When will people, especially the tech illiterate ever learn that security via obscurity doesn't really work when you've got marginal cost of duplication. [Of course, it's a bad idea for even tangibles but in the electronic world it's a totally broken concept]
Previous discussion: https://news.ycombinator.com/item?id=6110575 (88 comments)
Any chance this is already being used nefariously? It would explain stories like this: http://www.today.com/news/police-admit-theyre-stumped-myster...
(also discussed on HN a month back: https://news.ycombinator.com/item?id=5826486)
Well, I guess this decision could not be a better advertisement for the hacker, in case he happens to be a little short on cash:
Lots of eyeballs on this and the fact that the exploit stays "monopolized" is poised to drive its price on the market up.
So how did examining the hardware allow them to unlock any car? Ideally, shouldn't each car have its own secret key, and no amount of examination of one car or its ignition key would reveal the secret key of another one?
The way I interpret this, the manufacturer has thrown a backdoor into the system, allowing access to anyone who knows the backdoor key - and the researchers have managed to extract the backdoor key.
These sorts of actions are why I firmly believe that anonymous full disclosure is the best way to go for disclosing vulnerabilities.
I don't think this is wrong. Now everyone knows there is a method to break it, why reveal specific details to the public where it can only be used to help steal cars?
I think dangerous information in general should be censored, though that is a very dangerous road to go down. But if it was possible to do so without corruption or having good things censored too, then I think it should be done.
I see nothing wrong with preventing the publication of the exploits UNTIL they are resolved. If the company responsible for the security system does not want to resolve the security vulnerability, then they should be published.
Even though this scientist first discovered the vulnerability, it doesn't mean that someone else won't do so in the near future.
> especially a sophisticated criminal gang
Yeah right, like the theorized "sophisticated gang" can't break into and steal the paper/research. Or, more easily kidnap/extort/blackmail/bribe scientists to give them the info.
Criminalizing information means only the criminals will have access to it.
How is this not illegal prior restraint?
Great security by obscurity. Didn't we try that before a failed miserable?
Then again if they start enforcing it like piracy with ridiculous fines and jail time they best researchers would be criminals.
So a British judge has placed an injunction against publication in the USA. How does such a conference fall within UK juristriction?
"The scientists said it had probably used a technique called "chip slicing" which involves analysing a chip under a microscope and taking it to pieces and inferring the algorithm from the arrangement of the microscopic transistors on the chip itself – a process that costs around £50,000."
£50,000?! Good Lord, that's a lot of money! All one needs is a microscope and a razor.
Why not publish it with some kind of irrevokable public license and open source the project?
leak it.
He should put it on a t-shirt and call it free speech.
http://www.cypherspace.org/adam/shirt/uk-shirt.html
Or turn some portion of it into a flag?
http://en.wikipedia.org/wiki/File:Free-speech-flag.svg
Maybe he can get Bob Dylan to write a song with the codes and perform it live to a group of hackers. The possibilities are endless when knowledge is arbitrarily outlawed due to an inconvenience for the privileged. Then again, this is the UK where the first amendment doesn't apply.