He may well be right...However John McAfee has a well earned reputation of drugged out paranoia, so I think I will reserve judgement for now
As someone who has to support legacy systems, there is nothing more I would like to see old embedded systems die (and in some cases, incinerated and the embers crushed into the ground).
But we have to be realistic.
The main effort in systems like SCADA is the commissioning time required. You cannot just rip out a system, plug in a new box and expect everything to work as before.
Secondly who pays for this? The customer will not be happy if we say every 5 years we say you have to close your factory down for 2 weeks while we rip out all your old boxes and replace with new ones.
Finally what is the guarantee that the new box has not introduced a new security hole?
The real solution is the segmentation of the security and application code. Use Trusted boot technologies to verify the running code and ring fence the code with your security management application. Then if a new threat is introduced you only need to update the security app, leaving the hardware and application untouched.
Unfortunately at present industrial application either have no security or are very closely coupled meaning that updates are difficult and costly.
The chip is specifically for security. It runs a embedded secure environment that the main processor can use to verify executables before they are run. It has nothing to do with android apart from the fact the same technology can be used to secure mobile devices(stop your phone being rooted etc)
Being part of the main processor means it should be harder to break into unlike the intel TPM solution which requires a separate off-chip device
The summary missed the most interesting part of this chip in that it contains a ARM core running trusted zones Trusted Execution Environment.
This makes them quite interesting for highly secure applications such as industrial embedded controllers
Sounds more like a loss of faith rather than a language problem. I have sympathy, but if you are not an expert in a domain, whenever a problem arises the 1st reaction is to go back to safe ground.
Unfortunately while all programmers know imperative languages, few are taught functional techniques when first programming. Until that happens it is unlikely that functional languages will ever be much more than a sideshow despite there obvious advantages because there are very few problem domains that can only be solved in functional languages.
Errr, it's just disappeared. What's the statistical chances of that happening after being highligted on
I would recommend the particle at the end of the universe by Sean Carroll.
It covers a lot of the same material as the comic but in more detail and also puts it in historical context.
The only bad thing about it is that when you realise that what we call matter is nothing more than the manipulation of energy fields it do end up worrying about your personal concept of reality.
Send a fleet of C-130 Hercules filled with lawyers and drop them on Pyongyang at 10000 ft.
If that doesn't work send another fleet and drop more lawyers, but this time give them parachutes
There are well defined techniques for measuring the probability of events happening in industrial safety. Safety Integrity Levels or SIL are used to categorize the possibility of a life threatening event occurring.
The problem is how low a risk do you need and how much will it cost you to get there. Fukashima would probably not have happened if the sea wall had been higher, but the designers had to make the judgement that it was not worth the millions of cost required to build a bigger wall compared to risk of it being breached. Unfortunately decisions like that in hindsight always look flawed.,
At 30000 feet on a united 767 on the entertainment system. It had to be rebooted so i could tell it was red hat and a lot more info too
The point is that yes you can get the pin. But without the physical card it is useless because you need both to complete a transaction.
If your card was skimmed the more likely explanation was that the magnetic strip was skimmed and then used at a place that did not use chip and pin verification. Until we can remove the mag strip this will happen.
Places like the States resisting going to chip+pin means that the rest of use are paying
You cannot skim the chip on a chip and pin device. They maybe able to intercept the pin, but without the card that information is useless. More likely the magnetic strip was skimmed and that information used where chip+pin is not used such as the states.
One rule - YOU NEVER GIVE YOUR PIN OVER THE PHONE. or in fact any personal details. especially if they ring you.
Web and Phone verification is different. Web can be via CVS number at the back of the card plus previously defined password. Some companies provide a one time key system. Over the phone is more difficult. Again they ask you part of a password such as the 3 and 7th letter or ring/text back to your mobile phone
The important point in this is that the Pin itself is useless without the card. Unlike magnetic strips there has never been any example of a chip being skimmed and duplicated. Unfortunately cards still retain magnetic strips so that they will work in places like the states. This means cards can still be skimmed, copied and used. but if the card is skimmed in Europe and then used in the States it is is pretty easy to prove that it was not you.
Card security is like any other security. It is as strong as the weakest link. Unfortunately that is the USA at present
Not if you don't want to. You are able to change your Pins at a ATM
If the network hardware was compromised, what would've stopped the hackers from collecting the PINs as well?
The pin is useless without the card and unlike magnetic strip cards the card cannot be easily duplicated
With this increase in security encourage hackers to go after debit cards more - which would be worse for consumers (fewer fraud protections there)?
Not if credit and debitt cards have the same chip+pin system
Will there even really be a difference between credit and debit cards anymore?
It terms of security they will be equally secure
How will this affect online transactions (especially for web developers)?
It won't. Chip and pin does not work online, so other security mechanism's have to be used such as quoting the 3 fig number on the back of the card or a extra verification step involving a password or a one time key.
This sounds like a bigger change than some people realize.