Does Your Car Have Security Risks?
By Ian Scott
Imagine driving along the road and discovering you were slowing down but your foot is not on the brake pedal. Yesterday, you had a new audio player installed.
Could someone be hijacking your car? According to researchers at the University of Washington and the University of California, it is possible. They apparently discovered that it was quite easy to hack the computer systems in vehicles and subject them to a variety of attacks.
Another possible car hijack method could be used with GM’s “OnStar” service:
“In our car we identified no fewer than five kinds of digital radio interfaces accepting outside input, some over only a short range and others over indefinite distance. While outside the scope of this paper, we wish to be clear that vulnerabilities in such services are not purely theoretical. We have developed the ability to remotely compromise key ECUs in our car via externally-facing vulnerabilities, amplify the impact of these remote compromises using the results in this paper, and ultimately monitor and control our car remotely over the Internet.”
Ah, almost makes one long for the good old days when just about anyone with some tools could diagnose and fix their own engine problems.
Topics: Personal Security |
New Laptop Updated
By Ian Scott
As I wrote the other day, I purchased a new Dell Studio 17 laptop and have been working to get OpenSuSe 11.2 working on it. I finally managed to get Wireless working by using the broadcom-wl package from the packman repositories. Once I installed them, the wireless device was recognized and I could see the network here at the office. I had problems connecting to it however. It seems that WEP passphrases aren’t all that great – and Windows and Linux have different ways of converting to and from HEX.
The fix was to change the security settings in the Netgear wireless router. It’s an ancient model (relatively speaking) and I had no record of the admin password, so I needed to use the reset button to reset it back to factory defaults (username admin, password: password) and make the changes.
After I had wireless working, I took the laptop to my girlfriend’s apartment in Guelph and successfully connected to her Bell Canada internet wireless. Bell prints the security code on the router, but the print is so small, it almost needs a magnifying glass to read it. After some attempts at wondering “what is that digit?” and experimenting a bit, we finally got the laptop working there with Internet access as well.
The next job was to get the graphics card working, an ATI Radeon Mobility HD 4650 I believe. Graphics under the native Linux drivers sucked. After some time, I tried the proprietary drivers for Linux that ATI provides. I did the automatic installation as trying to create an OpenSuSe package just did not work.
I had noticed that there was no /etc/xorg.conf file installed when I installed Suse 11.2 on the laptop so I thought I should run sax2. Silly me! I did not need to do that at all, and wasted a lot of time on xorg.conf configurations.
What happened was that the ATI Radeon driver successfully installed and after an ‘aticonfig –initial’, it wrote to the xorg.conf file. But when I rebooted, it appeared I had no mouse support. The actual problem was that my mouse cursor was invisible. After realizing that was the problem, some posts in the opensuse forum helped to bring me a little closer to the final solution:
Completely remove xorg.conf
Re-run ‘aticonfig –initial’
Add the following lines to the Device section of the resulting xorg.conf (which aticonfig –initial produced):
Option “HWCursor” “off”
Option “SWCursor” “on”
After saving the file and rebooting, I had a beautiful desktop with a visible mouse cursor.
Now to transfer files over….
Topics: Uncategorized |
New Laptop
By Ian Scott
Been sometime since I have posted here. Life can take many different twists and turns; sometimes quite unexpected.
I recently purchased a new Dell Studio 17 laptop. I had done some research on it before I purchased it and it seemed that I wouldn’t have too much problem getting everything to work under Linux. My first job was to try to get the Broadcom WiFi card working – but that’s been a bit of a beast to deal with so far. I’ve come across a variety of conflicting reports and what drivers to try and use.
I think I screwed up some things, so rather than keep flogging it, I decided to reinstall OpenSuSe 11.2 on the laptop (keeping the Windows 7 partition as my accountant insists I use QuickBooks Pro – maybe it will work under WINE but I’m not sure yet) and try again.
Hopefully I’ll have wireless working soon! Then on to testing and configuring the other bits and pieces. Right now, I need to boot with ‘x11failsafe’ to see the monitor.
Topics: Uncategorized |
The Problem With Privacy
By Ian Scott
Google maps! Who today lives without them when they are going to be traveling to a destination that they’ve never driven before? I use google maps all the time and have found it to be a very accurate way to plan my trip by shortest distance or shortest time, and Google will also provide me with alternate routes if there are any available.
Google “Street View” is causing all sorts of consternation however, in regard to privacy. And here’s part of the problem: Privacy is not a right as many seem to believe. Once you go outside of your house and share any information with anyone, you’ve just given up some amount of “privacy.” You may not want anyone to know how much money is in your wallet, but once you go into a store and pull out a ten dollar bill, the cashier knows you had at least ten bucks in your wallet before you pulled it out.
A Toronto Star article describes a concern some might have with Google Street View, the Google project that entails photographing all the streets of major municipal areas. In the article, the author writes:
“Imagine this scenario: A friend presents you with a large painting at your birthday party, a work of art best described as ghastly.
Being extra polite, you gush about how much you love the painting and how you will treasure it. Your friend is overjoyed, recounting how long he searched for the perfect gift.
Everyone is happy.
Then imagine that friend checking homes of friends and relatives through Google Street View and seeing the painting that you had gushed about out on the curb for garbage pickup.
Needless to say, the next get-together will be awkward.
Do you have a valid complaint against Google for providing photographic evidence of what you really thought about your friend’s present?”
No, there is no valid complaint. If you didn’t want anyone to know that you threw out the gift, wouldn’t you wrap it up before you took it the curb for garbage pickup? And even then, how can you be sure that someone at the dump isn’t going to see the gift and know it was given to you by a mutual friend? It is possible, even if unlikely. You can’t control those things.
The problem with Privacy is that it is not really a right. Some have tried to make it a “legislated” right by enforcing and regulating what others can do with information they receive, but even then, this doesn’t stop an employee of a data gathering place to whisper about some document they saw at work. Sure, perhaps there may be repercussions for the whispers, but your privacy has not been protected.
No matter what is legislated, you as an individual need to be aware of your own privacy concerns and act accordingly, in balance with how you wish to live your life. You’ll never have complete and utter privacy unless you move into a cave a thousand miles away from any other person – and even then, you can’t guarantee that another person wanting privacy and solitude isn’t going to wander into that same cave.
Topics: Privacy |
Blackberry Users Facing Critical Vulnerability
By Ian Scott
PDF files have become ubiquitous as a file format for exchanging information and documents. They can be viewed and read on just about any platform and are commonly sent to others as attachments to emails.
However, RIM has issued an alert advising their Blackberry users that opening a PDF file could corrupt their devices and allow for Blackberry Enterprise servers to be taken over. The problem appears not to be an issue with Adobe’s code, but rather RIM’s “Attachment Service” according to the bulletin posted by Research In Motion, available here. Instructions on how to apply a patch provided by RIM for Blackberry devices and Blackberry Enterprise servers is also available at the link.
Graham Cluely of Sophos PLC says,
“The problem is people don’t often sign up for these types of security advisories,” he says. “The race is on to get ahead of the hackers who may be looking to take advantage of this, now that it’s been made public.”
If you use a Blackberry, don’t open PDF files unless you know you’ve applied the security patch.
Topics: Business/Corporate |
5 Million Customers Compromised
By Ian Scott
In early December, CheckFree Corp. experienced a situation where their domain registration account was compromised and subsequently, DNS was hijacked. CheckFree offers a bill payment service through several banks, including Bank of America, many who use the service were diverted to a server located in the Ukraine and unwittingly gave up their usernames and passwords to the hijackers.
According to ITBusiness.ca, “CheckFree disclosed that it was warning many more customers than previously thought.” Apparently, up to 5 million customers may have been affected by the event.
Topics: Personal Security |
« Previous Entries Next Entries »