Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:To say these are flaws is an opinion (Score 1) 161

If I were to try this attack, I would up the car to a range charge and turn air conditioning on full blast. Then I would go through cycles of charging the battery up full and discharging it.

The electricity will add up, but maybe not a lot for most who can afford an $80K+ car.

The bigger issue is that this will decrease the battery life.

Comment Re:Seems Trollish (Score 1) 161

Re: #1
What has logging in over SSL got to do with anything?

If a third-party is storing credentials that control everything, then you are screwed if that third-party is compromised. Twitter suffered greatly from these kinds of problems prior to adopting OAuth. The trick with OAuth is that the third-party never sees the primary credentials, just an application-specific set of credentials with very specific access rights. Because of the design of OAuth, it's also easy to revoke credentials on an app-by-app basis and thus not impact the other apps interacting with the OAuth system.

Re: #2

Tesla is blameworthy because they opted for a less secure approach than is commonly accepted practice. If a third-party is compromised in an OAuth environment, only that one token with the application's specific access rights are at risk. You can revoke them and re-issue without impacting anything else using those credentials.

Finally, there's no need for any panic at all. TFA is not pushing panic. It's pushing the facts of an architectural flaw that does not arise to the level of being an active vulnerability. A flaw that exists for no good reason at all.

Comment Re:no exploits, though. (Score 1) 161

In a world of interconnected devices (the Internet of Things), it's not about hypothetical sites. It's about real, interconnected sites. There are real sites out there that talk to Teslas and provide value beyond what Tesla provides. If you are building a connected device in 2013, you should take this reality into account.

Comment Forget the Race Issue Here (Score 5, Insightful) 1078

I do think the race issue is worth discussing. As well as the gender issue.

But there's something more fundamental and less likely to stoke passions at play here:

DOING SCIENCE IS ABOUT MAKING MISTAKES. Her "punishment" should be to write a paper on what she was trying to do and why the results were not what she expected. Simple, end of story.

There should be no real punishment of any kind, much less the over the top expulsion and arrest.

The simple fact is that she should be encouraged to make mistakes, not punished for them. And the most basic problem we are dealing with is that our school systems don't understand this fact.

Comment Author Woke Up in 2000 (Score 1) 738

This was true about 10 years ago, but now we exist in a tech world in which there are way more jobs than people to do them. If all you are doing is low-level gofer programmer and you're 40, yes, you are in a dead end job. But if you have managed to amass technology experience that matches your age, you are extraordinarily valuable.

Slashdot Top Deals

Torque is cheap.