Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free
Carmaker won't void warranties, fling sueballs at pros seeking security vulnerability rewards
[...] Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its bug bounty program.
The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in its code, provided they have suitably enrolled in the Elon Musk-run biz's bounty program. And any sanctioned searching can be carried out with worrying about being sued by Tesla's legal eagles.
"If, through your good-faith security research, you (a pre-approved, good-faith security researcher) cause a software issue that requires your research-registered vehicle to be updated or 'reflashed,' as an act of goodwill, Tesla shall make reasonable efforts to update or 'reflash' Tesla software on the research-registered vehicle by over-the-air update, offering assistance at a service center to restore the vehicle's software using our standard service tools, or other actions we deem appropriate," Tesla's updated security policy now reads.
(Score: 2) by ikanreed on Friday September 07 2018, @02:46PM (3 children)
Only pedos do that.
(Score: 1) by Sulla on Friday September 07 2018, @04:47PM (2 children)
I think it was fair of Musk to make that joke about any ex-pat that runs off with his money earned in the west to hang out indefinitely SE Asia living like a king. It was pretty common to joke about anyone who goes to SE Asia doing this a couple of years ago.
Ceterum censeo Sinae esse delendam
(Score: 3, Insightful) by ikanreed on Friday September 07 2018, @06:14PM (1 child)
Yeah, no, it's not "fair" to have a dispute with someone over the facts of an event and mentally shortcircuit to calling them a pedophile to literally millions of people. What's wrong with you? That's a completely awful thing to do.
(Score: 3, Funny) by takyon on Friday September 07 2018, @08:45PM
2045 News: King of Mars Elong Musky CLAIMS the sacred right of JUS PRIMAE NOCTIS, checks every p00ssy on the colony *Personally*. Age of consent: 6 Martian years.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by urza9814 on Friday September 07 2018, @02:51PM (2 children)
This wouldn't even be necessary if Tesla wasn't doing everything in their power to prohibit and block any attempts to repair these vehicles. You can't even buy a single bolt from them without jumping through hoops to prove you're "approved". Wonder how difficult it's going to be to get approved for this program?
(Score: 2) by Arik on Friday September 07 2018, @03:25PM (1 child)
If every or nearly ever or frankly, probably, if even 10% of the folks that came in to buy a Tesla wound up walking right back out without one (which is what should have happened because no one would sign such a completely unconscionable set of terms without a gun to the head!) then the problem would have been solved right at the start. Instead of festering.
But no, most people are dumb sons of bitches that just sign anything some smooth-talking con man like Musk wants them to sign, so no one gets the benefits of a working market.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Interesting) by urza9814 on Friday September 07 2018, @03:40PM
Yup, no disagreement there.
But this isn't a new or unique problem either...pretty sure I've made almost the exact same point on a couple other articles this week about other security issues. People assume that as long as they use a sufficiently popular product, someone else will be forced to bail them out in case of any serious problem. The worst part is it's not even a terrible strategy, they're more or less correct. What I can't figure out is how the fuck we could convince them to do otherwise...because that seems to be the only way we're ever going to fix this bullshit.
(Score: 3, Interesting) by requerdanos on Friday September 07 2018, @02:53PM (1 child)
Just as with the "Tesla Does Not Give A Rat's Red Rear End About Complying With Software Licensing Stories", the resolution for this one is also:
"TESLA SUCKS SLIGHTLY LESS BUT STILL SUCKS HARD".
(The outcome of the software licensing problems [linux.com] was that Tesla, instead of refusing to provide any source code to comply with the licenses of the free software they had appropriated and modified, started to provide some source code, while still carefully and deliberately failing to comply with the licenses involved, while boldly and falsely declaring that they were "MAKING THE SOURCE CODE AVAILABLE." The outcome here is that instead of going to war with security researchers, they are declining for the moment to attack (only) their pet researchers, while still at war with the majority of security researchers, while boldly and falsely declaring "TOTALLY NOT MAKING WAR ON SECURITY RESEARCHERS".)
Tesla is a malicious DRM delivery company that uses 3G/4G networked cars to deliver its DRM. (The Tesla fans here argue with this; I expect to see some of that below. But they argue around it--not against it--because all of us are working with the same set of Tesla-Owns-U facts.)
(Score: 2) by MostCynical on Friday September 07 2018, @09:45PM
There is a fundamental issue with vehicles (cars, boats, aeroplanes..)
Once they can be modified, things can go wrong.
You local motor vehicle inspection can see that you haven't bolted your 454 into your 1960 Chev properly, or you brakes are not working.
Once you get to modified code (in frimware, or where ever) no one from local mechanic to the inspectors to the manufacturer will be a bly to certify that your changes are safe.
They can't even do that with any vehicle, now, but insurance and things like ATSB help "correct" things when they go wrong.
Even if Tesla released all the code, (because "license") there is an arguement that bad actors will find exploits and use them, rather than let the company/world know.
As Boeing or Airbus to release the code of a modern jet.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Friday September 07 2018, @03:08PM
He must have said it during one of these [nymag.com] interviews.
(Score: 0) by Anonymous Coward on Friday September 07 2018, @04:03PM (6 children)
we're not covering the midnight pot-smoking whiskey drinking comedy where he demolished its stock- and bond-prices that prompted the company's heads of HR and accounting to leave, making this gesture something like a stoner's plea of 'don't hurt me man'. i'm good with that.
(Score: 2) by takyon on Friday September 07 2018, @04:29PM (4 children)
https://www.bbc.com/news/technology-45445554 [bbc.com]
It's not international news when any of Rogan's hundreds of other guests smoke the weed and hit the bottle.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Insightful) by Anonymous Coward on Friday September 07 2018, @06:48PM (1 child)
agreed. plus the only geeky thing there is the insane amount of trust and money the stunt cost our favorite baby-face -- which would quickly into a cautionary tale of the dangers we as geeks face from ego-inflation and god-complexes. these are actually things that are knowable-about and utterly terrifying to most of us that have not challenged that sort of stuff before. so better not read the 10 pages of chapter 3 of https://archive.org/details/C.G.JungCollectedWorksVol7Part1TheEffectsOfTheUnconsciousUponConsciousness [archive.org] unless you're into watching archetypal tragedies unfold ;)
(Score: 0, Troll) by Ethanol-fueled on Saturday September 08 2018, @12:22AM
This is how you know Musk ain't CIA like every other face in Big Tech, who look and act like robots. And in Zuckerburg's case, Gay Jewish Robots.
(Score: 0) by Anonymous Coward on Friday September 07 2018, @08:19PM (1 child)
Well, 98% of his other guests aren't internationally known, for starters.
(Score: 2) by takyon on Friday September 07 2018, @08:36PM
It's just very hollow "news", although the Musky One shares some of the blame, for making himself into a science-fiction idol and then embarking on a downward spiral. Sad!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by takyon on Friday September 07 2018, @10:07PM
Elon Musk’s Blunt-Toking Goodwill Tour Isn't Enough to Save Tesla [wired.com] (archive [archive.fo])
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday September 10 2018, @11:37AM
Next week, the government allows Wikileaks to publish documents, but only those the government has pre-approved them to publish.