Recent Comments:
Duke inches toward autonomous robo-surgeons {Engadget}
May 8th 2008 10:53AM http://youtube.com/watch?v=tb2Pzl1U0sY
"Never trust a robot"
Brionvega's Alpha LCD / DVD combo is deliciously sexy, on sale {Engadget}
Apr 30th 2008 11:39AM And by sexy you mean orange...
Sony buys Gracenote for $260m {Engadget}
Apr 22nd 2008 11:54PM assholes.
3DConnexion SpaceNavigator enhances Second Life experience {Engadget}
Apr 17th 2008 1:30AM "second life experience"
oh, what the world is coming to.
Movie Gadget Friday: Johnny Mnemonic {Engadget}
Apr 11th 2008 11:20PM cyberpunk == dystopia
yeah, the technology sucks, that's kinda the point.
IBM's racetrack memory dashing towards commercialization {Engadget}
Apr 11th 2008 11:33AM wow that video was cheesy
Researcher creates malicious, router-controlling website {Engadget}
Apr 8th 2008 11:18AM Exactly how else should people be notified about security problems? Should we setup a secret cabal that closely watches over us to protect us from unknown threats? Maybe they can use the stars to predict what new security threats are out there.
Computer security is alot like sex ed. If you don't tell people how to be safe, you're going to end up with a bunch of pregnant 15 year olds with HIV/herpes. Either that or you have to tell kids that sex is evil and to never do it.
Computer security is also alot like lock security. The locksmiths around the country are very open about which locks fail and about how long it will take an attacker to get through such and such safe. This is so when you go out and buy a lock for your house, you have a reasonable expectation of the security it supplies, not the word of the manufacture who would love if you gave them your money.
More-over, this "dns rebinding attack" assumes your DNS cache is going to honor zero second TTLs. Granted hosts are expected to maintain this behavior, but many DNS caches won't honor this and will set a 300 second TTL, which effectively defeats this attack.
Thinkware iNAVI K2's 3D maps are just like being there {Engadget}
Mar 27th 2008 11:07AM Whats totally weird is I could tell that was Korean just from the picture it was displaying...those family marts are all over the place over there.
ASUS releases Eee SDK, open source continues to be open {Engadget}
Mar 26th 2008 11:11AM having an sdk would still be useful. perhaps not all developers have a Linux install, and even if they do having all of the correct libraries and versions of everything all conveniently bundled up together sure does make things much easier.
RFID credit cards easily hacked with $8 reader {Engadget}
Mar 20th 2008 11:25AM So, the idea is less that the attacker would be charging the card themselves are more that the attacker would use the information obtained to create a fake card and use the fake card to make the charges at real stores. Also, there is likely a information leak here, as the card contains personally identifiable information. An attacker could even use this to track victims.
As for "enforcement agencies" -- I can tell you you are living in a pipe-dream-reality for a number of reasons
1) The power levels on these frequencies is very very low - you would have a hard time detecting it outsides of a few dozen meters.
2) Moreover, these cards use industry standard RFID chips, so if something was detected it could take a long time to determine if there wasn't a legitimate reader in the vicinity.
3) frequencies used and the power levels used could very likely be spurious emissions from any number of other devices.
4) by "enforcement agencies" who are you talking about? The FCC? The police? maybe the Secret Service? Yeah - none of those people have the resources to either a) send enough agents around the country or b) buy and train people on how to use the gear
5) what is the apprehension mode you envision? An "enforcement agent" walks into a crowded bus terminal, detects a rouge signal, and detains the entire bus terminal, searching people until the find the reader?
How many people on here have gone wardriving? How many of you know someone who got busted for it?
