It can be used for data logging and collecting stats. An old off-the-shelf method was to use an Ethernet to 15-pin AUI module and break off the transmit pin. Today it's easier to use port mirroring if you trust the hardware.
Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.
As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?
Don't put it in small engines either. The 10% stuff caused a leak in a generator fuel tank. It leaked at the shutoff valve/tank seal. The tank was almost empty or I might have lost the house.
A familiar street name. You had a good location. I rented a room, just a few doors down, when I co-oped at JSC during the early 80's. It was a very easy commute.
I suspect that no off the shelf product is secure from the network side. The hardware needs to have two independent blocks: a communications module and a application module. The two need to be linked with a well defined API so that the communications module can't change the application code and there is a good point for an audit. There are probably regulatory issues like GPS to emergency services, not being able to hang up an emergency call, etc. You need to be able to load the application code from a secure interface with signed code etc. A smart card slot for application module key material would be a plus. Good luck trying to find one and good luck getting approval to sell one with these features.
A lot of people must skip vaccines. I just received an email saying that basketball practice was canceled due to a measles outbreak. It's sad that we could probably eliminate many of these diseases.
I wonder about Fry's too. Our local store hasn't restocked surface mount resistors in months. Nothing like paying for over night delivery to get a badly needed 470 ohm resistor just because the peg is empty.
Metric won't happen without a really big stick. Fuel pumps would probably change in less than 24 hours if there was a 1% tax on sales measured in gallons.
There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.
A big improvement would be to require e-commerce servers to protect their private key in a hardware accelerator that won't give up the key. This would protect the certificate if the server is compromised. Someone might be able to use the accelerator, via some type of proxy hack, but the certificate would be safe after a compromised server is reloaded.
Maybe the "scam" factor could be reduced if the certificates were signed by two or more entities in different jurisdctions.
Yes, I'm sure we will never find out if the data was given to various agencies. After carefully opening one, I agree that they are tamper evident. It wouldn't be a big step to have two pins (I2C?) for programming from a simple workstation that also loaded the customer's server. A fuse link or finalize command could prevent future changes. I would hope the programming could be idiot proof but they keep making better idiots.
I have two questions: Did someone required them to keep the initial values and why wasn't the system designed so that the customer was required to initialize the tokens?
The messages need to be digitally signed or we are going to get spam claiming to be from the president. It also needs to be better designed than weather radios. For example, I can turn off thunderstorm watch alerts but not tornado watch alerts. I might understand requiring warnings but not watches. It cries wolf, in the middle of hot muggy nights, so often it gets turned off.
I was thinking about troubles with evacuation from some place like the Florida Keys with a long highway. All lanes are switched to North so it would be difficult to get extra batteries. Even a seasonal thing like lots of people going South for Spring break would cause inventory problems.
It's probably hard to compete with the cost of piping fuel to storage tanks near distribution centers vs. the investment in battery packs.
I sure hope we can get charging stations everywhere. I'm not very hopeful since utilities are slow at upgrading major transmission lines no less what would be needed for fast charging in homes. I think we are on the edge of major problems without EVs. During hot weather I see 105 V and last night I saw 130 V. The regulation won't get better without lots of investment. We probably need rules that require higher power capacity for new construction (fiber too).
At a minimum I would request that the box be placed on a separate VLAN that has no other access to the LAN. Internal access should go through the firewall rules like you would for an external server with all the appropriate logs and auditing. I would also transfer ownership by giving them the hardware.
I think real question is why doesn't the customer initialize the token. There are lots of interface options to initialize a small token: I2C, USB, even IR.
People never think they will fall so they do dumb things. Yesterday, a friend told me that one of his workers was caught standing an extension ladder on top of a small SUV to gain a little extra height.
A crew painting my house “borrowed” a 14-gauge extension cord without asking. They used it to lower themselves down a 12:12 pitch roof. Idiots! If they had just asked, I would have let them use a 12.5 mm kernmantle rope and harness. They damaged the cord and cut the top shingle.
Mail programs should insist on BCC if there are more than say 8 addresses. I'm tired of getting mail with a TO: list a mile long. One of the people will have an infested computer and everybody will be put on a spam mailing list.
These systems are nothing but trouble if you find yourself on a road without booths and you are in a rental car. You either pay a high daily rate plus usage, to get a car with a transponder, or you really get zapped if they forward a bill a month later
Slashdot Mirror
I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....
It can be used for data logging and collecting stats. An old off-the-shelf method was to use an Ethernet to 15-pin AUI module and break off the transmit pin. Today it's easier to use port mirroring if you trust the hardware.
Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.
As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?
Don't put it in small engines either. The 10% stuff caused a leak in a generator fuel tank. It leaked at the shutoff valve/tank seal. The tank was almost empty or I might have lost the house.
A familiar street name. You had a good location. I rented a room, just a few doors down, when I co-oped at JSC during the early 80's. It was a very easy commute.
Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.
I suspect that no off the shelf product is secure from the network side. The hardware needs to have two independent blocks: a communications module and a application module. The two need to be linked with a well defined API so that the communications module can't change the application code and there is a good point for an audit. There are probably regulatory issues like GPS to emergency services, not being able to hang up an emergency call, etc. You need to be able to load the application code from a secure interface with signed code etc. A smart card slot for application module key material would be a plus. Good luck trying to find one and good luck getting approval to sell one with these features.
A lot of people must skip vaccines. I just received an email saying that basketball practice was canceled due to a measles outbreak. It's sad that we could probably eliminate many of these diseases.
I wonder about Fry's too. Our local store hasn't restocked surface mount resistors in months. Nothing like paying for over night delivery to get a badly needed 470 ohm resistor just because the peg is empty.
Stop the trouble before it occurs: Make sure your service agreements allow you to destroy drives before getting an under warranty replacement.
Metric won't happen without a really big stick. Fuel pumps would probably change in less than 24 hours if there was a 1% tax on sales measured in gallons.
There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.
How about an app that beeps and turns the display red if encryption, as feeble as it is, gets turned off.
A big improvement would be to require e-commerce servers to protect their private key in a hardware accelerator that won't give up the key. This would protect the certificate if the server is compromised. Someone might be able to use the accelerator, via some type of proxy hack, but the certificate would be safe after a compromised server is reloaded.
Maybe the "scam" factor could be reduced if the certificates were signed by two or more entities in different jurisdctions.
Yes, I'm sure we will never find out if the data was given to various agencies. After carefully opening one, I agree that they are tamper evident. It wouldn't be a big step to have two pins (I2C?) for programming from a simple workstation that also loaded the customer's server. A fuse link or finalize command could prevent future changes. I would hope the programming could be idiot proof but they keep making better idiots.
I have two questions: Did someone required them to keep the initial values and why wasn't the system designed so that the customer was required to initialize the tokens?
The messages need to be digitally signed or we are going to get spam claiming to be from the president. It also needs to be better designed than weather radios. For example, I can turn off thunderstorm watch alerts but not tornado watch alerts. I might understand requiring warnings but not watches. It cries wolf, in the middle of hot muggy nights, so often it gets turned off.
I was thinking about troubles with evacuation from some place like the Florida Keys with a long highway. All lanes are switched to North so it would be difficult to get extra batteries. Even a seasonal thing like lots of people going South for Spring break would cause inventory problems.
It's probably hard to compete with the cost of piping fuel to storage tanks near distribution centers vs. the investment in battery packs.
I sure hope we can get charging stations everywhere. I'm not very hopeful since utilities are slow at upgrading major transmission lines no less what would be needed for fast charging in homes. I think we are on the edge of major problems without EVs. During hot weather I see 105 V and last night I saw 130 V. The regulation won't get better without lots of investment. We probably need rules that require higher power capacity for new construction (fiber too).
Switching batteries will be a big fail the first time there is a large hurricane evacuation.
At a minimum I would request that the box be placed on a separate VLAN that has no other access to the LAN. Internal access should go through the firewall rules like you would for an external server with all the appropriate logs and auditing. I would also transfer ownership by giving them the hardware.
I think real question is why doesn't the customer initialize the token. There are lots of interface options to initialize a small token: I2C, USB, even IR.
People never think they will fall so they do dumb things. Yesterday, a friend told me that one of his workers was caught standing an extension ladder on top of a small SUV to gain a little extra height. A crew painting my house “borrowed” a 14-gauge extension cord without asking. They used it to lower themselves down a 12:12 pitch roof. Idiots! If they had just asked, I would have let them use a 12.5 mm kernmantle rope and harness. They damaged the cord and cut the top shingle.
Mail programs should insist on BCC if there are more than say 8 addresses. I'm tired of getting mail with a TO: list a mile long. One of the people will have an infested computer and everybody will be put on a spam mailing list.
It sounds like this device, along with web TVs, need to be placed on a VLAN so they can be firewalled off from other local LAN resources.
These systems are nothing but trouble if you find yourself on a road without booths and you are in a rental car. You either pay a high daily rate plus usage, to get a car with a transponder, or you really get zapped if they forward a bill a month later