The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community

Geekfinder
UFie Gear
Advertise on UF

Forum Rules
& FAQ


Username

Password


Create a New Account

 
 

Back to UserFriendly Strip Comments Index

This raises the stakes in hacking by binkley2008-03-19 14:45:35
  Be aware that unlike many other wireless by intrinsic2008-03-19 15:17:34
    You can overcome any 1/r**2 power drop, by simply by bwkaz 2008-03-19 15:54:42
squaring your radiated power when the range doubles. So any kind of proximity-sensitive "security" is rather worthless if you have an attacker with enough power before the 1/r**2 factor. (If FM towers were the right frequency, for instance, I bet all heck would have broken loose with these devices a long time ago.) The same issues exist with any kind of RFID device (although there are a few RFID authentication mechanisms available).

Anyway, so yes, I fully agree that strong authentication and crypto are both required.

What I found dumb is that two of the article's recommendations are basically pointless: one was to have the device beep when someone tries to talk to it, and the other was to have the device start vibrating when someone tries to talk to it. By that point, it's already *WAY TOO LATE*. The information has been accessed, and/or the device parameters have already been changed. What's the user supposed to do once that's happened?

The problem is that any other random person might have the ability to read or change info in the device. The way to fix that problem is *NOT* to push the fact that something has happened out to the user; you have to prevent the other random people from reading or writing the info in the first place! The remaining suggestion made in the article (add authentication) will do this; the other two will not.
[ Reply ]
      Directional yagi. :D (n/t) by themadkansan2008-03-19 16:06:12
        Always knew Pringles would kill me one day. (n/t) by chanceslost2008-03-19 16:42:39

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)