Forgot your password?

Comment: Re:First rule of computer security!!! (Score 1) 99

by plover (#48469229) Attached to: Auto Industry Teams Up With Military To Stop Car Hacking

The radio generally isn't on the same CAN bus as the ECM. The ECM is on the high speed bus which usually is reserved for engine and safety systems, like airbags and ABS. But as you noted, there are places where messages have to cross over: airbags need to be able to tell the entertainment system to have the connected cell phone dial 911. There are commercial CAN bus bridges available that provide this function, and they can be configured like a firewall to isolate all messages except those identified as needing to pass through.

Whether or not these bridges are actual security appliances is a different question. Who has the authority to alter those routing tables? Where is the password kept? How are they secured? CAN is a low level protocol that was never designed to be secured.

Comment: Re:First rule of computer security!!! (Score 1) 99

by plover (#48469083) Attached to: Auto Industry Teams Up With Military To Stop Car Hacking

The military is good at physical security. That's their mandate, after all. It seems logical to put them together.

However, they seem to suck at this aspect of it. There is no reason that an American vehicle (or weapons system) left in the hands of an Iraqi army battalion should ever be able to be commandeered by troops who switched allegiance to ISIL. There should be an American satellite link required for occasional checking-in, and the vehicle should be disabling itself if it's failing to check in, or if it's been added to the "captured vehicle list", or whatever. High-risk auto leasing operations are already doing something like this today, with a kind of inverted Lo-jack system.

And from a maintenance standpoint, this shouldn't be an issue. The machines already require sophisticated computer control to turn on and run. All it has to do is wipe out its program when the "blacklist" threshold is hit, whatever that may be. It's not like ISIL would be able to order a replacement aftermarket electronic control system for these from Alibaba. For that matter, the engines could include embedded charges (think exploding bolts) that would physically disable the machine on receipt of a suitably authenticated "hostile takeover" signal. Or they could simply continuously report their ID and coordinates, and a J-DAM could sort them out right quick.

Yes, I'd raise holy hell if my car's computer shut me down because the manufacturer added me to their blacklist. But this is like a commercial operation, where the assets don't belong to the drivers, they belong to the Army. And they never, ever belong to ISIL.

Until they get this right, why do we think they are going to get consumer car security right?

+ - Facebook Can't Cite Evidence to Support Claims of U.S. Tech Worker Shortage

Submitted by sycodon
sycodon (149926) writes "Facebook, which has spent millions trying to get massive amnesty legislation that would include huge increases in the number of guest-worker permits that would lower the wages of tech workers, cannot cite any definitive evidence pointing to a shortage of American high-tech workers.

I know..."Breitbart!". Well here it is from a left leaning source... The Atlantic "

+ - WaveNET – the Floating, Flexible Wave Energy Generator->

Submitted by Zothecula
Zothecula (1870348) writes "Scotland's Albatern is putting a new, modular spin on renewable energy generation. WaveNET is a scalable array of floating "Squid" generator units that harvest wave energy as their buoyant arms rise and fall with the motion of the waves. Each Squid can link up to as many as three others, effectively creating a large, floating grid that's flexible in every direction. The bigger this grid gets, the more efficient it becomes at harvesting energy, and the more different wave movements it can extract energy from. Albatern's 10-year target is to have 1.25 kilometer-long floating energy farms pumping out as much as 100 megawatts by 2024."
Link to Original Source

+ - Kim Dotcom declares he is 'broke' because of legal fight

Submitted by mrspoonsi
mrspoonsi (2955715) writes "Kim Dotcom, the founder of the seized file-sharing site Megaupload, has declared himself "broke". The entrepreneur said he had spent $10m (£6.4m) on legal costs since being arrested in New Zealand in 2012 and accused of internet piracy. Mr Dotcom had employed a local law firm to fight the US's attempt to extradite him, but his defence team stepped down a fortnight ago without explaining why. Mr Dotcom said he would now represent himself at a bail hearing on Thursday. He denies charges of racketeering, conspiring to commit copyright infringement and money laundering. He told a conference in London, via a video link, that his lawyers had resigned because he had run out of money. "The [US authorities] have certainly managed to drain my resources and dehydrate me, and without lawyers I am defenceless," he said. "They used that opportunity to try and get my bail revoked and that's what I'm facing.""

+ - Auto industry teams up with military to stop car hacking->

Submitted by Anonymous Coward
An anonymous reader writes "A team of hackers is collaborating with military and industry groups to develop cyber security defences for commercially available cars, in response to a growing threat from criminals and terrorists. In the UK, hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack.

Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.

“As security has not been a prime objective for vehicle manufacturers in the past these systems have been tightly integrated, leading to a situation where the security of an in-car media player can affect the car's brakes,” explained senior information security consultant at MWR InfoSecurity, Jacques Louw."

Link to Original Source

+ - Cyber-attack platform that can control GSM networks discovered

Submitted by dennison_uy
dennison_uy (313760) writes "Reign is a new type of malicious, cyber-attack system capable of penetrating and taking control of GSM networks to spy on a user's activity and perform offensive activities. This gives the controller, among others, "access to information about which calls are processed by a particular cell, redirect these calls to other cells, activate neighbor cells and perform other offensive activities."

Because it is the first of its kind it managed operate undetected for years without arousing suspicion."

+ - Ask Slashdot: How to make a gaming PC 'wife friendly' for living room use. 2

Submitted by shadeshope
shadeshope (1341571) writes "Having just gotten married I find that for some inexplicable reason my wife doesn't like my huge, noisy, 'ugly' gaming pc being the living room. I have tried hiding it in a tv cabinet, still too noisy. I have placed in in another room and run hdmi and usb cables but the propagation delay caused horrible tearing and lag when playing games. Have any other slash dotters encountered this problem? I don't want to buy a console(steam sales let me game so cheaply), or mess with water cooling. Ideally I would just hide it in the attic, is there some wireless technology that would be fast enough for gaming use? I have become quite attached to 'behemoth'. I have been upgrading him for years and he is the centre of my digital life. I run plex home theatre, media centre, steam, iTunes and air server. Will I have to do my gaming in the spare room? Once I have sorted this small problem going to try and make a case for the efficacy of a projector to replace the television..... it takes up less space, motorised screen could be hidden when not in use etc."

+ - Australia elaborates a new Drift model to find MH370

Submitted by hcs_$reboot
hcs_$reboot (1536101) writes "Malaysia Airlines Flight MH370 disappeared on Saturday, 8 March 2014, while flying from Malaysia to Beijing with 239 people on board. And 8 months later, after millions of dollars invested in a gigantic search operation, there is still no sign of the aircraft. Now, Australia is developing a new model to predict where the debris of the missing MH370 could wash up. Authorities had initially predicted that the plane’s wreckage could drift and come ashore on Indonesia’s West Sumatra island after about 4 months of Flight MH370’s disappearance. “We are currently working... to see if we can get an updated drift model for a much wider area where there might be possibilities of debris washing ashore,” search co-ordinator Peter Foley told reporters in Perth.
The teams initially agreed an area about 600 kilometres long by 90km wide west of Perth was most likely. A new report released last month specified two high-priority areas further to the south. All five groups (Boeing, France's Thales, US investigator, the National Transportation Safety Board and the Australian Defence Science and Technology Organisation) agree that MH370's final resting place is near the “7th arc” — a curve that stretches from about 1 000km off Exmouth, Western Australia, to a point about 2 000km south-west of Perth."

+ - Bitcoin is not anonymous after all->

Submitted by Taco Cowboy
Taco Cowboy (5327) writes "Researchers from the University of Luxembourg have demonstrated that it is possible to figure out the IP address and therefore the identity of individuals who pay for transactions anonymously online using bitcoins

In an open-access paper entitled Deanonymisation of clients in Bitcoin P2P network — — the researchers explain bitcoins do not protect the IP addresses of users, and these can be linked to the user's transactions in real time, even if the client uses different pseudonyms for each transaction

The researchers say a hacker could discover the identity of a bitcoin user by using several computers and spending just under €1,500 (£1,190, $1,871) on such a deanonymisation attack

There are several ways for a hacker to generate a malformed message and pretend it has been sent by a user on the peer-to-peer bitcoin network, even if the message has been sent from one of Tor's exit nodes

For example, say there are 1,008 Tor exit nodes. The hacker just needs to establish 1,008 connections and send a few megabytes of data to all connections from the Tor exit nodes to Bitcoin servers

Once the attacker knows what all the servers are and the bitcoin users have been banned from accessing these servers using Tor, they will then have to access the servers the normal way

"It shows that the level of network anonymity provided by Bitcoin is quite low. Several features of the Bitcoin protocol makes the attack possible. In particular, we emphasise that the stable set of only eight entry nodes is too small, as the majority of these nodes' connections can be captured by an attacker"

Every time the user's client makes a connection to an entry node of the bitcoin server, its address (perhaps an IP address associated with a major internet service provider) will be advertised

Once the hacker knows this address, he can trick the bitcoin server into revealing the IP address of the user

"The crucial idea of our attack is to identify each client by an octet of outgoing connections it establishes. This octet of Bitcoin peers [entry nodes] serves as a unique identifier of a client for the whole duration of a user session and will differentiate even those users who share the same NAT IP address," the authors stress

"As soon as the attacker receives the transaction from just two to three entry nodes he can with very high probability link the transaction to a specific client""

Link to Original Source

+ - Drupal Flaw Compromised Millions of Websites->

Submitted by Anonymous Coward
An anonymous reader writes "Today, about 38% of websites are using one of the top-ten content management systems (CMS). The most popular, WordPress is being used by 61% of websites, Joomla by 8% and Drupal by 5%, according to a web technology tracking firm. Drupal 7, the recent version of Drupal is used by nearly a million websites.
More: http://chicago.fortuneinnovati..."

Link to Original Source

+ - NSF commits $16M to build cloud-based and data-intensive supercomputers 1

Submitted by aarondubrow
aarondubrow (1866212) writes "As supercomputing becomes central to the work and progress of researchers in all fields, new kinds of computing resources and more inclusive modes of interaction are required. Today, the National Science Foundation (NSF) announced $16M in awards to support two new supercomputing acquisitions for the open science community. The systems — "Bridges" at the Pittsburgh Supercomputing Center (PSC) and "Jetstream," co-located at the Indiana University Pervasive Technology Institute (PTI) and The University of Texas at Austin's Texas Advanced Computing Center (TACC) — respond to the needs of the scientific computing community for more high-end, large-scale computing resources while helping to create a more inclusive computing environment for science and engineering."

+ - Ask Slashdot: Biometric Authentcation 2

Submitted by kwelch007
kwelch007 (197081) writes "I run a network for a company that does manufacturing primarily in a clean-room. We have many systems in place that track countless aspects of every step. However, we do not have systems in place to identify the specific user performing the step. I could do this easily, but asking users to input their AD login every time they perform a task is a time-waster (we have "shared" workstations throughout.) My question is, what technologies are people actually using successfully for said rapid authentication? I've thought about fingerprint scanners, but they don't work because in the CR we have to wear gloves. So, I'm thinking either face-recognition or retinal scans...but am open to other ideas if they are commercially viable. Ideas?"

I am here by the will of the people and I won't leave until I get my raincoat back. - a slogan of the anarchists in Richard Kadrey's "Metrophage"