Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Shouldn't the title read.... (Score 3, Interesting) 191

No, that's exactly what it is.

No, it's intentional, premeditated unauthorized use of a computer of computing device. You can bet the farm that nobody authorized Burger King to assume control of their Google device and cause it to access the Internet. That it was in the form of a broadcast advertisement for a large corporation doesn't make it any less heinous to my mind.

That risk already exists, is absurdly obvious, and has been made VERY clear on both tech forums and mainstream media. Anyone with ANY clue about phone security, and this includes people who lock their phone, has already disabled the voice feature so it isn't an issue for them.

Anyone with any clue about security already avoids these things. Many with no clue about security are buying them up for the shiny factor. It is scary because the sort of people who don't have a clue are the sort of people buying them. Even people who care about security are buying and using voice activated devices.

It's about as scary as the thought that if you leave your house front door open someone could just walk in.

The average person understands that risk quite well. They might not assess its severity correctly, but they understand it. The average person does not understand the risk of these smart devices, and they remain wilfully ignorant when more knowledgable individuals try to educate them. Now we have a set of devices that can potentially be turned into a bot net en masse just by a radio or tv broadcast and the usual owner of such a device doesn't have a clue that it's even possible. Hell, they could take all the right precautions (firewall, apply updates, isolated segments, etc) and still be had. This (https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/) kind of attack springs to mind.

It's scary because Burger King will probably get away with this, paving the way for other corporates to try on the same shit.

It's scary because "OK Google" isn't necessarily the only trigger word. The attacker only needs to convince the trigger algorithm. If they discover a sound or sounds that are innocuous but trigger it then they can trigger devices without being obvious about it.

It's scary because these devices have reached a critical mass large enough that a corporation took notice and exploited them.

Comment Shouldn't the title read.... (Score 4, Insightful) 191

... "Malicious attackers in Burger King's advertising department use vulnerability in Google home to make it do stuff its owner didn't request".

It's a bit rich to call it an ad and chuckle about.

It's a lot scary that it's possible for a remote attacker to ask these devices en masse to do something with nothing more than a broadcast ad. For now it was reading a wikipedia page. What happens when scumvertisers and other malicious adversaries figure out a way to make it spend money without your consent? Or to report to them that you have heard the ad, or worse.

Comment Re:I'd look at mobile phone online stores... (Score 1) 246

An Australian option is TPG. $1/mo and just pay for what you use. SMS isn't too bad at 10c/each, but data is a bit on the pricey side.

Exetel has some reasonably cheap monthly pre-paid packages http://www.exetel.com.au/residential-mobile-cap-plans.php#super_plans

Kogan prepaid sits atop Telstra's network (best 3G speeds/coverage) and is excellent value http://www.kogan.com/au/mobile.

Most carriers offer a pre-paid option that expires monthly and included some number of "free" SMS. You can even get unlimited SMS on some. If you don't buy a pre-paid package with a bundled phone there is no commitment term. If you take a phone they usually hit you up for some number of recharges before they'll give you the unlock codes. Go SIM-only to avoid that.

Comment Re:It would be fair... (Score 1) 475

It is a matter that should be covered under contract law, not criminal law.

Why? Then the carrier would need to spend /their/ hard^Weasily earned money on lawyers. This way they can spend your hard earned tax dollars having the public prosecutor spanking you instead.

Even better... it's the law, so the carrier isn't seen to be doing anything particularly petty. They're not upholding the law - the police are.

Comment Re:It would be fair... (Score 5, Interesting) 475

I agree - they should be able to sue you in a civil court - like any other company would do if you brake any other contract! not sure why this is a special case.

Why should they? There are many reasons to unlock your phone that don't amount to exiting your contract early.

ie. I travel overseas and like to purchase a local SIM to avoid enormous roaming charges. I still pay my monthly fee and I don't end up using my included minutes on my plan.

ie. I occasionally like to have a different number for dealing with some people (recruiters, companies who I know will sell off my details to every bidder, etc). I can just pop in a second SIM (perhaps on the same carrier, perhaps not, depending on who has the best pre-paid offer this week). I can call them, give them 'my' number and when my business is concluded I can destroy the other SIM and never have to worry about their tele-spam again. No, I don't want (or need) a whole second phone to do that; the GSM spec allows it with interchangeable SIMs.

In either case I am not carrier jumping. I am maintaining my monthly plan in good order, and most of the time making the majority of my calls via that plan.

The reason carriers want the phones locked is not because you pay your monthly bill. It's because they want you to use up all of your included 'value' (I don't know how I get $750 of 'value' each month but only pay $49, but that's a deceptive practices discussion for another day). They want you locked in when you've used up your included value. If you can't switch out the SIM for one that isn't in the penalty range they have you by the love spuds! That's what they want!

Comment Re:iPad works ok (Score 1) 417

My mum barely computer literate. She can click the 'start' menu and find "Word" or "The Internet" or "Email" (as the programs are named) because she's been taught that.

I got tired of having to go around there and remove all the crapware from her Windows machine (and she wasn't even administrator on it). It turns out that being barely computer literate means she never bothers to remember the basic don't download and run every random piece of crap from the Internet talks we have. Typical "I just want to do this thing I want to do, and I don't care what you told me" mentality of a lot of naive computer users.

I set her up a Linux desktop machine with Xubuntu. It's connected to my VPN so I can manage it remotely. Being Linux there's a practically zero malware. Not being Windows means she can't download and run a whole bunch of crapware that gets peddled by every piece of shit website she visits. Being foreign means she is less reluctant to pick up the phone and ask for help rather than going to Google and then downloading a bunch of crapware. She's yet to find something that she needs to do that she can't achieve on Linux (except install random crapware) with a little help (usually installing the occasional piece of software for her).

Conceded, the situation has improved with Windows 7 - non administrator users are really far less likely to be able to install crapware - but it's not perfect.

Now, your average tablet isn't locked down at all, and usually can't easily be. That means that your computer illiterate user will be able to go to the app store and install whatever piece of shit apps look like they might fill some need (or allow frivolous time wasting). Being computer illiterate, they never check the required permissions for apps. Even if they could be trained to check, would they really understand what they were seeing and ask the right questions? (why should Angry Birds need access to my phone book, SMS messages, email, local storage, network, calendar, etc). Tablets are great. The granular security provided by Android and Win8 (I can't speak for iCrap because I haven't used it for ages, and back then it wasn't granular or listed) is very good, but in the hands of someone who doesn't think about security it may as well just allow everything always because most users will just click the "get the fuck out of my way and install the fucking app already" button, regardless of what they see.

Comment Re:Preservation has it's downside (Score 1) 440

And then you realize that if they did do this and the bread was terrible tasting that nobody would stand for it and fork off to another store that isn't awful tasting.

Have you been to a certain mass-market burger chain lately? It tastes like greasy crap. The one here is the least tasty burger offering around where I live (because there's a couple of pubs, a handful of little restaurants and a burger truck, all selling delightful burgers), but they're also the cheapest, fastest and have the largest profit margin to afford mass advertising.

People are (for the most part) cheap and stupid. Consequently the mass-market junk shop does the most trade even though a far superior product exists right next door for only a couple of dollars more.

Comment Re:Virtualbox (Score 1) 361

I used to prefer VirtualBox, but it's become quite for me lately. The Linux version occasionally brought down my machine and the Windows version would cause BSODs more than daily.

I switched to VMWare player and I haven't had any issues. The only thing I miss in the free VMWare offering is it's nowhere near as easy/powerful to script things.

Comment Re:Don't complain about crime then (Score 1) 254

I've been in two not-at-fault bingles (rear-ended while stopped at lights both times), and each time all I needed to give my insurance company was the rego of the other car and the driver's name. Conceded it made it easier having their full details, but I have never been asked who insures the other party.

A little helpful hint - if your insurer is good, and you get choice of repairer then you should make the claim through your insurer even if not at fault. It shouldn't have any effect on your premiums because the insurance companies will sort that out between themselves. If the other party has a no-choice policy and you let them claim it then you may wind up stuck with whatever (possibly crappy) repairer their insurance sends you to, as happened to a friend of mine recently with very poor results.

Comment Re:Don't complain about crime then (Score 1) 254

Do you really want to hear someone say "ill call you with my insurance details"

Around here that's what we do. All you need to do is give their rego number (and hopefully name/drivers license number) to your insurance company. It is an offense to drive a vehicle with no plates and you are required to carry your license. Anyway, if you had good insurance it wouldn't matter if the other person didn't. Just snap a photo of the accident scene (presuming they didn't do a runner) that shows the plate numbers and you're able to claim.

Slashdot Top Deals

Memory fault -- core...uh...um...core... Oh dammit, I forget!

Working...