Rik's Ramblings

Thursday, February 27, 2014

Hacking your car

Your car's computer system can be hacked with off-the-shelf parts

This is nothing new of course.  Remember twenty years ago your server's SMTP port was wide open and allowed forwarding - as a courtesy to other internet users.

Then it became too easy for people to get on the internet, and cheap Linux servers made it easy to talk SMTP.  SPAM proliferated, and so we had to lock-down our  services from the unwashed masses.

It seems the nodes on your CAN bus need  certs and an encrypted channel.  It's not a surprise.  It should have been factored into the evolution of the incar electronics network.  Of course, it's not that appealing to admit you need to beef up the CPUs in the nodes on the bus.  That adds cost and reduces the benefit of going with such an interconnect system.

While we're thinking about these things, let's not forget the "internet of things" we're building out in our homes.  When someone is telling you "These things are really cheap! You can put a computer in a light switch for a few pennies.", they probably aren't giving any though to security.

Thursday, February 20, 2014

Holy Crap $100 for this!

I funded on the kickstarter campaign and I got two for my contribution.  That set my expectation that these would retail around $40.

   Spark Core at MakerShed

I think they missed the price point.

Wednesday, February 19, 2014

The Martian by Andy Weir


Hey, I know that guy.  We worked at **** together.

Monday, February 17, 2014

You have received a YouTube video!

Scramble ...

Quick Rik, learn ActionScript

Saturday, February 01, 2014

Yahoo Email Hack - NOT!!

This really isn't a Yahoo! problem. I think the author just wanted to take a shot at Yahoo!.

Since many people reuse passwords for multiple accounts, the hackers were able to use the information to gain entry to Yahoo Mail accounts.

It's a problem I identified years ago, when people were signing up for a service I ran.

You let people sign up for your website, and let them use their email address to identify themselves.  Then you ask them for a password.  Chances are, they will use the same password everywhere.  So now you have their email address and most likely the password to their email address (and Google+, Yahoo!, AOL, and Facebook, etc.)

GENERAL ADVICE: Don't log into service X with your email address from service Y and certainly don't use the same password for both if you do.