or never configure it in the first place to work.

that's your fix.

and slashdot editors: MMS IS NOT SMS SO FUCK YOU SLASHDOT EDITOR. it's not even remotely same technlogy.

mms is vulnurable? duh. how about sharing the image preview vuln(presumably) that's actually used since that has much more to it than just mms. but that mms implementation is exploitable is quite a bit less fatal/interesting than sms vuln.

besides than that I'm pretty fucking sure that 950 million android phones (total androids out there) don't have preview of mms in the notifications bar. only a subset has that feature. but the more interesting and potentially attackable route is through anything else that shows images.

It will take a demonstration satellite accelerating through space before the physics community goes into party mode. Until you're in free fall and vacuum, there is too much scope for systematic errors to accept a result of this level of importance.

for iphone 4 as well? I don't think soooo.

anyhow... expect mobile networks to filter these messages in 1.2.3.4....

either that or 400 million phones in use in asia will receive an attack today if the attack really works as described in the blurb (proof of concept that installs something or gtfo).

(if you browse on a mobile from asia you might notice that shitloads of adverts that try to exploit or trick the user into installing sw. even slashdot carries occasionally ads targeted to asia tha will just straight up open another page that will try to fool the user into installing sw and doesn't let the user easily press back. thats without clicking the friggin advert. it's like ad networks do no curating whatsoever of asian targeted ads)

Looking at this another way:

When LHC were looking for the Higgs boson - a particle entirely expected by modern physics - they required a five sigma signal before they were satisfied that they had really found something.

This is a result not only entirely unexpected, but contradictory to almost all known physics. A two sigma (NASA) and three sigma (Germany) signal is not remotely enough to be convincing. At best it is convincing enough for someone to spend the money to further and better test it.

People are so sceptical of this one because if true the implications are universe-shaking. It would completely overturn not just modern physics but all of physics since Newton. The claim is that the device violates conservation of momentum. Then via Noether's theorem this implies that the laws of physics are not independent of location in space. (Alternatively, the device is creating a beam of hard to detect particles via some completely unknown but low energy mechanism.)

Also, the device was first designed using a provably incorrect analysis - an analysis using standard physics determined that the device would produce thrust without reaction mass, violating conservation of momentum. As all the standard physics used in the analysis conserves momentum, the analysis must be incorrect. If someone adds up many even numbers and comes up with an odd total, we know they have made a mistake, even without examining their calculations to find out where. This case is exactly analogous. So if this device really does violate momentum conservation, it is a complete and utter fluke, and not by design.

My Western Electric Model 1500 begs to differ.

There's an easier way. Just put the phone in airplane mode. Problem solved.

(Some minor loss in functionality may occur, but you can never be too safe....)

You can get all of that stuff from alt.binaries.erotica.* without needing a YouTube account. ;)

I meant to say it's seen as unfair by the line workers.

Dress codes make a slight amount of sense when the company has a requirement that many employees must wear uniforms. It's not fair to say, "you people who stand in front of customers all day must wear a blue shirt, green tie, and khaki pants" but then say, "you people are in the main office, so you're exempt from dressing like a dork." Some of the line workers resent it. Management can then decide if they want to settle the matter by subjecting everyone to a dress code.

Of course HP doesn't require line workers to wear uniforms, so that's not the case here. This is just another stupid and capricious management decision by a company that's become famous over the last decade for having the most incompetent management of any (formerly) major corporation. HP's executives have been so bad it's easy to imagine an evil Michael Dell offered HP's board of directors one hundred million dollars -each- to sabotage HP into oblivion. (Hey, it makes a lot more sense than any other reason for imposing a dress code on engineers.)

yeah but 10 seconds with you phone and BOOM one year in federal jail.

kinda stupid. kinda mega stupid. he's a public figure anyways.

and further than that they would need to put in extradition requests for half of Iran and ISIS

ART wasn't ready.

it went from experimental to release without fixing the shit found in the experimental to get broken. some of them are "design decisions" true, but still crap from user point of view.

especially when the claimed performance increases are.. well, 50-100% ? nowhere to be benched. "apps start faster" which was never a problem to begin with..

Good point. First, IANAAEE (I am not an automotive electrical engineer) so much of this is speculation, but not all of it. I do think small, hardware firewalls ("data diodes") could help prevent a lot of these problems. I also agree with you in that I don't think the direct access is necessary, but I think it might loop around in such a way that the holes end up being present anyway.

Consider: the crash message from the airbag sensors, which is on the high speed engine control bus (ECB) goes to the door locks. The door locks are on the low speed bus (security network), but bridge both networks. A data diode could stop messages from the door locks from flowing back to the high speed ECB. The door locks, ignition key, and immobilizer are all on the security network. The ignition key talks to the immobilizer. Finally, the immobilizer talks to the ECU, which is on the high speed ECB.

The security network is supposed to be isolated from the cabin comfort network (where the infotainment system, navigation system, and cell phone stuff are.) But the crash signal has to travel to the cell modem somehow, so another component has to allow messages from the ECB to the cabin bus. Plus, some of these cars have "remote start via cell phone", so something still has to enable messages from the cell modem to travel to the immobilizer. How do they get to the security network? (Bigger question: do the Chryslers even have a security network, or do all low speed messages share a common bus?)

If everything were perfect, the immobilizer would be the only potential spot for the bridge; and because the immobilizer's entire job is to prevent the engine from starting unless all the security is perfectly aligned, it seems like the natural place where the engineers would focus their security attention to isolate the low speed bus from the ECB. But obviously not everything's perfect.

It seems like they should have a set of dedicated data protection devices that would be similar in concept to a traffic signal's conflict monitor, somehow hard-wired with a rule that allows only whitelisted messages from the modem to go to the immobilizer.

Want a more adventuresome automotive experience? Go to India. During the three weeks I was there, our driver's car was struck more times by more vehicles and pedestrians than I've seen in my 35 years of driving in the US.

The drivers are worse than you can imagine. "Keep left" is more of a guideline than an actually obeyed rule; "keep center" seems to be the observed behavior. The few traffic police I saw were standing in small gazebo-like boxes in intersections - they were not driving interceptors or squad cars. Peddlers and beggars wander among cars slowed down on the roads, selling umbrellas and toys, and asking for handouts. Fuel tankers have signs lettered across the back: "KEEP BACK 25 FEET", but nobody pays attention. Lane markers are apparently nothing more than wasted white paint decorating the road. On the road in front of you you may encounter a farmer with a pony cart, bicycles, pedestrians, elephants carrying loads, and yes, the occasional unattended cow.

And the honking! Seriously, India, WTF is up with the continual honking? You can drive a full week in many cities in the USA without hearing a single car horn.

We saw all this on every single trip, including a 2AM drive from the airport.

An inattentive driver would cause an accident within a split second; this may be why minor accidents and collisions are so common.

Consider the safety network, which has data from the crash sensors, rollover sensors, seatbelt sensors, and seat occupancy sensors, and mixes all of that data together in a set of rules that instantly trigger the correct airbags and seatbelt pre-tensioners. It also needs to connect to the infotainment system to take over the car's data or phone connection to send a message to emergency services. In turn it may also get data from the navigation system to report location information. It may trigger an unlock of the car doors to assist bystanders in rescuing the occupants, and it may shut off the engine to prevent further injury. It may talk to the signalling systems to turn on the 4-way flashers to help first responders find the car. The car door lock system is part of the security bus, which talks to the engine immobilizer, responsible for talking to the ECU to start and run the car. All of those data feeds that seem like they could be isolated have real operational needs to come together in multiple devices.

The rules in a car are exponentially more complex than ever before, and they're increasingly vital for safety; not just comfort or entertainment. Consider how many lives have been saved because their airbags deployed, and the emergency responders were able to dispatch an ambulance in time to save a crash victim from dying. Now consider how many people have died from crashes directly induced by CANBUS hacking.

The safety systems of today are doing their jobs better than ever, which is the topmost goal of the engineers. Also consider the safety systems need to guarantee reliable operation to work for the first time ever in an actual crash. If they can layer on system security without compromising occupant safety, they will, but not at the expense of crash survivability.