The World's Most Hackable Cars
Ok, slashdot just lost my lengthy reply so I'll do it quick one (OK it got ranty torwards the end).
Generally the industry follow standards such as MISRA/OSEK/AUTOSAR, these stipulate static configuration, to do that you use automatic tools, for cost reasons(big driving force in automotive) they optimize the frame packaging for each network so you use less memory and can use cheap parts.
Due to limited bandwidth you have different frame packaging on different networks as well, so in a gatewaying scenario the com-stack will repackage the data, any unexpected frames will be ignored.
I read the article now and according to it they put the radio on the same bus as the brakes, that's funny. I guess it's a can or flexray bus (I don't think they use ethernet yet) they you could just inject the frames directly (you might have to silence the original node first).
I look forward to the talk and it will be interesting to see how they defeat (or if they use) features such as signing of data on the bus (used for safety critical stuff).
If you want to have a look at how a typical automotive RTOS works you can check out an open source (GPLv2) implementation over at: http://www.arccore.com/develop...
Some last euro-cents: at this level safety under normal and anticipated failure scenarios is considered, security and intentional manipulation is not so much.. if you want to kill someone you can always cut the brake hoses. There is no point in trying to secure the internal buses from intentional attack, and focus should be on separating safety critical stuff and anything with outside connectivity (infotainment system, phone etc). Put them on physically different buses and if they really need to exchange information use a very limited gateway that can be proven to have no exploits and does rate limiting etc as well to prevent DoS attacks and make sure nothing safety critical is dependent on this gatewaying actually working.
The World's Most Hackable Cars
Well unless you take over the gateway it does indeed do filtering. It does not simply forward packets but decodes the data and repackages it for different networks. The frames that should be forwarded is statically configured, that is which frames (or individual "signals" from a frame) from which bus should go to where.
So unless there exists a functionality for the infotainment system to send brake frames to the BCM already. You are left left with exploiting each gateway on the way to gain control.
Are Lenovo's ThinkPads Getting Worse?
I'd say the lack of touchscreen is a positive feature =)
Recycling Excess Heat From the Data Center
He's not talking about distribution inside your house from a central heating point, but for distribution to your house from a central heating point in the city. Like here in Gothenburg(pop ~0,75 million).
Total heating capacity for the central system here is a bit over 2000MW, our (clean*)garbage power plant provides 28% of the city's heating & hot water, and 5% of electricity needs. Among other providers is a biogas furnace from the sewage treatment plant, waste heat from industries like refineries, and Volvo, also about 150MW is recovered with heat exchange from the sewage. About 80% of the heat provided used to be waste in some form.
*meets future EU-demands on cleaning. First electro filter, then wet cleaning which removes particles and condenses acid gases, then a textile filter which removes almost all dioxin and most of the sulfur.
Low-Energy Laser Etching May Replace Fruit Labels
You could put the label on the boxes, or on a sign in the store.. come to think of it, they already do, so why the hell do you need stickers on each individual piece of fruit?
Scammer Plants a Fake ATM At Defcon 17
At least here in Sweden, the issuing bank transmits data on if the card has a chip or not, and the ATM or terminal requires chip usage if the card is supposed to have a chip. On older store terminals without a chip reader, the mag stripe works, but those are getting replaced as time goes by, and yeah, just using the card in another country is still the safest bet. Though I have noticed being required to use the chip in some other countries now as well.