I wonder about an almost off-hand remark in section 6.2. "6.2 Example Attack Scenarios Among other things, our key reinstallation attacks allow an adversary to decrypt a TCP packet, learn the sequence number, and hijack the TCP stream to inject arbitrary data [37]"
This implies that a "read only" (decrypt only) attack allows attacker to hijack the TCP stream. Can someone with better understanding of the issue explain this point? How can TCP connection be hijacked/modified if attacker has no ability to insert or modify packets at the wifi level (which is why that type of attack is "read only")?
Given the speed of hyperloop transport, and it's reliance on precise positioning in an essentially vacuum tube (and, probably, tight spacing between vehicles) - it would be extremely easy to sabotage one and cause untold destruction and potential loss of life.
So, it stands to reason, security to screen hyperloop passengers would have to be more stringent than that of airlines. Personally, not looking forward to those cavity searches.
In the age where commercial journalism is driven by profit into an ever deepening cycle of selling fear, positive news is a pretty darn good thing. I am not sure how to counterbalance that with the negative news properly, but I am sure that when left fully to "market forces", news cycle is not at all balanced or fair.
As a humorous aside, in a recent meetup in Shanghai I met a guy whose job is "social media censor". Pleasant fella, speaks good English, and assured everyone that "he's a bad censor and never actually suppresses any posts":)
I kinda wish we had some of these guys here, though (but may be suppress posts based on authors's apparent IQ rather than content bias)
We live in the over-packaged world - everything that is sold and used comes with packaging that often eclipses the amount of material (and labor) for the product itself. This problem will not solve itself, unfortunately.
FWIW, me and my family have not bought any bottled drinks in at least 10 years. Refillable bottle it is - much cheaper too.
All my apps (aside from Google maps, by necessity) have location enabled "while using" only. I just checked and Uber is one of those - it has an option to provide location "while using" and that's what is selected. FWIW I am on iOS 9.3.5 (not big on updating unless I need something).
Did they take this option out in the later iOS releases?
I am definitely hopeful. I'd love to buy an electric car now. However, I live in a condo, and board and owners are not interested in installing any charging points in our parking. So, no luck in any foreseeable future.
In that sense, gasoline was easier to distribute - you did not need to get a fuel barrel at your residence. Someone had to install one relatively nearby in a commercial location.
Wechat is popular in China because that's all they've got. Their access to most other social and communication platforms (bot US and other Asian like LINE, for example) is blocked. So, of course Wechat is "more popular" - it runs on all phones in China, Android and iOS. Making any conclusions based on that, and in particular deriving the "Chinese love Wechat" from these numbers, would be a mistake.
What this tells us is that people in developed economies who are productive and satisfied with their lives do not have much desire to waste their time on "virtual existance" and other pursuits of vanity and persistent stimulation.
This is not correct - getifaddrs() is available and works. As a case in point, an app I am familiar with that is still used on current versions of iOS (though no longer in appstore) is able to get MAC address on current devices.
They randomize only the MAC address that is used on beacon frames. Once connection is established, the MAC address is the actual permanent address of the device. Users would not be able to use most WiFi hotspots that authenticate them based on the device MAC, if it changed every time.
The *tracking* is based on Uber saving device UDID, so that they know who you are even if you later reinstall the app and use a different account. While Uber is evil in many ways, this UDID "tracking" is not what the article makes it appear - Uber certainly cannot "track" anyone in any way once their app has been removed. In fact, I am not sure why go to such great lengths to obtain UDID when device MAC address is readily available (and must be for variety of software to work) and globally unique. This also smacks of those scaremongering sites that start with a banner like "Your computer is broadcasting a unique IP address" and lead to hard sell of overpriced VPN service or bs apps to "hide your IP".
For the last 25 years or so I've been using "traceroute -n 18.0.0.1" as a quick and dirty way to see what the route "outside" looks like (because that assignment was one of the most "permanent" features of the Internet). It's a right move, to be sure - there is absolutely no reason MIT should control that many addresses. Just a small piece of nostalgia. Still can traceroute though;)
That'll be a boon to the usual scam brigade. What better mix than Facebook instant gratification and follow the crowd culture mixed with low-information vain customer base. I guess FB will keep a small percentage;)
The concept of rumors and false information disseminated across the world isn't new ("I've heard she's a witch"). The concept of false narrative driving major social and political decisions isn't new (the entire religion thing anywhere, basically). Technology simply makes it more convenient by giving voice to millions of idiots who theretofore were limited to only their immediate surroundings.
According to the bill, selling of search history requires "explicit user opt-in". I am not sure how providers will obfuscate the "opt-in" checkbox for the rest of us, but for members of congress that "opt in" will not be granted - I can assure you of that. So, nothing to buy.
Same reason they use banks to store money (and not keep them under the mattress in cash). However, with that, comes expectation of some duty of care on the part of those storing such information. I.e. - not releasing it to unrelated 3rd parties without appropriate authorization (which depends, in turn, on document type, storage mode and document owner selections). The default should definitely not be "everyone can easily search and read".
Something about road to hell being paved with good intentions.
The issue is not SSL, certs or lack thereof. The issue is the fact that among human population there exist several fairly consistent groups. One of these groups is "low information people" (not to call them "stupid"). Another group is "dishonest people". Yet another is "well intentioned people" who want to protect the former from the latter. But, as the "wily" are, by definition, loath to play by the rules and, in general, fairly smart - they will surely find ways to exploit whatever well intentioned thing to take advantage of the "low informed".
This will finally erase any remaining vestiges of differentiation between "true movies" and "direct to video"/TV shows etc. Which, in turn, in due time will eat into their profits. At the same time, they don't have much choice, do they?
The article refers to 13 (as of yet undefined) middle eastern airlines. Given that there are not that many out there, if there indeed is 13 on the list, both Etihad and Qatar will have to be there.
This probably has nothing to do with the fact that several middle-east based carriers have been consistently highly rated by passengers and, with their top notch service and low fares luring plenty of international travelers away from legacy US carriers.
Just your elementary grammar, math and, perhaps, social studies test (non-biased, stick to the facts and dates only), administered once in a while, would keep all public social media discourse much more civil.
It's not the "fake news" - it's just that loud morons with too much free time and nothing else to do are, well, just that.
Slashdot Mirror
I wonder about an almost off-hand remark in section 6.2.
"6.2 Example Attack Scenarios
Among other things, our key reinstallation attacks allow an adversary to decrypt a TCP packet, learn the sequence number, and hijack the TCP stream to inject arbitrary data [37]"
This implies that a "read only" (decrypt only) attack allows attacker to hijack the TCP stream. Can someone with better understanding of the issue explain this point? How can TCP connection be hijacked/modified if attacker has no ability to insert or modify packets at the wifi level (which is why that type of attack is "read only")?
Amazing paper, though.
Given the speed of hyperloop transport, and it's reliance on precise positioning in an essentially vacuum tube (and, probably, tight spacing between vehicles) - it would be extremely easy to sabotage one and cause untold destruction and potential loss of life.
So, it stands to reason, security to screen hyperloop passengers would have to be more stringent than that of airlines. Personally, not looking forward to those cavity searches.
And yes, "this is why we can't have nice things".
I am not a rescue dispatcher but...
In the age where commercial journalism is driven by profit into an ever deepening cycle of selling fear, positive news is a pretty darn good thing. I am not sure how to counterbalance that with the negative news properly, but I am sure that when left fully to "market forces", news cycle is not at all balanced or fair.
As a humorous aside, in a recent meetup in Shanghai I met a guy whose job is "social media censor". Pleasant fella, speaks good English, and assured everyone that "he's a bad censor and never actually suppresses any posts" :)
I kinda wish we had some of these guys here, though (but may be suppress posts based on authors's apparent IQ rather than content bias)
We live in the over-packaged world - everything that is sold and used comes with packaging that often eclipses the amount of material (and labor) for the product itself. This problem will not solve itself, unfortunately.
FWIW, me and my family have not bought any bottled drinks in at least 10 years. Refillable bottle it is - much cheaper too.
All my apps (aside from Google maps, by necessity) have location enabled "while using" only. I just checked and Uber is one of those - it has an option to provide location "while using" and that's what is selected. FWIW I am on iOS 9.3.5 (not big on updating unless I need something).
Did they take this option out in the later iOS releases?
I am definitely hopeful. I'd love to buy an electric car now. However, I live in a condo, and board and owners are not interested in installing any charging points in our parking. So, no luck in any foreseeable future.
In that sense, gasoline was easier to distribute - you did not need to get a fuel barrel at your residence. Someone had to install one relatively nearby in a commercial location.
Wechat is popular in China because that's all they've got. Their access to most other social and communication platforms (bot US and other Asian like LINE, for example) is blocked. So, of course Wechat is "more popular" - it runs on all phones in China, Android and iOS.
Making any conclusions based on that, and in particular deriving the "Chinese love Wechat" from these numbers, would be a mistake.
EOM
Yesterday trolling of Apple, then shilling for M$ laptops. I guess we know who paid for the current /. campaign.
What this tells us is that people in developed economies who are productive and satisfied with their lives do not have much desire to waste their time on "virtual existance" and other pursuits of vanity and persistent stimulation.
This is not correct - getifaddrs() is available and works. As a case in point, an app I am familiar with that is still used on current versions of iOS (though no longer in appstore) is able to get MAC address on current devices.
They randomize only the MAC address that is used on beacon frames. Once connection is established, the MAC address is the actual permanent address of the device. Users would not be able to use most WiFi hotspots that authenticate them based on the device MAC, if it changed every time.
Yes, they do. It's a basic Unix API, and it must be present because plenty of things need it to work.
The *tracking* is based on Uber saving device UDID, so that they know who you are even if you later reinstall the app and use a different account. While Uber is evil in many ways, this UDID "tracking" is not what the article makes it appear - Uber certainly cannot "track" anyone in any way once their app has been removed.
In fact, I am not sure why go to such great lengths to obtain UDID when device MAC address is readily available (and must be for variety of software to work) and globally unique.
This also smacks of those scaremongering sites that start with a banner like "Your computer is broadcasting a unique IP address" and lead to hard sell of overpriced VPN service or bs apps to "hide your IP".
For the last 25 years or so I've been using "traceroute -n 18.0.0.1" as a quick and dirty way to see what the route "outside" looks like (because that assignment was one of the most "permanent" features of the Internet). It's a right move, to be sure - there is absolutely no reason MIT should control that many addresses. Just a small piece of nostalgia. Still can traceroute though ;)
That'll be a boon to the usual scam brigade. What better mix than Facebook instant gratification and follow the crowd culture mixed with low-information vain customer base. I guess FB will keep a small percentage ;)
The concept of rumors and false information disseminated across the world isn't new ("I've heard she's a witch"). The concept of false narrative driving major social and political decisions isn't new (the entire religion thing anywhere, basically). Technology simply makes it more convenient by giving voice to millions of idiots who theretofore were limited to only their immediate surroundings.
According to the bill, selling of search history requires "explicit user opt-in". I am not sure how providers will obfuscate the "opt-in" checkbox for the rest of us, but for members of congress that "opt in" will not be granted - I can assure you of that. So, nothing to buy.
Same reason they use banks to store money (and not keep them under the mattress in cash).
However, with that, comes expectation of some duty of care on the part of those storing such information. I.e. - not releasing it to unrelated 3rd parties without appropriate authorization (which depends, in turn, on document type, storage mode and document owner selections). The default should definitely not be "everyone can easily search and read".
Something about road to hell being paved with good intentions.
The issue is not SSL, certs or lack thereof. The issue is the fact that among human population there exist several fairly consistent groups. One of these groups is "low information people" (not to call them "stupid"). Another group is "dishonest people". Yet another is "well intentioned people" who want to protect the former from the latter. But, as the "wily" are, by definition, loath to play by the rules and, in general, fairly smart - they will surely find ways to exploit whatever well intentioned thing to take advantage of the "low informed".
There isn't really any solution here.
This will finally erase any remaining vestiges of differentiation between "true movies" and "direct to video"/TV shows etc. Which, in turn, in due time will eat into their profits. At the same time, they don't have much choice, do they?
The article refers to 13 (as of yet undefined) middle eastern airlines. Given that there are not that many out there, if there indeed is 13 on the list, both Etihad and Qatar will have to be there.
This probably has nothing to do with the fact that several middle-east based carriers have been consistently highly rated by passengers and, with their top notch service and low fares luring plenty of international travelers away from legacy US carriers.
Just your elementary grammar, math and, perhaps, social studies test (non-biased, stick to the facts and dates only), administered once in a while, would keep all public social media discourse much more civil.
It's not the "fake news" - it's just that loud morons with too much free time and nothing else to do are, well, just that.