Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Man-In-the-Middle Remote Attack On Diebold Voting Machines

rob13572468 Am I the only one *not* impressed with this? (251 comments)

Granted they disclose that its a simplistic attack but what they do not explain is that it is neither practical nor is it complete... The attack is based on intercepting and modifying the voltage signals coming from the touchscreen (voltage,not data...) and cutting power to the LCD. This allows them to do the following:
1. read the (X,Y) position of a user touch event
2. send a false position report on to the voting machine
3. blank the screen,

The problem is what they are NOT doing... They are not reading the output to the LCD which means they have no way of knowing the context of the button presses. e.g. they know the user is pressing at position (X,Y) but they dont know what menu screen is currently being displayed... is it the login screen? the voting screen, which candidate race? To do this they need to be tapped into the VGA/DVI output data to the LCD and you can do that with $10 in components.. you probabaly cant do it for $100, and you certainly need a pretty decent coding/hardware design/reverse engineering skillset to succeed.

This is fearmongering that is masquerading as security research (and poor research at that..) If the goal was to impart the message that a physically unprotected machine is vulnerable to tampering then i guess they got that message across, but its not like we did not already know this...

Finally if you want to create a devastatingly sucessful undetectable hardware attack, you do not bother with i/o.. you use boundary scan and the JTAG/BDM port.

more than 2 years ago
top

Why Sony Cannot Stop PS3 Pirates

rob13572468 not exactly correct... (378 comments)

walfisz is not entirely correct about sony's abilities to combat piracy... Technically speaking if a console user chooses to *only* use their PS3 offline and not access PSN or any online content then yes it will be difficult to impossible for sony to employ countermeasuers. The problem is that most users *do* use PSN and do use their console online and this opens up some avenues for sony. The most likely countermeasure will be to run code snippets that detect changes to memory in the console. This will be done in conjunction to PSN access (e.g. to be authenticated for access to the PSN network, your console must run a piece of code that calculates an authenticfication hash of your consoles serial number and contents of memory.) if any memory is changed then the code will return an incorrect result and you will not be permitted to access the network or worse they will ban you from PSN. hackers will then introduce code that will "cloak" the changed areas to reflect proper results from an unmodified console and sony will then attempt to detect those changes as well. In the end it becomes a cat-and-mouse game that goes on and on which is exactly what happened for years in the SAT tv industry. The big difference is that sony will eventually be forced to start banning users from PSN simply for having hacked consoles and this will make console modification undesirable for many users. As far as the lawsuit being baseless these guys need to read up on the DMCA... its a lousy law that was poorly written but it *is* on the books and unfortunately liability is determined based on whether there is substantial non-infringing uses... since the reality is that most people have been and will be modding their consoles to play copied games, they will find anyone involved liable... The only realy question is whether sony is going to detect and go after end users with the $2-5K demand letters/lawsuits as the RIIAA/MPAA have done...

more than 3 years ago
top

Any Open Source Solutions For DIY Auto Diagnostics?

rob13572468 Re:To Expensive? (270 comments)

Thats true: you can always get something cheap like this:

http://www.gridconnect.com/canusblight.html

Which is like $99 and it will work fine but you lose out on getting stuff like CAN monitors, API's and programming examples with the better adapters... Your best bet is to go with something like this:

http://www.gridconnect.com/usbcanin.html

which is a full featured adapter that you can actually do development and project work with.

more than 4 years ago
top

Hacking Automotive Systems

rob13572468 Re:Cccess to unlocked car = can damage it, duh (360 comments)

agreed: this is not new considering this sort of work has been done for at least ten years now..in fact here is my pwn the instrument cluster shot (except i did this 5 years ago...) http://www.lotustalk.com/forums/f129/canbus-re-analysis-10866/#post172691 or this: http://www.youtube.com/user/catch9966#p/u/68/-7Xb0G4JS48 like i said, this is not news at all and there is no real need for security on the vehicle network with the exception of controlling engine/tranmission access (which allmodern networked vehicles have)...

more than 4 years ago
top

Net Neutrality Suffers Major Setback

rob13572468 standard reply... (790 comments)

all your tubez are belong to comcast...

more than 4 years ago
top

Israel's Supreme Court Says Yes To Internet Anonymity

rob13572468 Business opportunities abound... (198 comments)

Isreali file sharing proxy service here I come! :)

more than 4 years ago
top

PlayStation 3 Hack Released Online

rob13572468 Re:It's also a little fishy... (164 comments)

its actually not as difficult as you would think... The typical method is to set up a loop: allocate memory, write the code, de-allocate, glitch, and test to see if you still have access. This method worked exeedingly well for years on all sorts of secure processors. The only difference here is that everything runs faster so your timing needs to be better but even if you only have a 1 in 10000 shot of getting the timing right it only takes 10000 tries to be successful (well statistically)

more than 3 years ago
top

PlayStation 3 Hack Released Online

rob13572468 Re:No corners cut as far as I can see (164 comments)

It depends on what context the hack is used... Sony may have thought ahead and written and anti hacking API that simply needs to be enabled... They more than likely included the ability to perform hypervisor integrity checks with code triggered remotely (as in if/when connected to playstation network) and can start booting/banning people from playing online.

more than 4 years ago
top

PlayStation 3 Hack Released Online

rob13572468 Re:Nice step forward, but no full compromise (164 comments)

The glitch attack is a pretty powerful attack in that the proof-of-concept he worked out is most of what is needed for a mod chip. Now all that is needed is to find the least expensive microcontroller to deliver the glitch pulse. He uses 40 nS but it may well turn out that even a larger (wider) pulse works which then means a standard 3 dollar 10 Mhz microcontroller can be used to control the glitch. connect the glitch modchip to any line that is controllable under the hypervisor and you have the ability to turn it on and off and you can now build an automated package. The only problem is that you will start by running some software that allows you to place arbitrary code even under the control of the hypervisor... So you install the modchip, load the approved linux distro, run the special exploit program and you now have complete read/write control, which in turn reloads a full uncontrolled linux distro (or any other unsigned code). of course the hypervisor dump may well lead to an implementation flaw that allows access without a modchip being needed which is even better. Its all just cat and mouse from here...

more than 4 years ago
top

Simple, Cost-Effective, Multiroom Audio?

rob13572468 Re:Obligatory audiophile post (438 comments)

keep in mind that before the signal is sampled it needs to be low-pass filtered at the nyquist frequency. so everything above that frequency is attenuated as much as possible.obviously you cannot eliminate the problem of aliasing altogether but the practical goal is to eliminate it from occuring within the band you are sampling (e.g. 20-22Khz for audio). I agree with you that digital audio could use better sampling overall if for no other reason to deal with the granularity problems. they did a pretty good job with cd audio and it came pretty close to being indistinguishable... there are actually alot of listeners that have a very difficult or even impossible time telling the difference now in a true A/B setup. Often the issue is that an "audiophile" will make comparisons that are not direct: e.g. a standard high end CD player against a high end phono/preamp combo and the phono sounds obviously better. The problem is that there is no proof that the digital component was inferior.. it could be that the phono/preamp colored the sound in a more pleasing manner, or that the cd engineer made changes during mastering.. we just dont know because nobody likes doing an exact A/B comparison of digital/analog format and it ends up as sort of anecdotal evidence that we all hear about... The new digital workstations used for professional mastering are all either 24 or 32 bits and when i listen to tracks being played back on those systems that are sampled even at 24bit/96khz they sound nothing short of amazing. It would be fun to do a richard clark type A/B monetary bet: the audiophile can use their own reference system; you take a master recording of a record album playing at the preamp output at 24bits and then do A/B playback with the reference levels set the same. I would bet that it would be impossible for anybody to be able to tell the difference...

more than 4 years ago
top

Simple, Cost-Effective, Multiroom Audio?

rob13572468 Re:Obligatory audiophile post (438 comments)

aliasing doesnt have anything to do with sampling (e.g. quantization errors) either in frequency or amplitude). aliasing is simply an unwanted side effect of not having enough sampling resolution. That being said yes there is always going to be quantization errors but that is irrelevant: what is important is what level of difference the human ear can hear and while red book audio is not perfect is comes pretty close. At 24 bits the differences are exceedingly small. Finally the one thing that i never hear the analog audiophile types talk about (keep in mind i have nothing against it: if you prefer analog good for you) is that the same quantization errors that apply to digital audio also apply to analog: e.g. if you consider a 5 volt audio signal found in any audio setup (even the really nice ones) and look at any signal based on the same quantization as cd audio: 16 bits is 5/65536 or 76 microvolts. Now look at any piece of high end audiophile equipment with a scope that can resolve to microvolts and you will see noise in the signal at the same amplitudes typically introduced by the environment but also simply as a result of the environmental changes on the various circuits... Analog noise eixsts to and it is typically on the same order of amplitude as digital. With the move to 24 bit audio the quantization noise for 1 bit is 5.9 nV which is insanely low.. AFAIK there is no high end analog audio equipment that is even close in mitigating noise at those levels.

more than 4 years ago
top

Simple, Cost-Effective, Multiroom Audio?

rob13572468 Re:Obligatory audiophile post (438 comments)

aliasing doesnt have anything to do with sampling (e.g. quantization errors) either in frequency or amplitude). aliasing is simply an unwanted side effect of not having enough sampling resolution. That being said yes there is always going to be quantization errors but that is irrelevant: what is important is what level of difference the human ear can hear and while red book audio is not perfect is comes pretty close. At 24 bits the differences are exceedingly small. Finally the one thing that i never hear the analog audiophile types talk about (keep in mind i have nothing against it: if you prefer analog good for you) is that the same quantization errors that apply to digital audio also apply to analog: e.g. if you consider a 5 volt audio signal found in any audio setup (even the really nice ones) and look at any signal based on the same quantization as cd audio: 16 bits is 5/65536 or 76 microvolts. Now look at any piece of high end audiophile equipment with a scope that can resolve to microvolts and you will see noise in the signal at the same amplitudes typically introduced by the environment but also simply as a result of the environmental changes on the various circuits... Analog noise eixsts to and it is typically on the same order of amplitude as digital. With the move to 24 bit audio the quantization noise for 1 bit is 5.9 nV which is insanely low.. AFAIK there is no high end analog equipment that is even close in mitigating noise at those levels.

more than 4 years ago
top

Navigating a Geek Marriage?

rob13572468 slashdot? (1146 comments)

wow, asking for relationship/advice about girls on slashdot? talk about going to the wrong place... seriously though, the best thing you can do to ensure a happy marraige is to at least make an attempt to work out some of the difficult issues before you actually get married... Do you or your GF have any annoying/disgusting habits: (weird laugh, make noises, leave toenail clippings around, etc..) those sorts of things tend to be ignored in the beginning when things are going well but once your married they can get very irritating very quickly. Secondly, work out basic stuff like finances: how is the money going to be spent and on what, how are you going to pay bills.. and so on... get that sort of stuff worked out before. Finally, I hope you are getting a decent amount of sex now because however much that is, its going to be *less* once you are married. if you arent getting much or any now then you might want to rethink things...

about 5 years ago
top

BD+ Resealed Once Again

rob13572468 give it some time... (460 comments)

The arms race with BD+ mirrors exactly what happened with sattv hacking 10 years ago. The encryption starts out simple and uses a minimal implementation of the BD spec. Once that is compromised the ip holders inevitably move to the more complex implementation of the spec. Currently this involves uploading a code package with each new release that performs the decryption, blacklist checking, and ultimately a system integrity check (the latter makes sure that BD+ API has not been patched to allow unconditional decryption which is the method slysoft uses). With every release, the IP holder looks at how the system has been hacked and writes a specific code package to detect those changes. The end result of this game is that the system will become totally compromised as hackers will simply rebuild the entire BD+ VM and API in emulation and allow for patching outside of the VM implementation (e.g. the system will respond as a valid unhacked system to any checks via VM code packages but will still perform unconditional decryption) Once that happens its over for BD+ as the only possible countermeasure is to attack flaws in the emulator implementation and those are easily fixed. Give it a year or so...

more than 5 years ago
top

Texas Makes Zombie Fire Ants

rob13572468 Re:Porky Pig tried this once. (398 comments)

wasnt this in the "king of the hill" episode where dale puts the fire ants on hank's lawn?

more than 5 years ago
top

Conficker Worm Strike Reports Start Rolling In

rob13572468 Re:WHAT? (508 comments)

thats not the worst part.... As of midnight, the WOPR is mere hours away from "winning the game"...

more than 5 years ago
top

Tin Whiskers — Fact Or Fiction?

rob13572468 Re:Tin Whiskers are fact (459 comments)

Thats not true. I can tell you from experience that aside from some equipment that resides under the hood, most automotive electronics are NOT conformal coated at all...

more than 6 years ago

Submissions

top

Want a tesla roadster now? No need to wait...

rob13572468 rob13572468 writes  |  more than 5 years ago

rob13572468 (788682) writes "Tesla claims to have pre-sold over 1000 of its roadsters, with many of them paid-in-full or with substantial deposits. If you want one of the highly coveted roadsters you are looking at a 2 year wait. Or maybe not... The other morning I noticed a posting on an enthusiast forum offering tesla roadsters for *immediate* delivery with no wait.... from whom? apparently from tesla themselves: the poster is a member of the tesla sales staff. So naturally I post the link in another forum asking how this can be... The original post convenientally disappears 30 minutes later, chaos ensues, no response from either tesla or the salesperson... original post link: http://www.talklambo.com/showthread.php?t=4759 my post complete with screenshots of the original post: http://www.lotustalk.com/forums/f176/how-ruin-teslas-image-alienate-customers-65808/"

Journals

rob13572468 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>