IMO. The problem for Google with real names was people who didn't want to be associated with their real names and already were deeply dependent on Google for the their phone / email. I recall the transgender outing articles [1]. Regardless of whether is was user error or not, it highlights that Google had a different hill to climb than Facebook regarding real name policies.
I appreciate your call to the cops and your reasoning. I also have driven a significant number of miles for work and have seen a number of people killed in traffic accidents. This "test" was extremely irresponsible. I know I will be downvoted for saying this, but I think you made the correct decision.
Agreed. I missed the video the first time and didn't believe the text that described the shutdown, video shows the stupidity here, let alone release a recording of it. I expect that will come down soon.
Important research but very poorly tested. Wired and Chrysler (research was funded by Chrysler?) legal teams would not like the contents of this video.
Reporter: "Seriously, this is fucking dangerous. I need to move."
And that was while the security researchers caused the radio to blare so loud that he couldn't hear them on the other end of the phone. The more I see, the more I think they were really negligent in how they planned this out, and I was already firmly in that camp.
So watching the video, I don't see a vehicle stalled on the highway.
What I see is a vehicle slowed considerably, but at least nominally over the legal minimum speed of 40 MPH on highways, and without the driver being able to accelerate on his own. He's travelling in the rightmost lane, explicitly with his hazard lights on. This is not an unusual occurrence on highways. He's then told that to regain control he needs to stop and restart the car, which he does while remaining in motion.
I was surprised, since this is quite different from the way it's being talked about here, as if he was stopped in the middle of the freeway. See GGP comment about "a car stopped in the middle of a multi-lane interstate."
Here's my attempt at a partial transcript starting from shortly after they disable the accelerator:
Driver: "It says 43 miles an hour, but it's not really that fast."
[voiceover omitted]
Driver: "Guys, I'm stuck on the highway."
Researcher A: "I think he's panicking."
Researcher A: "He's not going to be able to hear us with that radio. So loud."
Driver: "Guys, I need the accelerator to work again."
Researcher A: "The accelerator..."
Researcher B: "It won't work! You're doomed!"
Driver: "Seriously [beep] dangerous, I need to move."
Researcher A: "You gotta turn the car off!"
Many cars can be seen passing them on the left in the video during the test.
Right, but the video never shows the car stalled on the highway. It's moving in every highway shot. It's in the righthand lane, not in the center. The driver is somewhat panicked. We can see how fast he's moving relative to the background.
This discussion has been distorted and sensationalized, and it has not been based on observable recorded facts.
A car stalling does not necessarily indicate it is stopped. Stalled can indicate the vehicle is stopped, or it can also indicate the motor has stopped. Airplanes stall, and obviously they are not entirely stopped, it's just an indication that the motor has stopped. It's unclear as to whether the motor actually stopped, but it's not without precedent to use "stall" to indicate no power available for propulsion.
I don't think this discussion has been distorted. It's based on the information they provided. They put a vehicle on a public highway traveling at the faster end of what's legal in the US on public roads, and then removed a large portion of the drivers ability to control the vehicle. It's unclear whether this affected the steering or brakes, which in a modern vehicle would both be power assisted, generally through the vacuum system of the vehicle. The vacuum is provided by the engine, so if the engine was actually off (which is unknown, but I think it's more likely they just forced the car into neutral), then they removed a large portion of his ability to control the car.
The bottom line is that they put a driver in a situation not only unsafe to himself (which they could have gotten consent to), but unsafe for the other drivers on the road. They did not have consent from the other people on the road to do this (indeed, it's not possible they could have), and if what they purport to happen in the article and video did happen, then they endangered those people. I've seen accidents from stopped cars being hit by others. If the highway is busy enough, the initial accident isn't even necessarily the largest damage, but it moves vehicles into even more obstructing positions and causes follow-on accidents.
I can agree that the car is not shown at a full stall in the video, however it is the case that the driver reports that they are unable to control the vehicle during the test. I cannot agree that this would matter regarding the idea that this is "[beep] dangerous" as was stated by the driver, because that is supported by the driver's own statements as well as observable facts.
They've risked people's lives to produce real life looking footage documenting a life threatening event.
Without such event present in the footage, car manufacturers can just say "Meh - no big deal". And continue recklessly risking lives by manufacturing unsafe cars without air gap between CAN bus and Internet.
Remember, it's the car manufacturers that are the bad guys here, not the white hats... And just think how hard was this decision. It's a choice between risking lives and having footage that doesn't catch attention and thus allows car manufacturers to continue making unsafe cars with horrible security vulnerabilities. Amazing.
So demo it at a race track. The essential point here is that the uninvolved public were placed at real risk of maiming or death.
Your argument is ludicrous, because you're attempting to cast the actors as either good or bad. IMHO they are guys with a good idea and motivation who did a bad thing.
We are a very visual culture, unfortunately. Unless there's a video of your average Joe driving on a regular highway and a regular car going wild, everyone would just dismiss the problem as limited to "race track" and would not connect the vulnerability to his/her own car.
edit: as per the article "researchers already did test these exploits in controlled environments and presented these tests to auto manufacturers. Said tests were dismissed by said manufacturers.".
>We are a very visual culture, unfortunately. Unless there's a video of your average Joe driving on a regular highway and a regular car going wild, everyone would just dismiss the problem as limited to "race track" and would not connect the vulnerability to his/her own car.
If optics is your justification for this, then perhaps having these two irresponsible researchers arrested would bring even more attention to this.
>edit: as per the article "researchers already did test these exploits in controlled environments and presented these tests to auto manufacturers. Said tests were dismissed by said manufacturers.".
Where do you see that in the article? Only thing I read was manufacturers downplaying a wired-in attack they demoed.
> "researchers arrested would bring even more attention to this."
Yep.
> Where do you see that in the article? Only thing I read was manufacturers downplaying a wired-in attack they demoed.
No "air gap" between "CAN bus and Internet" equals vulnerable.
We know that. Auto manufacturers know that.
Yet they dismiss the possibility of a hack and continue producing unsafe vehicles. And the trend is toward more vulnerabilities.
I was to lazy to search a direct quote, but here it is now: "Miller and Valasek represent the second act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in 2011 now face the possibility of a public dump of their vehicles’ security flaws.".
That is very much NOT a quote from this article, if you are quoting another article by mistake please link it. As this article does not even use the word "presented"
In this article it mentions how Chrysler is working with them and has developed a patch, indicating that they did not dismiss previously done tests. So basically saying the opposite of what I take your point to be.
Yeah, you and your family. Well, you are lucky. These researchers and this reporter had already risked their reputations, lives and their livelihoods. So you, now, don't have to. And maybe you'll be even able to benefit from all their hard work, because were would be fewer vulnerable cars around. Although you would probably never know that.
No. They absolutely did not have to produce a life threatening event. They could have done it 5MPH and car manufacturers would still take notice because it would still spread like wildfire on the Internet. What they did was supremely irresponsible and the cops should have been called.
They already did do it at slower speeds in parking lots. Manufacturers didn't care. They probably still won't care, which means that it's a matter of time before someone even less morally-bound decides to wreak havoc on traffic.
> Without such event present in the footage, car manufacturers can just say "Meh - no big deal". And continue recklessly risking lives by manufacturing unsafe cars without air gap between CAN bus and Internet.
Oh really, can you point to the responsible tests that were done in the past that proved inconsequential necessitating this reckless alternative? Or are you just inventing that the car manufacturers would ignore this and somehow the story would just go away?
The actions - according to the article - of auto manufacturers in response to prior more-controlled tests is exactly equivalent to that. The manufacturers basically said "hey, thanks for showing us this crash-test footage that shows our vehicles are literal fucking coffins on wheels; we don't really care", leaving the researchers with no results after taking more "sane" measures.
Researchers perform controlled experiments. Controlled experiments are ignored. Researchers opt for more damning (though less controlled) experiments to further prove their point, and now they're suddenly the bad guys here.
Researchers opt for more damning (though less controlled) experiments to further prove their point, and now they're suddenly the bad guys here.
Much of the commentary here focuses on the recklessness of the highway test and doesn't weigh in too heavily on who the bad guys are.
I think people mostly find the idea of remotely exploitable and controllable cars so terrible that there isn't anything to discuss about that aspect of it, it's nearly universally considered unacceptable (hence the epic thread about the side issue).
Maybe try reading the comments without imputing a side that the writer is taking.
What they should have done was involve the police from step #1. If the video had been conducted on a closed section of roadway with ambulances standing by, police escorts, and lots of badges and sirens, it would have been even harder for the automakers to blow off.
It wouldn't have been difficult to do this right. Cops love drama and publicity. It wouldn't have taken much convincing to get them on board, and the video would gained a lot of credibility.
I agree completely; there were a lot of formalities that were neglected - and had they not be neglected, there would be less backlash against the researchers.
However, this doesn't change the fact that vulnerabilities were demonstrated, nor does it change the implication that auto manufacturers are excessively sluggish about security patches on things that can and do kill people on a regular basis. Even an imperfectly-conducted demonstration like this particular case is preferable to such a demonstration not occurring at all.
Blocking the visibility through the windscreen, then shutting off the transmission of a car, that is driving on an interstate overpass in traffic, is not white hat by any stretch of the imagination.
Perhaps not, but it's necessary to get the attention of auto makers so that they stop building such trivially-compromisable systems. This was a couple of security researchers on one car for a proof-of-concept; better to demonstrate these flaws early and with a more limited sample than to watch the pileup of epic proportions that would happen should someone even less scrupulous acquire such control over vehicles on the road.
I don't exactly condone the ethics (or lack thereof) of the researchers, either, but if that's the only way to get proper attention (after previous, more polite and reasoned attempts were simply dismissed by manufacturers), then so be it.
Had that Jeep run into you or you ran into it as a result of this experiment, you may have found that you have a profoundly different threshold for what is, "necessary to get the attention of auto makers".
Just because automakers are seemingly keen on ignoring security vulnerabilities does not justify putting people's lives at risk. And let's face it – a multi-ton vehicle that is not entirely in its driver's control puts lives at risk in just about any situation. The reason you and others argue that the demo's methodology is effective is precisely because of the risks involved; not in spite of them.
It is the responsibility of researchers to demonstrate risks without exercising the extent of those risks. Imagine if virologists regularly demonstrated communicability risk by injecting humans with disease outside of the lab.
> Just because automakers are seemingly keen on ignoring security vulnerabilities does not justify putting people's lives at risk.
So condemn the auto manufacturers for putting hundreds of thousands - if not millions - of lives at risk instead of yammering about a couple of nerds who put at most 2 vehicles in probably-nonfatal danger in a worst-case scenario.
And as busy as that highway was in the video, it was far more than just 2 vehicles, especially if one of those vehicles was the 18 wheeler.
At the very least they could have done this on a less busy stretch of highway that had a wide shoulder and with control vehicles in front and behind with paramedics at the ready (just like a movie production that is shooting on public streets). Instead the researchers and the journalist chose to be reckless.
Nobody's saying you can't. I certainly do (I strongly disagree with the researchers' obstruction of communication between themselves and their test subject).
My only point is that there's a massive difference in scale between a couple dented fenders and hundreds of thousands of dead/maimed innocents.
Difference of scale? Ok, I agree with you there, but characterizing the risk as "a couple dented fenders" is intellectually dishonest. A high speed accident on an interstate could easily involve serious, even fatal injuries.
It could in some situations, yes. This was not one of those situations.
We're talking about someone coasting uphill with absolutely no braking whatsoever. There's plenty of reaction time in such situations (as I happen to know firsthand, as was the case when my SUV ran out of gas and I had to coast a quarter-mile over a hill to get to the next offramp while merging from the fast lane to the far right at 70MPH). Even for semis, the reporter's car wouldn't mean having to slam on the brakes. Not to mention that the uphill helps with stopping.
The story would be different if the researchers slammed the car's brakes. If that were the case, then yes, death would be possible. That wasn't the case.
No intellectual dishonesty here. Just thorough examination of the situation as described by the author of the article.
Because scale. One is very limited in scope, ie: On one day, in one city, on one road, for a few minutes, one car caused a few other vehicles to make otherwise unnecessary lane-changes. vs the vulnerabilities exposed which affect tens or hundreds of thousands of vehicles in every city, every day, on almost every road, at almost any time.
Agreed, the researchers deserve some criticism, but let's not lose sight of the forest for these two goofball trees.
> it's necessary to get the attention of auto makers
That's mere conjecture. And it's an assertion you could easily test by first doing the remote hack in a controlled environment (e.g. a racetrack) and seeing if automakers respond before trying this on an actual freeway!
If you read the article, you'd know full well that the researchers already did test these exploits in controlled environments and presented these tests to auto manufacturers. Said tests were dismissed by said manufacturers.
I've read the article. Where does it mention controlled environments? The only mention of exploits being dismissed by manufacturers was in regard to a wired exploit, not a remote one.
The paragraphs after the photo of Charlie Miller describe the process of identifying and isolating wireless exploits, including remote-activation of windshield wipers on a vehicle in one of the researchers' driveways. This did admittedly escalate quickly to passive "tagging" of vulnerable vehicles by VIN, but that's a far cry from the experiment in question.
The findings before physical tests (identifying cars with a lack of airgapping or other basic security measures) were also reported to Cadillac (as one example among others); said findings were basically dismissed with a "well we've already released a newer Escalade model with some more security features, so whatever".
This isn't to mention that the wired exploits should've been enough to at least spark some level of concern.
First, there's no indication in the article that the researchers or Wired presented the remote windshield wiper hack to the car's manufacturer and that they subsequently ignored it.
Second, there is plenty of indication that the exact opposite is true. The remote windshield wiper hack occurred this June, whereas the article states that they've been working with Chrysler on this for nearly nine months and that Chrysler released a patch prior to the publication of this article.
Third, the Cadillac anecdote isn't really relevant here. For starters, it looks like they were contacted by Wired, not the researchers, so it's unclear whether they were contacted before the dangerous freeway demonstration took place. And while the mention of the newer model is a bit odd, the statement also mentions devoting more resources and hiring a new cyber-security officer, making it unfair to characterize it as a "whatever" response.
Sure, it'd be nice if Cadillac was a little more proactive here, but keep in mind that the researchers hacked a Jeep (made by Chrysler), NOT a Cadillac (made by GM). The researchers think the Cadillac is also vulnerable based on its feature set, but absent a specific flaw to patch and given the short amount of time since the initial demonstration (less than two months), it's unclear what GM is supposed to do here.
My point wasn't about Chrysler specifically. My point was about auto manufacturers in general (and I've made this clear from the beginning). By pinning it to Chrysler alone, you're also reaching, I'd reckon.
Also, it's worth noting that the root flaw here - a hole in UConnect - is not limited to Chrysler. The article mentions tracking and surveilling GM vehicles, too (particularly Dodge), which makes sense, seeing as a lot of recent Dodge vehicles have UConnect as well (per http://www.driveuconnect.com/features/uconnect_access/packag...).
> For starters, it looks like they [Cadillac] were contacted by Wired, not the researchers, so it's unclear whether they were contacted before the dangerous freeway demonstration took place.
The article doesn't actually say that. Infiniti was contacted by Wired according to the article, but the initiator of Cadillac's response isn't specified (as far as I can tell).
If they were contacted in the same manner as Infiniti, then it's implied that said contact happened after the wireless hack, since the Infiniti contact involves a notification that the researchers' predictions were "borne out" in at least one of the three of them (in this case, Chrysler).
If you want to get their attention, you demonstrate it on a test track, for a court, as part of a lawsuit against them, for introducing such dangerous features into their vehicles.
It took less than 2 minutes for that page to put my workstation-class graphics card up over 10 degrees C with the fans at 100% and audible from the next room.
Particle tests are a dime a dozen. You could have seen the same things in Flash 10 years ago.
BTW I'm on a Mac viewing your (66k polygons) example in Chrome - and my fans started spinning almost a few seconds after opening your link. Five of those running in parallel and my laptop would probably explode.
Thanks for that. I did already know firsthand that KFC had changed its name for a time. I found a source (Snopes) that confirmed it. Internally I was skeptical of the reasoning that was provided (since it conflicted with what I knew from more reliable sources), but the actual reasoning was tangential to my point
We, as a nation, elected "tough on crime" politicians. As you already pointed out, the private prisons lobby. They lobby the politicians we as a nation elected. We have a democracy, we vote for tough on crime politicians. As a result, we imprison lots of people.
This is propaganda designed to legitimize the actions of the individuals who are effectively using coercion and violence to enslave large parts of the population.
If "We", as a "nation", elected pro slavery politicians, it wouldn't justify the owners of land and capital to enslave people.
This would be the moral equivalent to a belief that some religious groups hold: that "We" are all born sinners, we all deserve to go to hell, but by the grace of god (the state), we can repent (vote) and accept the next savior (presidential candidate).
Democracy, as you call it, is a religion based on the belief that elected groups of individuals have legitimate authority to totally violate basic human rights. In this case, an individual right not to be enslaved.
But, in reality, nobody has a legitimate authority to enslave another person. Voting is participating in the delusion that the state has legitimate moral authority to imbue unrighteous people with righteousness in the first place. They don't.
It doesn't matter if "well, we voted for it": the politicians, executives, as well as the employees and shareholders of these "sanctified" corporations are still morally responsible for their actions, and should be held accountable for their actions.
I partially agree that we do elect "tough on crime politicians" and we get what we elect. But part of the problem is that we also live in a reactive society instead of a proactive one. We react to incidents with tough laws that sound good when emotions are high and in the moment. Yet we fail to consider the long-term consequences of those laws, so 5-10 years down the road we face the real results of the law. We also live in a society where it is easy to be lazy with laws and take a zero-tolerance approach. I would characterize it more as we have "tough on crime politicians" who don't start that way, but over time become that way because of lobbying efforts and reelection campaigns.
If government policy doesn't have a strong positive correlation with the desires of the population, then you can't just write everything off as "well, we elected the government."
Pretty awesome article. Wish I understood more about what impact this discovery will have on computing. Will this mean faster cameras and higher FPS when shooting video?
The article closes with a couple example uses. Basically any place where a fast/efficient conversion between light and electricity is useful could potentially be made better.
Faster cameras are certainly possible, but most cameras are slowed down by processor and storage, not the sensor. As an example of this, Vision Research sells a 4k model of the Phantom high-speed camera, which does 940 fps at 4096x2304. And they've got 4 different models that will do 640x480 video at 34,700 - 69,900fps. That's 10-20 billion pixels every second, or 45-90 gigabytes/second raw color video data, which is significantly faster than you can write to RAM in most computers.
But at 1,000,000,000,000+fps as the article talks about? Awesome innovation, communications look to be a winner here.
Great summary. I had heard this song was copyrighted, but didn't realize the history behind it. It will be interesting to see the outcome of the lawsuits challenging the copyright.
[1] http://www.zdnet.com/article/google-outed-me/