HackerTrans
トップ新着トレンドコメント過去質問紹介求人

mthomasmw

no profile record

コメント

mthomasmw
·昨年·議論
citation?
mthomasmw
·2 年前·議論
1995. It was NIST. https://www.nist.gov/nist-and-nobel/eric-cornell/nobel-momen...
mthomasmw
·2 年前·議論
Support is now upstream
mthomasmw
·3 年前·議論
Is there a list of "kill switches encoded in law autos can't make" somewhere?

I know the vehicle data recorder, and I've heard that LTE radios have to report occupancy, though I can't find a requirement that cars need an LTE radio.

There's rumors cars will be mandated to support remote deactivation, but the story is unclear: https://www.usatoday.com/story/news/factcheck/2023/01/19/fac...

relevant: https://consumerwatchdog.org/sites/default/files/2019-07/KIL...
mthomasmw
·3 年前·議論
https://twin-cities.umn.edu/news-events/do-images-brain-make...
mthomasmw
·3 年前·議論
Our forever limited supply of helium, the most vital non-renewable resource on Earth, the only supply the human race will ever have.

https://www.npr.org/2019/11/01/775554343/the-world-is-consta...
mthomasmw
·3 年前·議論
It's completely possible to build an EV that isn't connected. The idea that electric power means networked spying is an invented fiction. Due to the privacy-conscious background of one automaker, a vote by the board mandated that all their cars be able to function in a completely disconnected, non-reporting mode:

https://www.wsj.com/articles/porsche-rolls-out-board-approve...

And they all do, even their EV. I voted with my wallet.
mthomasmw
·3 年前·議論
You've misunderstood the situation completely. The first job of a persistent attacker is to gain acceess. The second job of a persistent attacker is to pivot that access from illegitimate to legitimate, so that by the time their TTPs become IOCs, log rotation has wiped that illegitimate access from the books and all their access looks legitimate.

What we have here is a way for an attacker using shady means (email-delivered 0day, parking lot thumbdrive, browser drive-by compromise) to take over a computer and then drop a signed package that will allow for remote control over time that looks completely legitimate. To a network IDS, that access will look like an authorized cloud tunnel, completely normal. To a file scanner, it will look like an vendor-signed binary, the gold standard. To the complete defense-in-depth stack, the entire c2 chain is cloaked in legitimacy. If you get a single detection at all for the initial compromise (not possible with 0day), the entire rest of the kill chain looks like legitimate access and vanishes.

It's a nightmare for defense in depth and hunt teams.
mthomasmw
·3 年前·議論
Do you have a link handy for "we don't know how bikes work" ?
mthomasmw
·3 年前·議論
Without working in the industry, how could someone vet for the internal cybersecurity of an upcoming car purchase? None of these security features seem to be publicly documented anywhere. I have spent a long time looking.
mthomasmw
·3 年前·議論
Agree. Would be interested if horizontal rows. Still happy with my kinesis which I never look at.
mthomasmw
·3 年前·議論
Make me a hammer that only works on nails
mthomasmw
·4 年前·議論
'Currently the tech can create one hour's worth of power "from just 20 minutes of English or Swedish summer sunshine".'
mthomasmw
·4 年前·議論
You left out that he built the security program at Stripe.