Banner
Highway 61 revisited

As I sit here with a Cesária Évora CD on in the house, I have an update to the car AV system...

Patterns In Randomness: The Bob Dylan Edition

The human brain is very good — quite excellent, really — at finding patterns. We delight in...

Web Page Mistakes And The 'Lazy Thumbnail'

I don’t understand, sometimes, how people put together their web pages. Who really thinks that...

Anti-theft?

The navigation system in my car has an anti-theft feature that’s interesting, in that it...

User picture.
picture for Michael Whitepicture for Gerhard Adam
Barry LeibaRSS Feed of this column.

I’m a computer software researcher, and I'm currently working independently on Internet Messaging Technology. I retired at the end of February... Read More »

Blogroll

While we’re on the joint subject of cars and security, I should dredge up this item that I’ve had hanging about for a few months. It’s from Ars Technica, and reports that researchers have hacked into the control systems of cars because those systems are often not secured:

The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina.

New Scientist tells us that the encryption between electronic key fobs and car ignition systems has been cracked in many cases. The reason is that most car manufacturers are using weak and/or home-grown encryption:

A device fitted within the key fob of a modern car broadcasts an encrypted radio signal to the car as the driver starts the vehicle. If the signal is recognised by the car’s receiver, it responds by sending an encrypted signal to the engine control unit (ECU), which allows the car to start.

Do you log into web sites from public computers, even though I advised against it four years ago? That post only scratched the surface, really: it just talked about using public computers. These days, most people have their laptops with them, and they connect them to the public wireless networks in the cafés.

Most of those networks are unencrypted. That means that you don’t have to enter a key or a password when you access the network. You just select the network name (or let your computer snag it automatically), go to a web page in your browser, and get redirected to some sort of login and/or usage-agreement screen on the network you’ve connected to.

Wow; I haven't gotten one of these in a long time:

ATTENTION!

A message you recently sent to a 0Spam.com user with the subject "[redacted]" was not delivered because they are using the 0Spam.com anti-spam service. Please click the link below to confirm that this is not spam. When you confirm, this message and all future messages you send will automatically be accepted.

I wrote about challenge/response anti-spam systems about three years ago, but probably haven't seen a challenge message in at least two years. I thought people had given up on them.

Alas, no.

A French court has just decided a case that will likely have a great deal of effect on online search engines if the decision is upheld after appeals. A French man had been accused of “crimes relating to the corruption of a minor,” ultimately resulting in a suspended sentence.

There’s a relatively newly discovered (within the last few months) computer worm called Stuxnet, which exploits several Windows vulnerabilities (some of which were patched some time ago) as it installs itself on people’s computers. It largely replicates through USB memory sticks, and not so much over the Internet (though it can replicate through storage devices shared over networks). And it’s something of an odd bird. Its main target isn’t (at least for now) the computers it’s compromised, and it’s not trying to enslave the computers to send spam, collect credit card numbers, or mount attacks on web sites.