46 posts • joined Monday 31st May 2010 16:09 GMT
Re: Every article I've seen about this neglects to mention the most important thing
... and every post I have read about this fails to realise this is a GROUND based attack! You do not need to evade airport security, and you do not need to be on the aircraft. You use a radio transmitter to transmit a message up to the aircraft flying within range of your transmitter.
Re: Does this need a special transmitter?
the attack mentioned is ground based - i.e you do not need to be onboard the aircraft.
Aircraft use a protocol called ACARS to transmit messages between them and operations / head office. They are broadcast over FM radio at 131.55 Mhz, and can be picked up by a typical airband scanner (they are digital, so all you will hear is a series of bleeps), tie that up to a laptop running freely available software and you can read the messages being sent.
The attack involves broadcasting messages back to the plane, so you would need an FM transmitter capable of broadcasting on 131.55 Mhz. It would then be a case of using typical h4x0r methods, such as buffer overflows to exploit weaknesses and inject code into the system.
Re: ADS-B is really good
Yes, i don't understand the ADS-B based hack - as you say it is one way from the aircraft to base stations, and is then used by ATC to plot the location of the aircraft (backed up by radar as well I believe), so the only hack here would be to make ATC think the plane is somewhere other than where it actually is (although this could cause major problems).
The other hack mentions using ACARS, which is a two way communication protocol, used mainly for transmitting messages between aircraft and head office/operations departments. As these messages pass through the FMC (Flight Management Computer), I guess a buffer overflow or similar could be used to take control of the FMC, allowing you to manipulate the flight plan of the aircraft, or perhaps override the GPS data to redirect the aircraft.
I think you misread the previous post, or do not know what TheDailyWTF is (www.thedailywtf.com).
The OP said they will suffer a BSOD and end up being featured on a website, NOT that they would BSOD daily. Granted, more accurate grammar / capitalisation by the OP may have made that point clearer.
1500m Runway - More Than Enough
1500m is a decent length for a runway, and is more than capable of handling most business jets, and most small airliners (although they may be range restricted).
Lanai has a runway length of 1524m. A Gulfstream 5 (one of the larger business jets) requires 1570m for take-off when fully loaded, giving it a range of 5,800 miles. Chop off a few hundred miles of range, or leave behind a suitcase or two, and you'll easily get airborne from that runway.
You'll get an A320/737 off that runway as well, but you'll need to head to one of the larger islands to refuel before continuing to the mainland.
"it's still going to come out of your data allowance"
As others have mentioned, VoIP will only work over WiFi.
However all blackberry users need to pay extra for Blackberry Internet Services, which provides unlimited data for all blackberry services. BBM uses your BIS connection rather than standard data, and if VoIP was to be enabled over the networks, I guess it would too. Also the BBM connection is encrypted I believe, so network operators would be unable to block VoIP if it was enabled (short of blocking all BIS access).
This announcement has me a little confused.
Stuxnet did not target the PLC's directly, this is simply not possible as a PLC does not have an operating system in the conventional sense, but instead can only execute a series of logic statements. Viruses are really not a concern for PLC manufacturers. There may be a risk of a DDoS, but i'm sure the various manufacturers are working continually to eliminate all such risks of this.
What stuxnet did, was spread between laptops used to program these devices, and look for the project files. it would then modify the logic statements in such a way as to cause damage (e.g spin the centrifuges to full speed, then immediately put the motors into reverse without first slowing down.)
So exactly what part of the stack are Kaspersky trying to replace? Their press release words it as if they are trying to replace the software within the PLC's, but this doesn't need replacing, it is secure enough as it is. The only part that needs replacing is the windows laptops used for programming. Surely it would be far easier to just switch to a stripped down version of linux, or QNX for these laptops?
And how exactly do they intend for their operating system to work with existing software? To do this will require a Windows virtual machine, or at least a partial re-implementation of the Windows API.
i'm not sure what kind of curtains you have in your house, but last time I closed my curtains, it was still blindingly obvious that there was a window there. The day I close the curtains and can no longer see where the window used to be then you may have a point, but until then this is a new concept that has not been done before.
Re: I'm all in favour of this but . . .
The carrot on the end of a stick doesn't provide enough energy for the horse to run, but it will still chase it.
It's an incentive, and it seems to work. 26 teams competed to win the Ansari X-Prize, I'm not sure if any of these were trying to launch a man into space prior to the founding of this prize.
Here's my take on what was said - Microsoft is committed to all the technologies in Win8 for the life of Win8. i.e they make no promises they will survive in Win9.
In fairness though, while Microsoft may have went through many database access methods (to use your example), all of them continue to work in Win7.
Re: Isn't this the umbrella law?
Your example is flawed - prices for umbrellas increase when it rains because demand for umbrellas increases. Everyone is still paying the same (inflated) price for them.
A better analogy would be charging someone without a coat more for an umbrella, as they are more likely to need it than someone wearing a raincoat.
The key here is that google are offering different prices to each user, not increasing price based on demand. I'm pretty sure there is plenty of prior art, but this example is not one of them and misses the point of the patent application.
Re: This is evil
@AC: this patent is different to what airlines are doing. In the example of an airline, they will increase the fare based on demand for that flight. As more people book, the fare increases. (well, it's a bit more complicated than that) . the Whitney album pricing is the same - it is based on demand for the item.
What Google has patented, is adjusting the price based on how likely the current visitor is to buy it.
The difference being if you and me both go to book a flight, we will both see the same price, as it is based on demand for the flight. But if we both go to buy something through google, we will see two different prices based on how more likely you are to buy it compared to me. (being based in Scotland you can guarantee I am considered less likely to part with my cash!). therefore they are adjusting the price based on likelyhood of you buying, not based on (overall) demand for the item.
For a while Easyjet used to store a cookie on your machine which saved the details of any flights that you had looked at, and inflated the price if you looked at the same thing twice. This may be considered prior art I guess, but I'm sure the lawyers will word in such a way to make it sound different. I believe this practice is no longer in operation though, at least with easyjet.
Re: redundancy never works at DCs ?
That may be the case, but how many stories are we not seeing where the backups work perfectly and isolate the single failure without interruption?
why not? It's extra work for builders, plumbers, electricians etc. Trickle down economics at its best!
Thank god they have brought back colour to the UI - it's already looking orders of magnitude better than before, just with a few coloured icons.
BUT WHY IS THE MENU BAR SHOUTING AT ME???
UI Design 101 - Lower case letters are easier to read, and colour makes interfaces easier to navigate. Obviously the Microsoft designers missed the first day of UI class...
"So those publications are already available to anybody and everybody for free - you just need an internet connection."
North Korean's do not have internet access, but rather their own internal internet. As such, they will need a locally cached version of the database.
You cant have them accessing the full internet... they might find out that everything they've been told is all lies!
Re: Great Circle Route
The great circle route involves flying over the north poles, which not all aircraft are capable of doing. Only aircraft fitted with a self contained navigation system can fly polar routes, all other forms of navigation system are reliant on magnetism for navigation, which becomes unreliable once you approach the north/south poles.
Searching the Air Canada website, it looks like they use a 777-300ER on the direct flight, but 767-300's from Toronto. The 777 should have no problems, but the 767 cannot fly a polar route. It may be the case that the flight was operated by a 767 when this incident took place.
From the Boeing website:
If an active route takes an airplane over a pole, the preferred mode is lateral navigation with the autopilot engaged. The flight management system (FMS) on the 747 and the 777 are operational in the polar areas with no restrictions. The 757 and 767 flight management computer (FMC) and the 757 and 767 Pegasus FMC are operational to 87 deg north latitude and 87 deg south latitude because of airplane certification restrictions. The MD-11 FMS is considered to be in the polar region when the airplane is above 85 deg north or south latitude. (See “Polar Route Navigation by Airplane Model.”)
As others have mentioned, winds may also have affected the flights route.
yea, I did. On the back of advertisements promising native email coming soon, and the ability to use android apps. With 2.0 scheduled for February, It will be almost a year since I bought it before these things are finally added.
I used to be a blackberry fan, but this coupled with the recent outages of their servers, has really made me consider switching to android...
Further to AC's answer -
bear in mind the control systems themselves are not actually windows based PC's, but rather PLC's. These PLC's are programmed using a PC. The virus infects the PC's that are used to program these devices, then modifies the PLC project file stored on that PC so that the PLC does not run as intended and damages the equipment. This incorrect project code is then later downloaded to the PLC by the engineer unknowingly.
The PLC does not need to be connected to the internet, and often will not be (although sadly not often enough). This unfortunately does not stop infection - instead the PC's used to program the device must never be connected to the internet, in fact the project file must never be stored on a PC that is connected to the internet. Short of providing every employee with two machines, one for email/web access and one for programming, and a server kept on a separate closed network for storing the code, this is difficult and costly to achieve. Besides, up until last year there was never thought to be a risk and therefore a need to do just this.
it's beginning to look more and more like the end of silverlight. I believe Win8 will ship with two versions of IE, one for "desktop mode" and one for Metro - with Metro being the preferred operating mode. The Metro version of IE will not support plugins, therefore either silverlight will be built in as standard, or silverlight is dead.
I suspect it may be the latter...
HTML5 is the future, whether you like it or not...
re: people living in remote areas
Nobody is asking for, or even expecting parity with city dwellers. What is being done is ensuring that those in the country have access to a semi-decent broadband connection. More and more services are moving online, and having a decent connection is becoming essential. If it was left up to market economics, those in the sticks would be stuck using dialup, which is simply not going to be economic in future years. Instead, government funding is being used to upgrade the networks and ensure a decent level of service is available, this will still be a lot slower than what is available in cities.
How do you think they got phone lines, sewerage and on-grid gas in the sticks in the first place? It wasn't due to it being economically viable, that's for sure!
hidden intrinsic value?
There is lots of hidden intrinsic value in facebook - it is starting to become the only www page. When is the last time you saw a commercial for a product on TV that displayed a URL for the product? Every one of them now is "find us on Facebook".
For products or manufacturing companies, the days of having a website to market your products and services is over. Its now all about having a facebook page. As soon as someone "likes" your page, not only do all of their friends see the name of your company, but you now have the user signed up to a mailing list and can advise them on every development or new product you release.
Facebook has long grown beyond being a social network site, it is now one of the biggest gaming platforms on the net, and is becoming a global marketplace for products and services. Just wait till that "Like" button on each product page is joined by a "Buy" button, and that $100bn valuation will look like a bargain.
Re: Those who don't learn History are doomed to repeat it.
maybe not Windows ME, but definitely sounds like Active Desktop part 2...
Re: Sorry, did I read that right? No email client???
"and not many serious web sites require flash"
iPlayer, TVCatchup, YouTube, Hulu... to name just a few. All of which have had to create apps or alternative mobile sites just to work with iPads. PlayBooks support the site by default, without forcing the developers to create a workaround site.
Personally I'd take a machine that supports flash over one that doesnt, so you have the option if you need it. If flash proves to be too big a drain on the battery, simply dont visit flash enabled sites, or disable it via the menu!
Oh, and as for the email client - it is due to be released soon, dont worry.
Re: Some info
It just shows how ill informed the journalist is, and discredits the whole article imho. The Facebook app has been out for weeks, yet this article was apparently published yesterday.
Also makes no mention of the fact angry birds and native email clients will be released shortly...
The Playbook runs on QNX - which is a unix compatible system. Android apps are written in java. Therefore all that is needed to run an android app is java support, which QNX supports,s o getting the apps to work is trivial. However, getting them to the device requires some way of accessing an app store - google at present does not allow the playbook to access the Google App Store (which could easily be fixed via a Playbook client), so instead you need to get them from the Blackberry store. This requires that any developer re-submits their app to Blackberry for inclusion in the store.
I did spend my summer holidays in Pripyat back in 2008... ok it was only a day, but the only thing stopping me from going back for a two week break is the lack of bars, rather than the radiation levels.
You think Pripyat is unsafe? Tell that to the workers at the Chernobyl power plant, which was still operational until 2000, and to this day is still manned 24/7 by crews decomissioning the plant.
Take particular notice of the word "AIRLINE computer", not aircraft! Aircraft systems do indeed run on embedded systems, and not Windows, but the MD80 series of aircraft also dates back to 1980, and I believe still relies on mechanical systems.
Cause of crash
The article mentions the cause of crash - they took off in the middle of summer without flaps and slats set. As aa result they could not achieve enough lift to get off the ground, and quickly ran out of runway, when they did try and lift off, they veered off to the side and crashed.
I believe from reading elsewhere that the horn which should alert pilots to an incorrect takeoff config had been disabled, therefore they were not alerted to the fact they had not lowered the flaps + slats. Having said that, their own checks should have picked this up, but in this case they didnt, and the backup system was disabled.
*WARNING* - Robert Green Virus
*WARNING* A new virus is doing the rounds, dubbed the "Robert Green" Virus. It leaves infected users with the inability to save anything...
I would grab my coat, but its summer, and its actually sunny, so I didnt bring one today.
"NCAR researchers warn that the simulated dye in the water has the same viscosity of water, unlike the oil that is actually spreading through the Gulf of Mexico.
Oil can clump up and moves in different ways"
I just ran a simulation of Gordon Brown competing in the 100m at the 2012 olympics, only to discover he won gold. Of course I used Usain Bolt rather than Gordon in the simulation, and we know they both move in different ways, but still........
Definition Of Irony
Definition Of Irony:
An El Reg commentard that wont buy an Apple product because he objects to Apple dictating what can be installed on the device, while he himself dictates what devices people can bring into his house!
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?