That top pic is what it looked like before discovery? If I paid $300+ for such a device, it would have to be much more convincing. That sticker plastered on the face looks like ass and I'd never expect a commercial product, especially from Sony to look like that.
I'd also not expect to discover a camera in my roomate's clock radio. Good catch.
$75K per year won't even qualify you to buy a house now in California without a substantial down payment (much more than 20%).
A median home (in mid 2003) is over $550K in the Bay Area and $430K in Los Angeles. Incomes are required to be over $120K/yr in SF and over 80K/yr in LA just to buy a house nowadays.
The paper Locked Out (PDF File) explains it in detail.
I'm concerned, because local housing prices are climbing way faster than my income. Common sense tells me that 20%+ year over year appreciation cannot be sustained forever, but the market keeps telling me otherwise.
Ah yes. But as a Republican in California, I can most assuredly vote Libertarian with clear concience.
You see, in 2000 as well as 2004 my party's candidate did/does not stand a chance in hell of getting the electoral vote in this state. Voting Republican would be pissing my vote away. In the end, what does it matter that Bush loses to Kerry by 15 vs. 20 points in this state? Absolutely nothing.
I can therefore vote Libertarian and I have done so since the 2000 election. My vote actually means something now. Not by trying to get a Libertarian the California electoral votes, but it does benefit the Libertarian party by raising their percentage of the popular vote. Any upswing in the Libertarian vote is good news.
Um, no. If their costs are lowered, their profits increase. Discounts are being given now because no one will allow themselves to be watched without compensation.
Cost savngs wll not be passed down to the consumer unless something like market forces make the insurance companies lower their rates.
Progressive could use the cost savings to lower premiums for certain participants in the program, but that would cause an exodus of "Sunday drivers" from other insurance companies to Progressive.
In order to compete effectively, other insurance companies would have to implement similar programs.
Once the majority of drivers are on the program, the 10-15% "discount" for good drivers would become the normal rate where other drivers, drivers of pre-1998 vehicles, or privacy advocates pay a 10-15% premium, are placed on assigned risk, or are denied insurance altogether.
True, but 8080 is an alternate port for HTTP, and if I was sending out lots of encrypted traffic, I'd be in a world of hurt at this DoD-related company.
Confidentiality is not the issue. I've nothing to hide, and it is the company's equipment. The brain-dead Websense content filter is the issue, blocking many.edu and.gov domains (like NASA) for some asinine reason.
1. Home DVD burners (including consumer DVD-R and DVD+R) cannot use CSS encryption. They just physically are not able to do so because the media does not support the burning of the CSS key.
2. Professional burners do exist that can use CSS. These require different media (consumer media won't burn in these) due to the wavelength of the laser being different and a section on the disc to receive the CSS key.
3. The cost of the professional burners and media are considerably more than the consumer units.
The end result is that the studios think their stuff is worth protecting, while the consumer's isn't. It just makes me feel all warm inside.
For the PC, you can decrypt and burn a DVD to a blank disc. This disc will be playable in nearly ANY DVD player Because of the country I live in, I cannot tell you how to do this.
If you hook a PC up to a TV, or vice-versa, some video cards/drivers are now enforcing Macrovision copy protection.
You must also be aware of the flip-flopping between these transmission methods and cancer. Every year or so it changes boolean states from harmful to not and back again the following year.
IIRC, at the time the paper was written, EAP-TTLS and PEAP leaked the least amount of info to a possible attacker and had no known exploits at the time. Check the link offered in the bibliography, it explains it in more detail.
The key point of that section (as miserably brief as it was, I admit) was to point out there are developments helping the situation, but the overall opinion is that wireless networks are not secure and people need to be aware of the traffic that is sent over them and what this traffic might reveal to an attacker.
Frankly, I needed another semester to work on the thesis, but schedules are a pain.
Firmware after early 2001 implements "weak key avoidance" or WEP+. I've collected from 16M to 20M packets and have not been able to crack a key although I've had plenty of interesting packets.
Wanna try something fun? Use a 40-bit WEP key and try Newsham's attack, that's scary.
Mainly I looked at various tools and how effective they were. I also looked at setups in the surrounding neighborhood and pwn3d (with permission) the campus VPN via the wireless network.
The device I am talking about does have its own internal battery. It has a clock too.
These devices have been used by fleet operators to keep tabs on their drivers, and there are security mechanisms built into the device to show if there was any tampering. You cannot just "upload" a bunch of data the day you need to turn over your driving record, you cannot just disconnect the unit for 3 months to underreport mileage. Gaps will appear and logs are kept of the device usage aside from the mileage/speed report (disconnects, connects, downloads, settings changes and memory clears are all recorded). Besides, the car still has an odometer that is recorded at service intervals and emissions testing.
I didn't post to really discuss how to hack the device, I just thought I'd share what I thought the insurance companies were using for their pilot program. This device sounds exactly like what was described in the article.
Well, in the case of the CarChip, the operator sets a "speed theshold" and the CarChip reports these numbers when the data is downloaded. I'm willing to bet that these are the devices being used by the insurance companies because it's a cheap enough solution that already exists and works very well.
The point is not to catch people doing 45 in a school zone, it's to catch those people weaving through traffic at 80+ MPH on the freeways.
So I can see in California the devices being set to 70 or 75MPH as the "threshold".
Drivers cannot "switch" the chips between their cars and another because the CarChip can detect this. It also logs the time it was not connected, so the insurance company will know if the driver tries to game the system. The chips are also individually serialized and send this serial number with the downloaded data.
I tried to reverse engineer the serial data downloaded off the CarChip and managed to figure out the protocol easily enough. The problem was the CRC they used for the data download was unusual and the company would never disclose how it was calculated to me.
The device is similar to the Davis Carchip if not this particular device. It hooks up to the OBDII port and reads the car's vitals from there.
Remember, it's a device drivers can simply plug in to the car. OBDII is a serial protocol that would be a bit harder to hack than the speedometer pulse wire.
Some things the CarChip does that this device will likely do:
1. Record times the device was disconnected 2. Record times data was downloaded/memory cleared 3. Keep a record of the speeds via timed snapshots 4. Keep a record of the date/time car was used (and how long).
It can keep track of vehicle usage (in my case) for the last three months with logging data points every 5 seconds.
No records of destinations or GPS tracking on these base models.
Disclaimer: I don't work for the company, but I have a Carchip E/X installed as insurance against unfair tickets and warranty "abuse" claims by the manufacturer.
I have an aftermarket black box in my car. It's the Carchip EX, and it stores several weeks worth of driving info in 5 second (or longer) intervals. It also has a 30-second buffer that records heavy braking or acceleration as well as 5 parameters (speed, RPM, temp, etc).
The best part is no one knows about this device but me.
Actually, I think Wheelie And The Chopper Bunch is more accurate. In this show, the VW bug showed facial expressions with the lights and bumper as well as showing exclamations and other symbols on the windshield.
Funny thing is, Wheelie was the only character on the show that didn't talk.
Oh the wife went through it great. It was just the smell and all the blood. The vacuum lines ran right in front of me too, adding sound effects to the ordeal. I was quite surprised at how fast a c-section can be done though.
I would say something stronger than stunning. Being in the operating theater during a c-section is an experience I would soon rather not experience again... and I was the father. After the kid came out the place looked like a murder scene, and while the cutting was being done, the smell was... horrid. The cauterizer was used quite often and the smell of burning flesh was unnerving.
All that was forgotten when the kid started to cry. Then later I got home and dumped the photos out of the digital camera...
Slashdot Mirror
Thank you!
I always wondered who was responsible for all those 2WIREXXX SSIDs I collected on my thesis project.
IIRC, these were identified as Belkin devices by my scanning tools.
That top pic is what it looked like before discovery? If I paid $300+ for such a device, it would have to be much more convincing. That sticker plastered on the face looks like ass and I'd never expect a commercial product, especially from Sony to look like that.
I'd also not expect to discover a camera in my roomate's clock radio. Good catch.
Perhaps it would have been better to say that the Republican Party is no longer exclusively the party of the uber-rich and the corporations.
$75K per year won't even qualify you to buy a house now in California without a substantial down payment (much more than 20%).
A median home (in mid 2003) is over $550K in the Bay Area and $430K in Los Angeles. Incomes are required to be over $120K/yr in SF and over 80K/yr in LA just to buy a house nowadays.
The paper Locked Out (PDF File) explains it in detail.
I'm concerned, because local housing prices are climbing way faster than my income. Common sense tells me that 20%+ year over year appreciation cannot be sustained forever, but the market keeps telling me otherwise.
Thanks for the actual numbers. All I remember from 2000 is that California was for Gore. I really doubt 2004 will be much different.
Ah yes. But as a Republican in California, I can most assuredly vote Libertarian with clear concience.
You see, in 2000 as well as 2004 my party's candidate did/does not stand a chance in hell of getting the electoral vote in this state. Voting Republican would be pissing my vote away. In the end, what does it matter that Bush loses to Kerry by 15 vs. 20 points in this state? Absolutely nothing.
I can therefore vote Libertarian and I have done so since the 2000 election. My vote actually means something now. Not by trying to get a Libertarian the California electoral votes, but it does benefit the Libertarian party by raising their percentage of the popular vote. Any upswing in the Libertarian vote is good news.
Um, no. If their costs are lowered, their profits increase. Discounts are being given now because no one will allow themselves to be watched without compensation.
o ducts.asp. I use one for personal use, and it does everything the insurance company would cream themselves over.
Cost savngs wll not be passed down to the consumer unless something like market forces make the insurance companies lower their rates.
Progressive could use the cost savings to lower premiums for certain participants in the program, but that would cause an exodus of "Sunday drivers" from other insurance companies to Progressive.
In order to compete effectively, other insurance companies would have to implement similar programs.
Once the majority of drivers are on the program, the 10-15% "discount" for good drivers would become the normal rate where other drivers, drivers of pre-1998 vehicles, or privacy advocates pay a 10-15% premium, are placed on assigned risk, or are denied insurance altogether.
Anyhow, this is a link to who I suspect is the manufacturer of the device: http://www.davisnet.com/drive/products/carchip_pr
True, but 8080 is an alternate port for HTTP, and if I was sending out lots of encrypted traffic, I'd be in a world of hurt at this DoD-related company.
.edu and .gov domains (like NASA) for some asinine reason.
Confidentiality is not the issue. I've nothing to hide, and it is the company's equipment. The brain-dead Websense content filter is the issue, blocking many
I do to. A squid proxy running on port 8080 back home is a worker's best friend.
Actually, I live in the U.S. It's the DMCA that I was referring to.
Just some points:
1. Home DVD burners (including consumer DVD-R and DVD+R) cannot use CSS encryption. They just physically are not able to do so because the media does not support the burning of the CSS key.
2. Professional burners do exist that can use CSS. These require different media (consumer media won't burn in these) due to the wavelength of the laser being different and a section on the disc to receive the CSS key.
3. The cost of the professional burners and media are considerably more than the consumer units.
The end result is that the studios think their stuff is worth protecting, while the consumer's isn't. It just makes me feel all warm inside.
For the PC, you can decrypt and burn a DVD to a blank disc. This disc will be playable in nearly ANY DVD player Because of the country I live in, I cannot tell you how to do this.
If you hook a PC up to a TV, or vice-versa, some video cards/drivers are now enforcing Macrovision copy protection.
You must also be aware of the flip-flopping between these transmission methods and cancer. Every year or so it changes boolean states from harmful to not and back again the following year.
It's a perpetual scam to get more grant money.
Yes, but Prism firmware also has weak key avoidance as well. Proxim/Lucent just give it a cool-sounding name.
IIRC, at the time the paper was written, EAP-TTLS and PEAP leaked the least amount of info to a possible attacker and had no known exploits at the time. Check the link offered in the bibliography, it explains it in more detail.
The key point of that section (as miserably brief as it was, I admit) was to point out there are developments helping the situation, but the overall opinion is that wireless networks are not secure and people need to be aware of the traffic that is sent over them and what this traffic might reveal to an attacker.
Frankly, I needed another semester to work on the thesis, but schedules are a pain.
Firmware after early 2001 implements "weak key avoidance" or WEP+. I've collected from 16M to 20M packets and have not been able to crack a key although I've had plenty of interesting packets.
Wanna try something fun? Use a 40-bit WEP key and try Newsham's attack, that's scary.
I did something similar for my Master's Thesis.
Mainly I looked at various tools and how effective they were. I also looked at setups in the surrounding neighborhood and pwn3d (with permission) the campus VPN via the wireless network.
And to think my mod points expired early this morning. Well said!
The device I am talking about does have its own internal battery. It has a clock too.
These devices have been used by fleet operators to keep tabs on their drivers, and there are security mechanisms built into the device to show if there was any tampering. You cannot just "upload" a bunch of data the day you need to turn over your driving record, you cannot just disconnect the unit for 3 months to underreport mileage. Gaps will appear and logs are kept of the device usage aside from the mileage/speed report (disconnects, connects, downloads, settings changes and memory clears are all recorded). Besides, the car still has an odometer that is recorded at service intervals and emissions testing.
I didn't post to really discuss how to hack the device, I just thought I'd share what I thought the insurance companies were using for their pilot program. This device sounds exactly like what was described in the article.
Well, in the case of the CarChip, the operator sets a "speed theshold" and the CarChip reports these numbers when the data is downloaded. I'm willing to bet that these are the devices being used by the insurance companies because it's a cheap enough solution that already exists and works very well.
The point is not to catch people doing 45 in a school zone, it's to catch those people weaving through traffic at 80+ MPH on the freeways.
So I can see in California the devices being set to 70 or 75MPH as the "threshold".
Drivers cannot "switch" the chips between their cars and another because the CarChip can detect this. It also logs the time it was not connected, so the insurance company will know if the driver tries to game the system. The chips are also individually serialized and send this serial number with the downloaded data.
I tried to reverse engineer the serial data downloaded off the CarChip and managed to figure out the protocol easily enough. The problem was the CRC they used for the data download was unusual and the company would never disclose how it was calculated to me.
The device is similar to the Davis Carchip if not this particular device. It hooks up to the OBDII port and reads the car's vitals from there.
Remember, it's a device drivers can simply plug in to the car. OBDII is a serial protocol that would be a bit harder to hack than the speedometer pulse wire.
Some things the CarChip does that this device will likely do:
1. Record times the device was disconnected
2. Record times data was downloaded/memory cleared
3. Keep a record of the speeds via timed snapshots
4. Keep a record of the date/time car was used (and how long).
It can keep track of vehicle usage (in my case) for the last three months with logging data points every 5 seconds.
No records of destinations or GPS tracking on these base models.
Disclaimer: I don't work for the company, but I have a Carchip E/X installed as insurance against unfair tickets and warranty "abuse" claims by the manufacturer.
I have an aftermarket black box in my car. It's the Carchip EX, and it stores several weeks worth of driving info in 5 second (or longer) intervals. It also has a 30-second buffer that records heavy braking or acceleration as well as 5 parameters (speed, RPM, temp, etc).
The best part is no one knows about this device but me.
Actually, I think Wheelie And The Chopper Bunch is more accurate. In this show, the VW bug showed facial expressions with the lights and bumper as well as showing exclamations and other symbols on the windshield.
Funny thing is, Wheelie was the only character on the show that didn't talk.
Oh the wife went through it great. It was just the smell and all the blood. The vacuum lines ran right in front of me too, adding sound effects to the ordeal. I was quite surprised at how fast a c-section can be done though.
Lovely, the memories are coming back now...
I would say something stronger than stunning. Being in the operating theater during a c-section is an experience I would soon rather not experience again... and I was the father. After the kid came out the place looked like a murder scene, and while the cutting was being done, the smell was... horrid. The cauterizer was used quite often and the smell of burning flesh was unnerving.
All that was forgotten when the kid started to cry. Then later I got home and dumped the photos out of the digital camera...
The tools might, but the DVD burner and media likely cannot. If the DVD itself does not have CSS, then they are in the clear.