Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Thanks, *hats (Score 1) 44

If only it were that easy. So much of security is a case of people abusing behavior of a complex system. Its difficult to image how some of these complex interactions might be exploited ahead of time.

This is a case where for the most part the system is working as designed. A high amount of traffic is detected so the system pushes the devices to fall back on legacy resources so the system of call handling over all can continue to function. It just so happens the high traffic isn't a bunch of devices all wanting voice and data at one but a basically a DOS attack. There isn't much you can do about DOS attacks on over the air media. If someone wants to jam a signal they can. This is basically that but they happen to be doing some protocol participation as well.

Availability is part of security, should the system just fall over under high load instead? Would that be 'more secure' in your estimation or less?

Honestly what should probably happen is the handset should ask.. "LTE fallback requested, voice and data privacy not assured, do you wish to proceed?" Now you are back to a human problem where they have to make a judgement call. They also have to be savvy about the situation, and ask themselves is this likely happening because of some congestion event or is this an attempt to MITM me?

Comment Re:blacklists (Score 2) 82

If this was so simple, you'd see spam blacklists being used that way. Wonder why that doesn't happen...? Right, because you have to spam to get on the list! And to get on the new list, you'd have to have an insecure IoT device in your house.

Still, it's not a good solution. Spamming blacklists hit email providers who better are professionals (and if not, it's a DAMN GOOD idea to block them anyway), while IoT users are primarily private people. You cannot expect them to do a full audit of every piece of junk they buy.

It's time to put the burden on the makers of those shoddy devices, not expect a CS degree from anyone who wants to use one.

Comment Prevent the participants (Score 1) 82

It's been said before here, so allow me to offer a "how" for the obvious and already mentioned "secure the damn crap people hook up to the net".

This will only work with legislature. Sorry to all my libertarian friends here, but yes, there are times when the only way to sort out a problem is government intervention. These times are when you have to force people to do something for the "greater good" when they themselves would have a (smaller) profit from not giving a shit. And if there has ever been a good example, it's this. People don't give a shit about their IoT devices being insecure, because it does not affect them directly, but these insecure devices threaten the usability of the internet for all of us.

This is one of the reasons organizations like the FCC were created. Remember that sticker? Few people notice it nowadays because, well, it's a given that devices don't create harmful interference and that they don't go bananas if they are subject to any, but this was anything but certain in the early days of electronics. And no, that sticker itself doesn't do jack, of course, but it is a promise that the manufacturer has to live up to or face a heavy fine and ban of his device.

We need something like this for the IoT devices. "This device will not cause trouble on the internet and cannot be hijacked from there". Live up to it or see your device recalled. It pains me to ask for this, but it's time to create a government entity that deals with this. Or maybe hand it to the FCC so they start doing something useful again.

Comment Re:The IoT as a connection? (Score 1) 83

But cant they just keep on adding heavy RF shielding?

No. R.F. doesn't work that way.

It's the inverse-square law of transmitter strength versus distance and relative signal strength at the receiver. Possibly comm equipment in a communications van at the scene *might* be powerful enough to punch a signal over the noise, but regular car radios and hand-helds would not be powerful enough. Then, even if the radios at the scene could get a signal to the station/HQ somehow (other than leaving the area or disabling the jammer), there's no way those at the scene will be able to hear a reply nor communicate between themselves over the nearby jammer.

The only practical way they could even partially mitigate such a strategy is to go to full hardened military comms with frequency-hopping, strong encryption, and designed specifically for use in theaters of operation where jamming and other electronic countermeasures can be expected. There isn't a lot of that kind of gear just laying around, and it is far from cheap and requires a system-wide re-tooling of perfectly-functional existing police radio systems at even further expense (and wasted tax dollars).


Comment Re:Why does the ESA have a worse record of landing (Score 1) 81

... what is it that is lacking in the ESA program that is not able to get landings right?

One of the contributing factors is probably that there is less redundancy; I think ESA are trying to pack as much science as possible into a limited budget. I think also, the lander part of the program wasn't necessarily the main ambition, although it would have been very, very nice to our own vehicle down there. I think everybody agrees that space missions are unsustainably expensive, so we really do need to find (safe) ways to reduce the costs a lot; this is no doubt another important part of ESA's space mission designs.

Comment Re:Don't use Facebook (Score 1) 98

Of course he doesn't understand. If you click on the name he uses, you will see that most of his comments seem to be jeers that he hopes are efficient put-downs. He isn't trying to understand or engage in an enlightened discussion, he just wants a howling match from the safety of his bedroom.

Comment Re:Halfway There (Score 1) 376

It's not "gun controllers bringing it up", it's manufacturers working on them. What do you have against manufacturers developing new products?

I have absolutely nothing against manufacturers developing new gun safety products and offering them on the market. The concern with these "smart" guns is that they'll be mandated by law. This has already happened in New Jersey. The 2002 Childproof Handgun Law says that three years after "smart" guns are available for sale in the US, all guns for sale in New Jersey must be "smart". The law doesn't require that the guns be in any way reliable or have obtained any significant market share, just that they've been available for sale. So if these actually make it to market people in NJ who want reliable guns are screwed. And if any other states, or Congress, passes a similar law, then all of us are screwed.

Actually, I'd have no problem with smart guns if they were really reliable. And there's a really simple reliability screening test we can use: offer them to military and law enforcement personnel. Cops in particular should see a lot of value in smart guns because cops occasionally get shot with their own guns. However, they also need their guns to be extremely reliable, and big departments and the FBI have the institutional resources and motivation to seriously test them. So, once the technology reaches a level where police are not only willing to use smart guns but actively want them then it's fine to mandate them for civilians.

Of course, thanks to the NJ law, civilians are going to fight like hell to keep these things off the shelves, which means that the years of refinement needed to make them reliable is never going to happen. Not in the US, anyway.

Comment Re:I say BS (Score 1) 130

I'm sure many wouldn't mind, but see there's not really open land to just live on anymore. Most of it is either privately owned or public land that forbids camping.

And if you figure you'll hunt/gather? Everyone - even the homeless - are still subject to game seasons. Kinda hard to live off of hunting deer if its only legal to hunt them for a month or two out of the year.

The simple fact is that if you are broke, you can't just go live off the land like our ancestors did without breaking a myriad of laws and getting arrested. I'm not one for expansive social programs - I'm actually fairly conservative. However I think that as a public service we should absolutely provide a basic facility to house anyone without a permanent residence. It needn't be extravagant, but IMHO providing them with a bunk, a shower, and 3 basic no-frills meals until they can get back on their feet should be obvious. Otherwise you have people who get into a rut that they can basically never climb back out of.

If you don't most of them are going to resort to crime and you'll be providing all those things anyways - why not provide them in a way to promote getting people off the system ASAP?

Comment Re:The IoT as a connection? (Score 1) 83

Ahuxley, I appreciate the thought that went into that, but all that isn't necessary.

Just put a couple of car batteries in a drug house to power a brute-force broadband R.F. noise generator and broadband amplifier to be kicked on when the lookout gives the signal a raid is incoming.

Not only no remotely-controlled drones, no police radios, no cellphones, nada. If it ain't wired together it ain't talking, at least within a few blocks. No tactical comms, no calls for backup, no alerts about fleeing suspects, no calls for med-evac for wounded.

And, it's a lot cheaper, far easier to make, and less labor-intensive.


Slashdot Top Deals

Alexander Graham Bell is alive and well in New York, and still waiting for a dial tone.