You can cool it with the anger, it doesn't help your case any. I did manage to find at least some of the references he appears to be talking about, but without the posters wikipedia username or the specific revisions, it was a guessing game to try and find something. It took me a while to find it and I still don't know for sure if that's what he was talking about from the very long revision history. I think it probably was since he was getting all angry over some editing disputes that had bad reasons on both sides. Responding with revisions you found that you thought demonstrated it would have been a far more effective counter than personal insults to a perfectly valid (if possibly minorly offensively worded) challenge to a lack of detail being provided.
Persistence paid off. This appears to be one example of what he is referring to http://en.wikipedia.org/w/index.php?title=Nuclear_power&diff=518539478&oldid=517112638, though it is worth pointing out that that content no longer appears in the article either. Mojo-chan appears to be the editor. Looks like it was mostly a referenced content vs being irrelevant to the section it was included it and insufficient investigation in to why the references were bad that degraded in to a simple conflict between editors because comments quickly became aggressive. Eventually the fact that the content didn't belong won out though and it was removed, so I don't see the problem here.
Not trying to detract from your concerns, but could you mention more specific revisions that you think show the problem. I'm genuinely curious, but am having a hard time digging through all the revisions to find the problems you are talking about. It is certainly clear that Boundarylayer edits the page a lot, but I didn't see anything that seemed out of place, at least in the recent edits. (Granted, my own knowledge of the topic is limited.)
I've flown on AirFrance's first A380, great plane. Yeah it's massive, but the seating was quite comfortable and the in flight entertainment options were great for a cross ocean trip from Paris to JFK. Enjoy the trip.
If I'm reading the abstract correctly, the secret of this process is that they actually obfuscate the operation. They combine the desired function that needs to occur with a key that isn't easily reversible and when applied through a function, produces the desired output. Since the key is instrumental in determining the actual result of the function, without knowing the original intent behind the key (which requires breaking the asymmetric nature of the key) you can't determine what the actual calculation done to obtain the result was.
I'd be interested to know more about how they accomplished this, but such cryptosystems have long been a goal in the field and have been improving. They also have practical applications in providing cloud based data processing where information can be submitted in an encrypted state and the result can be produced by performing an operation on the encrypted value which produces a properly encrypted and correct answer without having to possess the decryption key. It is a very fascinating field to say the least.
Apparently in their test case, the telematics unit did have access to all 3 speeds of network. That's really goofy since it shouldn't need access to all the networks. Basically CAN buses have 3 speeds of network, a low, medium and high speed network with different types of data on each. TPMS for example is generally low, ABS is normally high speed and your typical error codes and car locks and a lot of the status reporting is on the medium speed. Many ODBII connectors won't connect to multiple of the networks unless you get more expensive units and internally not all components in the vehicle are capable of talking on all of the networks.
If someone can demonstrate that the cellular systems can be reconfigured remotely to send the necessary information on the high speed networks that most of the critical stuff is controlled on, then I'd be worried, but this attack is a long LONG way from being able to do that. Most systems likely only even have hardware capable of talking to the medium speed network as most of the interesting stuff for such a system occurs on that network and the ability to talk on high and low speed networks would incur additional cost.
This is just hacking of the internal car network. It requires jacking in to the car's network to work, which requires physical tampering with the car itself. Doing this electronically is far more difficult and no more effective than simply cutting the brake line. It's interesting to expose the vulnerability, but it's not some radical new weakness to cars and isn't going to make some mass hack cause every car on the road to suddenly lose control.
It requires a directed attack on something that can already easily be directly attacked.
In fairness, I do agree with you that it is very different and since different news sources exist, it should be easier to see what the views of the day were, but other things still apply. For example while quotes may be accurate, they can quote or not quote who they like. With or current level of perspective we can fairly easily pick this out, but the entire point of news media has become to present views in a certain light and without the perspective of the times it may be very hard to sort out these biases and pull the gems from the noise.
In the past we had a few pieces of information regardless of quality. In the future they will have overwhelming amounts of information of mixed quality and bias to the point that practically sorting out the truth may be difficult.
It will be interesting to see what happens though, even if none of us are here to see it.
If we make it SD cards, it's about 64 GB per gram. That's 500*1000*64 GB or 32 million Gigabytes. That works out to the equivilent of a 494 gigabit link, so yeah, even if we use a more realistic speed of 100km/h, we're still talking 30 times faster. Fill a tractor trailer would be faster though and a container ship full of SD cards is much, much faster.
Not only that, but the idea of the information not being lost after humans is silly. 1 million years may be a fair bit in regards to the human species, but the chances of anyone else even finding it within a million years is pretty remote.
Ignores that subscriptions are radio
on
How DRM Won
·
· Score: 1
Music subscriptions are effectively a radio station that you can choose the music on. Nobody ever claimed that radio was a bad thing. Digital distribution of actual files will always be an option as well. The only way that subscriptions could become a problem is if one monolithic company gains control of it all and starts trying to force those who play ball on it to give up any other form of sale. But getting to that point would be next to impossible.
The fact is that for the most part, with fairly few exceptions, most people listen to music for a while and then move on to new music. This is why radio has done so well historically. It's also why subscription services are so fantastic. For less than the cost of a CD a month, I can get access to as many new albums as I want. This is a good deal for the consumer and a good deal for the content creators because it cuts out the need for the middle man that's traditionally made their money as a storefront. Competition will keep costs down as long as there is competition between content providers because they are going to want to have the best chance of getting money for their work and if one subscription service is more expensive, it will lose share so content providers need to make their content available on multiple platforms.
Could we end up in a dystopian future where media is controlled by one company that charges an arm and a leg for it? Sure, it might be possible, but it is going to take a whole lot more than subscription services to get it there and if we can't see the writing on the wall as it's happening, we will deserve what we get, because there isn't much of a way it couldn't be obvious that it is coming.
Put another way, calling an HSM security by obscurity is a bit like saying that having a server protected by armed guards 24/7 with a block of C4 strapped to it inside the basement of the Pentagon is security through obscurity, since, if someone knew every security measure and was very, very lucky, they might be able to make it through everything.
For that matter, by the same token, encryption itself is security through obscurity since there might be some technology or math trick out there that can decrypt it quickly. In security, we have to deal with risk and mitigation. The traditional sense of security through obscurity being no security only applies when there are known vulnerabilities that you are counting on someone not knowing. In the case of an HSM, there is no known vulnerability for extracting the key, even with physical access. Thus, it isn't security through obscurity.
I don't disagree that it is not relying on the encryption exclusively. You have to trust the HSM to do it's job correctly. It's a little more than obfuscation though as it is an independent, hardened system with limited I/O, intrusion detection and a hair trigger for self destruction. It may be possible to still extract the key, but there would be a fair degree of luck involved and there is no redo button if you make a mistake trying to extract it. That's a fair bit better than simple obscurity, particularly since it is designed to be as near impossible as possible to remove the key.
Samsung I believe is putting limited waterproofing on the Galaxy S4 Active. I could be wrong on that though as I haven't reviewed the specs in a while.
You don't physically enter the key, you physically enter credentials that activate the HSM. Even if you have the ability to activate the HSM, getting the key out is (near) impossible. It is limited to doing decryptions with whatever restrictions are on the data (for example, you could require that user password be entered to access user data if the system stores data accessed by user accounts.)
Also, even if you do have to use a network based device, it means that they have to either a) steal the networked device (which could have further security than the entire server room has and could even be remote) or b) have to fake the device into providing the key. Even if they could steal the device that did the remote authorization of the HSM on boot, if that device required authorization to perform the remote authorization then it would be useless. It wouldn't be that hard or inconvenient to require an administrator to authorize a server restart.
Slashdot Mirror
Is the requirement that they have to pass or fail to be a presidential candidate?
You can cool it with the anger, it doesn't help your case any. I did manage to find at least some of the references he appears to be talking about, but without the posters wikipedia username or the specific revisions, it was a guessing game to try and find something. It took me a while to find it and I still don't know for sure if that's what he was talking about from the very long revision history. I think it probably was since he was getting all angry over some editing disputes that had bad reasons on both sides. Responding with revisions you found that you thought demonstrated it would have been a far more effective counter than personal insults to a perfectly valid (if possibly minorly offensively worded) challenge to a lack of detail being provided.
That's what he said before he scanned it on his WorkCentre.
Persistence paid off. This appears to be one example of what he is referring to http://en.wikipedia.org/w/index.php?title=Nuclear_power&diff=518539478&oldid=517112638, though it is worth pointing out that that content no longer appears in the article either. Mojo-chan appears to be the editor. Looks like it was mostly a referenced content vs being irrelevant to the section it was included it and insufficient investigation in to why the references were bad that degraded in to a simple conflict between editors because comments quickly became aggressive. Eventually the fact that the content didn't belong won out though and it was removed, so I don't see the problem here.
Not trying to detract from your concerns, but could you mention more specific revisions that you think show the problem. I'm genuinely curious, but am having a hard time digging through all the revisions to find the problems you are talking about. It is certainly clear that Boundarylayer edits the page a lot, but I didn't see anything that seemed out of place, at least in the recent edits. (Granted, my own knowledge of the topic is limited.)
I've flown on AirFrance's first A380, great plane. Yeah it's massive, but the seating was quite comfortable and the in flight entertainment options were great for a cross ocean trip from Paris to JFK. Enjoy the trip.
If I'm reading the abstract correctly, the secret of this process is that they actually obfuscate the operation. They combine the desired function that needs to occur with a key that isn't easily reversible and when applied through a function, produces the desired output. Since the key is instrumental in determining the actual result of the function, without knowing the original intent behind the key (which requires breaking the asymmetric nature of the key) you can't determine what the actual calculation done to obtain the result was.
I'd be interested to know more about how they accomplished this, but such cryptosystems have long been a goal in the field and have been improving. They also have practical applications in providing cloud based data processing where information can be submitted in an encrypted state and the result can be produced by performing an operation on the encrypted value which produces a properly encrypted and correct answer without having to possess the decryption key. It is a very fascinating field to say the least.
Apparently in their test case, the telematics unit did have access to all 3 speeds of network. That's really goofy since it shouldn't need access to all the networks. Basically CAN buses have 3 speeds of network, a low, medium and high speed network with different types of data on each. TPMS for example is generally low, ABS is normally high speed and your typical error codes and car locks and a lot of the status reporting is on the medium speed. Many ODBII connectors won't connect to multiple of the networks unless you get more expensive units and internally not all components in the vehicle are capable of talking on all of the networks.
If someone can demonstrate that the cellular systems can be reconfigured remotely to send the necessary information on the high speed networks that most of the critical stuff is controlled on, then I'd be worried, but this attack is a long LONG way from being able to do that. Most systems likely only even have hardware capable of talking to the medium speed network as most of the interesting stuff for such a system occurs on that network and the ability to talk on high and low speed networks would incur additional cost.
This is just hacking of the internal car network. It requires jacking in to the car's network to work, which requires physical tampering with the car itself. Doing this electronically is far more difficult and no more effective than simply cutting the brake line. It's interesting to expose the vulnerability, but it's not some radical new weakness to cars and isn't going to make some mass hack cause every car on the road to suddenly lose control.
It requires a directed attack on something that can already easily be directly attacked.
In fairness, I do agree with you that it is very different and since different news sources exist, it should be easier to see what the views of the day were, but other things still apply. For example while quotes may be accurate, they can quote or not quote who they like. With or current level of perspective we can fairly easily pick this out, but the entire point of news media has become to present views in a certain light and without the perspective of the times it may be very hard to sort out these biases and pull the gems from the noise.
In the past we had a few pieces of information regardless of quality. In the future they will have overwhelming amounts of information of mixed quality and bias to the point that practically sorting out the truth may be difficult.
It will be interesting to see what happens though, even if none of us are here to see it.
Because that is totally different from news reporting today...
Ironically, I just installed a USB3 card reader in my tower yesterday...
If we make it SD cards, it's about 64 GB per gram. That's 500*1000*64 GB or 32 million Gigabytes. That works out to the equivilent of a 494 gigabit link, so yeah, even if we use a more realistic speed of 100km/h, we're still talking 30 times faster. Fill a tractor trailer would be faster though and a container ship full of SD cards is much, much faster.
Optical media is less data dense than using magnetic disks or even SD cards. A micro SD card can hold more space than a blu-ray disk.
Whoosh!!!
I'm not sure why this is modded funny rather than informative.
Badgers! We don't need no stinkin' badgers! (But apparently we get them anyway.)
Not only that, but the idea of the information not being lost after humans is silly. 1 million years may be a fair bit in regards to the human species, but the chances of anyone else even finding it within a million years is pretty remote.
Music subscriptions are effectively a radio station that you can choose the music on. Nobody ever claimed that radio was a bad thing. Digital distribution of actual files will always be an option as well. The only way that subscriptions could become a problem is if one monolithic company gains control of it all and starts trying to force those who play ball on it to give up any other form of sale. But getting to that point would be next to impossible.
The fact is that for the most part, with fairly few exceptions, most people listen to music for a while and then move on to new music. This is why radio has done so well historically. It's also why subscription services are so fantastic. For less than the cost of a CD a month, I can get access to as many new albums as I want. This is a good deal for the consumer and a good deal for the content creators because it cuts out the need for the middle man that's traditionally made their money as a storefront. Competition will keep costs down as long as there is competition between content providers because they are going to want to have the best chance of getting money for their work and if one subscription service is more expensive, it will lose share so content providers need to make their content available on multiple platforms.
Could we end up in a dystopian future where media is controlled by one company that charges an arm and a leg for it? Sure, it might be possible, but it is going to take a whole lot more than subscription services to get it there and if we can't see the writing on the wall as it's happening, we will deserve what we get, because there isn't much of a way it couldn't be obvious that it is coming.
Put another way, calling an HSM security by obscurity is a bit like saying that having a server protected by armed guards 24/7 with a block of C4 strapped to it inside the basement of the Pentagon is security through obscurity, since, if someone knew every security measure and was very, very lucky, they might be able to make it through everything.
For that matter, by the same token, encryption itself is security through obscurity since there might be some technology or math trick out there that can decrypt it quickly. In security, we have to deal with risk and mitigation. The traditional sense of security through obscurity being no security only applies when there are known vulnerabilities that you are counting on someone not knowing. In the case of an HSM, there is no known vulnerability for extracting the key, even with physical access. Thus, it isn't security through obscurity.
I don't disagree that it is not relying on the encryption exclusively. You have to trust the HSM to do it's job correctly. It's a little more than obfuscation though as it is an independent, hardened system with limited I/O, intrusion detection and a hair trigger for self destruction. It may be possible to still extract the key, but there would be a fair degree of luck involved and there is no redo button if you make a mistake trying to extract it. That's a fair bit better than simple obscurity, particularly since it is designed to be as near impossible as possible to remove the key.
Samsung I believe is putting limited waterproofing on the Galaxy S4 Active. I could be wrong on that though as I haven't reviewed the specs in a while.
You don't physically enter the key, you physically enter credentials that activate the HSM. Even if you have the ability to activate the HSM, getting the key out is (near) impossible. It is limited to doing decryptions with whatever restrictions are on the data (for example, you could require that user password be entered to access user data if the system stores data accessed by user accounts.)
Also, even if you do have to use a network based device, it means that they have to either a) steal the networked device (which could have further security than the entire server room has and could even be remote) or b) have to fake the device into providing the key. Even if they could steal the device that did the remote authorization of the HSM on boot, if that device required authorization to perform the remote authorization then it would be useless. It wouldn't be that hard or inconvenient to require an administrator to authorize a server restart.
Personally, I just read the comments... the summaries are always worthless anyway.