Indeed. That is why I wrote "governments" as in the sum of all of them. One corrupt one is enough to break things.
$10'000 gets you something like 4-5 consulting days from good security experts and that is with the $10'000 paid in every case. In that time you can only hack really bad security. Don't expect anybody good to even try this unless they are bored and not interested in the money.
This is a cheap stunt.
The difference between India and some other countries is that India is 2nd-rated enough to be caught immediately when they do something like this. That makes them more stupid, but less of a threat than, say, the US.
Anybody that looked into the SSL certificate system has known that for a very long time. Quite a few people used to use self-signed certificates, as as least there somebody that bothered to find out could be sure it was secure.
I think the fundamental brokeness of the SSL certificate system is because of deep naivety with regard to the trustworthiness of governments and because of active sabotage of by said governments way back. I hope at least that issue is fixed after Snowden. Governments are even more evil than any of their members and cannot be trusted for any purpose.
This may have some use against script-kiddies, bot-nets and similarly non-sophisticated adversaries. It is worse than nothing against other adversaries, as it creates a false sense of security.
I guess they have never heard of smaller batteries or (for multi-cell cases) step-up converters. It is quite simple to, say, take a 6 cell battery pack and convert one cell to a step-up regulator and retain one cell. Gives you 4 cells (i.e. stainless-steel containers) to fill with whatever you like. The same effect can be had by using smaller batteries than originally in the pack.
Glory to Arstotzka.
Indeed. If they automatize things, we will at least have consistent low quality...
I do not know what the reviews for the paper were. I only know it got into a well-known "Tier-I" conference. I do know my 10-Minute assessment was right, because more than a year later, the authors (minus the first one) had their follow-up paper where they basically admitted all defects and scientific misconduct by the first author. And I do know nothing happened to anyone. This was "mainstream-research", the conference is large and well-known.
That would be exceedingly stupid. The real problem is that the US paid this guy and thereby demonstrated that it does not have "friends", just servants and victims. That is not an attitude that is compatible with being a member of the modern world.
I think what is missing is that a) more reviewer actually need to be experts and practicing scientists and b) doing good reviews needs to get you scientific reputation rewards. At the moment,investing time in reviewing well is a losing game for those doing it.
I agree that good reviews do not need to be binary. You can also "accept if this is fixed", "rewrite as an 'idea' paper", "publish in a different field", "make it a poster", etc. But all that takes time and real understanding.
That would work if the NSA would be hacking devices anywhere. They do not do that. Not because of any ethical concerns or because they cannot, but in order to protect their tools and methods. Whenever they hack something, they risk losing the vulnerability used. As vulnerabilities are expensive and not in unlimited supply, they cannot use them for minor things such as a sensor point somewhere.
Use TOR and select an US exit-relay. Very simple to do, for example with the TOR-browser bundle. Start, select "verify TOR", select Altlas, select new identity, if the exit-relay is not in the US. Repeat until US exit relay is obtained.
But be aware that using TOR puts you into the NSA's "extremist" database...