Not if you emit it in a highly directed way (note that they mention antennna arrays). Fuck if you have two planes there you could even fake your position should somebody imagine he can track you by simple triangulation (or even timing measurements). Its also diffucult to track a spread spectrum/narrow pulse (like radar) echo. Especially if its emited at a center frequency close to the strong signal of the orginal radar station.
The capability to reshape the beam dynamically will lower its em signature.
'"We will tell you that in the world of the exciter, the holy grail is to get a universal design that can generate all the waveforms that you could possibly imagine," says Falco.'
Its pretty clear what they mainly want: Inject any analog waveform in any band to confuse radar with arbitrary objects. If the enemy radar gets a software upgrade which detects you last attempt, you just change your software. Up to now planes tracked by radar (missiles?) could jam the radar by fixed waveforms or the plane ejects some objects (which dont act like planes) to irritate the radar. With the proposes a system you can make the opponent see hundreds of things on the radar which look like planes and fly like planes. Heck you can even fake the transponder message of their own plane you just shot down.
You can use such a capability for choosen plaintext attacks (e.g. what do their systems send when a plane is entering a perimeter around the base), to confuse the enemy during active combat. If somebody uses radio links, and your crytographers are good enough you can also directly inject messages into enemy communications. Lets not forget that in asymmetric conflict the opponents of the USA very often have only the rudest communication means; the capability to control e.g. GSM communication during a battle could help in some places. Last but not least, you could help a plain cyberwar by injecting information here and there.
It seems to be a modern version of COBOL?
What is that supposed to mean? I believe this is right and the main conclusion is that will be around for the next 50-70 Years. Cobol is approaching its 50th Birthday and i don't think all the systems which caused the spike in demand of cobol programmers in the year 2000 will be turned off immediately (as a matter of fact i believe many of them will run happily for 20 more years). The fact that the biggest database company now owns one java implementation and that IBM another makes me feel this comparison may be indeed more true. However it means that there will be a lot of stable work going on, also because the java-compatible mobile devices, which outnumber the iphone seriously. Right now i dont see any competitor (including.net) having gained such momentum for a long-term development.
I dont care if the application maintaining my data at the insurance comanies is written by a programmer with a piercing in his nose or not.
dont buy it, if you dont like it. You can also sell it as used. Thats the biggest Hack. (If you hack for the purely academic reason of demonstrating that it can be hacked - thats fine and beatiful. But dont pay money to a company to pay people to fight you).
Yes, sometime you dont get the shiniest most beatiful HW. When the iphone came out there was no direct competitor (if you where interested in touch). Now there are many. When the PS3 came out, it was probably better and faster than the current PCs. no probably not (i dont know, not seriously interested).
a) There is a reason i do not use Facebook
b) for sure it pisses your employer more off if you step visibly for millions of people out of line than if you step a little out of line in the cafeteria or at a picnic. (even if you get completely drunk at some company celebration - as long as you dont post a video on facebook its probably not so bad)
c) Always keep you business, your private and you political life separated. You private life, when mentioned in the internet does not have a name. It does not have an identifiable Job. And it does not have pictures of you making it identifiable. End of the Story. Doin it otherwise screams for people monitoring you.
This would be a shame. It is very well known that the size of the chips influences their susceptibility to charged particles. I am sure the people estimating the reliability have numbers about that. And there is no reason to use hi density electronics for this purpose, besides saving 10cents.
Yes, that was the thing i had in mind. I imagined that you can make timing measurements. So for example two isolated VMs running on the same physical dedup fs can exchange information (unless the underlying os does not intenntionally delay the return from the call). i actually think you can run a programs creating a lot of specially crafted file contents in two VMs, thus circumventing networking restrictions.
I appreciate any deduplication solution for linux for sure, but isnt any deplucation creating a lot of shared ressources which could be possibly exploited for attacks (e.g. on the privacy of other users)?
Browsing is also mobile browsing nowadays. Microsoft has not the capability any more to impose technologies (Silverlight etc.) on users any more. If 50% of the devices dont support your webpage and never will, you can not ignore any mor anybody who can not install some plugin. Morover IE is also loosing foothold on the desktop. So what was a move to hinder a competitor seriously (Why should i embed SVG on webpage if IE can not view it?) is slowly becoming a disadvantage. If Firefox and google chrome get the image of "just working fine" when compared to the IE and IE gets the image of causing problems, then they can stop making IE9.
In my opinion (i am a physicist) the only good scientific field for highly functioning autists is math (because it may be possible to at least get a fixed position there), and even there i am not sure. In most other fields (including theoretical physics) the disadvantages seriously outweight the advantages. And with disadvantages i mainly mean the disadvantages for the autists. Do we have the right to drive somebody who is already isolated into total isolation, just because he does a good job at it?
The important question would be to ask the autistic people is they like to stay autistic. In a world which is suited for autists they may want to. I am pretty sure i would take the cure in the very same way i would be willing to swallow antidepressants, drugs against epilepsy or ADD or wear glasses.
this would be a reasonable use for a trusted computing platform. It is ironic that the big companies discredited the method by not protecting the user and his rights but getting wet dreams about doing drm (and then fucking it up even for the people willing to live with it).
Seriously. Booting from a CD without an additional authentication mechanism does not solve the problem. Ii is just a fix to the fact that on nowadays computers, the way which code gets installed in the system is still an pretty undefined one. We have heard of malware flashing viruses or hiding in firmware. How many users would recognize it (or could - that is given rise by hidin the diagnostic screen with a non-informative advertisement of the manufacturer) if the computer does not boot from a cd but first from the hd and then the CD? Especially if the user normally does not see linux booting.
Moreover, putting users in an unknown environment usually increases their susceptibility to social attacks, also because they already have the feeling that they are "doing a lot". During all my live as administrator i always ezperienced that users like snakeoil. The more curious and unknown it is, the higher their feeling of security. People ask me: Do you use Linux because its *more secure* than windows, which makes me laugh. While i appreciate the better control on linux (using it since 1995 and as my only desktop operating system at home since 2000) and believe that you *could harden* it more than you could, for example windows 98, i am not sure if a hardened version of windows xp (not that MS would allow everybody to do something like that; and i dont consider windows vista or windows 7, because they are out too short) would be less secure. Most of the security of linux was tested in a server-setting, and many features on the desktops are implemented with a high fundamental security cost. So if i would be a criminal, knowing that the ditributed CD is probably not updated as often as it should be, i would probably try to social engineer attacks on "how to open an excel file in the linux distributed by then bank", congratulating that this is perfectly save because its not windows. Opening an excel file is not normal you say? I say it is. Many people keep their financial data in spreadsheets. Knowing the exact version and the fact that the user will be even more helpless than usual and that Linux will not write on the harddrive (no logs!) you probably get him to click on anything.
So, yes i believe there may be an good effect in the beginning. Until the method becomes widespread. And then it will even be more nasty, with users getting rid of all responsibility.
I have another suggestion. In indonesia i have seen that the cheapest Nokia phones sell for about 30 Euro. They have GSM, a CPU (enough for signing a document of a kb i guess) and a display and a smartcard interface. if you want to have it secure, give these to customers some hw like that (in one shape or the other - if you like you can also make a low-cost version without battery and gsm to use usb for transfer and power) with a firmware doing a token and signing the transaction displayed - upon the user pressing the button on the token. Let the users use the PC, then let the transfer confirm on the mobile and they can use safely practically everywhere.
When it comes to really big organizations, something like security does not exist. Social engineering and insider knowledge (which is not something to be kept secret) is usually enough to have a certain chance of convincing some moderately qualified person to assist you somehow in attacking some system. Unless you are really restrictive about communication to the outside, like no phone connections to the public phone network, only internal e-mail for all normal employees below a certain level. I would appreciate that for nuclear power plants (e.g. in case of an critical situation i dont want to have idiots from the press blocking internal communications), and i am under the impression that military around the world heavily restricts the communication of their soldier with the outside world.
So yes - if you apply the standards of a cyberwar situation in which the opponent has all the insider knowledge, probably one can knock out a power network which is so unstable that it knocks itself out every few years (Sorry guys, as a german i find the idea of big-area blackouts happening in the US now and then just scary. Sadly also the European power network is deteriorating into the direction of the American standard - However the incident some time ago where a big line was taken off-line without enough preparation showed that the reaction off the network (partial, regionally limited blackout all over Europe, instead of an growing island of darkness) was still appropriate.)
Thata exactly what i think would have made them much bigger than they are now. Back in the day big organizations had netware installations spanning 1000s of machines. When i think what our university computing center would have payed back then for a officially supported solution to unify unix and netware servers (e.g. if novell delivered their servers based on solaris) while not having the hassle of switching the clients withing a small timespan and having infinite connectivity and hardware-choices on linux/unix it seems to me like a rather stupid move not to push such a thing actively.
for about $400 you can get an used Thinkpad X41 tablet (which undoubtedly also has its bad sides) with the battery replaced. I installoed ubuntu 9.10 and am using xournal, cellwriter and inkscape to take notes and gesture recognition to start programs and thats enough to take notes during seminars in a flexible way without making keyboard noise.
Yes, its not enough for a 8 hours of note-taking, but for the typical situation that there is a 2h meeting and then you are back to you workplace its fine.
However, i will ask my employer to buy an modern tablet soon (no, not an ipad).
That top executives of one of the worlds biggest websites are stupid enough to incriminate themselves in that way in a series of blatantly obvious e-mails.
Would they have implemented an onw technology preventing this injury - ok. Would they have written in the manual that "this saw does not contain state-of-the-art protections against injury, use on you own risk" -ok. Would they have used a patented scheme to protect against injury - ok.
when it comes to injuries i think machines and tools must avoid well-known risks, and that is the task of the designer of the machine.
Chinese Gov: you have to censor, it is the law. Google: ok we follow the law, you dont interfere with our operation Chinese Gov: ok. Google: Somebody hacked us Chinese police: we dont know what you are talking about and we dont investigate Google: that is not nice, we know its something semi-official Chinese Gov: maybe, we dont know nothing
No, seriously. If you cant rely that the police will investigate some crime which endangers your operation, you leave a country. Even if the guy who hacked hacked for a private purpose *profit* but is utouchable because he may be linked to the gov or the police, you leave.
Since i only use my windows virtual machine in average every few months, i can not patch it everyday. However, i dont use it for receiving e-mail or surfing the web, only for compiling.
I also do not patch the measurement devices in our lab (oscilloscopes etc, they are strictly isolated from the internet), since all my attempts to ask the IT Department for a policy on that failed.
I also do not reboot measurement computers during a long running measurement.
Yes. This happened while i tried to figure out if a certain part of our IT deparment - if it deserves that name - rolled out its internal CA. The funny thing is that i described the how the warning would look like and she still said "there was nothing". I later found out that their way of "rolling it out" is that you download it from their unceritfied website. That practive pretty much coincided with the fact that they had no mention of any of this in the normal security seminar for the employees.
I guess after you waterboard them for several hours when they dont tell you the error message, maybe they start to read it. However i have doubts about it. My experience rather says that when the secretary says "i could access the webpage which you mentioned about without problems" it means "yes, i also clicked away the warning about the missing certificate".
how about offering (free) transmission only to well known VPN services? In that case the internet access point is the VPN and the VPN provider is the internet provider? That would be reasonable because it also protects the users agains malicious free WIFI APs and other users. It would invoke that the shop does not keep and store data in an undefined way and therefore have no additional costs for the shop. It would require no contracts between the shop and the VPN providers, and therfore the shop could reasily offer as many services as desired.
Slashdot Mirror
Not if you emit it in a highly directed way (note that they mention antennna arrays). Fuck if you have two planes there you could even fake your position should somebody imagine he can track you by simple triangulation (or even timing measurements). Its also diffucult to track a spread spectrum/narrow pulse (like radar) echo. Especially if its emited at a center frequency close to the strong signal of the orginal radar station.
The capability to reshape the beam dynamically will lower its em signature.
I cite from the article'
'"We will tell you that in the world of the exciter, the holy grail is to get a universal design that can generate all the waveforms that you could possibly imagine," says Falco.'
Its pretty clear what they mainly want: Inject any analog waveform in any band to confuse radar with arbitrary objects. If the enemy radar gets a software upgrade which detects you last attempt, you just change your software. Up to now planes tracked by radar (missiles?) could jam the radar by fixed waveforms or the plane ejects some objects (which dont act like planes) to irritate the radar. With the proposes a system you can make the opponent see hundreds of things on the radar which look like planes and fly like planes. Heck you can even fake the transponder message of their own plane you just shot down.
You can use such a capability for choosen plaintext attacks (e.g. what do their systems send when a plane is entering a perimeter around the base), to confuse the enemy during active combat. If somebody uses radio links, and your crytographers are good enough you can also directly inject messages into enemy communications. Lets not forget that in asymmetric conflict the opponents of the USA very often have only the rudest communication means; the capability to control e.g. GSM communication during a battle could help in some places. Last but not least, you could help a plain cyberwar by injecting information here and there.
It seems to be a modern version of COBOL? What is that supposed to mean? I believe this is right and the main conclusion is that will be around for the next 50-70 Years. Cobol is approaching its 50th Birthday and i don't think all the systems which caused the spike in demand of cobol programmers in the year 2000 will be turned off immediately (as a matter of fact i believe many of them will run happily for 20 more years). The fact that the biggest database company now owns one java implementation and that IBM another makes me feel this comparison may be indeed more true. However it means that there will be a lot of stable work going on, also because the java-compatible mobile devices, which outnumber the iphone seriously. Right now i dont see any competitor (including .net) having gained such momentum for a long-term development.
I dont care if the application maintaining my data at the insurance comanies is written by a programmer with a piercing in his nose or not.
Because Norway if fucking rich by selling their gas/oil.
Well. When they said: "Google will be always there to answer your questions" i mean, you know hoe that works....
dont buy it, if you dont like it. You can also sell it as used. Thats the biggest Hack. (If you hack for the purely academic reason of demonstrating that it can be hacked - thats fine and beatiful. But dont pay money to a company to pay people to fight you). Yes, sometime you dont get the shiniest most beatiful HW. When the iphone came out there was no direct competitor (if you where interested in touch). Now there are many. When the PS3 came out, it was probably better and faster than the current PCs. no probably not (i dont know, not seriously interested).
And having it in the Browser means a more controlled update path, for the unlucky of us whoc work under OS without a decent package manager.
a) There is a reason i do not use Facebook b) for sure it pisses your employer more off if you step visibly for millions of people out of line than if you step a little out of line in the cafeteria or at a picnic. (even if you get completely drunk at some company celebration - as long as you dont post a video on facebook its probably not so bad) c) Always keep you business, your private and you political life separated. You private life, when mentioned in the internet does not have a name. It does not have an identifiable Job. And it does not have pictures of you making it identifiable. End of the Story. Doin it otherwise screams for people monitoring you.
This would be a shame. It is very well known that the size of the chips influences their susceptibility to charged particles. I am sure the people estimating the reliability have numbers about that. And there is no reason to use hi density electronics for this purpose, besides saving 10cents.
Yes, that was the thing i had in mind. I imagined that you can make timing measurements. So for example two isolated VMs running on the same physical dedup fs can exchange information (unless the underlying os does not intenntionally delay the return from the call). i actually think you can run a programs creating a lot of specially crafted file contents in two VMs, thus circumventing networking restrictions.
I appreciate any deduplication solution for linux for sure, but isnt any deplucation creating a lot of shared ressources which could be possibly exploited for attacks (e.g. on the privacy of other users)?
Browsing is also mobile browsing nowadays. Microsoft has not the capability any more to impose technologies (Silverlight etc.) on users any more. If 50% of the devices dont support your webpage and never will, you can not ignore any mor anybody who can not install some plugin. Morover IE is also loosing foothold on the desktop. So what was a move to hinder a competitor seriously (Why should i embed SVG on webpage if IE can not view it?) is slowly becoming a disadvantage. If Firefox and google chrome get the image of "just working fine" when compared to the IE and IE gets the image of causing problems, then they can stop making IE9.
Such a case... and you can retire.
In my opinion (i am a physicist) the only good scientific field for highly functioning autists is math (because it may be possible to at least get a fixed position there), and even there i am not sure. In most other fields (including theoretical physics) the disadvantages seriously outweight the advantages. And with disadvantages i mainly mean the disadvantages for the autists. Do we have the right to drive somebody who is already isolated into total isolation, just because he does a good job at it? The important question would be to ask the autistic people is they like to stay autistic. In a world which is suited for autists they may want to. I am pretty sure i would take the cure in the very same way i would be willing to swallow antidepressants, drugs against epilepsy or ADD or wear glasses.
this would be a reasonable use for a trusted computing platform. It is ironic that the big companies discredited the method by not protecting the user and his rights but getting wet dreams about doing drm (and then fucking it up even for the people willing to live with it).
Seriously. Booting from a CD without an additional authentication mechanism does not solve the problem. Ii is just a fix to the fact that on nowadays computers, the way which code gets installed in the system is still an pretty undefined one. We have heard of malware flashing viruses or hiding in firmware. How many users would recognize it (or could - that is given rise by hidin the diagnostic screen with a non-informative advertisement of the manufacturer) if the computer does not boot from a cd but first from the hd and then the CD? Especially if the user normally does not see linux booting.
Moreover, putting users in an unknown environment usually increases their susceptibility to social attacks, also because they already have the feeling that they are "doing a lot". During all my live as administrator i always ezperienced that users like snakeoil. The more curious and unknown it is, the higher their feeling of security. People ask me: Do you use Linux because its *more secure* than windows, which makes me laugh. While i appreciate the better control on linux (using it since 1995 and as my only desktop operating system at home since 2000) and believe that you *could harden* it more than you could, for example windows 98, i am not sure if a hardened version of windows xp (not that MS would allow everybody to do something like that; and i dont consider windows vista or windows 7, because they are out too short) would be less secure. Most of the security of linux was tested in a server-setting, and many features on the desktops are implemented with a high fundamental security cost. So if i would be a criminal, knowing that the ditributed CD is probably not updated as often as it should be, i would probably try to social engineer attacks on "how to open an excel file in the linux distributed by then bank", congratulating that this is perfectly save because its not windows. Opening an excel file is not normal you say? I say it is. Many people keep their financial data in spreadsheets. Knowing the exact version and the fact that the user will be even more helpless than usual and that Linux will not write on the harddrive (no logs!) you probably get him to click on anything.
So, yes i believe there may be an good effect in the beginning. Until the method becomes widespread. And then it will even be more nasty, with users getting rid of all responsibility.
I have another suggestion. In indonesia i have seen that the cheapest Nokia phones sell for about 30 Euro. They have GSM, a CPU (enough for signing a document of a kb i guess) and a display and a smartcard interface. if you want to have it secure, give these to customers some hw like that (in one shape or the other - if you like you can also make a low-cost version without battery and gsm to use usb for transfer and power) with a firmware doing a token and signing the transaction displayed - upon the user pressing the button on the token. Let the users use the PC, then let the transfer confirm on the mobile and they can use safely practically everywhere.
When it comes to really big organizations, something like security does not exist. Social engineering and insider knowledge (which is not something to be kept secret) is usually enough to have a certain chance of convincing some moderately qualified person to assist you somehow in attacking some system. Unless you are really restrictive about communication to the outside, like no phone connections to the public phone network, only internal e-mail for all normal employees below a certain level. I would appreciate that for nuclear power plants (e.g. in case of an critical situation i dont want to have idiots from the press blocking internal communications), and i am under the impression that military around the world heavily restricts the communication of their soldier with the outside world. So yes - if you apply the standards of a cyberwar situation in which the opponent has all the insider knowledge, probably one can knock out a power network which is so unstable that it knocks itself out every few years (Sorry guys, as a german i find the idea of big-area blackouts happening in the US now and then just scary. Sadly also the European power network is deteriorating into the direction of the American standard - However the incident some time ago where a big line was taken off-line without enough preparation showed that the reaction off the network (partial, regionally limited blackout all over Europe, instead of an growing island of darkness) was still appropriate.)
Thata exactly what i think would have made them much bigger than they are now. Back in the day big organizations had netware installations spanning 1000s of machines. When i think what our university computing center would have payed back then for a officially supported solution to unify unix and netware servers (e.g. if novell delivered their servers based on solaris) while not having the hassle of switching the clients withing a small timespan and having infinite connectivity and hardware-choices on linux/unix it seems to me like a rather stupid move not to push such a thing actively.
for about $400 you can get an used Thinkpad X41 tablet (which undoubtedly also has its bad sides) with the battery replaced. I installoed ubuntu 9.10 and am using xournal, cellwriter and inkscape to take notes and gesture recognition to start programs and thats enough to take notes during seminars in a flexible way without making keyboard noise. Yes, its not enough for a 8 hours of note-taking, but for the typical situation that there is a 2h meeting and then you are back to you workplace its fine. However, i will ask my employer to buy an modern tablet soon (no, not an ipad).
That top executives of one of the worlds biggest websites are stupid enough to incriminate themselves in that way in a series of blatantly obvious e-mails.
Would they have implemented an onw technology preventing this injury - ok. Would they have written in the manual that "this saw does not contain state-of-the-art protections against injury, use on you own risk" -ok. Would they have used a patented scheme to protect against injury - ok.
when it comes to injuries i think machines and tools must avoid well-known risks, and that is the task of the designer of the machine.
Chinese Gov: you have to censor, it is the law.
Google: ok we follow the law, you dont interfere with our operation
Chinese Gov: ok.
Google: Somebody hacked us
Chinese police: we dont know what you are talking about and we dont investigate
Google: that is not nice, we know its something semi-official
Chinese Gov: maybe, we dont know nothing
No, seriously. If you cant rely that the police will investigate some crime which endangers your operation, you leave a country. Even if the guy who hacked hacked for a private purpose *profit* but is utouchable because he may be linked to the gov or the police, you leave.
Since i only use my windows virtual machine in average every few months, i can not patch it everyday. However, i dont use it for receiving e-mail or surfing the web, only for compiling.
I also do not patch the measurement devices in our lab (oscilloscopes etc, they are strictly isolated from the internet), since all my attempts to ask the IT Department for a policy on that failed.
I also do not reboot measurement computers during a long running measurement.
Yes. This happened while i tried to figure out if a certain part of our IT deparment - if it deserves that name - rolled out its internal CA. The funny thing is that i described the how the warning would look like and she still said "there was nothing". I later found out that their way of "rolling it out" is that you download it from their unceritfied website. That practive pretty much coincided with the fact that they had no mention of any of this in the normal security seminar for the employees.
I guess after you waterboard them for several hours when they dont tell you the error message, maybe they start to read it. However i have doubts about it. My experience rather says that when the secretary says "i could access the webpage which you mentioned about without problems" it means "yes, i also clicked away the warning about the missing certificate".
how about offering (free) transmission only to well known VPN services? In that case the internet access point is the VPN and the VPN provider is the internet provider? That would be reasonable because it also protects the users agains malicious free WIFI APs and other users. It would invoke that the shop does not keep and store data in an undefined way and therefore have no additional costs for the shop. It would require no contracts between the shop and the VPN providers, and therfore the shop could reasily offer as many services as desired.
Moreover it would educate users.