Self driving vehicles and infrastructure vulnerability

The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
SELF-DRIVING TRUCKS ARE NOW DELIVERING REFRIGERATORS
13 Nov 2017

https://www.wired.com/story/embark-self-driving-truck-deliveries/

Since early October, autonomous trucks built and operated by the startup Embark have been hauling Frigidaire refrigerators 650 miles along the I-10 freeway, from a warehouse in El Paso, Texas, to a distribution center in Palm Springs, California. A human driver rides in the cab to monitor the computer chauffeur for now, but the ultimate goal of this (auto) pilot program is to dump the fleshbag and let the trucks rumble solo down the highway.

It’s Been A Year, And We Still Don’t Know Who’s Behind Worst NSA Leak In History
13 Nov 2017

U.S. investigators remain stymied after more than a year of investigating as to how some of the most sensitive hacking tools developed by the National Security Agency (NSA) fell into the hands of hackers, The New York Times reports.

The hunt for the mole, moles, or leaks has reportedly caused a major drop in morale at the agency as employees are subjected to intense security checks. These checks include polygraph tests, turning over their passports, and other scrutiny detracting from day to day jobs.

Intelligence officials characterized the leak of hacking tools as far outstripping any damage done by 2013 leaker Edward Snowden. The leaked information has slowly been posted online by a hacking group known as “The Shadow Brokers” purportedly selling the information. Some officials feared the Russian government may be behind the group.

The leaks appear to come from different parts of the NSA raising the possibility of multiple vulnerabilities. Much of the information appears to come from within the agency around 2013, raising questions as to why it is being released now.

The Russia theory too, however, puzzles some experts.

“The problem with the Russia theory is, why? These leaked tools are much more valuable if kept secret. Russia could use the knowledge to detect NSA hacking in its own country and to attack other countries. By publishing the tools, the Shadow Brokers are signaling that they don’t care if the U.S. knows the tools were stolen,” cybersecurity expert Bruce Schneier noted in The Atlantic in March 2017.
[Which is why I think much of what is claimed for political reasons to be the "The Russians®" has been done by highly adept non-state actors in, for instance, the Ukraine. Eastern Europe has always been a hotbed of brilliant black hat hackers due to various factors and their advantage legally is that their native countries make no attempt to arrest or even hamper them so long as they exclusively attack the adversaries of their native country. One article from nay on that: "Savviest hackers hail from Eastern Europe, researchers say" https://www.pcworld.com/article/201...hail-from-eastern-europe-researchers-say.html - W]

“We don’t know what else [they] may have, and most important, we don’t know how this information got out of the National Security Agency, and that’s 15 months after the first leak occurred,” former CIA Director Mike Morell told CBSNews Monday, adding ominously “We don’t know if they’re stealing information as we sit here right now… essentially, the technology we developed at Fort Meade is being used to hack into our governments and companies and some of our personal information.”
 
The following shows the OH SO GREAT CARE for security taken in IOT gizmos from even the largest firms like Amazon. That was extreme sarcasm by the way. Imagine what you'll find in Chinese IOT junk which is the majority of hardware sold.:

Amazon Key Flaw Could Let Rogue Deliveryman Disable Your Camera
16 Nov 2017

https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

WHEN AMAZON LAUNCHED its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum.


Last night, watching my DVR recording of the excellent hacking dystopia fiction series "Mr. Robot" and skipping the commercials, I happened to notice that it was sponsored by Amazon Echo. I couldn't help but laugh out loud! I guess viewers must have missed the impressive IOT hacked luxury apartment scene from last season.

Here's some commentary from an extremely network/computer tech savvy guy who established and built a large Chicago ISP who was also smart enough about stock market realities to sell it for a fortune just prior to the dot com crash:

Amazon 'In Home' Delivery: You're Nuts

I have a dozen ways criminals could exploit this, and they will.

You give Amazon a means to access your house (e.g. a keypad on your door, etc.) They now have it.

Let's enumerate a few of the ways you can get hosed:

The "employee" (really a contractor, by the way) for Amazon simply steals anything he or she wants in your house while making the delivery -- which you allowed them in for.

Your credit card gets compromised. Said individual orders something on your card to your house, waits for it to be delivered inside and exploits said delivery, either in confederation with the person doing it or by rick-rolling them, and robs your house.

The access code is stolen and used to directly access your home. It's in the cloud. I'm sure nothing in the cloud will ever be stolen, right? Uh huh, just like virtually every American's credit file wasn't? And since the code used to open the door will be authorized guess what -- your high-fautin' security system won't raise a peep as your nice 60" 4k OLED TV and jewelry walk right out the front door!

These took me about 30 seconds to come up with. A bit more thinking would, I'm sure, enumerate dozens more, all of which will be exploited immediately by those with criminal intent.

I cannot imagine how stupid you have to be to sign up for such a thing. The "initiative" to get into your car to make deliveries is bad enough, but allowing a retailer's contractors into your home when you have utterly no idea who they are or how said access data will be secured has to rank as one of the dumbest things I've ever heard of, and if you allow it then you have just marked yourself as having an IQ smaller than my running shoes.

37220465792_e57a7fd47f_o.jpg
 
Right, we get that you don't think anyone will solve these problems. I happen to disagree, but readily admit I'm biased.

I don't own any of these devices because they're too gimmicky so far, but look forward to the third generation or so. YMMV.
 
We have self-driving cars everywhere in Pittsburgh, though they have nanny drivers.
I work 1 block from Google and a mile from CMU. During the commute, it seems like there are more autonomous vehicles than there are regular cars.
Time was that hacking Pittsburgh would be important, but I'm not too worried since the mills closed. YMMV, as they say.
-LarryC
 
Man gets threats—not bug bounty—after finding DJI customer data in public view
A bug bounty hunter shared evidence; DJI called him a hacker and threatened with CFAA
11/17/2017

https://arstechnica.com/information...storage-in-public-view-and-exposed-customers/

DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA). DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

DJI launched its bug bounty this fall shortly after the US Army issued a ban on using DJI drones for any military purpose due to "operational security" concerns. There were also spreading reports of people hacking the firmware of DJI drones—some have even posted hacks to GitHub by Finisterre. But according to Finisterre, the program was clearly rushed out. The company did not, and has yet to, define the scope of the bounty program publicly. So when Finisterre discovered that DJI's SSL certificates and firmware AES encryption keys had been exposed through searches on GitHub—in some cases for as long as four years—he contacted the company to see if its servers were within the scope of the bug bounty program. He was told they were—a statement that would later be walked back from by DJI officials.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA). DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."


--------

Recent episode of the documenary series "Cyberwar". 5 MILLION additonal IOT devices are connected to the Intenet EVERY DAY.

CYBERWAR | S2 EP5
The Internet of Things Apocalypse

https://www.viceland.com/en_us/vide...of-things-apocalypse/595f964eb03021fb47ebb299
 
Right, we get that you don't think anyone will solve these problems.
Based upon what I see on tech sites and the obvious, stupid firmware/software mistakes reported on those sites almost daily, the fact that it won't be fixed is pretty damned obvious and it will only get worse as the IOT trend accelerates even beyond where it is now. So, to the greatest extent possible, one should avoid setting oneself up for the sake of stupid conveniences.
 
Like I said, almost daily:

Pentagon contractor leaves social media spy archive wide open on Amazon
Trove included more than 1.8 billion posts spanning eight years, many from US persons
11/18/2017


https://arstechnica.com/information...ntel-gathering-operation-left-open-on-amazon/

A Pentagon contractor left a vast archive of social-media posts on a publicly accessible Amazon account in what appears to be a military-sponsored intelligence-gathering operation that targeted people in the US and other parts of the world.

The three cloud-based storage buckets contained at least 1.8 billion scraped online posts spanning eight years, researchers from security firm UpGuard's Cyber Risk Team said in a blog post published Friday. The cache included many posts that appeared to be benign, and in many cases those involved from people in the US, a finding that raises privacy and civil-liberties questions. Facebook was one of the sites that originally hosted the scraped content. Other venues included soccer discussion groups and video game forums. Topics in the scraped content were extremely wide ranging and included Arabic language posts mocking ISIS and Pashto language comments made on the official Facebook page of Pakistani politician Imran Khan.

The scrapings were left in three Amazon Web Servers S3 cloud storage buckets that were configured to allow access to anyone with a freely available AWS account. It's only the latest trove of sensitive documents left unsecured on Amazon. In recent months, UpGuard has also found private data belonging to Viacom, security firm TigerSwan, and defense contractor Booz Allen Hamilton similarly exposed.

----------

SECURITY NEWS THIS WEEK
11/18/2017


https://www.wired.com/story/security-news-this-week-the-pentagon-left-data-exposed-in-the-cloud/

WELL, IT’S BEEN a wild and wooly week for security, especially for Face ID, which a group of hackers at a Vietnamese security firm convincingly claim to have broken just a week after the iPhone X release. [And, as I asked before, what happens when your biometric data is stolen/compromised and yet that is what is required for "secure transactions" throughout your life? Get a new face or new fingerprints? - W] They’re joined by a 10-year-old boy, who managed to break into his mother’s iPhone X thanks to a little trick known as genetics.

Amazon Key also turns out to be less secure than advertised; researchers discovered that a tech-savvy deliveryman could not only disable your camera, but freeze the frame, allowing them unfettered access to your house. And OnePlus smartphones—literally all of them except the first model—shipped with an app that’s essentially a backdoor, allowing root access to anyone who gets their hands on your phone. Both companies say a fix is incoming.

Another fix that’s in the works: The emergency alert system, which has been broken for years thanks to resistance from the telecom industry. Progress has finally started to materialize—though maybe still not fast enough. The government’s also making wee progress on its vulnerability disclosure process, but newfound transparency doesn’t totally alleviate concerns.

Kaspersky Says That NSA Contractor’s Computer Was a Malware Mess

We already knew that an NSA contract made a serious goof by bringing his (classified) work home with him on his personal computer, which allegedly let Russia steal state secrets that got swept up in a Kaspersky antivirus sweep. But a new report from Kaspersky claims that it’s even worse than it first seemed; Motherboard reports that Kaspersky says the unnamed contractor had at least 120 malicious files on his computer. That opens the door to the possibility that not just Russia, but any number of sophisticated state actors could potentially have compromised his machine, and stolen NSA info in the process. Which again just goes to show that putting that much faith in contractors maybe isn’t such a hot idea.

DJI Had a Pretty Bad Security Set-Up For Years

Popular drone manufacturer DJI kept a copy of the private key for the HTTPS certificate for its site on GitHub, fully viewable, for as long as four years, according to security researcher Kevin Finisterre. The company also left its AWS credentials exposed. The full effect: Not only could hackers use the HTTPS certificate key to pull off man in the middle attacks, they could have found personal info of DJI customers in the cloud. Not ideal! DJI told The Register that they’ve hired an outside firm to help manage the situation.

Yet Another Reason to Worry About Antivirus Software

Antivirus software gets a bad rap sometimes, although not for no reason. Giving any program that much access to your computer exposes you to all kinds of potential calamities. One researcher has found a new example of AV’s issues, a vulnerability he calls AVGater. The way it works: Compromise an AV program, have it quarantine a bit of malicious code, then put that code somewhere it doesn’t belong. The researcher, Florian Bogner, says that about a dozen popular antivirus programs were subject to the attack, which he used to get local admin privileges. Several antivirus vendors have already fixed the vulnerability, but Bogner says he’s found seven more that are affected that haven’t yet worked through a fix.
 
100,000-strong botnet built on router zero-day could strike at any time
New strain of Mirai is sophisticated, locked, and loaded.
5 Dec 2017

https://arstechnica.com/information...ilt-on-router-0-day-could-strike-at-any-time/

Attackers have used an advanced new strain of the Mirai Internet-of-things malware to quietly amass an army of 100,000 home routers that could be used at any moment to wage Internet-paralyzing attacks, a researcher warned Monday.

Botnet operators have been regularly releasing new versions of Mirai since the source code was openly published 14 months ago. Usually, the new versions contain minor tweaks, many of which contain amateur mistakes that prevent the new releases from having the punch of the original Mirai, which played a key role in a series of distributed denial-of-service attacks that debilitated or temporarily took down Twitter, GitHub, the PlayStation Network and other key Internet services.
 
100,000-strong botnet built on router zero-day could strike at any time

That's all fine and dandy, but bears little relevance to the self-driving vehicle discussion.
None of the vehicles are sitting on internet accessible IPs.
Most (well architected) telematics devices are configured with RFC 1918 virtual, non-publicly routable, IPs.

You can't DOS what you can't ping!
:wink:

a
 
Ah, the self driving vehicle topic brings this to mind,
The second question we need to ask is whether the “decisions” presented in experimental ethical hypotheticals are even possible. (Spoiler alert: I don’t believe they are.) To begin, these hypotheticals assume that there would ever be a situation in which we, as human drivers, would be forced to decide between such mutually horrendous alternatives. The fact of the matter is, even if such a situation did arise, we would not have the time to decide anything.

The most convincing reason for this conclusion lies not under the hood of a computer, but on the wheels of the car itself: The brakes. The simple fact is that if we have enough time to weigh a complex moral dilemma requiring such considerations as utilitarian cost-benefit analysis, competing interests of the ego and justice, the Golden Rule and, ultimately life and death, and then to act affirmatively and precisely on our rationally begotten conclusion, we certainly have more than enough time to slam on the brakes and bring the car to a halt. So what does this mean?

Given that it only takes a few seconds or less for a car to come to a complete stop at normal driving speeds, the result is that any hypothetical that eliminates braking as a viable option will almost certainly eliminate the possibility of a decision based on a rational calculation of values.

https://techcrunch.com/2015/11/23/the-myth-of-autonomous-vehicles-new-craze-ethical-algorithms/
 
Nice article. As I've said before, this will be an issue primarily during the transition to ONLY automated vehicles when there are still fallible human drivers on the road. Sans hacking, a well designed, fully automated transportation network will be much safer than one with humans behind the wheels.

Unfortunately, no matter how infrequent such ethical dilemmas for automated vehicles might be during that transition, as I've also said, the truthful warning which will not be voluntarily given by manufacturers, "NOTE: This vehicle will sacrifice you without your consent", will still be the psychological barrier for many even though they should instead realize the odds of the problem arising, especially as the more fallible human drivers are removed from the roads, are much lower than they would be with all human drivers on the road. Also, in another means of transport, flying on an airline, we also hand over the responsibility for protecting our lives to others.

However, when it comes to malicious hacking, already vast and growing avenues to potentially deadly disruptions are possible. This will only get worse as we become more networked and automated and not even close to enough is being done to prevent this because, as I've said, security costs money but doesn't make much money, so there's inadequate incentive as long as there aren't MASSIVE financial and legal penalties for security carelessness leading to breaches. For instance, the Equifax breach SHOULD have lead to Equifax being sued out of existence, but it hasn't and probably won't if the history of such things is a guide.
 
From just today by a tech savvy blogger who has the same opinion as mine on the security vulnerabilities of STUPID conveniences and the resulting cost/benefit of same:

I Told You So! (Car Theft)

"They didn’t have to break anything to enter the sedan they were stealing, but a couple of car crooks caught on camera were gone in less than 60 seconds anyway.

West Midlands Police in the United Kingdom have released security footage of two thieves using so-called ‘relay devices’ to rob a Mercedes-Benz S-Class equipped with a proximity key from a driveway."

And what did I point out years ago? This very same thing. I wrote on it again in 2016.

In the context of my Mazda when I bought it I noted that I had explicitly rejected the "up-trim" model that had this "feature" because when the first versions of this started to appear it was obvious to me at the time that they made car theft trivially easy.

All the thief has to do is follow you into the shopping mall and get within a few feet of you (which in a crowded mall you probably won't detect) while his or her buddy with a radio linked to the one in his pocket stands next to your car door. That other person's coil picks up your car "interrogating" a possible key which is relayed to the guy in the mall and thus to your key, which responds because it is receiving a legitimate signal.

The guy standing next to the door thus hears it unlock, gets in and starts the car since the car thinks the key is inside with the thief! There is no evidence left behind when you come out and find your car gone -- no forced entry, no broken glass, nothing.

There is absolutely nothing that you can do about this if you have one of these "keyless, no-touch" key systems on your vehicle because the key itself is being interrogated and responds; the thief is not "hacking" anything. Digitally-encoded low-power radios with a half-mile or more of range in a band that is perfectly legal to use are not hard to come by and if you're stealing cars you probably don't care much if you're breaking some little law on which band (or power levels) your radios work with anyway.

The "push button to unlock" fob is immune to this because it produces no signal until you press the button. So is an ignition where you must first insert and rotate a key. Sure, you can break the ignition lock and smash a window but both leave evidence. Combined together push-button start and no-touch entry make theft trivial and since the reward for doing it is thousands (at the chop shop) it's well worth the "investment" for car thieves to buy and use the gear to exploit this.

Pushing a button or turning a key takes no more than 1/2 second of thought and action. Instead, for alleged "convenience", you may as well leave the damn key in the ignition and the doors unlocked!

Idiocy. It's what's sold worldwide, and especially here in the United States. If you were dumb enough to have both push-button start and "no-touch" entry may your comprehensive (theft) insurance cost triple.


Security camera video:

Watch: Gone in 60 seconds - car thieves steal pricey motor without using a key

https://www.coventrytelegraph.net/news/car-theft-without-key-relay-13956130

Earlier incident using same vulnerability:

https://www.dailymail.co.uk/news/ar...ght-CCTV-hacking-Mercedes-couple-s-drive.html

3F5B6B1500000578-4420786-image-m-25_1492557009897.jpg
 
From just today by a tech savvy blogger who has the same opinion as mine on the security vulnerabilities of STUPID conveniences and the resulting cost/benefit of same:

I Told You So! (Car Theft)

"They didn’t have to break anything to enter the sedan they were stealing, but a couple of car crooks caught on camera were gone in less than 60 seconds anyway.

West Midlands Police in the United Kingdom have released security footage of two thieves using so-called ‘relay devices’ to rob a Mercedes-Benz S-Class equipped with a proximity key from a driveway."

And what did I point out years ago? This very same thing. I wrote on it again in 2016.

In the context of my Mazda when I bought it I noted that I had explicitly rejected the "up-trim" model that had this "feature" because when the first versions of this started to appear it was obvious to me at the time that they made car theft trivially easy.

All the thief has to do is follow you into the shopping mall and get within a few feet of you (which in a crowded mall you probably won't detect) while his or her buddy with a radio linked to the one in his pocket stands next to your car door. That other person's coil picks up your car "interrogating" a possible key which is relayed to the guy in the mall and thus to your key, which responds because it is receiving a legitimate signal.

The guy standing next to the door thus hears it unlock, gets in and starts the car since the car thinks the key is inside with the thief! There is no evidence left behind when you come out and find your car gone -- no forced entry, no broken glass, nothing.

There is absolutely nothing that you can do about this if you have one of these "keyless, no-touch" key systems on your vehicle because the key itself is being interrogated and responds; the thief is not "hacking" anything. Digitally-encoded low-power radios with a half-mile or more of range in a band that is perfectly legal to use are not hard to come by and if you're stealing cars you probably don't care much if you're breaking some little law on which band (or power levels) your radios work with anyway.

The "push button to unlock" fob is immune to this because it produces no signal until you press the button. So is an ignition where you must first insert and rotate a key. Sure, you can break the ignition lock and smash a window but both leave evidence. Combined together push-button start and no-touch entry make theft trivial and since the reward for doing it is thousands (at the chop shop) it's well worth the "investment" for car thieves to buy and use the gear to exploit this.

Pushing a button or turning a key takes no more than 1/2 second of thought and action. Instead, for alleged "convenience", you may as well leave the damn key in the ignition and the doors unlocked!

Idiocy. It's what's sold worldwide, and especially here in the United States. If you were dumb enough to have both push-button start and "no-touch" entry may your comprehensive (theft) insurance cost triple.


Security camera video:

Watch: Gone in 60 seconds - car thieves steal pricey motor without using a key

https://www.coventrytelegraph.net/news/car-theft-without-key-relay-13956130

Earlier incident using same vulnerability:

https://www.dailymail.co.uk/news/ar...ght-CCTV-hacking-Mercedes-couple-s-drive.html

3F5B6B1500000578-4420786-image-m-25_1492557009897.jpg

Do you have padlocks fastened with separate hasps and staples, five or more tumblers, case-hardened shackles of at least ⅜-inch diameter, and protected with ¼-inch thick steel hoods in differently-keyed pairs on every door you own?

If not you are practically inviting thieves into your home as all they have to do is wait for you to leave and then pick your INFERIOR front door in less than 30s using tools costing not more than $10
 
Last edited:
Do you have padlocks fastened with separate hasps and staples, five or more tumblers, case-hardened shackles of at least ⅜-inch diameter, and protected with ¼-inch thick steel hoods in differently-keyed pairs on every door you own?

If not you are practically inviting thieves into your home as all they have to do is wait for you to leave and then pick your INFERIOR front door in less than 30s using tools costing not more than $10
LOUSY analogy as they don't know what I have inside, whereas with an expensive car sitting on the driveway they do with the added benefit that what they want to steal is self-mobile. Also, you entirely miss my PRIMARY point now made multiple times on the potential hacking vulnerability COST vs BENEFIT of technologically hackable STUPID conveniences. NOTHING is 100% secure, it's simply stupid to made things even LESS secure for the sake of some stupid, trivial convenience.
 
LOUSY analogy as they don't know what I have inside, whereas with an expensive car sitting on the driveway they do with the added benefit that what they want to steal is self-mobile. Also, you entirely miss my point now made multiple times on the potential hacking vulnerability COST vs BENEFIT of technologically hackable STUPID conveniences. NOTHING is 100% secure, it's simply stupid to made things even LESS secure for the sake of some stupid, trivial convenience.

No, I hear your point. Choices you make are correct, other people making different choices are IDIOTS. New things are BAD and cannot be FIXED.

The only secure computer is one that's left off in a sealed room. Everything else is, as you correctly point out, a tradeoff between usability and security. Most new things are about as secure as most old things: not very.
 
No, I hear your point. Choices you make are correct, other people making different choices are IDIOTS. New things are BAD and cannot be FIXED.
No and no. In my opinion the term would be "foolish" and on the second part, not ALL new things (once again, note my point about cost/benefit tradeoffs).

The big problem is that too many people don't realise what security tradeoffs they're making because they're not tech savvy enough to foresee potential, serious security issues obvious to those who are tech savvy. You certainly can't count on the corporation's using these "features" to sell things to you to tell you.

Actually, being part of a vast group of tech-vulnerable consumers is your best protection. In cases where the hacks must be specifically targeted as with the car theft, there are so many targets that your chance of being one of them is tiny - the advantage of herds.
 
When I get into a fully autonomous vehicle and tell it to go to the launch site at Black Rock will it go there?
No roads for miles, obstacles to avoid, like mud.
 
When I get into a fully autonomous vehicle and tell it to go to the launch site at Black Rock will it go there? No roads for miles, obstacles to avoid, like mud.
Great question. I assume it would look up the destination and go to that lat/lon, but how would it to not take you down an impossible to traverse route. Even the latest satellite photos of the terrain if analyzed by capable AI, photos which are not updated that regularly, could miss some dry wash or something else which had changed since the last photo.

Vehicles with human driving capability will need to be sold long after all other vehicles are automated if the off-road driving sport is to remain in existence.
 
A prototype of the new Amazon TCD (Trivial Convenience Device). Camera and microphone extra... but required:

jolwv1z-imgur.gif
 
The question about driving to the desert made me think of this: Automatic transmissions are so established that they are now ubiquitous and those of us who drive manuals are increasingly rare. But even though automatic transmissions are a mature technology, I have a switch on my steering column so that I can “tell” my Explorer when there’s a trailer attached to its back end.

I suspect that self driving vehicles will be like that for a long time, “generally” autonomous, but enough special cases (like driving off road, pulling trailers, avoiding unexpected detours or accidents, foul weather, etc.) will still, at least occasionally, require a human being “at the helm.”


Sent from my iPhone using Rocketry Forum
 
Those damned Russians!

Research shows Russian hackers could be behind the Mirai botnet
12 Oct 2016

https://www.itsecurityguru.org/2016...ian-hackers-could-be-behind-the-mirai-botnet/

Record IoT DDoS attacks raise bar for defenders
Here’s why to expect more gigantic DDoS attacks
12 Oct 2016

https://www.networkworld.com/articl...iot-ddos-attacks-raise-bar-for-defenders.html

Who’s behind it?

“One of the most interesting things revealed by the code was a hardcoded list of IPs Mirai bots are programmed to avoid when performing their IP scans,” Imperva says. Those include the U.S. Department of Defense, the U.S. Post Office, HP, GE and the Internet Assigned Numbers Authority.

That leads the Imperva researchers to speculate that the creators of the malware are naïvely trying to avoid attention by eliminating those IP ranges, then following up by using it to launch one of the most scrutinized attacks ever. “Together these paint a picture of a skilled, yet not particularly experienced, coder who might be a bit over his head,” they write, but not a veteran cyber criminal.

The code uses English for its command and control interface but also contains strings in Russian. “This opens the door for speculation about the code’s origin, serving as a clue that Mirai was developed by Russian hackers or—at least—a group of hackers, some of whom were of Russian origin,” they write.


Who Shut Down the Internet Friday?
21 Oct 2016

https://www.nbcnews.com/news/us-news/who-shut-down-u-s-internet-friday-n671011

Cyber experts and intelligence officials told NBC News it was too early to determine who was responsible for the cyber attacks that caused massive internet outages across the U.S. Friday, with some saying their analysis pointed to Russia and others saying it could just be “internet vandalism.”

A senior intelligence official told NBC News that the current government assessment is that the attacks were a “classic case of internet vandalism,” and did not appear to be state-sponsored or directed.

But two other senior intelligence officials told NBC News that while forensics on the attacks are far from complete, initial analysis points to the attacks being “Russian in origin” –- based on the methods and magnitude.

The Russian intelligence agency known as FSB enlisted Russian cybercriminals in 2008 to mount a similar cyberattack on the Republic of Georgia. Eight years later, there are far more devices hooked up to the internet, and available to be used in bot-nets for DDoS attacks.

“This is the Georgia attack on steroids,” said an intelligence official. South Korea, India, Spain, Brazil and the U.K. also experienced major outages Friday.

Shawn Henry, chief security officer of the cybersecurity firm Crowdstrike, expressed caution about blaming Russians. He said many possible explanations were circulating around the internet Friday. He didn’t rule out Russian involvement, but said it was “very, very early” to determine responsibility.

Henry said what was most ominous about the attacks is that they reveal that the U.S. is seriously vulnerable to cyber attack: “This demonstrates the fragility of the network and infrastructure.”


Oh, wait:

How a (U.S.) Dorm Room Minecraft Scam Brought Down the Internet
13 Dec 2017

https://www.wired.com/story/mirai-b...rought-down-the-internet/?mbid=social_twitter

The new malware scanned the internet for dozens of different IoT devices that still used the manufacturers’ default security setting. Since most users rarely change default usernames or passwords, it quickly grew into a powerful assembly of weaponized electronics, almost all of which had been hijacked without their owners’ knowledge.

“The security industry was really not aware of this threat until about mid-September. Everyone was playing catch-up,” Peterson says. “It’s really powerful—they figured out how to stitch together multiple exploits with multiple processors. They crossed the artificial threshold of 100,000 bots that others had really struggled with.”

It didn’t take long for the incident to go from vague rumblings to global red alert.

Mirai shocked the internet—and its own creators, according to the FBI—with its power as it grew. Researchers later determined that it infected nearly 65,000 devices in its first 20 hours, doubling in size every 76 minutes, and ultimately built a sustained strength of between 200,000 and 300,000 infections.

“These kids are super smart, but they didn’t do anything high level—they just had a good idea,” the FBI’s Walton says. “It’s the most successful IoT botnet we’ve ever seen—and a sign that computer crime isn’t just about desktops anymore.”


(U.S.) Mirai IoT Botnet Co-Authors Plead Guilty
13 Dec 2017

https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/

...Jha and White primarily used their botnet to target online gaming servers — particularly those tied to the hugely popular game Minecraft. Around the same time as the attack on my site, French hosting provider OVH was hit with a much larger attack from the same Mirai botnet (see image above), and the CTO of OVH confirmed that the target of that attack was a Minecraft server hosted on his company’s network.

My January 2017 investigation also cited evidence and quotes from associates of Jha who said they suspected he was responsible for a series of DDoS attacks against Rutgers University: During the same year that Jha began studying at the university for a bachelor’s degree in computer science, the school’s servers came under repeated, massive attacks from Mirai.
 
So Much For Whitehouse Security - And Yours
15 Jan 2018 - Karl Denninger (software author of HomeDaemon-MCP, The Future of SECURE Household Control; https://homedaemon.net/ )

If you had any pretense that the United States, including high officials in the government are not completely ****ed in the head to the point of abject stupidity when it comes to security matters you don't need to look at Hillary and the willful non-prosecution of her felonious behavior.

You need only look at Sarah Sanders.

"White House Press Secretary Sarah Sanders took to Twitter to call out Amazon after her young son inadvertently ordered an $80 toy using the the company's Echo device.

'Alexa, we have a problem if my 2 year old can order a Batman toy by yelling "Batman!" over and over again into the Echo,' Sanders tweeted on Sunday."

Oh really?

So let me see if I get this right.

The White House Press Secretary has a spying device with an always-on microphone in her home and in fact it is connected and working. A device she willingly and intentionally paid for.

Said spying device allegedly "ordered" an $80 toy because her child spoke a series of words.

The outrage, of course, is that the device ordered an $80 toy.

The idiocy is not that said device ordered an $80 toy.

The idiocy is that anyone in this country, much less anyone with access to sensitive information of any sort, whether of government importance or just personal private importance, would place such a device in their house.

I'm sure that in just two short weeks we'll hear that Amazon sold "millions" of Echos this holiday season. I'm sure we'll hear how "smart" Amazon and Jeff Bezos are for doing that.

And I'm sure you will still have yours, you won't throw it in the trash where it belongs.

"You" collectively, America, all the way up the line to our White House Press Secretary, have knowingly brought a spying device into your house where by its very nature it must listen to everything that happens within range of its microphone. What's even better is that you paid for this thing.
 
"You" collectively, America, all the way up the line to our White House Press Secretary, have knowingly brought a spying device into your house where by its very nature it must listen to everything that happens within range of its microphone. What's even better is that you paid for this thing.

Spying? On us?
That would be stuff like our family debating what to have for dinner.
Some nights I'd be happy if a dude came onto Alexa and said, "Man, I can't stand hearing you guys go back and forth on this—order pizza, for god's sake."
 
Spying? On us?
That would be stuff like our family debating what to have for dinner.
Some nights I'd be happy if a dude came onto Alexa and said, "Man, I can't stand hearing you guys go back and forth on this—order pizza, for god's sake."
All for the sake of targeted ads and whatever can be illegally hacked from their vast cloud of personal data (or legally obtained by governments).

Minority Report targeted ads (?), just not with what appeared to be the implied retina scans in the movie:

A Google app that matches your face to artwork is wildly popular. It’s also raising privacy concerns.

https://www.washingtonpost.com/news...dly-popular-its-also-raising-privacy-concerns

Karl Denninger on same:

The Latest Google Scheme

"Google's Arts & Culture app was first launched in 2016, offering "virtual access" to some of the most famous art collections in the world, and many stories about arts and culture from around the world. The latest update of the app, however, makes use of Google's extensive knowledge of machine-learning-based facial recognition, and the front camera of your smartphone, to find your fine art doppelganger... just 'cause. The new feature lets you record a selfie and receive a list of portrait artworks your self-portrait resembles. While the user interface is extremely simple, Google is using highly sophisticated facial recognition algorithms to compare your facial characteristics to the portraits among the 70,000+ works of art in its Google Art Project database."

Uh huh. Note that this is not available in many other nations.

Why not in, for example, the EU?

Because the EU now has a data protection law that prohibits retention and abuse of personal information and thus such an "app" unless it protects your private data such as your face, while it has it, and then deletes it, is illegal.

So do you really think this is about the virally-taken up "purpose" allegedly put forward -- to be the "fun source" of comparing your mug to that of portrait artworks? Google is really going to expend the storage, transmission and compute resources to do this "for you" for no revenue-generating purpose for them whatsoever?

BULL****!

The most-likely and obvious actual purpose to build a facial recognition database of everyone in the country both for Google's and the government's use for whatever the hell they want so that they can sell that to anyone with a camera pointing anywhere, instantly identifying you no matter where you go anywhere in public or, for that matter, in private homes and businesses.

Google claims it won't store or use the photo for any other purpose but what recourse will you have if it is later discovered they're lying? Let's remember that Google has recently been caught lying when it comes to Android location data; even though you had it shut off they were collecting your location through both visible WiFi networks and cell location data and using it.

Did they face any sanction whatsoever for being caught in that lie? Did anyone go to prison for lying, or was the company even fined and forced to disgorge any (say much less all) of the value they obtained therein back to the consumers who had their location data collected while they had it explicitly turned off on their phone?

NO.
 


....
The most-likely and obvious actual purpose to build a facial recognition database of everyone in the country both for Google's and the government's use for whatever the hell they want so that they can sell that to anyone with a camera pointing anywhere, instantly identifying you no matter where you go anywhere in public or, for that matter, in private homes and businesses.

....



So that's how SHIELD did it in Winter Soldier and Agents of SHIELD.
 
So that's how SHIELD did it in Winter Soldier and Agents of SHIELD.
Yeah, probably not of much concern in your lifetime, maybe just for your kids if you have any.

As slimebag Snowden said, we've set up and are continuing to set up a "turnkey tyranny", a system whose capabilities for illegal use are restrained only by the good intentions of those who use it and by a perhaps temporary lack of financial or military incentive to hack it.

In these most recent cases I've posted here, we're installing it ourselves for the sake of TRIVIAL conveniences and amusements. We've already seen grossly unequal application of justice at high levels versus lower levels in our two-tiered justice system, so the warning signs of lawlessness with no consequences should be obvious.

On Congressional "oversight":

In 2007, reporter Charles Davis asked then-Chairman of the Senate Intelligence committee – Jay Rockefeller – about clandestine U.S. operations against a foreign government.

DAVIS: Reports quote administration officials as saying this is going on and it’s being done in a way to avoid oversight of the Intelligence Committee. Is there any way...

ROCKEFELLER: They’ll go to any lengths to do that, as we’ve seen in the last two days [during hearings on FISA].

DAVIS: Is there anything you could do in your position as Chairman of the Intelligence Committee to find answers about this, if it is in fact going on?

ROCKEFELLER: Don’t you understand the way Intelligence works? Do you think that because I’m Chairman of the Intelligence Committee that I just say I want it, and they give it to me? They control it. All of it. ALL of it. ALL THE TIME. I only get – and my committee only gets – what they WANT to give me.


Recording of last part of the above:

https://www.tinyrevolution.com/mt/mt-static/images/Rockefeller.mp3
 
Cue the meme:

60's: "The government is trying to wiretap our homes!"

2'10's: "Hey wiretap, can cats eat pancakes?"
 
Why would Google need to mine their esoteric Arts and Culture app for face shots? All they have to do is look at your address book. If you don't have a face shot on your profile, at least one person with you in their contacts list probably HAS done. And failing that they could mine LinkedIn, FaceBook , or since they are acting criminally in this scenario, just snap a pic from your phone directly.

I have used the Art and Culture app to do the art search, and what I'm most offended by is that it came back comparing ME --a die-hard liberal-- with a portrait of Ronald Reagan. Not cool! 🤤

And I also don't that just because Google has info on me, that this equates to a tyrannical government access to it.
 
Why would Google need to mine their esoteric Arts and Culture app for face shots? All they have to do is look at your address book. If you don't have a face shot on your profile, at least one person with you in their contacts list probably HAS done. And failing that they could mine LinkedIn, FaceBook , or since they are acting criminally in this scenario, just snap a pic from your phone directly.

Hell, Facebook has plenty of photos, so does Twitter, so there's more than just Google acquiring all sorts of potential Minority Report data. Complete personal privacy is mostly over even for people who resist by not voluntarily contributing to it, it just amuses me how so many people contribute so much data to "the cloud" so willingly never giving it a second thought.

And I also don't that just because Google has info on me, that this equates to a tyrannical government access to it.

It doesn't "equate" to anything other than a potential for misuse and we can't say that there haven't been previous examples. The example data linked to below are extreme worst case examples which are unlikely to happen here, but milder forms of abuse are possible (BTW, we are about to witness an expose' of such and if there is any justice left at high levels in this country, severe legal consequences for those involved will result, just as soon as the current government shutdown news probably meant to obscure the impact of this news is resolved. Wikileaks has offered 1 million dollars in bitcoin for the related document generated from the multiple government investigations involved. This it not nutty Alex Jones stuff and I've been following it for months on a web site of true investigative reporters who have been brilliantly piecing it together in excruciating detail, examining the correlated reasons behind various firings and other seemingly innocuous events hitting the news. Their correlation of facts has already made very clear what is almost certainly in the document that Wikileaks wants so badly.)

Death by Government: Genocide and Mass Murder Since 1900

https://www.amazon.com/dp/1560009276/?tag=skimlinks_replacement-20

Data:

https://www.hawaii.edu/powerkills/CHARNY.CHAP.HTM

Table:

https://www.hawaii.edu/powerkills/SOD.TAB16A.1.GIF

"Let's start with a number: 262 million. That's the number of unarmed people the late Prof. R. J. Rummel estimated governments murdered in mass killings he termed "democide" during the 20th century. "This democide murdered 6 times more people than died in combat in all the foreign and internal wars of the century," he wrote.

Unsurprisingly, the bloodiest body count was run up by totalitarian regimes, though authoritarians were busy stacking up the corpses, too, if in smaller piles. Democracies were also responsible for unjustifiable deaths, especially in subduing resistance in their colonial possessions (think: Belgian Congo) and in indiscriminate bombing of civilian targets during wars (think: Hiroshima), but to a far lesser degree than Communists, Nazis, and overdecorated generalissimos."
 
Last edited by a moderator:
Back
Top