Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Compelling? (Score 3, Interesting) 243

by plover (#49728439) Attached to: Why Apple Ditched Its Plan To Build a Television

The TV market is bad, but the watch market is not great.

What they should be trying to crack is the in-car nav/infotainment systems - the iCarStereo. Current nav systems are somewhere between total-suckage and so-distracting-they-cause-accidents. Bluetooth pairing is painful when it even works, calling systems don't integrate with smartphone phonebooks, there is no way to share contact addresses, and the voice controls are no better than someone reading a "Car navigation is attempting to quit, cancel or allow?" dialog box. And the interfaces are so poor as to command the driver's full attention for seconds, looking for touch-screen items or clicking the right button, taking focus off the task of driving.

People would trade their old cars in for one equipped with an Apple iCarStereo if it solved those problems. A watch? It will take a lot of luck for it to be more than a fashion item that falls off the radar in a few years.

Comment: Re:His viewpoint is staggeringly ignorant (Score 1) 618

by plover (#49710859) Attached to: Editor-in-Chief of the Next Web: Adblockers Are Immoral

I think adblockers are great - for the end user to own and maintain. I've been running filtering proxies of one type or another since the last millennium. (And nothing will teach you the nuances of regex like the challenge of stripping out unwanted HTML tags.) It's for me to decide what I want my browser to display.

But just as it's wrong for my ISP to inject their own ads, it's also not the place of my ISP to censor them out of my data stream. That's my decision, not theirs.

Comment: Re:How can this be? (Score 1) 190

Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.

Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".

Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to cross over to security systems and unlocking the doors.

Comment: Re:How can this be? (Score 2) 190

There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?

There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.

If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".

Comment: Re: 23 down, 77 to go (Score 3, Informative) 866

by plover (#49680759) Attached to: Religious Affiliation Shrinking In the US

I'm fairly certain humanity would find plenty of reasons to wage war if religions were not around to blame it on.

Religions were created as the first rudimentary forms of government or control over other people, and are still remarkably effective at that task. They only require an ongoing group of leaders to ensure obligations are continually felt by the members, as it's difficult to create a new religion quickly with a large enough number of committed adherents to wage an effective war.

The entire process is well understood and practiced worldwide.

+ - Smart Grid Meter Homegrown Security Protocol Crushed By Researchers

Submitted by plover
plover writes: According to this article in ThreatPost,

Two researchers, Phillip Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, published a paper exposing encryption weaknesses in the protocol.

The paper, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” explains how the authenticated encryption scheme used in the OSGP is open to numerous attacks—the paper posits a handful—that can be pulled off with minimal computational effort. Specifically under fire is a homegrown message authentication code called OMA Digest.

"If people are good only because they fear punishment, and hope for reward, then we are a sorry lot indeed." -- Albert Einstein