Re: Smaller Companies - Bugs
Peter 26 you mean like this, where the amazon xss was reported? :)
274 posts • joined 26 Sep 2007
Peter 26 you mean like this, where the amazon xss was reported? :)
My extremely rough calculations using google earth suggest that if the spaceport was built in Hastings in east sussex we could drop all our spent first stages on Brussels, assuming they land about 160miles east of the launch site like the shuttle SRB's
Dont forget .horse
www.campus-party.eu i give up, whats that got to do with it?
Typos in where you load scripts from is another possibility :)
If anyone wants to try to get todospelaeducacao/clubviaggi to fix their sites be my guest I failed miserably to contact them.
You can watch the talk with an English audio translation here:
The folks who do the videos at the CCC are awesome :)
Whois is not the only way to let the world know a company has annoyed you
Where can I get their magic batterys that allow more than about 15 mins of flight time and their fantastic propellers that allow flight without the model aircraft sounding like a million angry bees that make all this nefarious use practical?
A camera on a stick is a more realistic threat model for peering in upper floor windows, when are we going to see a house of lords committee on the threat posed by sticks and gaffer tape?
Could we not just go back to calling them model aircraft and stop worrying?
JohnB that is probably a U3 drive, its like that by design, the manufacturers website will probably have a U3 removal tool on their support site to turn it into a normal usb drive if you wish to do so.
Flocke Kroes Im probably wrong but my understanding from the article is that they seem to be using one shellshock vulnerable device as a beachead from which to launch brute force login attacks against other devices on the same network as the shellshocked device, not that busybox itself is vulnerable.
Its probably for the best, if they had called it Gnome they would have been crushed by misdirected support calls.
OMG the terror! Mobilise the troops and set the threat level to Purple Alert!
I can only hope for something this srs they have got Jack Bauer on the case.
How long do you think it will be until someone finds a baseband vuln that can be exploited over the air interface so you can drive down the street with a fake bts in the car messing with all the meters.
Another washer that will take an absolute beating is ASEA, who i think have now been bought by ASKO, I can remember playing in the box it came in as a child and im 38 now and my parents are still using it, my dad had to fix it once and when he opened it it had the schematic included inside printed on waterproof paper.
I think they were also built under license by Maytag, but its been a long time so i have no idea what they are like now, but the fact they used induction motors so you didnt have to replace brushes is a big plus.
Theres more than one way to skin a cat
You jest about thermonuclear snails but the UK considered nuclear chickens at one point ::)
I cant think of a sensible way to prevent this other than maybe an option to have all non-ascii characters printed as inverted so it screams scammy url, thats the best i could come up with.
I just checked and llοydsbank.com ( xn--llydsbank-r1g.com ) and nаtwest.com ( xn--ntwest-3nf.com ) both appear to be available, the other uk banks i checked, Barclays and Santander appear to use a .co.uk domain which seems sensible since nominet doesn't support internationalised domain names.
"No country in the world allows dissemination of information of rumors, violence, cheating, sex and terrorism."
They have never read youtube comments then. :)
The NSA beat them to it :)
Whilst this is rewriting the code on an existing USB drive the attack vector they describe, a combined mass storage/HID keyboard usb stick, can be purchased here from hack5 the same people who brought you the wifi pineapple:
If your interested in messing with USB thumb drives the software to reprogram them is reasonably easy to find but id reccomend only using it in a VM as it tends to come from strange chinese websites.
I found this talk incredibly helpfull in chasing down the software https://www.youtube.com/watch?v=ZdzTRkojzwU but never got beyond messing making my test drives appear as a combined CDrom/flash stick and giving the drives stupid names, im guessing with considerable effor the firmware in the flash tool could be disassembled and patched to do bad things.
I hope Russia does build its own CPU's but ill be most upset if they use 64 bit ARM, Id like to see a SETUN 2.0 because the world needs a ternary CPU :)
Im sure i read once about trying to make a plasma channel using incredibly short pulses from a UV laser that became self focusing due to the physics.
However if it was achieved it wouldnt be used for anything as humanitarian as dissipating lightening (preventing a fair few wildfires) it would herald the era of Tom Swift's electric rifle and even more efficient warfare.
@condiment and the moral of that story is the good Samaritan would have been better off if he had walked on by and let the kid get run over, its a wonderful society were building isn't it.
"What kind of people sign up for Talk Talk service?"
1, *Buy/build (its open source) this bluetooth TNC: http://www.mobilinkd.com/
2, Check this out to your laptop: https://github.com/lulzlabs/AirChat
2a, Or port to java app for your phone if you like.
3, Buy cheap Baofeng UV-5R radio off ebay for £25
4, Keep moving so OFCOM don't catch you in the unlikely event they aren't asleep at the wheel
*You dont actually need the TNC and indeed it probably isnt supported with airchat as is, it just uses the soundcard of a laptop as a modem but using a TNC shouldnt require too much of a change
Hmm i looked at their list and wasnt overly impressed:
CONCRETE DONKEY -> robodialer, presumably rented out in spare time to PPI and solar panel companys
BUMPERCAR -> clicking on the report this video button
CLUMSY BEEKEEPER -> IRC bot
BADGER -> spam
BOMB BAY -> link farming
BURLESQUE -> SMS spam
GAMBIT -> Wifi pineapple
GLITTERBALL -> excuse to play sadville in work time
IMPERIAL BARGE -> standard level of service from BT
PITBULL -> IM spam
GATEWAY -> too small a botnet to actually DDOS
SERPENTS TONGUE -> who the fuck uses fax anymore, do they also have attacks on telex??
SKYSCRAPER -> uploading videos to youtube
SWAMP DONKEY -> repackaged cryptolocker virus
OUTWARD -> GNU inetutils, nmap dig etc
SLAMMER -> probably an internal wiki give how unimpressive the rest is
HAVOK -> ettercap
WURLITZER -> multiupload.biz
Yeah and eventually google will serve me ads i'm actually interested in and my mobile phone providers coverage map will be accurate.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If only somebody had had the foresight to enshrine the people right to privacy by including some text such as that above in the country's basic principles of law, and had the foresight to predict the invention of the telegraph/telephone/internet and stipulate they were extensions of paper based communication so future dullards wouldn't try to weasel the people out of this protection.
Dunno about getting malware onto the machine but slurping data off an infected machine by FM radio seems like it would be doable, since there is basically a proof of concept for the Raspberry PI already:
@OrsonX Actually GCHQ do care about your sexts:
Amazon should speak to the cunning Lithuanian smugglers that beat them to market :)
Given a name like "Callam McMillan" Im going to go out on a limb and guess the poster is of Scottish descent and probably in the UK, If that is true he was bloody lucky it was dry enough to start a campfire, UK camping holidays usually involve monsoon like rain until the day you leave when it brightens up a bit :)
Apparently they were MIG 21 jets not large bypass turbo fans, you can see a short clip of "Big Wind" in action here:
How about a law that all porn and filesharing must be IPv6 only, everyone would be on IPv6 by the end of the week :)
There you go, as mentioned by Wade Burchette improving the standard of living for emerging economy's will sort out population growth, Id highly recommend looking at other talks by Hans Rosling too.
Personally Id like to see more research into either Thorium cycle or maybe Fast neutron reactors as a source of clean electric for the future.
"Besides, how do define decent service?"
Youtube 480p no buffering
/me glares at Sky's craptastic "pro" substitute for Be.
Can we get the UK redefined as a developing country so we can get some of that fibre goodness too?
Due to my lazyness and it not going shit until they migrated be a few weeks ago I stayed where I was, but it looks like I will be jumping ship soon, I was very unimpressed with them updating my router and as far as I could tell locking the DNS options, I dont appreciate having to use the telnet interface to reconfigure the DNS especially as a the tg585 telnet shell is arcane and strange, or as I ended up doing backing up the config editing it to remove all their administrative backdoors and reloading it.
Then to top it all off youtube doesnt work in the evenings without either degrading to a jumble of coloured blocks or severe buffering if you try to set it to a sane resolution (the no bandwidth in the evening was both pre and post fixing the router settings).
It all worked flawlessly for years with BE, even if the bebox is a bit shit.
A similar system has already been developed at Stanford by Manu Prakash, the Foldscope, apparently it costs around 50 cents, has an XY stage of sorts and can project the image in a darkened room.
My only question I have is where can I buy some?
Its all well and good until some cock uses an arduino/rtlsdr/cc430 etc to sniff the remote ID and and them make your house look like close encounters of the third kind turning everything on and off randomly.
Seriously would some form of security really have killed them?
If anyone had this near me I would be that cock just for the lulz :)
Don't tell me its better, show me:
For everybody who has posted here citing their dismay at this purchase have you considered looking at CastAR from technical illusions http://technicalillusions.com/
They are currently in development and I believe their kickstarter is slated to ship the first hardware some time after September this year.
The demonstrations of tabletop multi-person 3D play were enough to persuade me I want this.
The Z1 is much better with its Buzz lightyear green and white vibe.
Although if you added a pair of circular antennas to the Z2 helmet it would have echos of Robbie the robot.
Orange have filled their phone with shitware? I shall file that right next to my report on ursine defecation habits.
Of far more interest has anyone written a script for the ASDA signup page to let you spam the shit out of a range of phone numbers with activation codes? I cant be the only one whose mind went there first.
"I also wish those horrible people at Microsoft would do an update where the default "Hide known extensions" is not ticked."
If i could upvote that 1000 times, its the first thing I change on a fresh install.
Especially when you cant trust the icons to tell you the filetype when you can take your malware.exe and set its icon to look like the windows folder icon/pdf icon etc
That stupid preselected option has alot to answer for.
FFS next they will be charging to remove the NSA spyware from their bios :)
I just had a really cursory check of the web.de website, turn on developer console of firefox and have a look and what do i see:
"Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."
They don't actually give a shit about user security :)
Don Jefe have you seen how many screws are inside an iphone5?
Dont get me wrong they are really quite impressive mechanically but there are loads and loads and loads of damn fiddely screws in there holding it all together, its like a swiss watch.
"And it is impossible for anyone to modify USB drivers so the key exchange happens before anything else gets passed on it?"
And nobody would ever think to send a longer key than was expected :)