* Posts by Wim Ton

56 posts • joined 24 Oct 2008

Page:

A real loch mess: Navy larks sunk by a truculent torpedo

Wim Ton
FAIL

Re: At least the O-ring wasn't frozen this time...

Another O ring story: I worked for an oilwell service company. The instruments were housed in steel (or titanium) tubes, joined with union nuts. All the instruments had 2 60 mm O-rings to seal the joint, except one joint on one instrument used a 59 mm O-ring.

One day the inevitable happened, the 2 sized were swapped (they are hard to distinguish visually). Everything went fine till about 3 km below the surface. Then the signal disappeared. When retreiving the instruments, they were filled with water and all transistors and relays were completely flattened by the 300 bar pressure.

It is unclear why something designed to pump fuel into a car needs an ad-spewing computer strapped to it, but here we are

Wim Ton
FAIL

Re: "paymant cared"

Probably, the software contract was awarded to the lowest bidder from India.

It's time to track people's smartphones to ensure they self-isolate during this global pandemic, says WHO boffin

Wim Ton
Coat

Re: But I don't have a so-called "smart" phone.

Are you allowed to leave the house without a mobile phone?

What do a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They'll swallow any old firmware, legit or saddled with malware

Wim Ton

Re: Reality

You only need to check a signature when activating an update, in which case a few seconds more or less hardly matter. After that, a CRC is fine to check for memory errors. Yes, I know you can change the FW to fit the CRC, but if you can change the memory you can also completely disable the check.

What's the German word for stalling technology rollouts over health fears? Cos that plus 5G equals Switzerland

Wim Ton
Trollface

<sarcasm>It is a well known fact that only the radiation of devices that you buy yourself is harmless</sarcasm>

Internet of crap (encryption): IoT gear is generating easy-to-crack keys

Wim Ton

Re: The embedded gear is often based on very low-power hardware

That is why we (as an IoT manufacturer) inject externally generated key pairs during personalization. We use one of the Gemalto boxes as RNG.

Accept certain inalienable truths: Prices will rise, politicians will philander... And US voting machines will be physically insecure

Wim Ton

Why tamper with the voting machines

In the USA the fraud starts before the election; changing district boundaries to optimize voter distribution for the ruling party a.k.a. Gerrymandering.

Preventing voters that may vote for the wrong party from registering.

You go that way, we'll go Huawei: China Computer Federation kicks back at IEEE in tit-for-tat spat

Wim Ton

Re: Yay more standards

How about Switzerland? They are home to some international organizations already.

Enough about me, why do you hate Kaspersky so much? Revealed: Insp Clouseau-esque bid to smear critics as shills

Wim Ton

Jamal Khashoggi was murdered in Turkey.

Security storm brewing for Oracle Java-powered smart cards: More than a dirty dozen flaws found, fixes... er, any fixes?

Wim Ton

"a malicious applet has to be loaded into the card" Most Java Cards need a signature from the "issuer domain" to load an applet.

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid

Wim Ton

Re: what?

Grid operators require remote control of large PV installations. However, if a miscreant manages to suddenly add or remove about 30 MW in a limited area, he could cause serious instability, up to a black out.,

Germany tells America to verpissen off over Huawei 5G cyber-Sicherheitsbedenken

Wim Ton

Re: I've asked the same old question time and time again.

If they would tell, they would give away too much information about their own capabilities.

Reliable system was so reliable, no one noticed its licence had expired... until it was too late

Wim Ton

Re: Remember Y2K?

If you wan to save memory space, you use a byte for the year. That would even outlast the *nix roll over.

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Wim Ton
Mushroom

Re: USB bricker?

Stick the suspicious device in a cheap hub. Frying a 10£ hub is preferred to frying a motherboard.

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts

Wim Ton

Re: "End-to-end encryption" isn't?

Depends how you define "end" :-)

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity

Wim Ton

More scientists on banknote.

A previous generation of Swiss banknotes had Euler and Bernouilly on them.

https://en.wikipedia.org/wiki/Leonhard_Euler

https://en.wikipedia.org/wiki/Daniel_Bernoulli

who both wear wigs :-)

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge

Wim Ton

In the US, the fraud takes place before the election: meddling with district boundaries and trying to exclude people that could vote for the wrong candidate.

Ugh, of course Germany trounces Blighty for cyber security salaries

Wim Ton

Re: Switzerland

The parliament watered down the result of the referendum enough to avoid economic damage and to avoid to annoy the EU.

Fridge killed my baby? Mag-field radiation from household stuff 'boosts miscarriage risk'

Wim Ton

Re: MF - EMF

According to Wikipedia, the earth magnetic field is between 250 and 650 mG.

Admitted, rather constant.

We need to talk about mathematical backdoors in encryption algorithms

Wim Ton

Re: Layered encryption

The other reason was, that it was not known at the time if DES was a group, so encrypting 3 times with 3 different keys would be equivalent to encrypting once with a different key.

Wim Ton

Re: Layered encryption

Not exactly "terminally compromised". You need 2^47 chosen plaintext-ciphertext pairs to achieve this.

Russia could chop vital undersea web cables, warns Brit military chief

Wim Ton

Re: "Can you imagine a scenario where those cables are cut or disrupted?"

In the early hours of 5 August 1914, only a few hours after war was declared, Britain carried out something that seemed to be minor, but was actually vital. A British cable ship severed five German overseas underwater cables, which passed from Emden through the English Channel to Vigo, Tenerife, the Azores and the USA

This cut direct German communications to outside Europe, most significantly to the United States. The British could now intercept German signals to their embassies. They were sent in code, but British codebreakers were eventually able to read them.

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Wim Ton

Not exactly new:

http://www.heise.de/imgs/18/1/4/9/3/2/0/8/gross-5ef9ea01a8d439d3.jpeg

You forgot that you hired me and now you're saying it's my fault?

Wim Ton

Re: Ah, memories.

The Shell department where I worked had one of these in the big meeting room. It was nicknamed "the video cannon".

Smart meter firm EDMI asked UK for £7m to change a single component

Wim Ton

Re: That doesn't sound ridiculous

868 MHz Zigbee has a lower bandwidth and duty cycle than the 2.4 GHz version, so the application might have to be adapted as well

Wim Ton

Meter reading

"Smart" Water (and gas) meters run on a battery and send their readings with a simple radio protocol.The trick is that the radio sleeps most of the time to achieve a 10 years battery life.

For a nicer display, one can use the "In-home display".So no need to crawl under the stairs.

Ordinary punters will get squat from smart meters, reckons report

Wim Ton

Re: Can you switcj on/off via the keypad?

The supplier cannot switch on remotely for safety reasons. The command is "enable switch on by the consumer".

Furthermore,if the meter's switch is not certified as a safety device, an appropriate warning is printed on the meter.

US standards lab says SMS is no good for authentication

Wim Ton

Re: Good riddance

I can still get a piece of paper mailed with one-time transaction codes.

As US court bans smart meter blueprints from public, sysadmin tells of fight for security info

Wim Ton

Less than 6 Watts (legal limit) In practice about 1.5 Watts. Not metered, but paid by you through a different path.

Wim Ton

Re: I thought I recognized "Sensus"... We have met the enemy and he is (Sens)us

It is an option but costs more. Up to the utility to decide if it is worth the investment.

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto

Wim Ton

Re: Side channel attacks

This was also called "Traffic Analysis".

IBM pimps Watson out to Hilton robot for concierge duty

Wim Ton

Sounds like the fate of poor Marvin; a brain that can beat any human at chess, go and Jeopardy and work as a hotel concierge.

Cisco: Businesses are losing the ground war against hackers

Wim Ton

Perimeter defense

Perimeter defense is still necessary, but don't count on it alone.

Hacker predicts AMEX card numbers, bypasses chip and PIN

Wim Ton

Re: Is there anywhere in the UK that still allows just using the magnetic strip?

AFAIR, in Switzerland, payment processors charge a higher fee for magstripe transactions than for chip & PIN because of the risk, so the merchant has an interest to use chip & PIN.

In the Netherlands, most magstripe reader slots in are blocked to prevent mistakes.

Home routers co-opted into self-sustaining DDoS botnet

Wim Ton

Re: Class action?

Adding individual passwords on a mass produced product surely will increase the cost. You need an extra printing station on the assembly line to print it on the case or the logistic process to put the paper with the password in the same box as the matching router.

Spotty solar power management platform could crash the grid

Wim Ton

Reporting

When solar power is fed to the grid, the producer gets paid for it. That means that it is measured by a calibrated device like a electricity meter and not some random log device.

Village-swallowing MUDCANO was no accident, say boffins

Wim Ton

In 1965 a whole drilling rig disappeared in a mud outburst in the Netherlands.

see: http://en.wikipedia.org/wiki/'t_Haantje,_Drenthe

Now it gets serious: Fracking could RUIN BEER

Wim Ton

Some remarks:

That Groningen is sinking, is because the gas bearing rock is rather porous (no fracking needed).

Oilfields in the US are generally less deep than in Germany, so closer to the groudwater (Don't know about their gas fields).

(Very) Deep groudwater is often salty (fossil sea water) and undrinkable anyway.

Crap computers in a crap box: Smart-meter blackouts risk to UK

Wim Ton

Re: How much extra leccy does the smart meter use?

About 0.5 Watt

Wim Ton

Re: Use too much Leccy? We will turn you off

The loads to be controlled have an own relais. For example in my house, the boiler, the washing machine and the heap-pump (for floor heating) are separately controlled.

Wim Ton

Re: Use too much Leccy? We will turn you off

The point of load control is that you turn off those loads that won't cause too much inconvenience. If you switch off a boiler or an electric heater for a short time, the effects will be limited.

Wim Ton

Re: Not much to the point for futute meters

The DCC can verify and trothle, but not sign. The whole security architecture is designed to avoid a single point of failure.

Wim Ton

Re: Not much to the point for futute meters

For meters a "Commercial Product Assurance" is planned (see the CESG website for details) Maybe Common Criteria later.

Wim Ton

Not much to the point for futute meters

The article talks about first generation meters obtained on eBay. For the meters to be deployed in the UK, DECC has written some resonably detailed security requirements: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/68898/smart_meters_equipment_technical_spec_version_2.pdf

Some high level requirements:

Compromise of one end device (like a meter) shall not lead to the compromise of other end devices (so no system wide passwords anymore)

Critical commands like switching off the power are digitally signed and subjected to a plausibality check. If a hacked utility tries to switch off all its customers, this will be stopped by the independent Data Communication Company.

PS. I work for a meter manufacturer in case you didn't guess that.

Brits on benefits: 'Dole office site only works on PCs over 10 YEARS OLD'

Wim Ton

CYA?

Maybe they did not have time to test the modern browsers and cover themselves againts complaints?

Like putting the warning "contains nuts" on a bag of peanuts...

Canadian man: I solved WWII WAR HERO pigeon code!

Wim Ton

If a one time pad was used, all plaintexts are equally probable unless you find the key. The sender surely has destroyed his copy after sending, so hope that the intended receiver still has his copy...

Internet Explorer becomes Korean election issue

Wim Ton

Re: @Proud Father

AES was chosen after an international public competion and is designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen)

Americans resort to padlocking their dumb meters

Wim Ton

Re: RF interference

Disconnection is a major concern for the security design.

The idea is to use a digitally signed command for that single meter. Broadcasts are not allowed by design.

Visa approves wireless payment chip

Wim Ton

Speed

I worked on a RFID terminal that could do an EMV transaction within a second. The bottleneck is often the communication with the till.

Dutch twaddle-prof lambasts Google Scholar

Wim Ton

Jose

Yes. The J is pronounced as the J in joke, not like g as in Spanish.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020