he used our only LISP machine (yes, this was a very very very long time ago) to develop his work and then went on to write his dissertation on the same machine. The beast was backed up on daily basis by a sysadmin, but when Murphy called, all tapes turned out to be useless. The problem: All the time, the admin had been carefully putting in a new tape each evening and had been nicely labeling and classifying each tape the next morning. But... the backup program was never started, as he had no idea what to do with a LISP prompt and he thought that the procedure had been automated.
PS: That 386 box is still operational today (over 17 years later)! It's just not connected to anything anymore.
The key point is that it's a problem that will survive a complete reinstall. Of course, physical accessibility is a really major problem. But if, after an intrusion (or because you even just suspect that someone might have had physical access for no more than say 5 minutes), you positively remove physical access and reinstall the box as a precaution, the rootkit will still be there.
Proper management of security risks requires not only that you restrict physical access and feel good about having done so. It also requires you to have multiple layers of protection, just in case some piece of your armor unexpectedly fails after all. And, crucially, it requires you to be able to recover in case something illegal does happen despite all your efforts.
How come that it's just me and Malda hanging around here these days? Where have all the other 500 people on the internet gone to?
Of course I've heard of that. But if a government (in casu the one that we're dealing mostly with right now and that may well set a de-facto standard for all other countries that are watching the process very closely) by itself mandates that only systems be used in which location data does not leave the car, then this particular example of creep is unlikely to happen.
First and foremost: where did I say that the location data has to leave the car in the first place? Or in even in case it does: Where did I say that the entity processing the location data has any way to track who's car it is dealing with? Three words: "split data processing". A quite basic technique, actually, that has been known for a long time.