I built a BLE sniffer on Ubertooth which does capture traffic on BLE data channels. Also I wrote a tool that can crack the pairing protocol and decrypt the data.

It is more expensive than the sniffer in the article ($120) but very robust. I achieve the requisite frequency agility by handling timing in real-time on the microcontroller on the dongle.

Hi, I'm a Bluetooth Security researcher. My primary focus is on BLE for which I built a highly robust sniffer on the Ubertooth platform. I have experience in other aspects of Bluetooth.

TL;DR: Classic Bluetooth is very secure, BLE is secure under some circumstances. Even if you leave your Bluetooth on in discoverable mode, there isn't much an attacker can do to harm you barring bugs in your Bluetooth stack.

Bluetooth is a well-designed protocol stack that takes security seriously in its design. Implementation quality (and bugs therein) varies from stack to stack. It's always a good idea to disable Bluetooth if you aren't using it, as is the case with any other remotely accessible feature.

Classic Bluetooth has used Secure Simple Pairing (SSP) since 2.1 in 2007. This pairing mechanism is based on ECDH to provide perfect forward secrecy and is highly secure. There was one weakness discovered in the numeric entry pin mode in 2008 by Andrew Lindell. This mode is not commonly used in older devices and more recent devices do not implement it. It's effectively impossible for an attacker to sniff any data sent over Bluetooth with SSP.

BLE has major weaknesses in its pairing protocol that I spoke about at BlackHat USA 2013 and other venues. For the most recent video see my presentation at USENIX WOOT 13.

In BLE, a passive eavesdropper who is present during pairing can recover the secret key used to encrypt all communications. This effectively makes the security worthless. However, if the attacker is not present during pairing then the encryption is very effective. It uses AES-CCM and doesn't have any major flaws in the design. AES-CCM is used in WPA2-AES; it's well-established and has no major shortcomings.

Finally, some Bluetooth stack implementations have bugs. I've found remote bugs in one major vendor's stack.

I am a biologist, and I can tell you that's about the same error rate as other sequencing methods. But, like all things, there are a lot of variables to consider (such as inital sample quality and source) And for any research, sequencing should be repeated and compared (which is done).

The taxes may be higher in Canada, and it is true that healthcare and education costs are lower. However, as an American who goes to university (McGill) in Canada, I can tell you that its far from being a socialist paradise.

You say that infrastructure is crumbling in California, and I think you are probably right (I've only been to California a couple of times). But on the other hand, it is too in Quebec, which has had a spate of lethal collapses in the last couple of years (this being the most recent). Last year a bridge collapsed and killed a person on a busy highway, and the same thing happened several years before that. This spring, a major elevated concrete highway interchange in Montreal (the Turcot Interchange) was closed after the authorities discovered a 1m (!!) deep pothole IN THE BRIDGE. Canadians like to blame the weather, but having grown up in New England, where we get all the same weather, I can assure you that our bridges are not collapsing.

Sure the healthcare is free, and everyone has access, but I'll tell you, having to wait 4 hours to see a doctor (as I have done many times) really sucks.

The public high schools are sufficient, but are not by any means greatly superior to americans. 50% dropout rates are commonplace in many places and years of price freezes on tuition has greatly hindered the ability of universities to fund their students (everything from research to maintenance of buildings has been cut for the last 5 years at my university). Many of the cuts would be unheard of at an American university. My first year undergrad chemistry class was 1500 students.

To be fair, Canada does a lot of things better than the United States. And we do things better than Canada, although I think we could both learn from each other, and I don't mean to repudiate social democracy or universal healthcare. These are certainly things we could use in the US. But to say that Californians are "royally screwed" is uninformed - Canadians are plenty screwed in other ways (that you take for granted in the states).

When Time Warner did the same thing on my connection, they actually returned the RCODE as NXDOMAIN (implying a failure) along with the A records for the advert page. Resolvers which properly/strictly adhere to the RFC would treat the lookup as a failure, which means that for spam purposes this probably wouldn't have caused an issue. My guess is that web browsers aren't quite as concerned with a strict interpretation of the standards, since they want the users to get to the web site they're looking for under even the strangest of circumstances.

In either case, it's still a shady move by the ISP. At least they provide opt-out, which I guess is better than nothing.