CDMA harder but not intended as encryption
on
Cracking GSM
·
· Score: 2, Informative
CDMA is indeed tougher to demodulate than GSM, the reason being that each GSM signal uses the same carrier (basically it encodes bits by modulating phase; the technical term is Gaussian Minimum Shift Keying, or GMSK). CDMA, on the other hand, has each user use a different "spreading code" in an attempt to make signals from different users orthogonal. The purpose of the spreading code is to take your nice orderly stream of bits, and turn it into a random-looking sequence. At the other end, the receiver knows what sequence you're using, and it can undo this transformation. As a side effect, your code is chosen to try to be orthogonal to other people's codes, so that at the same time demodulating your signal nulls out other people's signals, so your interference is reduced.
The reason there's some security in this process is that if a 3rd party doesn't know your spreading code, they won't be able to demodulate your signal -- you're going to sound like so much noise to their receiver, even if they have the proper CDMA decoding hardware. Having said that, this "encryption" supposedly isn't difficult to crack; Phil Karn from Qualcomm posted a discussion on CDMA security to a crypto list about this a while back. Here's a snippet:
There is essentially no "encryption" in the usual sense of the word in
CDMA. It is true that the complexity (and until recently, the
obscurity) of the modulation method provides some modest protection
against casual eavesdropping (e.g., someone with a Radio Shack
scanner). But phones containing the necessary ASICs are now being
shipped by the hundreds of thousands per month, and as I said earlier
the complete air interface spec has been public for some time.
I remember hearing a lecture on CDMA where the professor described a favorite tactic of hackers being to hang out with scanners over bridges, where people's connections would cut out, and grab their codes when the phones tried to resync with the base stations as cars exited the tunnel.
Just as Ford shelled out to have 007 drive an Aston Martin in "Die Another Day", car manufacturers will go out of their way to provide prototype designs and specs for their new muscle cars for inclusion into games like Grand Turismo. As the article points out, gamers spend enormous amounts of time with a good game, which gives your product much better exposure than a 30-second TV commercial or a print ad.
Also, what's the worry about false positives? If and when they happen, it's a simple matter to clear up a person's real identity. It's not like they shoot first and ask questions later.
Except that it would really suck if you happened to be someone who their facial recognition algorithm decided looked like someone on a watch list, because then you'd be detained at every airport if these things are widely deployed. You'd run the risk of creating a class of travellers who would essentially be unable to travel freely without having to schedule ridiculously long stopovers everywhere they go.
As other people have mentioned, it's not really the positive ID rate that's important (after all, you're comparing it with the baseline 0% if the system weren't available), but rather the false positive rate, and also how repeatable the false positives are for the same person.
Also, at some point, wouldn't the increased capacity of carrying more and more big heavy batteries be offset by the fact that you need more power to haul all that weight uphill?
I suspect that they had someone/thing else pacing them carrying the extras.
Considering that most casual Windows users have no idea how to configure a firewall properly (or even what those dang "port" thingies are), it's understandable that Microsoft was reluctant to ship Windows with ICF enabled. People like that are either going to see all their IM/webconferencing/file sharing/etc software stop working once their ports are blocked (and start a massive wave of calls tying up tech support), or else default to allowing everything to go through the firewall which defeats the purpose of having it in the first place.
Your point of Windows shipping with a bunch of open ports being a Bad Thing is a good one, but a better solution would be to just have the ports closed by default -- why nail a bunch of boards over an open doorway when simply closing and locking the door would suffice? I also think Microsoft is going to have more luck with their current plan of automating updates -- as many people have already pointed out, the exploit used by MSBlast already had a patch out for over a month before the first attack, and people who downloaded it were fine. Virus software companies have known for years that the only way to get people to update regularly is to build it into the software, a la LiveUpdate for Symantec. Letting expert users who are savvy enough to get the relevant patches by themselves anyways opt out of auto update keeps everyone happy.
This sort of scheme only works well for college areas where they have bandwidth to burn anyways. Most commercial cable/DSL providers cap the transfer rates you can get (especially the uploads), making this sort of massive connection sharing infeasible. Not to mention that there'd have to be a bunch of altruistic people willing to front the connection costs for everyone else.
Still, this sort of thing could work well in urban areas like Boston where there's a ridiculously dense concentration of colleges with fat network pipes.
So now you can DOS this network ...
on
MIT Roofnet
·
· Score: 5, Funny
just by tossing a handful of bread crumbs at the MIT gateway's roof antenna?
There's no need for a human to get involved. Have a protocol whereby in order to the receiver's machine automatically issues a small, dynamically-generated math problem which requires the sender's computer a few seconds of computing time to solve. The email only gets "authorized" if a correct solution is received. This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails would be facing some pretty prohibitive computational costs.
Actually, the reason you don't have fiber up to your doorstep has more to do with the high cost of digging up your street in order to get it there. This isn't really feasible except maybe in new neighborhoods. Fiber's actually pretty cheap these days, especially compared to other equipment costs like switches and ADMs.
The other problem right now is the high cost of components such as tunable lasers. Even if every home had fiber, it'd cost a lot more to equip your computer with an optical network card. The average Joe Public won't get enough use out of the extra bandwidth (yet) to justify the cost of buying the hardware. This would be true regardless of whether your fiber was made out of sand or sponges.
Although, if someday networks did come to be made out of organic sponges, it'd be funny to see people be forced to remember to water their internet connections or be disconnected:)
Slashdot Mirror
CDMA is indeed tougher to demodulate than GSM, the reason being that each GSM signal uses the same carrier (basically it encodes bits by modulating phase; the technical term is Gaussian Minimum Shift Keying, or GMSK). CDMA, on the other hand, has each user use a different "spreading code" in an attempt to make signals from different users orthogonal. The purpose of the spreading code is to take your nice orderly stream of bits, and turn it into a random-looking sequence. At the other end, the receiver knows what sequence you're using, and it can undo this transformation. As a side effect, your code is chosen to try to be orthogonal to other people's codes, so that at the same time demodulating your signal nulls out other people's signals, so your interference is reduced.
The reason there's some security in this process is that if a 3rd party doesn't know your spreading code, they won't be able to demodulate your signal -- you're going to sound like so much noise to their receiver, even if they have the proper CDMA decoding hardware. Having said that, this "encryption" supposedly isn't difficult to crack; Phil Karn from Qualcomm posted a discussion on CDMA security to a crypto list about this a while back. Here's a snippet:
I remember hearing a lecture on CDMA where the professor described a favorite tactic of hackers being to hang out with scanners over bridges, where people's connections would cut out, and grab their codes when the phones tried to resync with the base stations as cars exited the tunnel.
Just as Ford shelled out to have 007 drive an Aston Martin in "Die Another Day", car manufacturers will go out of their way to provide prototype designs and specs for their new muscle cars for inclusion into games like Grand Turismo. As the article points out, gamers spend enormous amounts of time with a good game, which gives your product much better exposure than a 30-second TV commercial or a print ad.
one of those ubiquitous email harvester bots ran into the exposed membership list :)
Also, what's the worry about false positives? If and when they happen, it's a simple matter to clear up a person's real identity. It's not like they shoot first and ask questions later.
Except that it would really suck if you happened to be someone who their facial recognition algorithm decided looked like someone on a watch list, because then you'd be detained at every airport if these things are widely deployed. You'd run the risk of creating a class of travellers who would essentially be unable to travel freely without having to schedule ridiculously long stopovers everywhere they go.
As other people have mentioned, it's not really the positive ID rate that's important (after all, you're comparing it with the baseline 0% if the system weren't available), but rather the false positive rate, and also how repeatable the false positives are for the same person.
Also, at some point, wouldn't the increased capacity of carrying more and more big heavy batteries be offset by the fact that you need more power to haul all that weight uphill?
I suspect that they had someone/thing else pacing them carrying the extras.
Considering that most casual Windows users have no idea how to configure a firewall properly (or even what those dang "port" thingies are), it's understandable that Microsoft was reluctant to ship Windows with ICF enabled. People like that are either going to see all their IM/webconferencing/file sharing/etc software stop working once their ports are blocked (and start a massive wave of calls tying up tech support), or else default to allowing everything to go through the firewall which defeats the purpose of having it in the first place.
Your point of Windows shipping with a bunch of open ports being a Bad Thing is a good one, but a better solution would be to just have the ports closed by default -- why nail a bunch of boards over an open doorway when simply closing and locking the door would suffice? I also think Microsoft is going to have more luck with their current plan of automating updates -- as many people have already pointed out, the exploit used by MSBlast already had a patch out for over a month before the first attack, and people who downloaded it were fine. Virus software companies have known for years that the only way to get people to update regularly is to build it into the software, a la LiveUpdate for Symantec. Letting expert users who are savvy enough to get the relevant patches by themselves anyways opt out of auto update keeps everyone happy.
This sort of scheme only works well for college areas where they have bandwidth to burn anyways. Most commercial cable/DSL providers cap the transfer rates you can get (especially the uploads), making this sort of massive connection sharing infeasible. Not to mention that there'd have to be a bunch of altruistic people willing to front the connection costs for everyone else.
Still, this sort of thing could work well in urban areas like Boston where there's a ridiculously dense concentration of colleges with fat network pipes.
just by tossing a handful of bread crumbs at the MIT gateway's roof antenna?
There's no need for a human to get involved. Have a protocol whereby in order to the receiver's machine automatically issues a small, dynamically-generated math problem which requires the sender's computer a few seconds of computing time to solve. The email only gets "authorized" if a correct solution is received. This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails would be facing some pretty prohibitive computational costs.
Actually, the reason you don't have fiber up to your doorstep has more to do with the high cost of digging up your street in order to get it there. This isn't really feasible except maybe in new neighborhoods. Fiber's actually pretty cheap these days, especially compared to other equipment costs like switches and ADMs.
The other problem right now is the high cost of components such as tunable lasers. Even if every home had fiber, it'd cost a lot more to equip your computer with an optical network card. The average Joe Public won't get enough use out of the extra bandwidth (yet) to justify the cost of buying the hardware. This would be true regardless of whether your fiber was made out of sand or sponges.
Although, if someday networks did come to be made out of organic sponges, it'd be funny to see people be forced to remember to water their internet connections or be disconnected :)