Berkeley CSUA MOTD:Entry 16348
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/09 [General] UID:1000 Activity:popular
7/9     

1999/8/19-20 [Computer/SW/Security] UID:16348 Activity:high
8/19    Is it possible to disrupt GPS signal? Can Russians/Chinese send
        a satellite that sends false signal?
        \-well i guess i am now the gps "expert". well, yes, of course
        the system/signal can be disrupted. whether it can be spoofed
        is a trickier question ... because that is a detection-evasion
        issue. the answer depends on what scenario you are looking at.
        there is considered anti-spoofing engineering that has gone into
        the system and the protocol/signal design. if you have a more
        specific question, i may have a more specific answer. --psb
        \_ whatever.  zip your pants back up.
        \_ Not to mention that the signal is encrypted (PPS) and purposefully
           munged (bias in SPS). --dim
                \-the question is about a hostile attack [denial/spoof] which
        is different from an attack on an encryptions system [which is about
        extracting info, not restricting info or false info] so this normal
        mode isnt especially relevant. you seem to be getting at the source of
        errors. there are a huge number of sources of errors, some of them
        mathematical and contrived, other from circumstances [signal quality
        where you are, HDOP, etc.] or from nature [ionospheric delay [also
        measured in L2 channel]]. SPS bias [called SA] is usually about
        100m XY, 150m Z, and 350ns time but this too is varied to limit how
        much refining youc an do by long observations in carrier phase mode.
        on the L2 [secure channel], in addition to the normal encryption
        [P code], there is hardened mode for spoof detection which involves
        re-encrypting the L2 signal into Y code ... you need an even higher
        clearance for Y than PPS. i will now have to kill all of you. --psb
        \_ I was more addressing the "false signal" aspect than the
           "interrupt" aspect. Since the signal is encrypted, it would
           seem it would be difficult to spoof unless the spoofed signal
           used the same encryption algorithm. --dim
                \not necessarily. i am not sure if a "playback attack" would
        work because time is part of the encoding but in theory you could
        record the L2 telementary and just play it back at the wrong time.
        i am not sure what recievers would do with that. again it depends
        how exotic a scenario you want to envision ... i mean if the russian
        can park a mini-black hole next to the SV and slow down the cesium and
        rubidinum clocks on the satellite that would work too. i mean yes
        your answer acknowledges "there is some security in the system". --psb
        \_ A playback attack of this sort is (if it worked) basically a
           denial of service attack. I was more referring to an attack
           that would result in a diabolical signal skewed from the
           original by some known coordinates. It might be possible, but
           not easy to do. I agree that denial of service is the simplest
           way to go, but it's more obvious and less vile. --dim
                \-this is not what is usually considered a DoS. That would be
        more analogous to blocking the signal or some other way of preventing
        satellite lock. that's a spoof attack. --psb
        \_ Semantics. Using a spoof attack to deny service. Depends on
           what the original poster meant by "false signal". Of course,
           now that I think about it, wouldn't the original signal have
           to be jammed in some way first? How would the receivers react
           to multiple signals? --dim
                \-if i spoof a source address and use this to break into your
        machine and i use that to read your resume to find out your home
        address and then come over and cut your fingers off, i wouldnt call
        that a DoS or a spoof attack. what would you call it? nice account
        name. --psb
        \_ Dude, chill out on the coffee. You know what I meant and that's
           why I used the word "basically". --dim
                \-psb      ttyPv   Aug 10 00:38   (coffeehut.lbl.gov)
        \_ So it sounds easy to "disrupt" signal. So how hard can it be for
           Milosevich to send out GPS signals? If he had done it from the
           beginning, then there wouldn't be any cruise missile right?
        \_ Yeah I totally saw this in a movie and like though James Bond was
           like really cool with thise Chinese chick and they like you know
           figured it out and stopped the bad guy and totally were on the
           make so yeah the Russians can probably do it and steal our people
           who are out boating and stuff and make them boat to Russia and be
           held captive while hiking and stuff so like uh huh nuke 'em before
           they take over the GPS because then they could boatjack our navy
           and make these really cool ufos the airforce have get confused and
           land in China or Russia or Iraq!!!!
2025/07/09 [General] UID:1000 Activity:popular
7/9     

You may also be interested in these entries...
2013/12/28 [Computer/SW/Security] UID:54760 Activity:nil
12/28   Happy holidays everyone.
        For some reason my work's ip address gets logged in /etc/hosts.deny and\
I cannot ssh in anymore from work
        (except from home where I can ssh in fine): anyone knows if this file is\
 auto-generated due to some event? Thanks
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil
5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...