This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission.
Surely that should read, "without the user's permission".
No that's probably correct. The manufacturer probably uses the same chassis and hardware across many models, and the only difference is the software features. Another similar example is Video cards where the lesser models simply have a few cores turned off in the GPU. Enabling those features would give you the equivalent of the more expensive model.
Network scanners like nmap show it running a linux kernel. I understand the Samsung TVs are also running Linux and there is a hack to get to a shell on them.
These internet capable TVs are running a Linux kernel. There really is a lot you can do with them with the right knowledge. Would it really be that hard to spoof a connection to the firmware update site and pass custom firmware back to the TV? Or send commands back to the TV to dump its memory for you, thereby giving up your Amazon account info? Maybe even a small routine to sniff the local wire for your credentials and email them out?
Example: several brands of cars made in Germany. It's a good design. The dash wirelessly authenticates the key, in addition to the physical ignition lock.
You can't disable it (very easily). It's designed to be tamper-resistant, from the factory.
And you can't get a replacement key for under $150. I'd prefer the ability to get $1.49 replacement keys and a decent insurance policy.
I wholeheartedly agree. The only reason I got the CISSP was that I'm now required to have it. I already had the job experience required for the cert, so I studied for 2 weeks and took the test - no big deal. About half the guys I know with the CISSP cert are worthless from a technical standpoint. Getting them a CISSP cert didn't make them any more valuable from an IT management or technical standpoint. If anything, it's annoying to hear them brag about it.
I generally disregard MS certs as well, since I know too many guys that crammed for it and have zero actual experience. They're the guys that get pissed when I won't give them domain admin rights simply because they have a MCITP-SA cert. Too many of those twats have broken things for me to actually trust them with the ability to bring down the entire domain.
Hell I even interviewed a MCITP-EA who had never actually used Windows server in real life. You really want that guy running your AD? Microsoft says he capable.
The CISSP exam has special questions designed to catch cheaters or those who got a copy of the actual exam answers. At least a dozen questions are ambiguous and have more than one correct answer. The odds of two people answering all of those questions exactly the same, or exactly matching one of the the illicit copies of the exam answers is exceptionally low. The odds are low enough that you will get flagged for at least a manual audit of your test and test book.
Another dead giveaway is if your answers match almost exactly with the answers of someone else in the room. All the test books are not identical as they may have the questions in a different order or even different questions. If your answers to questions 1-40 exactly match the answers of your neighbor and he's using a different book, that would be suspicious too.
The irony is that there are cheaters for the CISSP exam, a certification that supposedly values honesty and ethics above actual knowledge.
"I could see a role for LIM directly as a weapon only..."
It fires armed airborne bomb/missile launchers, sounds like a weapon to me.
Actually they are developing railguns for launching projectiles and weapons. If the weapon doesn't need to have a chemical propellant it makes it much smaller and you can carry a lot more. All electric propulsion is being worked on as well. This is all part of the larger Navy initiative towards all-electric ships. Electricity is cheap and plentiful when you have up to 8 reactors onboard.
As a side note, the Navy did a study for converting smaller ships to nuclear instead of oil. The cross-over point for total cost of ownership/operations was at $140/barrel for oil.
And yeah, the picture shows him measuring his fingers at 2-megaohms. Those hooks still might be electrically connected, but this picture clearly shows him measuring incorrectly.
You can also become a Type-1 diabetic as a result of pancreatic cancer or the surgery to stop said cancer. This solution hold great potential in that case.
There is a reason why battery technology hasn't developed as fast as the technologies that use them; packing more and more energy into a given volume is a dangerous thing to do. When we pack a lot of energy in a (at least temporarily:-) stable state into a given volume, we tend to call those things "explosives". There's a fine line to tread here, and the more-efficient thing to do is reduce wastage than try to push battery abilities.
They're only called explosives if they rapidly release that energy. NiCad batteries for example are more dangerous than alkaline batteries simply because a dead short would heat up very quickly. Same for Lithium with the added danger of the battery itself burning. Increasing energy density is still very desirable - for example not having the battery in a car weighing 2-tons by itself.
This applies to SIPRNET machines, and specifically personal CDs, DVD, etc. The thing is, this has always been the rule. At least everywhere I've worked with SIPRNET access (Air Force).
Close. It applies to SIPRNET and ALL removable media. If you have a legitimate requirement to use removable media it now must be authorized by your commanding officer in writing and you must have a procedure in place that uses two-person integrity.
You're thinking all wrong man. I own a "vinyl cutter" (Wishblade) that came with some great software. I can do just about anything I want with it. I've made tons of stencils for cakes, woodworking, fabric patterns and other stuff for people. I can scan an image and have it on the cutter in minutes. There's a problem with it. It takes time to learn. It took me about a day to learn and I'm technically adept. My roommate, it would take her a long time to learn. She's been watching me make stuff for a year, and wouldn't know where to begin. She bought a machine which does something similar, but is far more limited. She bought a Cricut. She has made more stuff in the 3 weeks she's had it, than I have all year with mine because it is so easy for her to make stuff. The Cricut is not versatile. It is not cheaper than the Wishblade. It doesn't do half the cool stuff I can do. But she learned it in just a few minutes.
Wishblade made a very nice product, and they will get to sell me overpriced cutting blades at $20 a pop. Cricut will not only sell their blades at $20 a pop, but you have to buy "fonts" to make it work at $20-$100 a pop. Her friends own about a dozen font cartridges each. Her friends don't need to buy expensive software or even own a PC. They just own a Cricut which holds their hand so they don't have to do any thinking outside the box.
I'm trying to figure out how to make a 3d fab machine that takes font cartridges I can sell bajillions of. As a person very capable of doing stuff, I love the Wishblade over the Cricut every day of the week. But there is far more profit selling the Cricut. Photoshop is awesome, but when half the population doesn't understand MS Paint, your aren't going to sell to many copies of Photoshop.
If you substitute Apple and Linux in your story, that explains why people love Macs.....
I have an immediate need for two small plastic parts for my car front bumper which spray water on the headlights. They have broken off over the years due to encounters with snowbanks, etc. Dealer wants $110 EACH for them but they look like they cost about $1 to make. I'd love to make my own.
You tried just calling up the local junkyard? There are lots of pull-your-own-parts places that would only charge you a couple bucks for them.
"What? They want $50 for that part?? Screw that, I can make it myself for $10."
I think you just described China's entire business strategy. Make cheap knockoffs of quality products and undersell them. Although I gotta admit the Chinese knock-offs of the small Honda engines virtually the same quality at half the cost. They even take the exact same replacement parts!
It took them 3 months to figure out who was intruding into the system. Once the FBI asked/interrogated her, she fessed up. Still 3-months is a long time to go without the password when I'm sure the manufacturer would have helped them rest the password.
"The provision applies only to information related to cryptographic systems and information related to communications intelligence specially designated by a U.S. government agency for "limited or restricted dissemination or distribution.""
Yes it does, thanks for noticing. Some dipshits around here can't even seem to read. Did you also notice that the stolen documents came from a cryptographic system called SIPRNET, and dealt with communications intelligence? The DOD routinely cites this law when prosecuting people who steal information off classified computers.
US has adopted several laws that would seem to be unconstitutional. The Patriot Act for example. It still doesn't mean they won't lock you up for treason, or for shouting fire in a crowded theater, etc.
What exactly is Wikileaks doing that all these other media organizations aren't also doing?
No one gave Wikileaks a security clearance; they are incapable of leaking anything. They are merely publishing information that was leaked by someone else. So how are all these attacks on Wikileaks' right to publish justified vs. those of the NY Times or the Associated Press?
That's the ironic part. Wikileaks is outside the US and its laws, but NYT is inside the US and can be prosecuted under existing US laws. That the US govt is purusing Julian and not NYT is indeed hypocritical.
Section 798 deals with the disclosure of information. The information was already disclosed, however. So where is the problem?
The wording of the law is "Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes". It doesn't really matter how they got it.
The other two deal with national defense. I am not aware that there is any defense-related information in the cables.
The fact that they were classified by the Dept of Defense should be evidence of that. There is information of which the release presents a danger to US troops or national security interests.
On a different note, why should Wikileaks care about US law? It's not like they are under your jurisdiction.
Very true. Again, my point was that it's another redundant US law (that doesn't directly apply to Wikileaks anyway).
I wonder if some of the anti-Wikipedia fervor evident among US lawmakers will also be brought to bear against the AP and other mainstream media sources.
Please lets not conflate Wikipedia and Wikileaks. That is not good for anyone.
Once again the US Congress is grandstanding, pounding their chests, and proposing another redundant law. We already have several laws that make the disclosure of US Defense information illegal. For non-govt employees Sections 793, 794, 798, Title 18, United States Code apply.
These are others that apply if you work for or contract to the government, including the provisions of Sections 641, 793, 794, 798, 952 and 1924, Title 18, United States Code, and the provisions of Section 783(b), Title 50, United States Code, and the provisions of the Intelligence Identities Protection Act of 1982.
Slashdot Mirror
Surely that should read, "without the user's permission".
No that's probably correct. The manufacturer probably uses the same chassis and hardware across many models, and the only difference is the software features. Another similar example is Video cards where the lesser models simply have a few cores turned off in the GPU. Enabling those features would give you the equivalent of the more expensive model.
Network scanners like nmap show it running a linux kernel. I understand the Samsung TVs are also running Linux and there is a hack to get to a shell on them.
These internet capable TVs are running a Linux kernel. There really is a lot you can do with them with the right knowledge. Would it really be that hard to spoof a connection to the firmware update site and pass custom firmware back to the TV? Or send commands back to the TV to dump its memory for you, thereby giving up your Amazon account info? Maybe even a small routine to sniff the local wire for your credentials and email them out?
It's really not as far fetched as you think.
Example: several brands of cars made in Germany. It's a good design. The dash wirelessly authenticates the key, in addition to the physical ignition lock.
You can't disable it (very easily). It's designed to be tamper-resistant, from the factory.
And you can't get a replacement key for under $150. I'd prefer the ability to get $1.49 replacement keys and a decent insurance policy.
I wholeheartedly agree. The only reason I got the CISSP was that I'm now required to have it. I already had the job experience required for the cert, so I studied for 2 weeks and took the test - no big deal. About half the guys I know with the CISSP cert are worthless from a technical standpoint. Getting them a CISSP cert didn't make them any more valuable from an IT management or technical standpoint. If anything, it's annoying to hear them brag about it.
I generally disregard MS certs as well, since I know too many guys that crammed for it and have zero actual experience. They're the guys that get pissed when I won't give them domain admin rights simply because they have a MCITP-SA cert. Too many of those twats have broken things for me to actually trust them with the ability to bring down the entire domain.
Hell I even interviewed a MCITP-EA who had never actually used Windows server in real life. You really want that guy running your AD? Microsoft says he capable.
He is in solitary confinement 23 hours a day; is not allowed to exercise in his cell; has been denied a pillow and sheets;
WTF?!?!?!?!!? Is there any way to corroborate these facts. Because this is fucking ridiculous.
He is also considered a suicide threat, hence not giving sheets with which to hang himself.
The CISSP exam has special questions designed to catch cheaters or those who got a copy of the actual exam answers. At least a dozen questions are ambiguous and have more than one correct answer. The odds of two people answering all of those questions exactly the same, or exactly matching one of the the illicit copies of the exam answers is exceptionally low. The odds are low enough that you will get flagged for at least a manual audit of your test and test book.
Another dead giveaway is if your answers match almost exactly with the answers of someone else in the room. All the test books are not identical as they may have the questions in a different order or even different questions. If your answers to questions 1-40 exactly match the answers of your neighbor and he's using a different book, that would be suspicious too.
The irony is that there are cheaters for the CISSP exam, a certification that supposedly values honesty and ethics above actual knowledge.
"I could see a role for LIM directly as a weapon only..."
It fires armed airborne bomb/missile launchers, sounds like a weapon to me.
Actually they are developing railguns for launching projectiles and weapons. If the weapon doesn't need to have a chemical propellant it makes it much smaller and you can carry a lot more. All electric propulsion is being worked on as well. This is all part of the larger Navy initiative towards all-electric ships. Electricity is cheap and plentiful when you have up to 8 reactors onboard.
As a side note, the Navy did a study for converting smaller ships to nuclear instead of oil. The cross-over point for total cost of ownership/operations was at $140/barrel for oil.
Try the Coral Cache http://connectify.blogspot.com.nyud.net/2010/12/why-leather-cover-crashes-kindle-3.html
And yeah, the picture shows him measuring his fingers at 2-megaohms. Those hooks still might be electrically connected, but this picture clearly shows him measuring incorrectly.
http://3.bp.blogspot.com/_qwDDaztb5sk/TRDc7rIwy3I/AAAAAAAAAC4/aTEHhpsNf2Y/s1600/IMG_0662%255B1%255D.JPG
You can also become a Type-1 diabetic as a result of pancreatic cancer or the surgery to stop said cancer. This solution hold great potential in that case.
There is a reason why battery technology hasn't developed as fast as the technologies that use them; packing more and more energy into a given volume is a dangerous thing to do. When we pack a lot of energy in a (at least temporarily :-) stable state into a given volume, we tend to call those things "explosives". There's a fine line to tread here, and the more-efficient thing to do is reduce wastage than try to push battery abilities.
They're only called explosives if they rapidly release that energy. NiCad batteries for example are more dangerous than alkaline batteries simply because a dead short would heat up very quickly. Same for Lithium with the added danger of the battery itself burning. Increasing energy density is still very desirable - for example not having the battery in a car weighing 2-tons by itself.
That's what the Tempest standard is for. It dates from the late 70s/early 80s when they banned all removable anything.
You might want to look up TEMPEST. Hint - it has nothing to do with removable media.
The two-person "trusted download" has also been in place for years.
Not at the SECRET level. Most TS requires two-person.
This applies to SIPRNET machines, and specifically personal CDs, DVD, etc. The thing is, this has always been the rule. At least everywhere I've worked with SIPRNET access (Air Force).
Close. It applies to SIPRNET and ALL removable media. If you have a legitimate requirement to use removable media it now must be authorized by your commanding officer in writing and you must have a procedure in place that uses two-person integrity.
You're thinking all wrong man. I own a "vinyl cutter" (Wishblade) that came with some great software. I can do just about anything I want with it. I've made tons of stencils for cakes, woodworking, fabric patterns and other stuff for people. I can scan an image and have it on the cutter in minutes. There's a problem with it. It takes time to learn. It took me about a day to learn and I'm technically adept. My roommate, it would take her a long time to learn. She's been watching me make stuff for a year, and wouldn't know where to begin. She bought a machine which does something similar, but is far more limited. She bought a Cricut. She has made more stuff in the 3 weeks she's had it, than I have all year with mine because it is so easy for her to make stuff. The Cricut is not versatile. It is not cheaper than the Wishblade. It doesn't do half the cool stuff I can do. But she learned it in just a few minutes.
Wishblade made a very nice product, and they will get to sell me overpriced cutting blades at $20 a pop. Cricut will not only sell their blades at $20 a pop, but you have to buy "fonts" to make it work at $20-$100 a pop. Her friends own about a dozen font cartridges each. Her friends don't need to buy expensive software or even own a PC. They just own a Cricut which holds their hand so they don't have to do any thinking outside the box.
I'm trying to figure out how to make a 3d fab machine that takes font cartridges I can sell bajillions of. As a person very capable of doing stuff, I love the Wishblade over the Cricut every day of the week. But there is far more profit selling the Cricut. Photoshop is awesome, but when half the population doesn't understand MS Paint, your aren't going to sell to many copies of Photoshop.
If you substitute Apple and Linux in your story, that explains why people love Macs.....
I have an immediate need for two small plastic parts for my car front bumper which spray water on the headlights. They have broken off over the years due to encounters with snowbanks, etc. Dealer wants $110 EACH for them but they look like they cost about $1 to make.
I'd love to make my own.
You tried just calling up the local junkyard? There are lots of pull-your-own-parts places that would only charge you a couple bucks for them.
"What? They want $50 for that part?? Screw that, I can make it myself for $10."
I think you just described China's entire business strategy. Make cheap knockoffs of quality products and undersell them. Although I gotta admit the Chinese knock-offs of the small Honda engines virtually the same quality at half the cost. They even take the exact same replacement parts!
It took them 3 months to figure out who was intruding into the system. Once the FBI asked/interrogated her, she fessed up. Still 3-months is a long time to go without the password when I'm sure the manufacturer would have helped them rest the password.
"The provision applies only to information related to cryptographic systems and information related to communications intelligence specially designated by a U.S. government agency for "limited or restricted dissemination or distribution.""
Yes it does, thanks for noticing. Some dipshits around here can't even seem to read. Did you also notice that the stolen documents came from a cryptographic system called SIPRNET, and dealt with communications intelligence? The DOD routinely cites this law when prosecuting people who steal information off classified computers.
The laws actually read disclosure or publication. Just because they haven't been prosecuted doesn't mean they can't.
US has adopted several laws that would seem to be unconstitutional. The Patriot Act for example. It still doesn't mean they won't lock you up for treason, or for shouting fire in a crowded theater, etc.
So posting accurate information with links to the actual laws in question, is now considered trolling? Hmmpt!
What exactly is Wikileaks doing that all these other media organizations aren't also doing?
No one gave Wikileaks a security clearance; they are incapable of leaking anything. They are merely publishing information that was leaked by someone else. So how are all these attacks on Wikileaks' right to publish justified vs. those of the NY Times or the Associated Press?
That's the ironic part. Wikileaks is outside the US and its laws, but NYT is inside the US and can be prosecuted under existing US laws. That the US govt is purusing Julian and not NYT is indeed hypocritical.
Section 798 deals with the disclosure of information. The information was already disclosed, however. So where is the problem?
The wording of the law is "Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes". It doesn't really matter how they got it.
The other two deal with national defense. I am not aware that there is any defense-related information in the cables.
The fact that they were classified by the Dept of Defense should be evidence of that. There is information of which the release presents a danger to US troops or national security interests.
On a different note, why should Wikileaks care about US law? It's not like they are under your jurisdiction.
Very true. Again, my point was that it's another redundant US law (that doesn't directly apply to Wikileaks anyway).
I wonder if some of the anti-Wikipedia fervor evident among US lawmakers will also be brought to bear against the AP and other mainstream media sources.
Please lets not conflate Wikipedia and Wikileaks. That is not good for anyone.
Once again the US Congress is grandstanding, pounding their chests, and proposing another redundant law. We already have several laws that make the disclosure of US Defense information illegal. For non-govt employees Sections 793, 794, 798, Title 18, United States Code apply.
http://codes.lp.findlaw.com/uscode/18/I/37/798 [findlaw.com]
http://codes.lp.findlaw.com/uscode/18/I/37/794 [findlaw.com]
http://codes.lp.findlaw.com/uscode/18/I/37/793 [findlaw.com]
http://en.wikipedia.org/wiki/Intelligence_Identities_Protection_Act
These are others that apply if you work for or contract to the government, including the provisions of Sections 641, 793, 794, 798, 952 and 1924, Title 18, United States Code, and the provisions of Section 783(b), Title 50, United States Code, and the provisions of the Intelligence Identities Protection Act of 1982.