Pointing out that India is not in the Middle East is flamebait?
For the geographically challenged, India is in Asia (technically most of the Middle East is on the European continent with some ME nations being in Africa and Asia) and the Simpsons character referenced by the OP, Apu is from India.
I have an exploit that works on all cars and I am willing to share it!
Step 1. Apply brick swiftly to car side window.
Step 2. Unlock car.
Step 3. Gain entry.
On some models Step 1 will need to be repeated several times before progressing to Step 2.
Step 4, remove broken glass from hand.
Seriously, breaking a window is not that easy with cars manufactured after the 80's. The glass is designed not to dislodge in an impact (to protect the vehicle occupants in a collision). Google some car crash photos, windscreens are shattered, cracks everywhere but still in a single piece. It's not impossible to break a car window, but it's not as easy as they make up in the movies.
But for a lot of cars, breaking a window is unnecessary as you can pop a lot of locks using a bent wire coat hanger. This is much easier than trying to break a window.
As far as I can tell, the compromise discussed in this article is only keyless entry, not related to starting a car. The thieves are using it to steal stuff like cell phones and GPS units from inside parked cars, not stealing the cars themselves.
Yep.
But I have to ask, have cars become less secure?
I used to be able to pop the locks on my 98 EK Civic with a bent coat hanger (yep, the GF locked both her and my keys in the car somehow... and she couldn't even drive a manual so I dont know what she was doing). If I could do it, any petty thief could. The only defence was to have nothing in the car worth stealing.
The EK Civic didn't have keyless entry but my 2006 DC5 does and isn't as easy to pop the locks however a 2011 Holden (Chevy) Cruze is, which is why I have to ask if cars are really harder to break into these days. Personally I'd rather have them pop the lock than break a window to steal $0.75 out of my centre console and rifle through my receipts (is it too much to ask that they put them.
The best defence against stealing the car itself (A DC5 is worth something, even in bits) is a good immobiliser. Even then they can be bypassed with enough knowledge, but crappier immobilisers can be bypassed easier.
I very much doubt most carjackers will kill you. Stealing a car might get you on the cops list, but not terribly high. Murder will get you all the way to the top in an instant. Not to mention a bit more of a prison sentence.
This,
Most car thieves in my country (Australia) steal vehicles to go joyriding... The reason you dont want to get into the car is they are likely to kill themselves doing 150 (KPH) in a Camry on residential streets (stop sniggering, a Camry can reach 150 if given a long enough run up).
Second biggest reason is a getaway vehicle. Chop Shops aren't big here in Oz as there are too many checks and aftermarket parts coming in from Japan/China/Thailand are cheap enough.
Actually, now that I have had two minutes to think about it, I have a theory.
It may be that the thieves did not hack the remote, maybe they are triggering accident detection, which unlocks the doors. If I were a Honda engineer, this is what I would look at first.
Hell, maybe Honda is even blameless. I know some car dealerships push poorly thought-out mods on their customers. I would check to see whether there isn't a local dealership that is peddling a 'safety' add-on.
Still, even if it is a mod, Honda would still want to test the bejesus out of it.
BTW, I know exactly what you're talking about with bad dealers, had one put a crappy mild steel cat-back on a Honda Integra that was 1/2 an inch too big for it just to make it louder, ended up melting the underside of the bumper and rusted within a year.
Easy enough to push your username to the real site, scrape the "security image", and then present the legit image to the user.
Once they've faked a legitimate SSL session, you're owned.
This is scary. It should not be possible.
Yes, but the six digit code (2nd factor of authentication) is not so easy to fake.
The fact that legit looking websites are so incredibly easy to fake is what has forced banks to introduce a 2nd factor of authentication (be it a code sent via SMS or on a token).
This is also why (in)security questions need to die and die fast. "What's your first pets name" Hmmmm, I'll just get that off facebook.
Irrelevant history aside, what kind of dodgy does a motor have to be to generate enough RF to degrade a cell system in the course of performing relatively modest compression duties for a small refrigerator?
It just has to be dodgy enough to interfere with a very specific set of frequencies. In Hellstra's case this is 824â"849 and 869â"894 MHz.
This is why you are asked to turn off your phone on aircraft, this is what a malfunctioning fridge can do to mobile reception, think about the interference a malfunctioning phone will cause to communications and navigation equipment (which operate on similar frequency ranges to mobile phones).
But TFA glossed over a very important part of the story, after the offending fridge was deactivated... How did the owner keep his beer cold?
The FOSS offerings are pretty cool, but I see no "black swan" like MySQL was to Oracle DB coming along in that space any time soon.
ESRI is the Microsoft of the GIS world. Their products are complete shite but they hold a monopoly over the market.
The way ESRI controls the GIS world would be how Microsoft would control the desktop and server OS world if it weren't for the anti-trust actions taken against them by the US DOJ and EU.
Crap content, crap summary, crap analysis. Jesus, is someone holding a gun to your head and FORCING you to post Apple stories? There's NO APPLE NEWS. Apple has gone quiet, as it does quite regularly, and the tech press is losing it's fucking mind.
First off, the tech press has no mind. They cant possibly lose it.
Secondly, making up shit about Apple based on absolutely nothing is basically what the tech press does. I've simply stopped paying attention to it as it's all wildly wrong. They make every prediction under the sun about the next iTurd in an attempt to be right about anything. It's like using a shotgun to kill a fly, you might hit it but you'd waste a hell of a lot of shot just trying.
Maybe. It depends upon how high profile the loss is. It's easier to get a different job BEFORE the story about how the company lost $500,000 because someone in Accounting brought in an infected laptop and the CxO's and BoD are all claiming that it was your fault. Be proactive.
This is exactly what I meant.
I'll have another job long before the shit hits the fan leaving the decision makers holding the bag.
I watched an IT guy try to tell a CEO that his apple TV was not allowed on the network. the CEO pointed at the door and asked the guy, "what does it say on the door?"
The IT guy was one of the brighter ones and got the hint quickly... and set it up on the corporate network.
These CEO's often wonder why they end up with crappy IT departments.
Yes men tend to make very poor security decisions.
"Five experts including: artist, environmentalist, aviation consultant, data visualization expert and philosopher interpret a flight map showing global flights."
In this list I cant see any experts.
I see 2 unemployed, 2 expensive but useless people and one protester.
it wasn't facebook who posted the posts either, it was the bullies....and as sad it is ultimately it was the parents fault. for letting to get drunk(fairly normal, you can't control a 14 year old in that respect) and for providing an environment where something like that was worth killing yourself over.
Right. You've never had kids, nor can your remember being one.
As you said, you cant control a 14 yr old.
It wasn't the parents who posted the videos, it was the bullies.
Here you're part of the problem, as I said society has continually refused to punish bullies and worse yet, will even encourage them by blaming the people who were bullied.
Maybe not - but I'm sure your employment is. The first time you tell the CEO to "feck off" I suspect it will be negotiated to no longer exist.
LoL,
You do realise this policy comes from the CEO.
Besides that, one data leak and it's the CEO's who's job will no longer exist. They get real paranoid when you make it clear their job is at risk. Besides this, if management wont take security seriously, I'll have another job by next week anyway.
You shouldn't trust your own network to begin with. How do you make sure no-one plugs in whatever they want?
Managed switches.
No unauthorised devices get plugged in. Every device has to authenticate with the switch (so not simply MAC address blocking).
From the fine summary:
Because you own the device, you have certain rights to what is on the device and what you can do with the device.
Yeah right, feck off.
When you BYOD onto my network, we control it, we can wipe it, we can install and uninstall apps and if you dont agree to our terms, dont bother complaining that you cant BYOD. BYOD is not open slather, if you want to bring your own device, fine, we welcome that but you will be registering it with our MDM (Mobile Device Management) system before you're even so much as able to put mail on there, that means our policies get enforced on your device (and your administrative privileges for that device get taken away). Sorry, but this part isn't negotiable.
And countries that are paranoid about plastic knives are stupid countries. Seriously.
Yep, the Philippines and US are that paranoid. UK, Dutch and Sweede's too so I've heard but I've never actually flown into those countries.
They took the paper nail files off the girls in the group in the US. Not pointed metal nail files, they were made from cardboard and had rounded edges.
You can always make yourself a credit coin box and limit yourself to X tokens per day/week/whatever.
He would also need a smelly, dishevelled man to come around every week and empty it.
Every rights violation is a concern.
Not that I disagree, but shouldn't you be focusing on the bigger issue?
I mean getting the TSA to "allow" pocket knives whilst they continue their other abuses with reckless abandon seems to be a pyrrhic victory at best.
Pointing out that India is not in the Middle East is flamebait? For the geographically challenged, India is in Asia (technically most of the Middle East is on the European continent with some ME nations being in Africa and Asia) and the Simpsons character referenced by the OP, Apu is from India.
why do restaurants after security at Chicago O'Hare give customers metal knives, while restaurants at DFW do not?
Singapore Airlines gives you metal knives in economy class.
That's the stupidest thing I've read on /. today. Of course the TSA is the problem. Taking peoples pocket knives is a pointless knee-jerk reaction.
Given all the excesses of the TSA, is not being allowed a small knife onto a plane really your biggest concern?
people knew there was a secret society of "spork" wielding master assassins........
Fortunately for us they are too busy with their ancient doctrinal conflict with the equally secret society of "foon" wielding corsairs.
And after the APU is done processing, it says in a catchy Middle Eastern accent, "THANK YOU, COME AGAIN!"
India is not in the middle east.
I have an exploit that works on all cars and I am willing to share it!
Step 1. Apply brick swiftly to car side window.
Step 2. Unlock car.
Step 3. Gain entry.
On some models Step 1 will need to be repeated several times before progressing to Step 2.
Step 4, remove broken glass from hand.
Seriously, breaking a window is not that easy with cars manufactured after the 80's. The glass is designed not to dislodge in an impact (to protect the vehicle occupants in a collision). Google some car crash photos, windscreens are shattered, cracks everywhere but still in a single piece. It's not impossible to break a car window, but it's not as easy as they make up in the movies.
But for a lot of cars, breaking a window is unnecessary as you can pop a lot of locks using a bent wire coat hanger. This is much easier than trying to break a window.
As far as I can tell, the compromise discussed in this article is only keyless entry, not related to starting a car. The thieves are using it to steal stuff like cell phones and GPS units from inside parked cars, not stealing the cars themselves.
Yep.
.
But I have to ask, have cars become less secure?
I used to be able to pop the locks on my 98 EK Civic with a bent coat hanger (yep, the GF locked both her and my keys in the car somehow... and she couldn't even drive a manual so I dont know what she was doing). If I could do it, any petty thief could. The only defence was to have nothing in the car worth stealing.
The EK Civic didn't have keyless entry but my 2006 DC5 does and isn't as easy to pop the locks however a 2011 Holden (Chevy) Cruze is, which is why I have to ask if cars are really harder to break into these days. Personally I'd rather have them pop the lock than break a window to steal $0.75 out of my centre console and rifle through my receipts (is it too much to ask that they put them
The best defence against stealing the car itself (A DC5 is worth something, even in bits) is a good immobiliser. Even then they can be bypassed with enough knowledge, but crappier immobilisers can be bypassed easier.
I very much doubt most carjackers will kill you. Stealing a car might get you on the cops list, but not terribly high. Murder will get you all the way to the top in an instant. Not to mention a bit more of a prison sentence.
This,
Most car thieves in my country (Australia) steal vehicles to go joyriding... The reason you dont want to get into the car is they are likely to kill themselves doing 150 (KPH) in a Camry on residential streets (stop sniggering, a Camry can reach 150 if given a long enough run up).
Second biggest reason is a getaway vehicle. Chop Shops aren't big here in Oz as there are too many checks and aftermarket parts coming in from Japan/China/Thailand are cheap enough.
Borg-Lite.
Same great assimilation, only one calorie.
Actually, now that I have had two minutes to think about it, I have a theory.
It may be that the thieves did not hack the remote, maybe they are triggering accident detection, which unlocks the doors. If I were a Honda engineer, this is what I would look at first.
Hell, maybe Honda is even blameless. I know some car dealerships push poorly thought-out mods on their customers. I would check to see whether there isn't a local dealership that is peddling a 'safety' add-on.
Still, even if it is a mod, Honda would still want to test the bejesus out of it.
BTW, I know exactly what you're talking about with bad dealers, had one put a crappy mild steel cat-back on a Honda Integra that was 1/2 an inch too big for it just to make it louder, ended up melting the underside of the bumper and rusted within a year.
http://xkcd.com/1200/
I've always found its funny that the admin account on that comic looks strangely like a scrotum.
Easy enough to push your username to the real site, scrape the "security image", and then present the legit image to the user.
Once they've faked a legitimate SSL session, you're owned.
This is scary. It should not be possible.
Yes, but the six digit code (2nd factor of authentication) is not so easy to fake.
The fact that legit looking websites are so incredibly easy to fake is what has forced banks to introduce a 2nd factor of authentication (be it a code sent via SMS or on a token).
This is also why (in)security questions need to die and die fast. "What's your first pets name" Hmmmm, I'll just get that off facebook.
It just has to be dodgy enough to interfere with a very specific set of frequencies. In Hellstra's case this is 824â"849 and 869â"894 MHz.
This is why you are asked to turn off your phone on aircraft, this is what a malfunctioning fridge can do to mobile reception, think about the interference a malfunctioning phone will cause to communications and navigation equipment (which operate on similar frequency ranges to mobile phones).
But TFA glossed over a very important part of the story, after the offending fridge was deactivated... How did the owner keep his beer cold?
ESRI is THE 800 pound gorilla in GIS.
The FOSS offerings are pretty cool, but I see no "black swan" like MySQL was to Oracle DB coming along in that space any time soon.
ESRI is the Microsoft of the GIS world. Their products are complete shite but they hold a monopoly over the market.
The way ESRI controls the GIS world would be how Microsoft would control the desktop and server OS world if it weren't for the anti-trust actions taken against them by the US DOJ and EU.
Crap content, crap summary, crap analysis. Jesus, is someone holding a gun to your head and FORCING you to post Apple stories? There's NO APPLE NEWS. Apple has gone quiet, as it does quite regularly, and the tech press is losing it's fucking mind.
First off, the tech press has no mind. They cant possibly lose it. Secondly, making up shit about Apple based on absolutely nothing is basically what the tech press does. I've simply stopped paying attention to it as it's all wildly wrong. They make every prediction under the sun about the next iTurd in an attempt to be right about anything. It's like using a shotgun to kill a fly, you might hit it but you'd waste a hell of a lot of shot just trying.
This is exactly what I meant.
I'll have another job long before the shit hits the fan leaving the decision makers holding the bag.
I watched an IT guy try to tell a CEO that his apple TV was not allowed on the network. the CEO pointed at the door and asked the guy, "what does it say on the door?"
The IT guy was one of the brighter ones and got the hint quickly... and set it up on the corporate network.
These CEO's often wonder why they end up with crappy IT departments.
Yes men tend to make very poor security decisions.
"Five experts including: artist, environmentalist, aviation consultant, data visualization expert and philosopher interpret a flight map showing global flights."
In this list I cant see any experts.
I see 2 unemployed, 2 expensive but useless people and one protester.
it wasn't facebook who posted the posts either, it was the bullies.. ..and as sad it is ultimately it was the parents fault. for letting to get drunk(fairly normal, you can't control a 14 year old in that respect) and for providing an environment where something like that was worth killing yourself over.
Right. You've never had kids, nor can your remember being one.
As you said, you cant control a 14 yr old.
It wasn't the parents who posted the videos, it was the bullies.
Here you're part of the problem, as I said society has continually refused to punish bullies and worse yet, will even encourage them by blaming the people who were bullied.
Sorry, but this part isn't negotiable
Maybe not - but I'm sure your employment is. The first time you tell the CEO to "feck off" I suspect it will be negotiated to no longer exist.
LoL,
You do realise this policy comes from the CEO.
Besides that, one data leak and it's the CEO's who's job will no longer exist. They get real paranoid when you make it clear their job is at risk. Besides this, if management wont take security seriously, I'll have another job by next week anyway.
People install the products on their laptops with the corporate keys,
Why were you giving end users corporate license keys?
Managed switches.
No unauthorised devices get plugged in. Every device has to authenticate with the switch (so not simply MAC address blocking).
From the fine summary:
Because you own the device, you have certain rights to what is on the device and what you can do with the device.
Yeah right, feck off.
When you BYOD onto my network, we control it, we can wipe it, we can install and uninstall apps and if you dont agree to our terms, dont bother complaining that you cant BYOD. BYOD is not open slather, if you want to bring your own device, fine, we welcome that but you will be registering it with our MDM (Mobile Device Management) system before you're even so much as able to put mail on there, that means our policies get enforced on your device (and your administrative privileges for that device get taken away). Sorry, but this part isn't negotiable.
And countries that are paranoid about plastic knives are stupid countries. Seriously.
Yep, the Philippines and US are that paranoid. UK, Dutch and Sweede's too so I've heard but I've never actually flown into those countries. They took the paper nail files off the girls in the group in the US. Not pointed metal nail files, they were made from cardboard and had rounded edges.