259 posts • joined 26 Sep 2007
Re: Anywhere in the world within 60 minutes?
You jest about thermonuclear snails but the UK considered nuclear chickens at one point ::)
Use .co.uk to reduce your phishing risk :)
I cant think of a sensible way to prevent this other than maybe an option to have all non-ascii characters printed as inverted so it screams scammy url, thats the best i could come up with.
I just checked and llοydsbank.com ( xn--llydsbank-r1g.com ) and nаtwest.com ( xn--ntwest-3nf.com ) both appear to be available, the other uk banks i checked, Barclays and Santander appear to use a .co.uk domain which seems sensible since nominet doesn't support internationalised domain names.
"No country in the world allows dissemination of information of rumors, violence, cheating, sex and terrorism."
They have never read youtube comments then. :)
The NSA beat them to it :)
USB Rubber Ducky
Whilst this is rewriting the code on an existing USB drive the attack vector they describe, a combined mass storage/HID keyboard usb stick, can be purchased here from hack5 the same people who brought you the wifi pineapple:
If your interested in messing with USB thumb drives the software to reprogram them is reasonably easy to find but id reccomend only using it in a VM as it tends to come from strange chinese websites.
I found this talk incredibly helpfull in chasing down the software https://www.youtube.com/watch?v=ZdzTRkojzwU but never got beyond messing making my test drives appear as a combined CDrom/flash stick and giving the drives stupid names, im guessing with considerable effor the firmware in the flash tool could be disassembled and patched to do bad things.
Custom russian silicon
I hope Russia does build its own CPU's but ill be most upset if they use 64 bit ARM, Id like to see a SETUN 2.0 because the world needs a ternary CPU :)
Re: Didn't know about the relative time frames of pulse and survival of the light guide
Im sure i read once about trying to make a plasma channel using incredibly short pulses from a UV laser that became self focusing due to the physics.
However if it was achieved it wouldnt be used for anything as humanitarian as dissipating lightening (preventing a fair few wildfires) it would herald the era of Tom Swift's electric rifle and even more efficient warfare.
Re: I have to defend the police here...
@condiment and the moral of that story is the good Samaritan would have been better off if he had walked on by and let the kid get run over, its a wonderful society were building isn't it.
Re: Wrong Category
"What kind of people sign up for Talk Talk service?"
Roll your own
1, *Buy/build (its open source) this bluetooth TNC: http://www.mobilinkd.com/
2, Check this out to your laptop: https://github.com/lulzlabs/AirChat
2a, Or port to java app for your phone if you like.
3, Buy cheap Baofeng UV-5R radio off ebay for £25
4, Keep moving so OFCOM don't catch you in the unlikely event they aren't asleep at the wheel
*You dont actually need the TNC and indeed it probably isnt supported with airchat as is, it just uses the soundcard of a laptop as a modem but using a TNC shouldnt require too much of a change
the /b/tards have a better arsenal
Hmm i looked at their list and wasnt overly impressed:
CONCRETE DONKEY -> robodialer, presumably rented out in spare time to PPI and solar panel companys
BUMPERCAR -> clicking on the report this video button
CLUMSY BEEKEEPER -> IRC bot
BADGER -> spam
BOMB BAY -> link farming
BURLESQUE -> SMS spam
GAMBIT -> Wifi pineapple
GLITTERBALL -> excuse to play sadville in work time
IMPERIAL BARGE -> standard level of service from BT
PITBULL -> IM spam
GATEWAY -> too small a botnet to actually DDOS
SERPENTS TONGUE -> who the fuck uses fax anymore, do they also have attacks on telex??
SKYSCRAPER -> uploading videos to youtube
SWAMP DONKEY -> repackaged cryptolocker virus
OUTWARD -> GNU inetutils, nmap dig etc
SLAMMER -> probably an internal wiki give how unimpressive the rest is
HAVOK -> ettercap
WURLITZER -> multiupload.biz
Re: The Inevitable Conclusion
Yeah and eventually google will serve me ads i'm actually interested in and my mobile phone providers coverage map will be accurate.
If only a country had thought to protect the public's privacy.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If only somebody had had the foresight to enshrine the people right to privacy by including some text such as that above in the country's basic principles of law, and had the foresight to predict the invention of the telegraph/telephone/internet and stipulate they were extensions of paper based communication so future dullards wouldn't try to weasel the people out of this protection.
Not sure about infection
Dunno about getting malware onto the machine but slurping data off an infected machine by FM radio seems like it would be doable, since there is basically a proof of concept for the Raspberry PI already:
Re: September 11, 2001
@OrsonX Actually GCHQ do care about your sexts:
Beaten to market
Amazon should speak to the cunning Lithuanian smugglers that beat them to market :)
Given a name like "Callam McMillan" Im going to go out on a limb and guess the poster is of Scottish descent and probably in the UK, If that is true he was bloody lucky it was dry enough to start a campfire, UK camping holidays usually involve monsoon like rain until the day you leave when it brightens up a bit :)
Re: Hang on...
Apparently they were MIG 21 jets not large bypass turbo fans, you can see a short clip of "Big Wind" in action here:
Re: IPv6 before CGNAT
How about a law that all porn and filesharing must be IPv6 only, everyone would be on IPv6 by the end of the week :)
Re: They missed a trick...
There you go, as mentioned by Wade Burchette improving the standard of living for emerging economy's will sort out population growth, Id highly recommend looking at other talks by Hans Rosling too.
Personally Id like to see more research into either Thorium cycle or maybe Fast neutron reactors as a source of clean electric for the future.
Summed up nicely by CGP Grey
Re: Everything depends on the country in question....
"Besides, how do define decent service?"
Youtube 480p no buffering
/me glares at Sky's craptastic "pro" substitute for Be.
Can we get the UK redefined as a developing country so we can get some of that fibre goodness too?
Im not impressed either
Due to my lazyness and it not going shit until they migrated be a few weeks ago I stayed where I was, but it looks like I will be jumping ship soon, I was very unimpressed with them updating my router and as far as I could tell locking the DNS options, I dont appreciate having to use the telnet interface to reconfigure the DNS especially as a the tg585 telnet shell is arcane and strange, or as I ended up doing backing up the config editing it to remove all their administrative backdoors and reloading it.
Then to top it all off youtube doesnt work in the evenings without either degrading to a jumble of coloured blocks or severe buffering if you try to set it to a sane resolution (the no bandwidth in the evening was both pre and post fixing the router settings).
It all worked flawlessly for years with BE, even if the bebox is a bit shit.
Foldscope excites me more
A similar system has already been developed at Stanford by Manu Prakash, the Foldscope, apparently it costs around 50 cents, has an XY stage of sorts and can project the image in a darkened room.
My only question I have is where can I buy some?
Do what with an unauthenticated protocol
Its all well and good until some cock uses an arduino/rtlsdr/cc430 etc to sniff the remote ID and and them make your house look like close encounters of the third kind turning everything on and off randomly.
Seriously would some form of security really have killed them?
If anyone had this near me I would be that cock just for the lulz :)
Don't tell me its better, show me:
Have you all seen....
For everybody who has posted here citing their dismay at this purchase have you considered looking at CastAR from technical illusions http://technicalillusions.com/
They are currently in development and I believe their kickstarter is slated to ship the first hardware some time after September this year.
The demonstrations of tabletop multi-person 3D play were enough to persuade me I want this.
To infinity and beyond
The Z1 is much better with its Buzz lightyear green and white vibe.
Although if you added a pair of circular antennas to the Z2 helmet it would have echos of Robbie the robot.
Let me get this right
Orange have filled their phone with shitware? I shall file that right next to my report on ursine defecation habits.
Of far more interest has anyone written a script for the ASDA signup page to let you spam the shit out of a range of phone numbers with activation codes? I cant be the only one whose mind went there first.
"I also wish those horrible people at Microsoft would do an update where the default "Hide known extensions" is not ticked."
If i could upvote that 1000 times, its the first thing I change on a fresh install.
Especially when you cant trust the icons to tell you the filetype when you can take your malware.exe and set its icon to look like the windows folder icon/pdf icon etc
That stupid preselected option has alot to answer for.
FFS next they will be charging to remove the NSA spyware from their bios :)
Password fields present on an insecure (http://) page.
I just had a really cursory check of the web.de website, turn on developer console of firefox and have a look and what do i see:
"Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."
They don't actually give a shit about user security :)
Re: Borrowed technology from the Dreamliner batteries??
Don Jefe have you seen how many screws are inside an iphone5?
Dont get me wrong they are really quite impressive mechanically but there are loads and loads and loads of damn fiddely screws in there holding it all together, its like a swiss watch.
Re: What would you do with a Boeing Black on your lab bench?
"And it is impossible for anyone to modify USB drivers so the key exchange happens before anything else gets passed on it?"
And nobody would ever think to send a longer key than was expected :)
Tamper proof screws AND epoxy!!!!!!! There's no way anyone would be able to open that.
I take it boeing have not kept up on the state of the art with disposable glued and plastic welded consumer electronic tat that's horrible to try to repair.
Re: Oooo, the shiny!
Jai What size/type SSD are you specing to get a price of £400? The going rate for a SATA SSD in the 240 - 256GB range seems to be somewhere between £100 - £140.
My top tip for the crucial website is use it to find out what ram your machine takes and how many sticks/ max amount etc then go and buy it from somewhere else that isnt so stupidly expensive :)
"Suppose consumers understood that Google uses tying and full-line-forcing to prevent manufacturers from offering phones with alternative apps, which could drive down phone prices"
I have another way of looking at this, If i choose to buy an android phone with google I get to be sure of a minimum level of functionality youtube/maps/play and a degree of familiarity with the device from the get go because it meets these standards in order to get the google bits.
Or I could go to orange and buy some wretched piece of shit android phone that has been mangled to the point of useleness and filled with shitware because they can. (which I would then reflash to cyanogenmod because I can and did)
There is nothing stopping me supplementing or replacing any of the google supplied functionality with some other apps of my choice but as an end user the "with google" bit of the branding means I can rely on a minimum level of not shit, assuming it didnt come form orange :)
Statute law in an SVN
"For example, have a glimpse at this excruciating TED talk for MPs by Richard Heaton"
I actually thought that was quite an impressive way of looking at things, and perhaps adding a bit of organisation to the mess that is law, when I have tried to look up legislation in the past I wanted the law as it now is, not the original bill and a massive list of amendments that other bills have made since and try to reconcile it, just like linux kernel 1.0 and a mountain of diffs isnt particularly usefull to me even if it would work to compile a current kernel.
Re: Industry Standard "vulture" drop test
There is actually an industry standard for impact robustness its the IK rating that nobody uses, like the IP rating for water and dustproof-ness.
There is also the US military MIL-STD-810 if your tablet was built to that standard it would be rugged indeed, like panasonic toughbooks and the dell XFR laptops.
All the assets of a nation state intelligence agency and the best they could do was a SYN flood!!!
What the bloody hell have my taxes being paying for? At the very least I would have expected them to have taken control of the IRC server by exploiting the IPMI implementation and formatted its drives.
Or perhaps reflashed its bios with one with a rootkit embedded in its SMM handlers, even if they couldnt write it they could have bought it from the NSA's toy catalogue.
Bunch of useless chair warming muppets.
There was a talk about DSRC and its privacy implications at the 2012 chaos communications congress, i got the impression it (at least at that point) hadnt been entirely thought through but had potential.
Re: Under the GPL
"The definition of "Enough work to exempt it from the GPL" is "Enough for it to constitute an entirely new work in its own right, aot a derivative work based on an existing copyrighted work"."
There is a phrase for this level of work, "clean room implementation"
I was sceptical too however I had a look at the NSA's "maplin" catalogue of cool toys here:
It appears that some of their data transmission devices such as LOUDAUTO and other devices from the ANGRYNEIGHBOUR range are long range RFID type devices that modulate their data onto a CW signal from the reader, sort of like the TAG used for paying the severn bridge, or the same sort of tag they use in the US for toll payments if my understanding is correct.
Which is a really clever way of doing things as the energy burden for transmission is then shifted to the reader rather than transmission device so you dont need massive batterys.
Sadly my knowledge of RF voodoo is a bit lacking or id have a bash at replicating the tech as it seems simple yet very clever, although It got me wondering if sites of security importance are going to be buying SDR radios to continuously scan the RF spectrum and alert if there are suddenly any large changes in recieved power in the GHz range, which would also catch active transmissions from their HOWLERMONKEY devices. Its all quite clever really.
And thats just the RF stuff, do the server jockeys on here trust their IPMI implementation (vPro etc)
Re: Radiation is so last year :)
No a normal CCD with the IR filter removed can film near infra red, like the IR diode in your TV remote control but wont record thermal IR.
And yes im suspicious of the lack of actual images on the website, you can see actual imaging on various youtube videos such as this one:
But i do have a feeling there are some software shenanigans going on as the sensor is aparently 80x60 pixels, still quite impressive though.
Radiation is so last year :)
Thermal imaging is going to be all the rage for 2014, even if its only 80x60 pixels.
I cant wait for a phone with the Flir Lepton sensor builtin.
Everything they need except a user manual
So set up an IMSI catcher that downgrades all the connections to A5/0 and log away to your hearts content, throw in some voice print analysis and you should be able to make a nice list of who has what phone and what they are doing with it. It not like you even need an expensive one from Rhode & Schwartz, you could probably repurpose the femto cells the carriers sell to make the phone work in your house.
Or alternatively grep through the carriers logs for the phones that never change location from the prison and are only switched on sporadically then route a copy of all calls to and from those numbers to GCHQ, I mean whats the point in building all that lawfull intercept infrastructure if you not going to use it :)
Re: Makes sense to me...
"Mod is now normally used as an abbreviation of 'Modification'"
I think it still is being used this way, as in you'll have to modify it to make it usable.
Cottonmouth will stand out like a sore thumb as it will be the only USB cable ever made that actually meets USB specs, unlike the millions of cheap crap chinese cables made with copper plated string that only just barely work. :)
Re: Kids DON'T WANT privacy
"But as for mass survelliance, a quick check of the crime clear up rate would suggest that criminality is still, on balance of probability, something you can get away with."
You are assuming that the object of mass surveillance is preventing crime, rather than facilitating it.
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Review Raspberry Pi B+: PHWOAR, get a load of those pins
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS