Advertisement
GStreamer Conference 2013, 22-23 Oct, Edinburgh
GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.
Weekly Edition
Return to the Security page
| |||||||||||||
Security quotes of the week
The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000"
— Trustwave advisory
— Android-controlled toilets, what could possibly go wrong?
[...] As such, any person using the "My Satis" application can control any Satis toilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.
Ellison's Law: For every keystroke or click required to use a crypto
feature, the userbase declines by half.
— Garrett
LeSage (quoting Stef Walter from GUADEC)
Even the electronic civil lib contingent is lying to themselves. They're sore and indignant now, mostly because they weren't consulted — but if the NSA released PRISM as a 99-cent Google Android app, they'd be all over it. Because they are electronic first, and civil as a very distant second.
— Bruce Sterling
They'd be utterly thrilled to have the NSA's vast technical power at their own command. They'd never piously set that technical capacity aside, just because of some elderly declaration of universal human rights from 1947. If the NSA released their heaps of prying spycode as open-source code, Silicon Valley would be all over that, instantly. They'd put a kid-friendly graphic front-end on it. They'd port it right into the cloud.
One day, we saw that Bruce Sterling was coming into town for a book reading, and we thought: here's our chance. Like good Nineties digital activists, we'd all read our Hacker Crackdown, and knew he might be a friend in getting some rip-roaring coverage in the heart of the beast. After horribly hijacking him from what looked a nice literary meal, we took him to heroin-chic dive bar in Soho, told him our problems, and begged him to help.
— Danny O'BrienForget defending crypto, he said. It's doomed. You're screwed. No, the really interesting stuff, he said, is in postmodern literary theory. (Log in to post comments)
Security quotes of the week Posted Aug 8, 2013 8:21 UTC (Thu) by ortalo (subscriber, #4654) [Link]
Still no OpenVAS plugin for checking TWSL2013-020. What are whitehats doing?
If we do not stop them now, next time they'll recycle the code to manage the new water recycling system scheduled for Fukushima Daishi (as if inhabitants had not already suffered enough)...
Security quotes of the week Posted Aug 8, 2013 17:53 UTC (Thu) by smitty_one_each (subscriber, #28989) [Link]
You can't mention postmodern literary theory without dropping a link to Chip Morningstar:
Security quotes of the week Posted Aug 9, 2013 15:21 UTC (Fri) by nix (subscriber, #2304) [Link] I see that Bruce Sterling is being, well, Bruce Sterling: very persuasive and nifty-sounding and then he ventures into an area you know something about and you realise he doesn't actually have a clue what he's talking about or is exaggerating so much for effect that any meaning he ever had is entirely lost, though he's very persuasive for all that. I mean, for goodness' sake...Computers were invented as crypto-ware and spy-ware and control-ware. That’s what Alan Turing was all about. That’s where computing came from, that’s the scene’s original sin, and also its poisoned apple.... here he's conflating the Bombe (the only bit which Turing was involved in, note: Colossus was Tommy Flowers et al), which was an electrical non-general-purpose crypto cracking device, not a computer in the modern sense at all, with the theoretical work Turing did earlier on the Entscheidungsproblem and the general-purpose computing design work he did later, which had nothing to do with cryptography in any case (though was obviously informed by his earlier work, since he didn't have major memory loss in between). And, in any case, how the heck is a crypto-cracking engine 'spy-ware and control-ware'? Colossus -- the only one of these machines anything like a general-purpose computer -- was cracking the Lorenz cypher, the German high command's codes. That's, y'know, the sort of thing that is very valuable in wartime. Colossus -- and even the Bombes -- were special-purpose, high-value-message cracking systems, not in any way comparable to any of the current scandals relating to massive dragnets sucking in a large proportion of the Internet, and utterly useless as a machinery of control. (They didn't need a machinery of control. They had a major war to convince their own side to do what was needful, and had comprehensively penetrated and turned the German secret service agents in the UK to make sure that the other side couldn't get in the way in any subtle fashion.)
Turing was 200 years behind the times ... Posted Aug 15, 2013 13:38 UTC (Thu) by Wol (guest, #4433) [Link]
Ada Lovelace (the first programmer) was, I think, dead long before Turing was born. And the computer she worked on had nothing to do with cryptography (although a lot to do with warfare, admittedly).
The first computer was intended to calculate astronomical navigation tables.
(unless, of course, someone else can come up with an even earlier example?)
Cheers,
Security quotes of the week Posted Aug 9, 2013 17:32 UTC (Fri) by The_Barbarian (subscriber, #48152) [Link]
"Because they are electronic first, and civil as a very distant second.
They'd be utterly thrilled to have the NSA's vast technical power at their own command."
Maybe the ones you know. Ass.
Security quotes of the week Posted Aug 11, 2013 17:29 UTC (Sun) by jzbiciak (✭ supporter ✭, #5246) [Link] Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user. Have the developers of this toilet ever been introduced to real children? Imagine the pranks once little Johnny figures out he can download the app and squirt folks with the bidet. I guess whoever buys a smart toilet is assumed to come from better heeled stock?
Security quotes of the week Posted Aug 19, 2013 5:32 UTC (Mon) by sitaram (subscriber, #5959) [Link]
no. In the interests of Darwinism, people fool enough to buy a bluetooth-enabled toilet seat are expected to avoid procreation.
Security quotes of the week Posted Aug 19, 2013 5:40 UTC (Mon) by jzbiciak (✭ supporter ✭, #5246) [Link]
But does that expectation extend to all the families on the same block of said purchaser? Who says little Johnny is offspring of the folks who bought the magic toilet?
Security quotes of the week Posted Aug 19, 2013 5:45 UTC (Mon) by jzbiciak (✭ supporter ✭, #5246) [Link]
Ok, I realize I shifted the goalposts slightly. Still, I remember what kind of punk I was at 10 to 13 years old.
If I found out I could hack someone's toilet, I can't say right now whether I would or would not have acted on that knowledge. I can say there's a considerable non-zero chance I would have.
Given that, I'm pretty much certain that others in that age range, if they knew they could go into a certain neighborhood, erm, flush with possibilities, would take advantage of it.
Me? I'm not proud. I grew up. But, I know where I came from.
|
|||||||||||||