Home |
Search |
Today's Posts |
#241
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. All you've said is such and such is practicable, but is banned by the unions. ;-) -- *Seen it all, done it all, can't remember most of it* Dave Plowman London SW To e-mail, change noise into sound. |
#242
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 13/03/2017 19:38, tim... wrote:
"John Rumm" wrote in message o.uk... On 13/03/2017 09:20, tim... wrote: "John Rumm" wrote in message o.uk... On 12/03/2017 09:54, tim... wrote: "John Rumm" wrote in message o.uk... On 11/03/2017 12:10, tim... wrote: Surely it's very easy with an OTA update? Not if the TV authenticates the download to check that it has come from an authorised source (obviously the marker for the sender has to be hidden in an encrypted download) I doubt that there are any TVs that do this, but it's not an untested technique. It is one that is mandatory for OTA downloads to equipment that performs safety critical functions. Assuming of course that they don't also have access to the signing authorities certificates, thus allowing them to sign "authentic" code. well that would be a step too far, in my view How confident are you that "they" share your view? (There are plenty of "dodgy" certification authorities out there already). if it's encrypted you need to know the secret (aka private) key performing the certification is easy for you to do yourself if you know that impossible for anyone if you don't Thank you for the lesson in public key cryptography. Not sure it helps in this particular case. well no, because it doesn't work like that now but the discussion is about how it could work if they wanted it to be secure I would expect that if you are a government sponsored spook, you will have access to a tame legit certification authority that is established in the root certificate hierarchy of trust. Hence you can sign anything you like as genuine. In addition to that there are a number of certification authorities that are none to fussy about what they sign. but if it's encrypted and you don't know the key, it won't match when the recipient decrypts it and the recipient isn't a web browser that can choose to ignore a sig that doesn't match It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product) You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances. The difficulty with those types of systems is that they fall about in a heap the moment the private key is compromised. As nicely demonstrated by the CSS system applied to DVDs. The old adage about every engineer can conceive of a crypto system that they could not themselves break, it perhaps worth keeping in mind. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#243
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 13/03/2017 15:50, Dave Liquorice wrote:
On Mon, 13 Mar 2017 15:10:37 +0000 (GMT), Dave Plowman (News) wrote: Just send round and "engineer" with a tool box and "ID" with a story that the TV is subject to a "recall" and free safety check. They'll know what make/model TV it is, when/where it was bought and the names of the people at the property. If you've identified a possible terrorist and are going to send a man round to install special software on his TV... Something wrong with that sentance. Can't see why not, might yield other interesting information from things seen lying around. Also, reading more deeply on the subject, this does indeed appear to be the use case that the CIA/NSA devised for this particular hack. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#244
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 13/03/2017 12:35, Dave Liquorice wrote:
On Fri, 10 Mar 2017 19:28:45 +0000, Graham. wrote: Odd how long it took them to get into a locked iPhone only a few months ago. I felt at the time that that's what they want us to believe, so as to spare Apple's blushes for co-operating. Several problems. The hardware would wipe the memory if more than "n" unsuccesful attempts were made to access/crack the phone. Apple had/have the abilty to do it and, quite correctly IMHO, were not prepared to share that abilty with the CIA/FBI. Apple were happy to take the phone, extract the data and return both to the CIA/FBI. As I see it the CIA/FBI wanted more than just the data on the phone, they really wanted the abilty to crack apples. i.e. they wanted their own back door introduced into the system. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#245
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On Friday, 10 March 2017 13:00:52 UTC, Dave Plowman (News) wrote:
Perhaps spies always have their TV switched on with the sound turned down. Despite things like bugs having been around for many a year. Obviously, their spy degree didn't include having a radio etc on loud when discussing something naughty. You need to put your TV in the bathroom and put the shower on or have water flowing, easy when you know how to foil these spies ;-) Friends have samsung and have never activate the speech thing I wonder if that measn it's NOT or can't listen. Maybe they have male and female modes. Male listen only female talk only :-) |
#246
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 3/14/2017 11:41 AM, Martin Brown wrote:
However, plenty of TVs do allow you to software configure which of their indicator LEDs are on or off so the only secure way with a smart TV or a laptop with a camera is a lens cap or clip over the lens! enable x-ray vision :-) |
#247
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article om,
dennis@home wrote: So just what can be switched off on a laptop that wouldn't be needed under normal use? Generally when making things by the million you don't put in facilities that will never be needed. Lets see on mine.. The disk drive individual usb ports the keyboard back light the ethernet chip the wifi chip the screen back light half of the CPU and probably other stuff All of which to help with battery life. Domestic TVs normally run off the mains only. And most don't leave them powered up when not using them - unlike a computer. -- *Why are they called apartments, when they're all stuck together? * Dave Plowman London SW To e-mail, change noise into sound. |
#248
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 14/03/2017 10:50, Dave Plowman (News) wrote:
In article , John Rumm wrote: On 13/03/2017 15:01, Dave Plowman (News) wrote: In article , John Rumm wrote: 2) Totally blank the screen (and audio) so there is no indication it is on. The screen and audio would not need to be on in the first place. Its not on in standby is it? How many separately switched power rails do you think are in the average TV - all controlled via the software? Judging by what is in a typical laptop - a few dozen. So just what can be switched off on a laptop that wouldn't be needed under normal use? Laptops (like most PCs) have a number of discrete power states: https://msdn.microsoft.com/en-gb/lib...(v=vs.85).aspx However the control is *far* more fine grained than that. The power management controller will typically control a multitude of individual rails - combinations of which will need to be switched for any given power state (laptops are much more complex than desktops in this respect since they also have to allow multiple power sources as well as deal with charging). Quite often there is a logic chain that will detect and prove one bit of circuitry before powering the next. That allows for more comprehensive fault reporting. Generally when making things by the million you don't put in facilities that will never be needed. True, but you can get off the shelf power management controllers that do much of the grunt work for you. It may cost you a bit more at board layout time, but not a large change to the BoM once into production. Why would you provide the ability to turn off picture and sound etc but power up the rest if this was never needed in practice? Its already used in practice... as I mentioned before timed recording, OTT updates etc. Have you actually known any set do a software update without switching on? Yup. Mine certainly does timed recordings without turning the screen or audio on. But surely for this system to be of much use, it's going to have to work with any TV with a built in mic? Custom software would need to be written at least for each individual platform, and possibly even tuned for individual sets. The 2014 hack that was described in the leak, was for a particular range or possibly even model of set from 2013. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#249
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
"John Rumm" wrote in message o.uk... On 13/03/2017 19:38, tim... wrote: It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product) You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances. I am not sure what you are referring to as signed binaries my understanding of signed binaries is to make sure that what you have received is what was sent, so that you don't try and load accidentally faulty code the "encryption" used to make sure that the download is authentic, lies above that The difficulty with those types of systems is that they fall about in a heap the moment the private key is compromised. I understand that this is the weak link but I also *know* that it is the technique used to control downloads of software in some safety critical applications - applications where the acceptance of hacked code could kill someone (if that were the intention of the hacker) I have no idea how the holder of that key makes sure it remains secure, I was only working on the public end. As nicely demonstrated by the CSS system applied to DVDs. The old adage about every engineer can conceive of a crypto system that they could not themselves break, it perhaps worth keeping in mind. tis difficult to come up with any scheme that cannot be broken by a rogue employee revealing the secret formula tim |
#250
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On Tue, 14 Mar 2017 13:06:40 +0000 (GMT), Dave Plowman (News) wrote:
Spacing the capsules further apart would reduce the required timing resolution. Four mics at each corner of a 42" screen would give ToA differences up to a few milli seconds, far more manageable. If you're talking echo cancellation at highish fequencies, the accuracy needed for that is rather high too. ;-) Echo cancellation, as in mics and speakers in the same box, only needs event sync. Simple enough to match the wave forms between incoming stream and that coming back from the mic(s) to maximise cancelation. There is no need to make an absolute measurement that a ToA range finding system would require. -- Cheers Dave. |
#251
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 14/03/2017 16:51, Dave Plowman (News) wrote:
In article om, dennis@home wrote: So just what can be switched off on a laptop that wouldn't be needed under normal use? Generally when making things by the million you don't put in facilities that will never be needed. Lets see on mine.. The disk drive individual usb ports the keyboard back light the ethernet chip the wifi chip the screen back light half of the CPU and probably other stuff All of which to help with battery life. Yes and you asked for what reason? Domestic TVs normally run off the mains only. And most don't leave them powered up when not using them - unlike a computer. Why are you still going on about what's powered up on a TV? |
#252
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 14/03/2017 14:38, Dave Plowman (News) wrote:
In article . com, dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. You have said array mics work, I have posted links to where you can buy laser mics others have said how you can hack TVs what exactly are you claiming I have said that's impossible now? All you've said is such and such is practicable, but is banned by the unions. ;-) You're the only one to mention bans by unions. |
#253
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 14/03/17 13:06, Dave Plowman (News) wrote:
I've had a brilliant idea. Why not just have your snoop mic array inside the TV remote? That is far more likely to be close to where people are talking in the room. ;-) Been done.... http://amzn.eu/c58O5m0 :-) |
#254
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: On 14/03/2017 16:51, Dave Plowman (News) wrote: In article om, dennis@home wrote: So just what can be switched off on a laptop that wouldn't be needed under normal use? Generally when making things by the million you don't put in facilities that will never be needed. Lets see on mine.. The disk drive individual usb ports the keyboard back light the ethernet chip the wifi chip the screen back light half of the CPU and probably other stuff All of which to help with battery life. Yes and you asked for what reason? Are you really that incapable of following a discussion? Domestic TVs normally run off the mains only. And most don't leave them powered up when not using them - unlike a computer. Why are you still going on about what's powered up on a TV? Why are you on about anything? -- *If you can't see my mirrors, I'm doing my hair* Dave Plowman London SW To e-mail, change noise into sound. |
#255
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: On 14/03/2017 14:38, Dave Plowman (News) wrote: In article . com, dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. You have said array mics work, I have posted links to where you can buy laser mics others have said how you can hack TVs what exactly are you claiming I have said that's impossible now? All you've said is such and such is practicable, but is banned by the unions. ;-) You're the only one to mention bans by unions. Sigh. Thanks for confirming you can't even remember what you posted. Here's a reminder:- From: dennis@home Subject: Snooping TV. Date: Sat, 11 Mar 2017 12:50 Newsgroups: uk.d-i-y Really? Then I suggest you set up a company to do this. Being able to mic up a stage for, say, a musical without using personal mics would make you a fortune overnight. Do you think the unions would allow half the crew to be sacked? -- *Any connection between your reality and mine is purely coincidental Dave Plowman London SW To e-mail, change noise into sound. |
#256
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 14/03/2017 17:16, tim... wrote:
"John Rumm" wrote in message o.uk... On 13/03/2017 19:38, tim... wrote: It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product) You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances. I am not sure what you are referring to as signed binaries my understanding of signed binaries is to make sure that what you have received is what was sent, so that you don't try and load accidentally faulty code No, that would just be a checksum, or possibly a cryptographic hash like a MD5 checksum. the "encryption" used to make sure that the download is authentic, lies above that This is normally done with digital certification and a secured communications channel. The initial part of the secure session establishment will typically use public key cryptography (even if a higher performance symmetric algorithm is used once a secure key exchange can be done). The key pairs will be created on the fly. The digital signature is issued by a certification authority to guarantee that a public key paid is actually owned by who it claims to be owned by. So using this approach you get a good combination of protections without needing any hard coded keys that could be compromised, and you also get to verify you are actually talking to the right endpoint, and eliminate the potential for impersonation or "man in the middle" attacks. (Its the way web based https or other SSL channels connections are established example). Plenty more on it he https://en.wikipedia.org/wiki/Certificate_authority and https://en.wikipedia.org/wiki/Public_key_infrastructure The difficulty with those types of systems is that they fall about in a heap the moment the private key is compromised. I understand that this is the weak link but I also *know* that it is the technique used to control downloads of software in some safety critical applications - applications where the acceptance of hacked code could kill someone (if that were the intention of the hacker) I have no idea how the holder of that key makes sure it remains secure, I was only working on the public end. That's why modern systems will often use one time key pairs to initiate the channel. Once the connection is done with, the old keys are of no further value. As nicely demonstrated by the CSS system applied to DVDs. The old adage about every engineer can conceive of a crypto system that they could not themselves break, it perhaps worth keeping in mind. tis difficult to come up with any scheme that cannot be broken by a rogue employee revealing the secret formula The whole point of decent encryption is that there should be no secret stuff. The whole algorithm should be open and freely available. Any form of "security by obscurity" always fails. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#257
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
They use an adaptive finite impulse response filter where all the
filter coefficients can be varied. Once adaptation has completed the filter has an impulse response which is the complement of the impulse response of the speaker + room + microphone. If something changes, like a person moving around, there will be a slight echo that gradually disappears as re-adaptation takes place. The filter needs enough taps to delay the audio by a time corresponding to the reverberation time of the room in order to get "complete" cancellation. John |
#258
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 00:25, Dave Plowman (News) wrote:
In article . com, dennis@home wrote: On 14/03/2017 16:51, Dave Plowman (News) wrote: In article om, dennis@home wrote: So just what can be switched off on a laptop that wouldn't be needed under normal use? Generally when making things by the million you don't put in facilities that will never be needed. Lets see on mine.. The disk drive individual usb ports the keyboard back light the ethernet chip the wifi chip the screen back light half of the CPU and probably other stuff All of which to help with battery life. Yes and you asked for what reason? Are you really that incapable of following a discussion? Domestic TVs normally run off the mains only. And most don't leave them powered up when not using them - unlike a computer. Why are you still going on about what's powered up on a TV? Why are you on about anything? You are wiskey-dave AICMFP. |
#259
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 00:33, Dave Plowman (News) wrote:
In article . com, dennis@home wrote: On 14/03/2017 14:38, Dave Plowman (News) wrote: In article . com, dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. You have said array mics work, I have posted links to where you can buy laser mics others have said how you can hack TVs what exactly are you claiming I have said that's impossible now? All you've said is such and such is practicable, but is banned by the unions. ;-) You're the only one to mention bans by unions. Sigh. Thanks for confirming you can't even remember what you posted. Here's a reminder:- From: dennis@home Subject: Snooping TV. Date: Sat, 11 Mar 2017 12:50 Newsgroups: uk.d-i-y Really? Then I suggest you set up a company to do this. Being able to mic up a stage for, say, a musical without using personal mics would make you a fortune overnight. Do you think the unions would allow half the crew to be sacked? Well do you? Anyway I am going to ignore the rest of your none contributions. I no longer think you have a clue and think you are trolling. |
#260
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: On 15/03/2017 00:33, Dave Plowman (News) wrote: In article . com, dennis@home wrote: On 14/03/2017 14:38, Dave Plowman (News) wrote: In article . com, dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. You have said array mics work, I have posted links to where you can buy laser mics others have said how you can hack TVs what exactly are you claiming I have said that's impossible now? All you've said is such and such is practicable, but is banned by the unions. ;-) You're the only one to mention bans by unions. Sigh. Thanks for confirming you can't even remember what you posted. Here's a reminder:- From: dennis@home Subject: Snooping TV. Date: Sat, 11 Mar 2017 12:50 Newsgroups: uk.d-i-y Really? Then I suggest you set up a company to do this. Being able to mic up a stage for, say, a musical without using personal mics would make you a fortune overnight. Do you think the unions would allow half the crew to be sacked? Well do you? No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. Anyway I am going to ignore the rest of your none contributions. I no longer think you have a clue and think you are trolling. You've been learning from Trump. Deny what you've been shown to have said, then try and cover it up by changing the subject. And rather typical - full of 'it would be so easy to do' type of thing without ever having attempted it. So sad on what is meant to be a DIY group. -- *A plateau is a high form of flattery* Dave Plowman London SW To e-mail, change noise into sound. |
#261
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 13/03/2017 19:26, Dave Plowman (News) wrote:
In article l.net, Dave Liquorice wrote: You think the sort of mic array they use at a sporting event would be suitable for micing up a stage - where sound reinforcement is in use? That array of mics mounted along with the speakers - as you'd have to do with this snoop TV? As has been mentioned several times a simple bit of "echo cancelation" takes care of that. TWYM is 'helps take care of that.' The set already has the speaker sounds as a stream, might need a bit a EQ adjustment to better match that actually picked up by the mic(s). All relatively trivial for a set capable of the DSP required for handling HD video in real time. All very trivial. Until you try and do it with software and no access to the TV or room. I would have thought that for a TV with a built in mic, excising the TVs own audio output would be a standard part of the software - its going to need it for every occasion the mic is used. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#262
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article ,
John Rumm wrote: All very trivial. Until you try and do it with software and no access to the TV or room. I would have thought that for a TV with a built in mic, excising the TVs own audio output would be a standard part of the software - its going to need it for every occasion the mic is used. It does sound oh so easy in theory. You simply remove the signal to the speakers from the mic output. And I'm sure can be made to work quite well in an anechoic room. And to be able to recognise clearly spoken commands. But what it is being asked to do is somewhat different. To snoop on a conversation being held in the room. I'd love to actually hear the results of this. And some proof of where it has actually been used with success. -- *Why is it called tourist season if we can't shoot at them? Dave Plowman London SW To e-mail, change noise into sound. |
#263
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 10:48, Dave Plowman (News) wrote:
In article . com, dennis@home wrote: On 15/03/2017 00:33, Dave Plowman (News) wrote: In article . com, dennis@home wrote: On 14/03/2017 14:38, Dave Plowman (News) wrote: In article . com, dennis@home wrote: I don't claim anything, dennis. Just correct your illusions. So why do you keep making stuff up about how its impossible to do stuff so I have to show that it is? But you don't - that's the point. You have said array mics work, I have posted links to where you can buy laser mics others have said how you can hack TVs what exactly are you claiming I have said that's impossible now? All you've said is such and such is practicable, but is banned by the unions. ;-) You're the only one to mention bans by unions. Sigh. Thanks for confirming you can't even remember what you posted. Here's a reminder:- From: dennis@home Subject: Snooping TV. Date: Sat, 11 Mar 2017 12:50 Newsgroups: uk.d-i-y Really? Then I suggest you set up a company to do this. Being able to mic up a stage for, say, a musical without using personal mics would make you a fortune overnight. Do you think the unions would allow half the crew to be sacked? Well do you? No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. And if they are like you and can't work out how to use the technology? Anyway I am going to ignore the rest of your none contributions. I no longer think you have a clue and think you are trolling. You've been learning from Trump. Deny what you've been shown to have said, then try and cover it up by changing the subject. Its you that has made lots of claims that its impossible and then just tried to divert the thread when someone posts saying it has been done. Not once have you said "sorry I was wrong you can do that". And rather typical - full of 'it would be so easy to do' type of thing without ever having attempted it. So sad on what is meant to be a DIY group. Quite the opposite of what I actually said! I said the technicians wouldn't be able to do it but if you want to read that as easy then that's your problem. However I didn't claim it was impossible for someone clever to do it only that the unions wouldn't be very happy with sacking their members and letting someone else do the job. Its all very well the members embracing technology but they don't do it when they don't understand it as you have demonstrated. They certainly don't want people that do know how to do it taking their jobs. |
#264
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. And if they are like you and can't work out how to use the technology? Have you *ever* worked in anything which could even remotely be called industry? -- *I started out with nothing, and I still have most of it* Dave Plowman London SW To e-mail, change noise into sound. |
#265
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 14:53, Dave Plowman (News) wrote:
In article . com, dennis@home wrote: No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. And if they are like you and can't work out how to use the technology? Have you *ever* worked in anything which could even remotely be called industry? Have you ever worked where they design and make technology? |
#266
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
Dave Plowman wrote:
dennis@home wrote: I no longer think you have a clue and think you are trolling. You've been learning from Trump. Deny what you've been shown to have said, then try and cover it up by changing the subject. ISTR it was you that asked if the reported snooping stuff with TVs was feasible, several here gave answers that yes, given deep pockets it could be done, because TVs are mainly linux boxes in disguise now. You seem to have wanted to hear that is wasn't feasible at at all, and must all be a scare story, and have argued the toss over every point that people have said can be done to some extent or other ... |
#267
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article ,
Andy Burns wrote: Dave Plowman wrote: dennis@home wrote: I no longer think you have a clue and think you are trolling. You've been learning from Trump. Deny what you've been shown to have said, then try and cover it up by changing the subject. ISTR it was you that asked if the reported snooping stuff with TVs was feasible, several here gave answers that yes, given deep pockets it could be done, because TVs are mainly linux boxes in disguise now. Many things are feasible on paper. However, what most have been saying on here seems to have gone much further than what has been reported as happening. You seem to have wanted to hear that is wasn't feasible at at all, and must all be a scare story, and have argued the toss over every point that people have said can be done to some extent or other ... I'd want to see a decent example given. A transcript of something recorded in this way would do. After all, if it has worked, it must have resulted in stopping some heinous crime or other? -- *Be more or less specific * Dave Plowman London SW To e-mail, change noise into sound. |
#268
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article om,
dennis@home wrote: On 15/03/2017 14:53, Dave Plowman (News) wrote: In article . com, dennis@home wrote: No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. And if they are like you and can't work out how to use the technology? Have you *ever* worked in anything which could even remotely be called industry? Have you ever worked where they design and make technology? You think they design and make technology in the average theatre? If something like you've described - a method of using fixed mics mounted some way off to cover a stage performance for that audience - came along, it would first be demonstrated to interested parties. If it looked promising it would go on to trials in the field. If those were successful it would then be introduced. Only an idiot like you would expect anyone to buy something untried and untested because you *just know* it will work. -- *Sticks and stones may break my bones but whips and chains excite me* Dave Plowman London SW To e-mail, change noise into sound. |
#269
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
Dave Plowman (News) wrote:
I'd want to see a decent example given. A transcript of something recorded in this way would do. After all, if it has worked, it must have resulted in stopping some heinous crime or other? "they" are reluctant to use such intercept evidence in course, so they're hardly likely to show it to you or me ... |
#270
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
Andy Burns wrote:
"they" are reluctant to use such intercept evidence in course "in courts" ... |
#271
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 15:39, Dave Plowman (News) wrote:
In article om, dennis@home wrote: On 15/03/2017 14:53, Dave Plowman (News) wrote: In article . com, dennis@home wrote: No. The entertainment craft unions normally grab new technology and sort out a deal afterwards. And if they are like you and can't work out how to use the technology? Have you *ever* worked in anything which could even remotely be called industry? Have you ever worked where they design and make technology? You think they design and make technology in the average theatre? If something like you've described - a method of using fixed mics mounted some way off to cover a stage performance for that audience - came along, it would first be demonstrated to interested parties. If it looked promising it would go on to trials in the field. If those were successful it would then be introduced. Only an idiot like you would expect anyone to buy something untried and untested because you *just know* it will work. I think you are just arguing for nothing so I will be blunt.. the sound technicians wouldn't have a clue how to set it up and use it and there is no need to reinvent the wheel as nobody is spying on stage productions. Mics fitted to performers have other uses too, its harder to mime when they don't have a mic to hide their lips. You do recall this is about spying and not stage performances? Its already proven that the array mic technology works, why it is used for some stuff and not others is nothing to do with spying. Just accept that if the CIA/GCHQ wanted to hack your smart TV they could and with your knowledge you wouldn't know. |
#272
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
"John Rumm" wrote in message o.uk... On 14/03/2017 17:16, tim... wrote: "John Rumm" wrote in message o.uk... On 13/03/2017 19:38, tim... wrote: It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product) You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances. I am not sure what you are referring to as signed binaries my understanding of signed binaries is to make sure that what you have received is what was sent, so that you don't try and load accidentally faulty code No, that would just be a checksum, or possibly a cryptographic hash like a MD5 checksum. the "encryption" used to make sure that the download is authentic, lies above that This is normally done with digital certification and a secured communications channel. the whole idea is that there isn't a secure communications channel The initial part of the secure session establishment will typically use public key cryptography (even if a higher performance symmetric algorithm is used once a secure key exchange can be done). The key pairs will be created on the fly. The digital signature is issued by a certification authority to guarantee that a public key paid is actually owned by who it claims to be owned by. but you said that there were places that would create dodgy certificates So using this approach you get a good combination of protections without needing any hard coded keys that could be compromised, and you also get to verify you are actually talking to the right endpoint, and eliminate the potential for impersonation or "man in the middle" attacks. (Its the way web based https or other SSL channels connections are established example). Plenty more on it he https://en.wikipedia.org/wiki/Certificate_authority and https://en.wikipedia.org/wiki/Public_key_infrastructure thanks The difficulty with those types of systems is that they fall about in a heap the moment the private key is compromised. I understand that this is the weak link but I also *know* that it is the technique used to control downloads of software in some safety critical applications - applications where the acceptance of hacked code could kill someone (if that were the intention of the hacker) I have no idea how the holder of that key makes sure it remains secure, I was only working on the public end. That's why modern systems will often use one time key pairs to initiate the channel. Once the connection is done with, the old keys are of no further value. but how do you tell the device that you are communication with, the new key in a secure way? What stops someone cloning this process? Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link tim |
#273
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 11:53, Dave Plowman (News) wrote:
In article , John Rumm wrote: All very trivial. Until you try and do it with software and no access to the TV or room. I would have thought that for a TV with a built in mic, excising the TVs own audio output would be a standard part of the software - its going to need it for every occasion the mic is used. It does sound oh so easy in theory. You simply remove the signal to the speakers from the mic output. And I'm sure can be made to work quite well in an anechoic room. In practice it seems to work quite well. Have you never tried having a skype conversation without using a headset - i.e. with a web cam type setup where the mic can "hear" the computer's speaker output? I have done it many times and not had any difficulty making out what was being said. Likewise the voice recognition on my phone seems quite able to take dictation in the noisy environment of my car, and that actually requires digital voice recognition. And to be able to recognise clearly spoken commands. Its does not even need to do that - all we are talking about is recording the ambient audio - any interpretation of it could be done later (if if that is pre-scanned by a computer for key words etc). But what it is being asked to do is somewhat different. To snoop on a conversation being held in the room. Which is obviously far simpler... I'd love to actually hear the results of this. If you have a laptop, lob it in the corner of the room, turn the TV on, and then have a conversation. See what you can recognise of the conversation. I would expect that for "normal" TV volume levels you will have no difficulty making out every word without any echo cancellation or other processing. And some proof of where it has actually been used with success. I don't expect your average CIA/NSA operative is going to spell out chapter and verse how they obtained a covert recording. Personally I can't see any technical limitation to stop a TV making an audio recording if it has a mic and an internet connection. Even without the sophisticated signal processing I expect it would work quite well. The more difficult bit is getting your spyware onto the TV in the first place. Even if there is no easy[1] way to do this remotely, its almost certain to be vulnerable if you have physical access to the hardware - and in all likelihood that will be the case, given the nature of your adversary. [1] also given deep pockets, "easy" is not a pre-requirement either. Exceedingly hard and expensive is also acceptable if it yields valuable enough intelligence. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#274
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
In article . com,
dennis@home wrote: I think you are just arguing for nothing so I will be blunt.. the sound technicians wouldn't have a clue how to set it up and use it and there is no need to reinvent the wheel as nobody is spying on stage productions. I merely mentioned it as a way for you to make your fortune. Since you believe it feasible. I can absolutely assure you if you could make it work there'd be a queue at your door. Mics fitted to performers have other uses too, its harder to mime when they don't have a mic to hide their lips. I'm sure that makes sense to you. Perhaps you'd try again in English? You do recall this is about spying and not stage performances? Then why did you say the technique would work perfectly there? -- *You're never too old to learn something stupid. Dave Plowman London SW To e-mail, change noise into sound. |
#275
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 15/03/2017 17:07, tim... wrote:
"John Rumm" wrote in message o.uk... On 14/03/2017 17:16, tim... wrote: "John Rumm" wrote in message o.uk... On 13/03/2017 19:38, tim... wrote: It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product) You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances. I am not sure what you are referring to as signed binaries my understanding of signed binaries is to make sure that what you have received is what was sent, so that you don't try and load accidentally faulty code No, that would just be a checksum, or possibly a cryptographic hash like a MD5 checksum. the "encryption" used to make sure that the download is authentic, lies above that This is normally done with digital certification and a secured communications channel. the whole idea is that there isn't a secure communications channel The initial part of the secure session establishment will typically use public key cryptography (even if a higher performance symmetric algorithm is used once a secure key exchange can be done). The key pairs will be created on the fly. The digital signature is issued by a certification authority to guarantee that a public key paid is actually owned by who it claims to be owned by. but you said that there were places that would create dodgy certificates That is also why there is a revocation mechanism. If a certificate itself is compromised it can be revoked, and the same applies to a certification authority as well (in fact one was recently removed). That's why modern systems will often use one time key pairs to initiate the channel. Once the connection is done with, the old keys are of no further value. but how do you tell the device that you are communication with, the new key in a secure way? What stops someone cloning this process? Because the security certificate is tied to a particular domain name and IP address as well. Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link Which "this" are you referring to in particular? True multipoint comms (e.g. multicast) on the internet is still fairly rare - so frequently single source to multiple hosts will still typically be a point to point link (even in things like iplayer etc). Multicast also has the disadvantage that you can't so easily establish a reliable channel over it. This may not matter for the streaming applications it was intended for (where the timelyness of the data are as or more important than their absolute correctness), but it will be a big obstacle for doing things like software updates to multiple devices. So you have to rely on Forward Error Correction (FEC) to correct errors. (There are some slightly more obscure protocols that layer on top of UDP to give some error protection) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#276
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
"John Rumm" wrote in message o.uk... On 15/03/2017 17:07, tim... wrote: Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link Which "this" are you referring to in particular? the way that updates are downloaded to TVs etc the one that is currently insecure, that we need to make secure, to stop the spooks using it to download their dodgy software. It's already been suggested that if the spooks have access to a specific TV so that they can download the code manually, they can just as easily plant some normal bugs and not have to engage in the expensive task of re-engineering the TV's software True multipoint comms (e.g. multicast) on the internet is still fairly but these devices are not always "on the internet" the devices that I worked with were not And I'm still interested in how I make that download of new software secure, without having to resort to "keeping the key secret" (as will my ex-employer and his clients - world leading in their sector, though not internet security obviously) tim |
#277
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 16/03/2017 18:16, tim... wrote:
"John Rumm" wrote in message o.uk... On 15/03/2017 17:07, tim... wrote: Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link Which "this" are you referring to in particular? the way that updates are downloaded to TVs etc the one that is currently insecure, that we need to make secure, to stop the spooks using it to download their dodgy software. Keep in mind in the case cited they used physical access and USB to hack the set. If the spooks were really keen they could hack a set before the owner got it, or apply pressure to the maker to help them. It's already been suggested that if the spooks have access to a specific TV so that they can download the code manually, they can just as easily plant some normal bugs and not have to engage in the expensive task of re-engineering the TV's software True, but a normal bug could be found, whereas finding your TV in the living room may come as less of a surprise! True multipoint comms (e.g. multicast) on the internet is still fairly but these devices are not always "on the internet" What smart TVs? They are normally on the network full time. Mine appear on windows machines as a DLNA compatible output device. Some of the older non smart TVs had ethernet only for updates etc. the devices that I worked with were not And I'm still interested in how I make that download of new software secure, without having to resort to "keeping the key secret" (as will my ex-employer and his clients - world leading in their sector, though not internet security obviously) Real security is a difficult game, and the rules change depending on who you are trying to defend against. A combination of certificated sources, and signed binaries is probably the best approach. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#278
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
"John Rumm" wrote in message o.uk... On 16/03/2017 18:16, tim... wrote: "John Rumm" wrote in message o.uk... On 15/03/2017 17:07, tim... wrote: Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link Which "this" are you referring to in particular? the way that updates are downloaded to TVs etc the one that is currently insecure, that we need to make secure, to stop the spooks using it to download their dodgy software. Keep in mind in the case cited they used physical access and USB to hack the set. If the spooks were really keen they could hack a set before the owner got it, or apply pressure to the maker to help them. It's already been suggested that if the spooks have access to a specific TV so that they can download the code manually, they can just as easily plant some normal bugs and not have to engage in the expensive task of re-engineering the TV's software True, but a normal bug could be found, whereas finding your TV in the living room may come as less of a surprise! True multipoint comms (e.g. multicast) on the internet is still fairly but these devices are not always "on the internet" What smart TVs? They are normally on the network full time. Mine appear on windows machines as a DLNA compatible output device. Some of the older non smart TVs had ethernet only for updates etc. non-smart TVs use OTA broadcast for updating it is always there and requires no user intervention, and because it's TV already has all the necessary stuff for receiving the broadcast tim |
#279
Posted to uk.d-i-y
|
|||
|
|||
Snooping TV.
On 17/03/2017 10:45, tim... wrote:
"John Rumm" wrote in message o.uk... On 16/03/2017 18:16, tim... wrote: "John Rumm" wrote in message o.uk... On 15/03/2017 17:07, tim... wrote: Remember, this is a download being broadcast to 100,000 (or 1 million) separate devices all at the same time This isn't a point to point communications link Which "this" are you referring to in particular? the way that updates are downloaded to TVs etc the one that is currently insecure, that we need to make secure, to stop the spooks using it to download their dodgy software. Keep in mind in the case cited they used physical access and USB to hack the set. If the spooks were really keen they could hack a set before the owner got it, or apply pressure to the maker to help them. It's already been suggested that if the spooks have access to a specific TV so that they can download the code manually, they can just as easily plant some normal bugs and not have to engage in the expensive task of re-engineering the TV's software True, but a normal bug could be found, whereas finding your TV in the living room may come as less of a surprise! True multipoint comms (e.g. multicast) on the internet is still fairly but these devices are not always "on the internet" What smart TVs? They are normally on the network full time. Mine appear on windows machines as a DLNA compatible output device. Some of the older non smart TVs had ethernet only for updates etc. non-smart TVs use OTA broadcast for updating it is always there and requires no user intervention, and because it's TV already has all the necessary stuff for receiving the broadcast True, but some of them also have ethernet which allows access to updates and diagnostics that way in addition to the OTA updates. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|