Ace: aceofspadeshq at gee mail.com
Buck: buck.throckmorton at protonmail.com
CBD: cbd at cutjibnewsletter.com
joe mannix: mannix2024 at proton.me
MisHum: petmorons at gee mail.com
J.J. Sefton: sefton at cutjibnewsletter.com
Bandersnatch 2024
GnuBreed 2024
Captain Hate 2023
moon_over_vermont 2023
westminsterdogshow 2023
Ann Wilson(Empire1) 2022 Dave In Texas 2022
Jesse in D.C. 2022 OregonMuse 2022
redc1c4 2021
Tami 2021
Chavez the Hugo 2020
Ibguy 2020
Rickl 2019
Joffen 2014
AoSHQ Writers Group
A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published.
Contact OrangeEnt for info: maildrop62 at proton dot me
Industry apologists will whine that they had to do it with a hardwired connection to a laptop to make the bad things happen, yada, yada, yada.
That's fine, but the OBD ports are typically tucked away out of sight in most cars, so slipping something like an Arduino processor in there tucked up under the dash to do the damage at some prescribed time when a specific set of conditions are met isn't out of the realm of possibility.
The real problem is that the OBD micro-controller firmware even allows an external device to initiate dangerous vehicle actions (like applying brakes, farkling steering, etc) when the vehicle in motion.
The lesson of the past 20 years regarding tech and hacking is this: if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.
A British-based computer scientist has been banned from publishing an academic paper revealing the secret codes used to start luxury cars including Porsches, Audis, Bentleys and Lamborghinis as it could lead to the theft of millions of vehicles, a judge has ruled.
Problem averted, world saved by the judge, right? Well, maybe not so much...
It emerged in court that their complex mathematical investigation examined the software behind the code. It has been available on the internet since 2009.
The industry position seems to be one of stonewall and denial that they have a problem that needs fixing. If owners were aware of this issue, they'd rightly be demanding recalls and retrofits of a more secure system. Since in reality the cat has been out of the bag for 3+ years now, denial may not be the best course of action because: (eastern European hackerz + organized crime = profits). Again:
if something is physically possible then someone with malice in their heart is gonna figure out how, and eventually do it.
...Last year, Barnaby Jack, a security researcher with IOActive, showed he could force some Medtronic pumps to dispense fatal insulin doses from up to 300 feet away. He also has a Black Hat talk planned this year on a new vulnerability in wireless pacemakers and defibrillators. Jack said he notified the FDA in both cases.
"It's been primarily positive," he said. "They don't have the expertise on board to be able to make a thorough check, but they're certainly open to hearing about vulnerabilities. They certainly open the right doors for us."...
We will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.
The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature [I sidebar'd this one a few days ago]
The Bad: Bluetooth Smart's key exchange is weak. We will perform a live demonstration of sniffing and recovering encryption keys using open source tools we developed. The Ugly: A passive eavesdropper can decrypt all communications with a sniffed encryption key using our tools
earn how to build an Android SpyPhone service that can be injected into any application. The presentation will feature a live demonstration of how phones can be tracked and operated from a Web based command and control server and a demonstration of how to inject the SpyPhone service into any Android application.