×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Cramer Re:Hardware Security (88 comments)

Ah, it's a hardware "bug" that has to be placed in the phone -- as that's where most interesting conversations will happen. It can technically be attached to the phone line anywhere. Putting it in the phone means it'll obviously have access to the line, will go where ever the phone goes, and will be in the vicinity of most conversations. It can then be activated by a special incoming call that it answers before any ring is generated. (or without a ring being signalling at all.)

This is in contrast to what I was thinking... hands-free auto-answer by a speaker phone, or as is the current fad a firmware ("app") hack to a VoIP phone to use it's mic to continuously send you traffic -- zero indication the phone's doing anything, unless you watch its traffic.

2 days ago
top

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

Cramer Re:You can stop those type of attacks (328 comments)

Perhaps. But the real key is detected when they've gotten in.

2 days ago
top

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

Cramer Re:Sony security: strong or weak? (328 comments)

If you're talking about cihosting? They didn't have security guards. And all the hand scanners and man traps in the world won't do you any good when thieves use a chainsaw to cut their own doorway from the hall.

(If I recall, ci's breakin was with a reciprocating saw.)

2 days ago
top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Cramer Re:Hardware Security (88 comments)

Funny. The phones of that era (70s/80s) were mechanical. The handset speaker/mic weren't physically connected until the handset was lifted -- the phone went "off hook". The ringer was a solenoid, swing arm, and one or two bells -- so the ringer was useless as a "listening device". Until the advent of digital (speaker) phones, these sorts of line seizing hacks were of very little value. Even the early electronic touch-tone phones of the 80s had no speaker/mic connected until the handset was lifted.

2 days ago
top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Cramer Re:LOL. (88 comments)

Also, computing technology was large, slow, power hungry, and expensive. Cryptography was primitive due the lack of cpu processing to handle the complex math, and doing it in hardware was another exercise in expensive. Any considerations for security would've quickly been dismissed as a) unnecessary, and b) prohibitively expensive.

Why haven't "we" updated the system? Because there's an immense amount of "legacy" gear still running the PSTN to this day. The AT&T 5ESS local switch I walked past several times a month (in the front of the room where the IP gear lived) and later worked on in various admin roles, was installed in 1974. There was a faded dot-matrix printout on the side detailing it's origin and when it was installed. It is still there handling calls to this day. My home town was still served by a rotary switch into the 80's before Bellsouth finally replaced it with a tiny building across the street housing a DMS100 -- 30+ years on and it's still there.

Cellular is the only thing seeing regular technology refreshes. And that's driven by new technologies... AMPS to PCS to CDMA to LTE...

2 days ago
top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Cramer Re:How naive... (88 comments)

The issue is the amount of blind trust still in the system to this day. Even in the Mitnick hacking era of the early 90's, the system needed to be modernized. Security through obscurity doesn't work. "Lack of physical access" isn't a sufficient barrier. (and really never was. How many telcos had (still have) dialup modems on rcv and tlws ports, with little or no authentication? The telco I worked for did for over two decades -- to everything not just the 5ESS's, before moving them to terminal servers on the company network.)

2 days ago
top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Cramer Re:eh, sonny, back in the day... (88 comments)

I'd post a picture, but I'm not going to slash my own server. :-)

Ours was connected to the company LAN -- so you could telnet to it. It originally lived next to the HVAC in the room with the LD switch (Alcatel 600e.) In the Grand NOC Redesign of 2001(TM), it was moved to the desks in the NOC which moved to the CO.

2 days ago
top

Did Alcatraz Escapees Survive? Computer Program Says They Might Have

Cramer Re:11:30 AM? (87 comments)

Who's to say they didn't have a man on the outside in a boat to pick them up some distance from the prison? (I'd sure as hell have the rest of the my get-away planned to the last detail.)

3 days ago
top

Did Alcatraz Escapees Survive? Computer Program Says They Might Have

Cramer Re:fugitives would go back to prison (87 comments)

Who's to say they didn't resume a life of crime in some other country under different identities. Costa Rica would have little reason to check 'em against US records, for example. It's not like they had a world wide fingerprint and DNA database with which to verify every human being.

3 days ago
top

Did Alcatraz Escapees Survive? Computer Program Says They Might Have

Cramer Re:Myth Confirmed... (87 comments)

Now repeat that Sharkfest with a single solitary swimmer. No film crew. No chase boats. No shark repellent. Just one thrashing piece of meat in the currents. See how far you get before something nibbles on ya'.

3 days ago
top

Did Alcatraz Escapees Survive? Computer Program Says They Might Have

Cramer Re:Myth Confirmed... (87 comments)

I suspect at least one of them would've bragged about it at some point.

3 days ago
top

Hackers Compromise ICANN, Access Zone File Data System

Cramer Re:Apparently I've been a hacker for years (110 comments)

Nope. Lame summary: The zone files contain quite bit of valuable information... *Other* files with the CZDS held usernames and encrypted passwords. That is the only "valuable" non-public information.

3 days ago
top

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

Cramer Re:How? (83 comments)

... except when your application(s) and OS hide file extensions making it difficult for people to see it's an "exe".

(But yes, people are dumb.)

4 days ago
top

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

Cramer Re:How? (83 comments)

Sad, but true. All software has bugs. Some of them are in your browser.

(Windows does tend to have more (exploited) holes than most, 'tho)

4 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Cramer Re:It's required (166 comments)

It's always technically possible. The question then is did you serve the order to the ones who actually can decrypt it. Verizon is in the middle, so they can provide the raw traffic, but as they aren't the one doing the crypto, they're done as soon as the traffic is available. It's the software maker (and by extension Verizon as they're pushing it) who has that technical ability and thus requirement to hand over any keys.

(Yes, a system using ephemeral public/private keys known only to the phone and used only for a single call would be a very difficult system to tap.)

5 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Cramer Re:Depends... (166 comments)

While CALEA doesn't explicitly include data services, any ISP (telco, whatever) does have to provide a tap when presented an order to do so. It's nowhere near the regimented and streamlined process -- and protocol -- spelled out in CALEA. ('tho they'd like it to be.)

If it's really end-to-end -- meaning the two phones are doing the crypto, then all that's passing through the telco (any telco) network is gibberish. What makes it decryptable from a capture is the company that made the software providing that ability.

The BS "market it to the gubment" is entirely that: Bull Shit. The US Government has very detailed, lengthly, and thorough processes for approving any cryptographic technologies. The fact that it's an "app" all but certainly bins it. The fact that a 3rd party (verizon, the authors, china...) can intercept and decode the traffic disqualifies it immediately.

5 days ago
top

Waze Causing Anger Among LA Residents

Cramer Re:Sympton of a bigger problem (594 comments)

Yes, but only when buses start carrying thousands of people. A bus carrying 30-40 people makes almost no dent in the thousands of cars involved in LA traffic. And it's part of that traffic. The only real solution is a metro that carries large numbers of people at higher speeds along dedicated pathways at low enough prices that no one even thinks about paying it. (the problem becomes a) where are you going to get the space to build it, and b) who's going to pay for it.)

about a week ago
top

Waze Causing Anger Among LA Residents

Cramer Re:Zoning laws are tyranny (594 comments)

This assumes your property wasn't zoned -- or was rezoned -- until after you bought it. I own a fair bit of property, and I know exactly how all of it is zoned; I know exactly what I can and cannot do with it, and I knew all that when I bought it.

about a week ago
top

Waze Causing Anger Among LA Residents

Cramer Re:No thru traffic (594 comments)

Negative. When they get stopped, they'll just be waved on as soon as the cop looks at their license and sees their local address on it. Yes, it'll be a minor annoyance a few times, but far less of one than all the traffic. Plus, the local PD will be rolling in cash!

about a week ago
top

Waze Causing Anger Among LA Residents

Cramer Re:Move to a gated community (594 comments)

No. No. They. Won't. Just look at NC... "I"-540 south of I-40 is a toll road ("T-540"), and there's almost no one ever on it. Going north (clockwise) there's no traffic until you cross I40, and then it's a f'ing wall of traffic. Going south, I540 is packed all the way around the city... until you pass I40 and then there's almost zero traffic.

about a week ago

Submissions

Cramer hasn't submitted any stories.

Journals

Cramer has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?