Discussion:
What could possibly go wrong... ;)
(too old to reply)
Jeßus
2019-09-27 22:49:51 UTC
Permalink
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network

NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"

https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
Dechucka
2019-09-27 22:56:42 UTC
Permalink
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite. If you've got kids at school or uni + want to run a business
and want to work during the day/peak hours it is useless because the
packs don't give enough data. ADSL rules OK (sometimes)
Jeßus
2019-09-27 23:14:41 UTC
Permalink
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Post by Dechucka
Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite.
Yes, we have NBN Skymuster back in Tassie. In truth, it's been quite
reliable. Had it since 2012 (I think). Although I've noticed speeds
and latency quality dropping lately.
Post by Dechucka
If you've got kids at school or uni + want to run a business
and want to work during the day/peak hours it is useless because the
packs don't give enough data. ADSL rules OK (sometimes)
Sadly, that's the truth,
Dechucka
2019-09-27 23:23:21 UTC
Permalink
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Or criminal gangs, I've watched the Italian Job (both the 1969 one,
British and excellent, and the 2003 version, American and crap) so know
what can happen if one controls the traffic lights

Getta Bloomin' Move On! (The Self Preservation Society)

Jeßus
2019-09-28 06:38:43 UTC
Permalink
Post by Dechucka
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Or criminal gangs, I've watched the Italian Job (both the 1969 one,
British and excellent, and the 2003 version, American and crap) so know
what can happen if one controls the traffic lights
Getta Bloomin' Move On! (The Self Preservation Society)
http://youtu.be/92Dqy3YWblQ
'video unavailable'
Dechucka
2019-09-28 06:43:29 UTC
Permalink
Post by Jeßus
Post by Dechucka
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Or criminal gangs, I've watched the Italian Job (both the 1969 one,
British and excellent, and the 2003 version, American and crap) so know
what can happen if one controls the traffic lights
Getta Bloomin' Move On! (The Self Preservation Society)
http://youtu.be/92Dqy3YWblQ
'video unavailable'
You missed out on a great movie song
Computer Nerd Kev
2019-09-27 23:49:53 UTC
Permalink
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn? access network
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Already done in America:
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
--
__ __
#_ < |\| |< _#
Jeßus
2019-09-28 06:40:59 UTC
Permalink
Post by Computer Nerd Kev
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn? access network
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
I'm not very surprised :)
news18
2019-09-28 00:53:14 UTC
Permalink
Post by Jeßus
Post by Dechucka
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Old news that.
Dechucka
2019-09-28 01:09:10 UTC
Permalink
Post by news18
Post by Jeßus
Post by Dechucka
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Old news that.
1969
keithr0
2019-09-28 11:46:28 UTC
Permalink
Post by Jeßus
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems.
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Even back when I worked on ATMs (late 80s - early 90s) all comms from
ATMs were encrypted. DES or triple DES in those days, I would hope that
these days it would be 256 bit AES or 2048 bit RSA. The messages are
also protected by message authentication code, very hard to crack. Most
ATMs in those days communicated over POTS far less secure than NBN.
Post by Jeßus
Post by Dechucka
Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite.
Yes, we have NBN Skymuster back in Tassie. In truth, it's been quite
reliable. Had it since 2012 (I think). Although I've noticed speeds
and latency quality dropping lately.
Post by Dechucka
If you've got kids at school or uni + want to run a business
and want to work during the day/peak hours it is useless because the
packs don't give enough data. ADSL rules OK (sometimes)
ATMs use very little bandwidth, and the latency inherent in the system
is far greater than is likely to be experienced from the NBN.
Computer Nerd Kev
2019-09-28 23:41:09 UTC
Permalink
Post by keithr0
Post by Jeßus
Never mind when - not if - security becomes compromised by some bunch
of teenagers or foreign government.
Even back when I worked on ATMs (late 80s - early 90s) all comms from
ATMs were encrypted. DES or triple DES in those days, I would hope that
these days it would be 256 bit AES or 2048 bit RSA. The messages are
also protected by message authentication code, very hard to crack. Most
ATMs in those days communicated over POTS far less secure than NBN.
Continuing on the movie theme, albeit now with one that nobody's
heard of, I'm reminded of Prime Risk (1985):
https://www.imdb.com/title/tt0087942/

A neat part of the plot is that they actually take advantage of an
RF leak associated with key presses on the keypad on an ATM in order
to "listen in" to credit card pin codes. Not to say that everything
else made perfect technical sense, but they tried harder than most.
--
__ __
#_ < |\| |< _#
news18
2019-09-28 00:56:16 UTC
Permalink
Post by Dechucka
I can't see - buffering, buffering, buffering - any problems. Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite.
As we were explaning to recent visitors from SW Wa; "No everyone in the
city did not get FTTH, they have the same crudy FTTN that you have."
Post by Dechucka
If you've got kids at school or uni + want to run a business
and want to work during the day/peak hours it is useless because the
packs don't give enough data.
ADSL rules OK (sometimes)
Yep. I have no current need for a higher service.
Dechucka
2019-09-28 01:08:44 UTC
Permalink
Post by news18
Post by Dechucka
I can't see - buffering, buffering, buffering - any problems. Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite.
As we were explaning to recent visitors from SW Wa; "No everyone in the
city did not get FTTH, they have the same crudy FTTN that you have."
You have access to NBN that works somewhat for you? You lucky lucky bastard
Post by news18
Post by Dechucka
If you've got kids at school or uni + want to run a business
and want to work during the day/peak hours it is useless because the
packs don't give enough data.
ADSL rules OK (sometimes)
Yep. I have no current need for a higher service.
I'd love a better service when the kids are doing 'assignments', the
wife is on the Dept of Ed site and I want to watch porn, no no do work :-)
Wotawonderfulworld
2019-09-28 01:05:14 UTC
Permalink
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through
their retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-stat
ements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of
course I don't know anything about the NBN because living 1/2 way
between Sydney and Canberra we are so isolated that we are only
offered satellite. If you've got kids at school or uni + want to run a
business and want to work during the day/peak hours it is useless
because the packs don't give enough data. ADSL rules OK (sometimes)
Ah you must be a neighbour. Same problem, I miss the old adsl, all you
could eat for $29.95 pm and it loaded a web page so much quicker than Sky
Muster can, and now i get 80gig for $74,95 a month. OOohh so lucky the NBN
came here.
Dechucka
2019-09-28 01:13:05 UTC
Permalink
Post by Wotawonderfulworld
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbnâ„¢ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbnâ„¢ access network through
their retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-stat
ements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of
course I don't know anything about the NBN because living 1/2 way
between Sydney and Canberra we are so isolated that we are only
offered satellite. If you've got kids at school or uni + want to run a
business and want to work during the day/peak hours it is useless
because the packs don't give enough data. ADSL rules OK (sometimes)
Ah you must be a neighbour. Same problem, I miss the old adsl, all you
could eat for $29.95 pm and it loaded a web page so much quicker than Sky
Muster can, and now i get 80gig for $74,95 a month. OOohh so lucky the NBN
came here.
How much of that is off-peak? There are lots of plans that offer 150 Gb
but when you look at them it is only 30Gb on peak. Even doing research
now most sites are hugely graphics heavy, most of them just pretty
corporate pictures, so it does take more download than it used to.
Jeßus
2019-09-28 06:37:23 UTC
Permalink
Post by Dechucka
Post by Wotawonderfulworld
Ah you must be a neighbour. Same problem, I miss the old adsl, all you
could eat for $29.95 pm and it loaded a web page so much quicker than Sky
Muster can, and now i get 80gig for $74,95 a month. OOohh so lucky the NBN
came here.
How much of that is off-peak? There are lots of plans that offer 150 Gb
but when you look at them it is only 30Gb on peak.
Yes, that's the big catch. Plus, years ago they reduced the off-peak
hours by one hour. We have the NBN-SB-60-140 Plan @ 25 Mbps / 5 Mbps
with 60 GB / 140 GB Data Allowance plan for $60.
Wotawonderfulworld
2019-10-01 01:11:18 UTC
Permalink
Post by Dechucka
Post by Wotawonderfulworld
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbnâ„¢ access
network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbnâ„¢ access network
through their retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-st
at ements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of
course I don't know anything about the NBN because living 1/2 way
between Sydney and Canberra we are so isolated that we are only
offered satellite. If you've got kids at school or uni + want to run
a business and want to work during the day/peak hours it is useless
because the packs don't give enough data. ADSL rules OK (sometimes)
Ah you must be a neighbour. Same problem, I miss the old adsl, all
you could eat for $29.95 pm and it loaded a web page so much quicker
than Sky Muster can, and now i get 80gig for $74,95 a month. OOohh so
lucky the NBN came here.
How much of that is off-peak? There are lots of plans that offer 150
Gb but when you look at them it is only 30Gb on peak. Even doing
research now most sites are hugely graphics heavy, most of them just
pretty corporate pictures, so it does take more download than it used
to.
There is a good 120gig odd in off peak, but at my age i don't sit up at
1:00am gamining, so offpeak is totally useless to me unless i decide to
start pirating movies..

So basically i'm paying over $1 a gig for the internet, with added pitiful
response time, after i had better response time and $29.95 unlimited.

I love the NBN, it really has opened up a class system in australia.
Dechucka
2019-10-01 01:14:46 UTC
Permalink
Post by Wotawonderfulworld
Post by Dechucka
Post by Wotawonderfulworld
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbnâ„¢ access
network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbnâ„¢ access network
through their retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-st
at ements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of
course I don't know anything about the NBN because living 1/2 way
between Sydney and Canberra we are so isolated that we are only
offered satellite. If you've got kids at school or uni + want to run
a business and want to work during the day/peak hours it is useless
because the packs don't give enough data. ADSL rules OK (sometimes)
Ah you must be a neighbour. Same problem, I miss the old adsl, all
you could eat for $29.95 pm and it loaded a web page so much quicker
than Sky Muster can, and now i get 80gig for $74,95 a month. OOohh so
lucky the NBN came here.
How much of that is off-peak? There are lots of plans that offer 150
Gb but when you look at them it is only 30Gb on peak. Even doing
research now most sites are hugely graphics heavy, most of them just
pretty corporate pictures, so it does take more download than it used
to.
There is a good 120gig odd in off peak, but at my age i don't sit up at
1:00am gamining, so offpeak is totally useless to me unless i decide to
start pirating movies..
So basically i'm paying over $1 a gig for the internet, with added pitiful
response time, after i had better response time and $29.95 unlimited.
I love the NBN, it really has opened up a class system in australia.
Luckily I have the time so ADSL is OK for me. I suppose one day I'll be
forced onto satellite :-(
Fran
2019-09-28 08:51:08 UTC
Permalink
Post by Dechucka
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
I can't see - buffering, buffering, buffering - any problems. Of course
I don't know anything about the NBN because living 1/2 way between
Sydney and Canberra we are so isolated that we are only offered
satellite.
I have friends who can see the Federal Parliament from their house and
they could only use satellite. Of course their house is on a scrub
covered hill 25 minutes from Parliament House in the scrub surrounding
Canberra so no surprise there....

If you've got kids at school or uni + want to run a business
Post by Dechucka
and want to work during the day/peak hours it is useless because the
packs don't give enough data. ADSL rules OK (sometimes)
Ned Latham
2019-09-28 00:51:11 UTC
Permalink
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/
media-statements/network-extensions
What indeed could go wrong.

Kinda depends on what software they're operating. Our banks, govt
depts, shops, supermarkets, travel operators, indeed just about
every enterprise in the nation use Microsoft systems; inherently
unstable, errorprone and insecure. These additions gonna be any
different?

Intruder heaven.
Jeßus
2019-09-28 06:42:16 UTC
Permalink
On Fri, 27 Sep 2019 19:51:11 -0500, Ned Latham
Post by Ned Latham
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/
media-statements/network-extensions
What indeed could go wrong.
Kinda depends on what software they're operating. Our banks, govt
depts, shops, supermarkets, travel operators, indeed just about
every enterprise in the nation use Microsoft systems; inherently
unstable, errorprone and insecure. These additions gonna be any
different?
Intruder heaven.
Let's not even mention https://en.wikipedia.org/wiki/Stuxnet
news18
2019-09-28 09:24:13 UTC
Permalink
Post by Jeßus
On Fri, 27 Sep 2019 19:51:11 -0500, Ned Latham
Kinda depends on what software they're operating. Our banks, govt depts,
shops, supermarkets, travel operators, indeed just about every
enterprise in the nation use Microsoft systems; inherently unstable,
errorprone and insecure. These additions gonna be any different?
Intruder heaven.
Let's not even mention https://en.wikipedia.org/wiki/Stuxnet
Stuxnet didn't travel over the internet or any comms network.
It was delivered by feet on a usb stick carried by a dutchman under
israeli pay, apparently multiple times as they were able to keep throwing
versions at it.
Sylvia Else
2019-09-28 02:31:42 UTC
Permalink
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.

The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.

With such a design, the most a hacker could achieve would be to change
the phasing, which might be disruptive, but wouldn't be unsafe.

We would never see the kind of thing shown in US TV/movies where a
hacker changes all the lights to green at the same time.

That's the theory.

The first inroad into that security is likely to be the ability to
update firmware remotely. It's convenient for sure, but it has risks.
One would like to assume that the replacement firmware is at least
cryptographically signed, but now mistakes creep in, with either the
signing key being stolen/leaked, or the algorithm itself being found to
be flawed. Or some idiot developer gets the verification wrong or just
fails to implement it, and that doesn't get discovered until a hacker
realises they can install updated firmware with any signature.

I doubt anyone would design the system so that the lights are directly
controlled remotely, because it would very quickly be discovered that
that doesn't work reliably. Depending on the level of incompetence
involved, that might be after some crashes, or just after some traffic jams.

The article mentions train line boom gates. I would be very surprised if
anyone thought it reasonable to control the gates that way. Most likely,
they're just talking about monitoring. The same is true for most other
things on the list.

All that said, I've found that it doesn't matter how low I set my
expectation of technological competence, there will be people in
positions where they can do damage who don't reach that level.

Sylvia.
Jeßus
2019-09-28 07:05:59 UTC
Permalink
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-statements/network-extensions
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
With such a design, the most a hacker could achieve would be to change
the phasing, which might be disruptive, but wouldn't be unsafe.
We would never see the kind of thing shown in US TV/movies where a
hacker changes all the lights to green at the same time.
That's the theory.
The first inroad into that security is likely to be the ability to
update firmware remotely. It's convenient for sure, but it has risks.
One would like to assume that the replacement firmware is at least
cryptographically signed, but now mistakes creep in, with either the
signing key being stolen/leaked, or the algorithm itself being found to
be flawed. Or some idiot developer gets the verification wrong or just
fails to implement it, and that doesn't get discovered until a hacker
realises they can install updated firmware with any signature.
I doubt anyone would design the system so that the lights are directly
controlled remotely, because it would very quickly be discovered that
that doesn't work reliably. Depending on the level of incompetence
involved, that might be after some crashes, or just after some traffic jams.
The article mentions train line boom gates. I would be very surprised if
anyone thought it reasonable to control the gates that way. Most likely,
they're just talking about monitoring. The same is true for most other
things on the list.
All that said, I've found that it doesn't matter how low I set my
expectation of technological competence, there will be people in
positions where they can do damage who don't reach that level.
Yes, all very true. No accounting for human error and inovation.
news18
2019-09-28 09:25:54 UTC
Permalink
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-
statements/network-extensions
Post by Sylvia Else
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
Sylvia Else
2019-09-28 11:22:34 UTC
Permalink
Post by Jeßus
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-
statements/network-extensions
Post by Sylvia Else
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.

Don't provide a way for the second one to update the first, so that the
first has to be updated on site (though why an update should ever be
necessary, is beyond me - how hard is it to get such things right in the
first place?).

Of course, the temptation is to use one processor for both, because
doing that saves money.

Sylvia

[*] Or 3, configured so that any 2 can determine which lights are on,
providing both redundancy and protection from a single one going rogue
due to a fault.
Computer Nerd Kev
2019-09-28 23:58:16 UTC
Permalink
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
From the link that I posted earlier about a system hacked in the US:
"The main components of wirelessly networked traffic lights are:
Sensors that detect cars and inspect infrastructure. Those sensors
are generally connected to traffic controllers that read the inputs
and control light states. Those controllers, usually in a metal
cabinet by the roadside, communicate with each other and a central
server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
used for wireless communication in point-to-point or
point-to-multipoint configurations.

-Then there's malfunction
management units (MMUs) that can override the controller if there
are conflicting green lights and force traffic lights into a
"known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html

What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!

The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.

Who knows what the state of the industry is in Australia.
Post by Sylvia Else
Don't provide a way for the second one to update the first, so that the
first has to be updated on site (though why an update should ever be
necessary, is beyond me - how hard is it to get such things right in the
first place?).
Of course, the temptation is to use one processor for both, because
doing that saves money.
Given the customers that these companies are dealing with, they
probably mark up the cost of their systems by some unjustifiable
multiple anyway.
--
__ __
#_ < |\| |< _#
Petzl
2019-09-29 00:38:38 UTC
Permalink
Post by Computer Nerd Kev
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
Sensors that detect cars and inspect infrastructure. Those sensors
are generally connected to traffic controllers that read the inputs
and control light states. Those controllers, usually in a metal
cabinet by the roadside, communicate with each other and a central
server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
used for wireless communication in point-to-point or
point-to-multipoint configurations.
-Then there's malfunction
management units (MMUs) that can override the controller if there
are conflicting green lights and force traffic lights into a
"known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!
The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.
Who knows what the state of the industry is in Australia.
Post by Sylvia Else
Don't provide a way for the second one to update the first, so that the
first has to be updated on site (though why an update should ever be
necessary, is beyond me - how hard is it to get such things right in the
first place?).
Of course, the temptation is to use one processor for both, because
doing that saves money.
Given the customers that these companies are dealing with, they
probably mark up the cost of their systems by some unjustifiable
multiple anyway.
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time, ok at
night time a bit senseless, but only once, then once onto a route
number (Auckland has/had easy to follow numbered routes to take) no
more red lights.
If you sped you went from one red light to another.

Of course nowadays when nothing was broken it had to be "fixed" to
running with no rhyme nor reason
--
Petzl
Good lawyers know the law
Great lawyers know the judge
Dechucka
2019-09-29 00:55:58 UTC
Permalink
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Petzl
2019-09-29 02:39:23 UTC
Permalink
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
--
Petzl
As Winston Churchill once said;

The Monarchy is important,
not for the power it wields,
but for the power it denies others”.
Dechucka
2019-09-29 02:44:33 UTC
Permalink
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
Sydney lights are electronic, that's how the globes light on
Post by Petzl
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Hey don't dis Fred Nile
Henry Briggs
2019-09-29 06:29:55 UTC
Permalink
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
Dechucka
2019-09-29 07:16:08 UTC
Permalink
Post by Henry Briggs
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
That's why us Gentiles get a better run from sunset Friday till the 3
stars on Saturday night
F Murtz
2020-05-24 09:25:30 UTC
Permalink
Post by Dechucka
Post by Henry Briggs
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
That's why us Gentiles get a better run from sunset Friday till the 3
stars on Saturday night
Don't they have a sabath setting like my fridge, :)

Petzl
2019-09-29 07:23:35 UTC
Permalink
Post by Henry Briggs
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
More importantly "our" media
--
Petzl
"It cannot be overstated, Bolsheviks committed the greatest human slaughter in modern history, and the fact that the world is largely ignorant
and uncaring about this fact is proof that the global media are in the hands of the perpetrators"

Russian Gulag survivor, novelist, historian, and short story writer. A. Solzhenitsyn - Gulag Archipelago
Dechucka
2019-09-29 07:28:58 UTC
Permalink
Post by Petzl
Post by Henry Briggs
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
More importantly "our" media
How do they do this? Who are the Jews behind it, maybe Soros? BTW you do
know Thunburg is a Jewish name shortened from Thunburgstein don't you?
Petzl
2019-09-29 08:23:41 UTC
Permalink
Post by Dechucka
Post by Petzl
Post by Henry Briggs
Post by Petzl
Post by Dechucka
snip
Post by Petzl
Best traffic lights I came across were mechanically timed and set so
if you stayed at speed limit you got a green light every time,
When ASIO gave you your top secret direct hot-line batphone didn't they
give you the code to turn all the traffic lights on your trip green? I
got the code when I joined the 'Stonecutters' of course I have to put it
in backwards as they drive on the wrong side of the road.
Can't do that with mechanical lights
They do, do this in Sydney which has controlled lights for when he and
his druggy mates drove from Canberra to Kings Cross the "biggest bed
in Australia" where the limo parked in no parking zone underneath it's
veranda
Watch out Pizzle, don't the Jews control the traffic lights?
More importantly "our" media
How do they do this? Who are the Jews behind it, maybe Soros? BTW you do
know Thunburg is a Jewish name shortened from Thunburgstein don't you?
Thunburg maybe don't think so
--
Petzl
"It cannot be overstated, Bolsheviks committed the greatest human slaughter in modern history, and the fact that the world is largely ignorant
and uncaring about this fact is proof that the global media are in the hands of the perpetrators"

Russian Gulag survivor, novelist, historian, and short story writer. A. Solzhenitsyn - Gulag Archipelago
Dechucka
2019-09-29 08:26:47 UTC
Permalink
snip
Post by Petzl
Post by Dechucka
Post by Petzl
Post by Henry Briggs
Watch out Pizzle, don't the Jews control the traffic lights?
More importantly "our" media
How do they do this? Who are the Jews behind it, maybe Soros? BTW you do
know Thunburg is a Jewish name shortened from Thunburgstein don't you?
Thunburg maybe don't think so
What don't you think?
keithr0
2019-10-03 05:54:27 UTC
Permalink
Post by Computer Nerd Kev
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
Sensors that detect cars and inspect infrastructure. Those sensors
are generally connected to traffic controllers that read the inputs
and control light states. Those controllers, usually in a metal
cabinet by the roadside, communicate with each other and a central
server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
used for wireless communication in point-to-point or
point-to-multipoint configurations.
-Then there's malfunction
management units (MMUs) that can override the controller if there
are conflicting green lights and force traffic lights into a
"known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!
The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.
Who knows what the state of the industry is in Australia.
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
Sylvia Else
2019-10-03 06:01:41 UTC
Permalink
Post by keithr0
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
  Sensors that detect cars and inspect infrastructure. Those sensors
  are generally connected to traffic controllers that read the inputs
  and control light states. Those controllers, usually in a metal
  cabinet by the roadside, communicate with each other and a central
  server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
  used for wireless communication in point-to-point or
  point-to-multipoint configurations.
-Then there's malfunction
  management units (MMUs) that can override the controller if there
  are conflicting green lights and force traffic lights into a
  "known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!
The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.
Who knows what the state of the industry is in Australia.
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
Do other people deserve to get their lives messed up in consequence.

The aviation industry might originally have taken the view that
mechanics should install parts the right way around. After all, how hard
can it be?

But eventually, after people died, it became realised that it was better
just to make it impossible to install parts the wrong way around.

Mind you, even that doesn't always work. A non-return valve was found
installed the wrong way around in a crashed aircraft. The valve had an
interference pin designed into it to ensure that it could not be
installed backwards. It was determined that someone had cut it to make
it shorter - apparently because they could get it to fit otherwise.

Still, the principle remains valid. The less scope there is for making
mistakes, the fewer mistakes will be made, whether due to human
fallibility, or just incompetence.

Sylvia.
Xeno
2019-10-03 06:45:18 UTC
Permalink
Post by Sylvia Else
Post by keithr0
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
  Sensors that detect cars and inspect infrastructure. Those sensors
  are generally connected to traffic controllers that read the inputs
  and control light states. Those controllers, usually in a metal
  cabinet by the roadside, communicate with each other and a central
  server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
  used for wireless communication in point-to-point or
  point-to-multipoint configurations.
-Then there's malfunction
  management units (MMUs) that can override the controller if there
  are conflicting green lights and force traffic lights into a
  "known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!
The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.
Who knows what the state of the industry is in Australia.
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
Do other people deserve to get their lives messed up in consequence.
The aviation industry might originally have taken the view that
mechanics should install parts the right way around. After all, how hard
can it be?
But eventually, after people died, it became realised that it was better
just to make it impossible to install parts the wrong way around.
Mind you, even that doesn't always work. A non-return valve was found
installed the wrong way around in a crashed aircraft. The valve had an
interference pin designed into it to ensure that it could not be
installed backwards. It was determined that someone had cut it to make
it shorter - apparently because they could get it to fit otherwise.
You make something foolproof, then find out fools are damned ingenious!
Post by Sylvia Else
Still, the principle remains valid. The less scope there is for making
mistakes, the fewer mistakes will be made, whether due to human
fallibility, or just incompetence.
Sylvia.
--
Xeno


Nothing astonishes Noddy so much as common sense and plain dealing.
(with apologies to Ralph Waldo Emerson)
keithr0
2019-10-03 12:17:42 UTC
Permalink
Post by Xeno
Post by Sylvia Else
Post by keithr0
Post by Sylvia Else
Post by news18
Post by Sylvia Else
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
  Sensors that detect cars and inspect infrastructure. Those sensors
  are generally connected to traffic controllers that read the inputs
  and control light states. Those controllers, usually in a metal
  cabinet by the roadside, communicate with each other and a central
  server. Radios, operating at 900 MHz or 5.8 GHz, are frequently
  used for wireless communication in point-to-point or
  point-to-multipoint configurations.
-Then there's malfunction
  management units (MMUs) that can override the controller if there
  are conflicting green lights and force traffic lights into a
  "known-safe configuration" like blinking red lights."
https://www.csoonline.com/article/2466551/hacking-traffic-lights-with-a-laptop-is-easy.html
What made that hack so easy wasn't just that they were using
unencrypted wifi to communicate with/between traffic lights, but they
were using the default password which was printed in the manual!
The use of "MMUs" indicates that the hardware designers _might_ have
had an idea of what they're doing, but the software designers and
system installers certainly weren't considering hacking at all.
Who knows what the state of the industry is in Australia.
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
Do other people deserve to get their lives messed up in consequence.
The aviation industry might originally have taken the view that
mechanics should install parts the right way around. After all, how
hard can it be?
But eventually, after people died, it became realised that it was
better just to make it impossible to install parts the wrong way around.
Mind you, even that doesn't always work. A non-return valve was found
installed the wrong way around in a crashed aircraft. The valve had an
interference pin designed into it to ensure that it could not be
installed backwards. It was determined that someone had cut it to make
it shorter - apparently because they could get it to fit otherwise.
You make something foolproof, then find out fools are damned ingenious!
Post by Sylvia Else
Still, the principle remains valid. The less scope there is for making
mistakes, the fewer mistakes will be made, whether due to human
fallibility, or just incompetence.
Sylvia.
When you set up a system, first you test that it does what it should,
then you test that it doesn't do anything that it shouldn't . Too many
miss the last step.
noel
2019-10-06 14:22:24 UTC
Permalink
Post by keithr0
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
uhg ... bullshit...
most people who expolit others are not hackers, they are script kiddies,
ridding off the back of someone elses scripting that exploit dumb arsed
programmers who write insecure code crappy code.

in years gone by in previous life as ISP network admin, we banned php
gallery becasue it had more holes than a pallet of swiss cheese and was
every single time tehr eason someone got fucked up hte arse.

todays version of phpgallery is wordpress.. or more specifically,
wordpress plugins, written by clueless incompetent fucktarts who think
their hot shit coders when hte truth is they are only just shit.
keithr0
2019-10-06 23:46:32 UTC
Permalink
Post by noel
Post by keithr0
Hackers are people who exploit others fuckups. Don't fuckup and you
don't get hacked. These people fucked up on so many levels that they
deserved to get hacked.
uhg ... bullshit...
most people who expolit others are not hackers, they are script kiddies,
ridding off the back of someone elses scripting that exploit dumb arsed
programmers who write insecure code crappy code.
The hackers make the exploits, the script kiddies simply follow the
ready made exploits.
Post by noel
in years gone by in previous life as ISP network admin, we banned php
gallery becasue it had more holes than a pallet of swiss cheese and was
every single time tehr eason someone got fucked up hte arse.
todays version of phpgallery is wordpress.. or more specifically,
wordpress plugins, written by clueless incompetent fucktarts who think
their hot shit coders when hte truth is they are only just shit.
That is basically what I was saying, of course, if you see all these
problems, you could do something about fixing them, if you have the
talent that is.
Sylvia Else
2019-10-07 04:09:05 UTC
Permalink
Post by keithr0
That is basically what I was saying, of course, if you see all these
problems, you could do something about fixing them, if you have the
talent that is.
Sometimes that's not so straight forward, requiring structural changes.
Duck typing and SQL string literals have a lot to answer for, but
eliminating them would meet with a lot of resistance, particularly
amongst those who cannot handle more formal techniques.


Sylvia.
Computer Nerd Kev
2019-10-07 22:49:57 UTC
Permalink
Post by Sylvia Else
Post by keithr0
That is basically what I was saying, of course, if you see all these
problems, you could do something about fixing them, if you have the
talent that is.
Sometimes that's not so straight forward, requiring structural changes.
Duck typing and SQL string literals have a lot to answer for, but
eliminating them would meet with a lot of resistance, particularly
amongst those who cannot handle more formal techniques.
Not to mention that "seeing all the problems" implies that you've
actually looked though _all_ of the code used. True this would be
quite possible with what my idea of a traffic light controller would
be. but apparantly they now want WiFi. So that's a WiFi chipset
driver, TCP/IP, support for whatever existing protocols they may want
to use, and (should be) encryption. Are they expected to look through
all of the external code that they call in to do that? Are they
expected to understand the endless complexities of practical data
encryption well enough to identify bugs in that code?

They might decide to use Linux, do they have to check all the code
used in that themselves as well?

No argument that using unencrypted WiFi was something within any
programmer's abilities to identify as a security weakness. But to
guarantee security against hacking while fulfilling requirements
like supporting WiFi is hardly an easy enough task to consider it
a basic indicator of talent.
--
__ __
#_ < |\| |< _#
Ned Latham
2019-10-08 00:58:03 UTC
Permalink
----snip----
Post by Computer Nerd Kev
Post by Sylvia Else
Sometimes that's not so straight forward, requiring structural changes.
Duck typing and SQL string literals have a lot to answer for, but
eliminating them would meet with a lot of resistance, particularly
amongst those who cannot handle more formal techniques.
Not to mention that "seeing all the problems" implies that you've
actually looked though _all_ of the code used. True this would be
quite possible with what my idea of a traffic light controller would
be. but apparantly they now want WiFi. So that's a WiFi chipset
driver, TCP/IP, support for whatever existing protocols they may want
to use, and (should be) encryption. Are they expected to look through
all of the external code that they call in to do that?
The answer to that is the answer to this: are they competent?
Post by Computer Nerd Kev
Are they
expected to understand the endless complexities of practical data
encryption well enough to identify bugs in that code?
Are they competent?
Post by Computer Nerd Kev
They might decide to use Linux,
What? And forego the delights and safety of Windows, the OS that's had
so many upgrades to its stabilty and power and robustness and security
that it must surely be perfect by now?
Post by Computer Nerd Kev
do they have to check all the code used in that themselves as well?
Do they want secure?
Post by Computer Nerd Kev
No argument that using unencrypted WiFi was something within any
programmer's abilities to identify as a security weakness. But to
guarantee security against hacking while fulfilling requirements
like supporting WiFi is hardly an easy enough task to consider it
a basic indicator of talent.
It's a basic matter of competence, and having the strength to reject
the corporate crap that is the root of these security problems.
Computer Nerd Kev
2019-10-08 22:06:29 UTC
Permalink
Post by Ned Latham
Post by Computer Nerd Kev
Are they
expected to understand the endless complexities of practical data
encryption well enough to identify bugs in that code?
Are they competent?
Post by Computer Nerd Kev
They might decide to use Linux,
What? And forego the delights and safety of Windows, the OS that's had
so many upgrades to its stabilty and power and robustness and security
that it must surely be perfect by now?
No, as opposed to writing code to run directly in real-time, without
an operating system. Quite sensible for a basic traffic light
controller, but if you want to add things like WiFi, then running
Linux or another OS suitable for low-power embedded applications
(not Windows) would make development easier and more flexible.
Post by Ned Latham
Post by Computer Nerd Kev
do they have to check all the code used in that themselves as well?
Do they want secure?
Post by Computer Nerd Kev
No argument that using unencrypted WiFi was something within any
programmer's abilities to identify as a security weakness. But to
guarantee security against hacking while fulfilling requirements
like supporting WiFi is hardly an easy enough task to consider it
a basic indicator of talent.
It's a basic matter of competence, and having the strength to reject
the corporate crap that is the root of these security problems.
Dream on if you think that every programmer should be able to
reliably assess all the code required to implement a WiFi device
using networking and encrypted communication. A practical approach
is to hire an expert in software security to assess the system
independently of the developers, but there's still no complete
certainty when the device is on a public network, or otherwise
theoretically accessible by any man in the street.

For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
--
__ __
#_ < |\| |< _#
Sylvia Else
2019-10-09 02:10:29 UTC
Permalink
Post by Computer Nerd Kev
Post by Ned Latham
Post by Computer Nerd Kev
Are they
expected to understand the endless complexities of practical data
encryption well enough to identify bugs in that code?
Are they competent?
Post by Computer Nerd Kev
They might decide to use Linux,
What? And forego the delights and safety of Windows, the OS that's had
so many upgrades to its stabilty and power and robustness and security
that it must surely be perfect by now?
No, as opposed to writing code to run directly in real-time, without
an operating system. Quite sensible for a basic traffic light
controller, but if you want to add things like WiFi, then running
Linux or another OS suitable for low-power embedded applications
(not Windows) would make development easier and more flexible.
Post by Ned Latham
Post by Computer Nerd Kev
do they have to check all the code used in that themselves as well?
Do they want secure?
Post by Computer Nerd Kev
No argument that using unencrypted WiFi was something within any
programmer's abilities to identify as a security weakness. But to
guarantee security against hacking while fulfilling requirements
like supporting WiFi is hardly an easy enough task to consider it
a basic indicator of talent.
It's a basic matter of competence, and having the strength to reject
the corporate crap that is the root of these security problems.
Dream on if you think that every programmer should be able to
reliably assess all the code required to implement a WiFi device
using networking and encrypted communication. A practical approach
is to hire an expert in software security to assess the system
independently of the developers, but there's still no complete
certainty when the device is on a public network, or otherwise
theoretically accessible by any man in the street.
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
Any communications channel should be treated as not being trusted, and
that certainly applies to things like Wifi. If that philosophy is
followed, then the worst that should be possible by hacking it is a
denial of service. In the context of traffic lights, that should only
mean that the phasing cannot be changed by a manned control centre in
response to traffic conditions. Even there, the effect would be limited
if the normal daily traffic flow patterns are built into the trusted
part of the system as a default.

Sylvia.
Computer Nerd Kev
2019-10-09 02:45:23 UTC
Permalink
Post by Sylvia Else
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
Any communications channel should be treated as not being trusted, and
that certainly applies to things like Wifi. If that philosophy is
followed, then the worst that should be possible by hacking it is a
denial of service. In the context of traffic lights, that should only
mean that the phasing cannot be changed by a manned control centre in
response to traffic conditions.
What if hackers were spoofing commands which the traffic lights think
are coming from the control centre (assuming that they have found a
vulnerability in whatever system should be used to authenticate such
commands)? They could configure them to cause maximum disruption even
if they can't stop them working altogether.
--
__ __
#_ < |\| |< _#
Lions Growl of Butchers Foul
2019-10-09 03:17:42 UTC
Permalink
Post by Computer Nerd Kev
Post by Sylvia Else
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
Any communications channel should be treated as not being trusted, and
that certainly applies to things like Wifi. If that philosophy is
followed, then the worst that should be possible by hacking it is a
denial of service. In the context of traffic lights, that should only
mean that the phasing cannot be changed by a manned control centre in
response to traffic conditions.
What if hackers were spoofing commands which the traffic lights think
are coming from the control centre (assuming that they have found a
vulnerability in whatever system should be used to authenticate such
commands)? They could configure them to cause maximum disruption even
if they can't stop them working altogether.
If the communications are encrypted, commands can't be spoofed, only random dud information can be input.
Sylvia Else
2019-10-09 03:22:21 UTC
Permalink
Post by Computer Nerd Kev
Post by Sylvia Else
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
Any communications channel should be treated as not being trusted, and
that certainly applies to things like Wifi. If that philosophy is
followed, then the worst that should be possible by hacking it is a
denial of service. In the context of traffic lights, that should only
mean that the phasing cannot be changed by a manned control centre in
response to traffic conditions.
What if hackers were spoofing commands which the traffic lights think
are coming from the control centre (assuming that they have found a
vulnerability in whatever system should be used to authenticate such
commands)? They could configure them to cause maximum disruption even
if they can't stop them working altogether.
Authentication of cryptographically signed commands is, at its core,
very simple. The complexity in the system used for things like TLS
derives from the need to allow multiple algorithms, and the use of
session keys. None of that is necessary for authentication traffic light
commands, and there should be no difficulty implementing such a system
with no vulnerabilities [*].

If the hackers were able to obtain the signing key, then they could get
more control over the system, but still only to the extent of changing
the phasing within preset limits, where those limits themselves depend
on the time of day.

Sylvia.

[*] As long as the factorisation problem remains unsolved.
Computer Nerd Kev
2019-10-09 12:04:43 UTC
Permalink
Post by Sylvia Else
Post by Computer Nerd Kev
Post by Sylvia Else
Any communications channel should be treated as not being trusted, and
that certainly applies to things like Wifi. If that philosophy is
followed, then the worst that should be possible by hacking it is a
denial of service. In the context of traffic lights, that should only
mean that the phasing cannot be changed by a manned control centre in
response to traffic conditions.
What if hackers were spoofing commands which the traffic lights think
are coming from the control centre (assuming that they have found a
vulnerability in whatever system should be used to authenticate such
commands)? They could configure them to cause maximum disruption even
if they can't stop them working altogether.
Authentication of cryptographically signed commands is, at its core,
very simple. The complexity in the system used for things like TLS
derives from the need to allow multiple algorithms, and the use of
session keys. None of that is necessary for authentication traffic light
commands, and there should be no difficulty implementing such a system
with no vulnerabilities [*].
If the hackers were able to obtain the signing key, then they could get
more control over the system, but still only to the extent of changing
the phasing within preset limits, where those limits themselves depend
on the time of day.
I see what you're getting at, but there are opposing goals in that
approach where it takes away from the degree of flexibility that the
system was designed to implement in the first place. For example what
about when road works or traffic accidents cause traffic to be
rerouted, does it have to be needlessly held up at lights which are
forced to preference flow through the usual traffic routes?
Post by Sylvia Else
[*] As long as the factorisation problem remains unsolved.
I took this as an excuse to look far too deeply into the current
state of attacks on encryption:

I think the current bet is on quantum computers simply becoming
powerful enough to adequately implement one of the solutions that
use them.

It's still a long way from the being useful, but going from being
able to factorise 143 in 2012 to having one realise that 659 571s
make 376,289 last year seems a decent rate of advancement to my
uneducated eye. Of course the key thing is that these computers find
the answer in only a few seconds.
https://crypto.stackexchange.com/a/59796
-Granted the author of that Stack Exchange answer has a different
view.

This paper estimates the minimum specs for a quantum computer able
to break the factorisation problem for RSA, and also the alternative
Eliptic curve method (which turns out to be easier for quantum
computers to beat):
https://www.microsoft.com/en-us/research/publication/quantum-resource-estimates-computing-elliptic-curve-discrete-logarithms/
-Page 21 for results summarised in table 2.

That caims that a quantum computer with at least a few thousand
qbits would be required to effictively attack currently used
encryption systems. The current top-end seems to be 72qb. Though
the metric of qbits is complicated in the case of the "Quantum
annealing" D-Wave computer that found the factors of 376,289,
because this actually has 2048qb. However it works in a different
way (more akin in principle to an old fashioned analogue computer,
but using "quantum magnetism" instead of analogue electrical
signals - at least that's how I'm reading it) compared to "universal"
quantum computers from other manufacturers, and the relationship of
qbits to computing power isn't (at least directly) comparable between
them. Nevertheless in this task it seems that quantum annealing
currently has the edge.
https://en.wikipedia.org/wiki/List_of_quantum_processors
https://www.eetimes.com/document.asp?doc_id=1326592
https://en.wikipedia.org/wiki/Quantum_annealing

IARPA, the equivalent of DARPA for the American intelligence
agencies, is very involved in the development of quantum
computing research, probably in combination with manufacturers of
commercial quantum computers. So it seems likely that the true state
of the art might be at least one step ahead of what's public.
https://www.iarpa.gov/index.php/research-programs/quantum-programs-at-iarpa
https://en.wikipedia.org/wiki/Intelligence_Advanced_Research_Projects_Activity#Research_fields

Maybe to say that a universal quantum computer with thousands of
qbits is currently impossible today is akin to a German saying that
a computer built from 1,600 valves was impossible in 1944, while
Colossus was whirring away decrypting all of their war plans.

In any case, quantum computers are already being bought by companies
looking to use them for improved methods of encryption:
https://dwavefederal.com/temporal-defense-systems-purchases-first-d-wave-2000q-quantum-computer/

And this new chip designed for "post-quantum encryption" might even
be suited for use in a traffic light controller if it were on the
market:
http://news.mit.edu/2019/securing-internet-things-in-quantum-age-0301

https://en.wikipedia.org/wiki/Post-quantum_encryption
--
__ __
#_ < |\| |< _#
Jasen Betts
2019-10-09 04:23:42 UTC
Permalink
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
VPN seems easier and almost as good.
--
When I tried casting out nines I made a hash of it.
Sylvia Else
2019-10-09 07:56:22 UTC
Permalink
Post by Jasen Betts
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
VPN seems easier and almost as good.
VPN is only as good as the software that implements it.

Sylvia.
Computer Nerd Kev
2019-10-09 12:11:25 UTC
Permalink
Post by Sylvia Else
Post by Jasen Betts
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
VPN seems easier and almost as good.
VPN is only as good as the software that implements it.
Indeed. Might still be a good idea to use it _on_ the dedicated
physical network though - perhaps the same secure physical network
could be used for other targets likely to be hacked by attacters
with the aim of economic disruption, like power and water
distribution. Some have already been "bitten" on those fronts, but
not badly enough to make the world take the security of these things
seriously.
--
__ __
#_ < |\| |< _#
Lions Growl of Butchers Foul
2019-10-09 08:07:10 UTC
Permalink
Post by Jasen Betts
Post by Computer Nerd Kev
For a system as important as traffic lights, where a widespread
hack could have extremely serious consequences to the national
economy, I would prefer a dedicated secure physical network which
can not be easily accessed by people who are unauthorised and
unidentifiable. But some country out there will have to get badly
bitten before that sort of thing will start being considered.
VPN seems easier and almost as good.
A VPN is exactly how these sorts of devices/utilities are managed. Assuming you actually know what a VPN is.

As for Kev, you are proposing dark fibre.
Some organisations already use dark fibre, and it's quite likely that some public organisations have their devices/utilities on dark fibre already.

The big risk is consumer-grade wireless devices being used to connect up your devices. If you pop one of these on your network you will see the first thing it does it phone home to China.

Sadly, the snake-oil salesmen spruiking their wireless crap and their 5G rubbish make so much noise many organisations assume these are valid options for doing stuff.
Wireless is neither secure nor reliable and has no place in any corporate network supporting public utilities and critical infrastructure.
keithr0
2019-09-30 10:15:46 UTC
Permalink
Post by Sylvia Else
Post by Jeßus
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-
statements/network-extensions
Post by Sylvia Else
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller that's
responsible for the control of the lights, and a separate one handling
the networking and communication. The latter is considerably more
complicated than the former.
Don't provide a way for the second one to update the first, so that the
first has to be updated on site (though why an update should ever be
necessary, is beyond me - how hard is it to get such things right in the
first place?).
Of course, the temptation is to use one processor for both, because
doing that saves money.
Sylvia
[*] Or 3, configured so that any 2 can determine which lights are on,
providing both redundancy and protection from a single one going rogue
due to a fault.
It's not rocket surgery, you sign all messages with a 2048 bit RSA
private key, that positively identifies the sender. Add a pseudo random
rolling code to prevent replay attacks and wrap the whole lot in a 256
bit AES. Not hard at all really, it just takes a bit more effort.
Sylvia Else
2019-09-30 11:28:30 UTC
Permalink
Post by keithr0
Post by Sylvia Else
Post by Jeßus
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-
statements/network-extensions
Post by Sylvia Else
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller
that's responsible for the control of the lights, and a separate one
handling the networking and communication. The latter is considerably
more complicated than the former.
Don't provide a way for the second one to update the first, so that
the first has to be updated on site (though why an update should ever
be necessary, is beyond me - how hard is it to get such things right
in the first place?).
Of course, the temptation is to use one processor for both, because
doing that saves money.
Sylvia
[*] Or 3, configured so that any 2 can determine which lights are on,
providing both redundancy and protection from a single one going rogue
due to a fault.
It's not rocket surgery, you sign all messages with a 2048 bit RSA
private key, that positively identifies the sender. Add a pseudo random
rolling code to prevent replay attacks and wrap the whole lot in a 256
bit AES. Not hard at all really, it just takes a bit more effort.
The problem here is that then it's only as secure as the private key is,
which means that the integrity of the traffic light system depends on
hackers not getting access to the key.

Given that it shouldn't be necessary to update the critical firmware
anyway, other than for things like changes to speed limits (affects the
yellow/orange timing), which are local in nature, it's far safer just
not to allow remote updates at all.

Sylvia.
keithr0
2019-09-30 22:56:16 UTC
Permalink
Post by Sylvia Else
Post by keithr0
Post by Sylvia Else
Post by Jeßus
Post by Sylvia Else
Post by Jeßus
"Traffic and transport infrastructure, ATMs, and environmental
infrastructure get green light to connect to nbn™ access network
NBN Co today announced that operators of traffic signals, automatic
teller machines and a range of other specialised devices can now
connect to select services over the nbn™ access network through their
retail service providers"
https://www.nbnco.com.au/corporate-information/media-centre/media-
statements/network-extensions
Post by Sylvia Else
In theory, this shouldn't present that much of an issue. Take traffic
lights, for example.
The expectation is that the basic rules of operation that ensure that
only one direction gets green, and defines the period that a light stays
yellow/orange, are built into the system hardware/firmware, with the
latter only capable of being modified on site.
Might apply to HW designs, but I'm wondering how many are all but SW
these days.
If I wanted to do it in software, I'd have one[*] microcontroller
that's responsible for the control of the lights, and a separate one
handling the networking and communication. The latter is considerably
more complicated than the former.
Don't provide a way for the second one to update the first, so that
the first has to be updated on site (though why an update should ever
be necessary, is beyond me - how hard is it to get such things right
in the first place?).
Of course, the temptation is to use one processor for both, because
doing that saves money.
Sylvia
[*] Or 3, configured so that any 2 can determine which lights are on,
providing both redundancy and protection from a single one going
rogue due to a fault.
It's not rocket surgery, you sign all messages with a 2048 bit RSA
private key, that positively identifies the sender. Add a pseudo
random rolling code to prevent replay attacks and wrap the whole lot
in a 256 bit AES. Not hard at all really, it just takes a bit more
effort.
The problem here is that then it's only as secure as the private key is,
which means that the integrity of the traffic light system depends on
hackers not getting access to the key.
If you can't defend your own system, you are stuffed, there are plenty
of ways of making such keys unobtainable to outsiders.
Post by Sylvia Else
Given that it shouldn't be necessary to update the critical firmware
anyway, other than for things like changes to speed limits (affects the
yellow/orange timing), which are local in nature, it's far safer just
not to allow remote updates at all.
Sylvia.
Ned Latham
2019-10-01 01:03:58 UTC
Permalink
----snip----
Post by Sylvia Else
Post by keithr0
It's not rocket surgery, you sign all messages with a 2048 bit RSA
private key, that positively identifies the sender. Add a pseudo random
rolling code to prevent replay attacks and wrap the whole lot in a 256
bit AES. Not hard at all really, it just takes a bit more effort.
The problem here is that then it's only as secure as the private key is,
which means that the integrity of the traffic light system depends on
hackers not getting access to the key.
Given that it shouldn't be necessary to update the critical firmware
anyway, other than for things like changes to speed limits (affects the
yellow/orange timing), which are local in nature, it's far safer just
not to allow remote updates at all.
And that (the rarity of updates) is the deciding factor. Given that the
updates must be checked individually, onsite updates would probably be
cheaper than remote updates anyway.
Loading...