Gas stations are probably considered 'Critical Infrastructure' by the US government as they are part of 'Transportation Systems' infrastructure. Tampering with their computer systems (even just out of curiosity) is probably a bad idea.
The way the legal system works, the safe option is to not do anything with systems that you don't own or have authorization to use.
Like public facing websites that advertise they are meant to have users are pretty safe, but after that, explicit authorization is a good idea vs deciding for yourself whether it might be critical infrastructure.
The point is, if they want someone poking around these systems, they'll contract with them to do that. You should not tamper with them just out of curiosity. Convicted felons have a hard time finding jobs.
Which is nonsense, what was the purpose of punitive action (jail) when a person will be punished for the rest if their life via stigma and ineligibility for jobs. How is that “correcting” a persons behavior?
The punishment isn’t only a punishment for the individual. It’s a deterrent to keep the next person from doing whatever it was that was illegal. You can argue if that’s right or wrong, but that’s one of the points of many sentences — to send a “message” to others who might commit a crime.
“Don’t do crime, but if you do, I guess keep doing crimes forever because we’re going to make it hard for you to get a real job” isn’t really a compelling strategy.
Let’s be clear where the blame sits. The “prison industrial complex” isn’t creating this. Private enterprise is set up to profit from incarceration rates and thus recidivism, but the reason that people can’t get jobs after they finish their sentence is the fault of all of us. Every company that refuses to hire somebody with a record is contributing to the problem, as is every person who looks down on somebody for having been incarcerated.
This is pretty intensely reductive of the actual state of the world. It only works if all people are competing for all jobs, which they are not.
To pick a boring example, see the multitude of companies complaining about labor shortages and also the number of felons who are struggling to find jobs.
We could also argue whether it is effective or ineffective. I understand the incentive being introduced, to tip the scales in a rational decision-making process against a criminal act. However, that assumes that criminal acts are the result of a rational decision-making process, and that the possibility of punishment is high enough to enter into that process. Given the recidivism rate of the US, I don't think it is effective.
You can argue whether a punitive system that effectively provides a deterrent is right or wrong, but a punitive system that isn't effective as a deterrent cannot make the same argument.
Once a customer of the penal system, always a customer. They've worked hard to get their retention / repeat business numbers up this high. Why take that away from them?
Okay, I call bullshit. That which can be claimed without evidence can also be refuted without evidence.
That said, if you’re feeling like finding out do heed caution because I’m sure the Man will love to make an example of the first person we figures out how to pump their gas at $0.01 per gallon.
> Okay, I call bullshit. That which can be claimed without evidence can also be refuted without evidence.
Aside from the extreme rudeness, what evidence are you looking for? Do you want GP to attach sensitive or classified pen tests results here in public forum?
Pen tests are a requirement for any vendor doing business with the gov. Check out NIST 800-53 and the FedRAMP security process. It's much more intensive than SOC2 which is the standard in the commercial world. I think your information is about 10 to 20 years out of date.
Yikes, I don’t want to live in a world where calling bullshit is “obviously rude” but I’ll bite.
> Pen tests are a requirement for any vendor doing business with the gov.
What does this prove? Solar Winds, Colonial Pipeline (maybe more relevant here), etc.
Your search link doesn’t include anything about extensive penetration tests ensuring the security of these devices. That’s the claim. Where is the evidence?
Also calling someone’s knowledge “out of date” is a, dare I say rude assumption. But judging by your assuring in the security of government contractors I’d say your opinions are quite naive :)
> Yikes, I don’t want to live in a world where calling bullshit is “obviously rude” but I’ll bite.
Sadly, this is an is/ought problem. I don't want to live in a world with poverty and war either, but that doesn't make it fact.
> What does this prove? Solar Winds, Colonial Pipeline (maybe more relevant here), etc.
The point of pen tests is not to guarantee perfection. There are also ways to sweep things under the rug if those in charge are so inclined. But the existence of those things doesn't mean pen tests aren't done, or that nobody cares about security.
> Your search link doesn’t include anything about extensive penetration tests ensuring the security of these devices. That’s the claim. Where is the evidence?
Did you look at either of the first two hits? The first four indeed are evidence that the government does pen tests. The first hit is a government department that solely exists to do penetration tests[1]. The second one called "PENETRATION TEST GUIDANCE" is all the rules regarding how penetration tests must be done[2].
Ok your turn for evidence. What evidence do you have that all of those things are fake? Or that none of the compliance officers actually check it?
> Also calling someone’s knowledge “out of date” is a, dare I say rude assumption.
You're right, I apologize for doing that. I actually thought that was more charitable than the other possibilities, but it doesn't add anything to the discussion so should have been left out.
I don’t need to do research because I’m not the one who made the original assertion. You can’t throw around unsubstantiated claims but require proof from those who try to refute them; that’s not how it works.
“You can’t throw around unsubstantiated claims but require proof from those who try to refute them”
I am claiming relevant experience as my insider knowledge. What experience or proof do you have to back your refutation?
That’s how this works. When somebody gives you a peek behind the curtain while chatting, you don’t go and demand proof. You can ask for it nicely of course. That is the socially acceptable thing to do.
Your behavior is out of line given the casual and pleasant discourse before you showed up.
"When somebody gives you a peek behind the curtain while chatting, you don’t go and demand proof."
It is up to you as a communicator to establish your credebility so that people can trust your words and take your seriously. It's not a favour to the audience.
As far as I can tell, this gentleman has categorised you as a random dude at the bar making things up.
Let’s apply that here.
Guy at the bar is telling war stories, you aren’t sure He is telling the truth, sounds like a tall tale…
You never served in the army so you’re not sure… But your gut is telling you He is a liar.
What do you do?
Nothing. Because you are not in a position to know better. It’s your unsubstantiated guess against a possible lie.
If you are coming to the conversation in good faith, you don’t start with an accusation of lying. You share your doubts and ask politely for more information.
We’ll have to agree to disagree. Personally I think the key is to not use the word “bullshit” unless you’re already on good terms with someone. But you can call BS without using that word, if you’re certain your audience is easily offended.
Not caring if you offend someone? That’s also quite rude!
> I think the key is to not use the word “bullshit” unless you’re already on good terms with someone.
Yes, agree 100%. When you're busting balls with your friends it's perfectly fine, but when it's a stranger online who doesn't know you at all and is likely from a very different culture, it's not a good idea to respond that way, unless you want to offend.
'The point is, if they want someone poking around these systems, they'll contract with them to do that'
You plebs have no business poking around and find out what people in power are doing or find out if they've done their job properly. If they wanted someone holding them to account, they'd contract them to do thay'
I don’t think the Russians are going to care about a felony conviction. The major security holes in embedded devices that are part of our critical infrastructure are national security threats.
Despite Putin’s bluster about nuclear weapons, cyberattacks are the easiest way for Russia to inflict pain on the US and Western Europe in response to economic sanctions and our support for Ukrain militarily. And those could do a lot of damage, both in terms of our economies and even civilian American/European lives.
> Tampering with their computer systems (even just out of curiosity) is probably a bad idea.
I don't think the kind of people who are robbing gas really care about weather this is a bad idea. That's why sometimes the right answer is to focus on preventing the crime because...
> You could end up with a felony conviction.
The crooks really don't care. It's all about not getting caught.
The crooks often already have a felony conviction, and are already living with the permanent consequences of that. The only remaining disincentive to crime for them is additional jail time, which can start to be seen as just a cost of doing business - X years for Y dollars.
In not sure the trade is that simple. Everyone I've known that has served time did the crime for one of two reasons:
Most of the people who did financial crimes: Got away with it multiple times and just assumed they wouldn't get caught.
The rest: totally irrational and fueled by mental health problems. Addictions, depression, relationship problems...
I wish we were as good at helping people as we are at isolating and punishing. If punishment was a good deterrent, we wouldn't have roughly .7% of the adult population in jail.
They mostly have their own network available, and easily enough crackable. If you're really determined you can pay some kids to break the cameras and wait for the tech to arrive to fix it over the next days and then capture all her network traffic..
Then find out you can control the cost/litre at the pumps via some awful soap api.. That's talking over the internet anyway..
I think this is actually done at least on ATMs. I have read it's a good way to get the pin number for a card, as you might be able to see someone typing it in. Some of the skimmers I want to say even had a camera aimed at the keypad?
https://en.wikipedia.org/wiki/Critical_infrastructure
You could end up with a felony conviction.