227 posts • joined 26 Sep 2007
Password fields present on an insecure (http://) page.
I just had a really cursory check of the web.de website, turn on developer console of firefox and have a look and what do i see:
"Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."
They don't actually give a shit about user security :)
Re: Borrowed technology from the Dreamliner batteries??
Don Jefe have you seen how many screws are inside an iphone5?
Dont get me wrong they are really quite impressive mechanically but there are loads and loads and loads of damn fiddely screws in there holding it all together, its like a swiss watch.
Re: What would you do with a Boeing Black on your lab bench?
"And it is impossible for anyone to modify USB drivers so the key exchange happens before anything else gets passed on it?"
And nobody would ever think to send a longer key than was expected :)
Tamper proof screws AND epoxy!!!!!!! There's no way anyone would be able to open that.
I take it boeing have not kept up on the state of the art with disposable glued and plastic welded consumer electronic tat that's horrible to try to repair.
Re: Oooo, the shiny!
Jai What size/type SSD are you specing to get a price of £400? The going rate for a SATA SSD in the 240 - 256GB range seems to be somewhere between £100 - £140.
My top tip for the crucial website is use it to find out what ram your machine takes and how many sticks/ max amount etc then go and buy it from somewhere else that isnt so stupidly expensive :)
"Suppose consumers understood that Google uses tying and full-line-forcing to prevent manufacturers from offering phones with alternative apps, which could drive down phone prices"
I have another way of looking at this, If i choose to buy an android phone with google I get to be sure of a minimum level of functionality youtube/maps/play and a degree of familiarity with the device from the get go because it meets these standards in order to get the google bits.
Or I could go to orange and buy some wretched piece of shit android phone that has been mangled to the point of useleness and filled with shitware because they can. (which I would then reflash to cyanogenmod because I can and did)
There is nothing stopping me supplementing or replacing any of the google supplied functionality with some other apps of my choice but as an end user the "with google" bit of the branding means I can rely on a minimum level of not shit, assuming it didnt come form orange :)
Statute law in an SVN
"For example, have a glimpse at this excruciating TED talk for MPs by Richard Heaton"
I actually thought that was quite an impressive way of looking at things, and perhaps adding a bit of organisation to the mess that is law, when I have tried to look up legislation in the past I wanted the law as it now is, not the original bill and a massive list of amendments that other bills have made since and try to reconcile it, just like linux kernel 1.0 and a mountain of diffs isnt particularly usefull to me even if it would work to compile a current kernel.
Re: Industry Standard "vulture" drop test
There is actually an industry standard for impact robustness its the IK rating that nobody uses, like the IP rating for water and dustproof-ness.
There is also the US military MIL-STD-810 if your tablet was built to that standard it would be rugged indeed, like panasonic toughbooks and the dell XFR laptops.
All the assets of a nation state intelligence agency and the best they could do was a SYN flood!!!
What the bloody hell have my taxes being paying for? At the very least I would have expected them to have taken control of the IRC server by exploiting the IPMI implementation and formatted its drives.
Or perhaps reflashed its bios with one with a rootkit embedded in its SMM handlers, even if they couldnt write it they could have bought it from the NSA's toy catalogue.
Bunch of useless chair warming muppets.
There was a talk about DSRC and its privacy implications at the 2012 chaos communications congress, i got the impression it (at least at that point) hadnt been entirely thought through but had potential.
Re: Under the GPL
"The definition of "Enough work to exempt it from the GPL" is "Enough for it to constitute an entirely new work in its own right, aot a derivative work based on an existing copyrighted work"."
There is a phrase for this level of work, "clean room implementation"
I was sceptical too however I had a look at the NSA's "maplin" catalogue of cool toys here:
It appears that some of their data transmission devices such as LOUDAUTO and other devices from the ANGRYNEIGHBOUR range are long range RFID type devices that modulate their data onto a CW signal from the reader, sort of like the TAG used for paying the severn bridge, or the same sort of tag they use in the US for toll payments if my understanding is correct.
Which is a really clever way of doing things as the energy burden for transmission is then shifted to the reader rather than transmission device so you dont need massive batterys.
Sadly my knowledge of RF voodoo is a bit lacking or id have a bash at replicating the tech as it seems simple yet very clever, although It got me wondering if sites of security importance are going to be buying SDR radios to continuously scan the RF spectrum and alert if there are suddenly any large changes in recieved power in the GHz range, which would also catch active transmissions from their HOWLERMONKEY devices. Its all quite clever really.
And thats just the RF stuff, do the server jockeys on here trust their IPMI implementation (vPro etc)
Re: Radiation is so last year :)
No a normal CCD with the IR filter removed can film near infra red, like the IR diode in your TV remote control but wont record thermal IR.
And yes im suspicious of the lack of actual images on the website, you can see actual imaging on various youtube videos such as this one:
But i do have a feeling there are some software shenanigans going on as the sensor is aparently 80x60 pixels, still quite impressive though.
Radiation is so last year :)
Thermal imaging is going to be all the rage for 2014, even if its only 80x60 pixels.
I cant wait for a phone with the Flir Lepton sensor builtin.
Everything they need except a user manual
So set up an IMSI catcher that downgrades all the connections to A5/0 and log away to your hearts content, throw in some voice print analysis and you should be able to make a nice list of who has what phone and what they are doing with it. It not like you even need an expensive one from Rhode & Schwartz, you could probably repurpose the femto cells the carriers sell to make the phone work in your house.
Or alternatively grep through the carriers logs for the phones that never change location from the prison and are only switched on sporadically then route a copy of all calls to and from those numbers to GCHQ, I mean whats the point in building all that lawfull intercept infrastructure if you not going to use it :)
Re: Makes sense to me...
"Mod is now normally used as an abbreviation of 'Modification'"
I think it still is being used this way, as in you'll have to modify it to make it usable.
Cottonmouth will stand out like a sore thumb as it will be the only USB cable ever made that actually meets USB specs, unlike the millions of cheap crap chinese cables made with copper plated string that only just barely work. :)
Re: Kids DON'T WANT privacy
"But as for mass survelliance, a quick check of the crime clear up rate would suggest that criminality is still, on balance of probability, something you can get away with."
You are assuming that the object of mass surveillance is preventing crime, rather than facilitating it.
Re: RE:WTF are toddlers doing using the internet unsupervised???
commenting on youtube
Party like its 1985
Of course there is no precedent for the use of fluorinert in cooling electronics :)
Re: The wonders of having a metal phone body
Have a watch of the EEVblog teardown of a pair of chinese fake apple chargers and stare in awe at the piss poor creepage distances and shoddy manufacturing.
Re: Lithium Metal...
Energiser lithium batterys contain a thin sheet of metallic lithium rolled up like a swiss roll.
See youtube for videos of its extraction and inevitable burning.
With £500 an hour rates youd think they could configure there webserver properly so it doesnt have a fit and serve you an "Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request." instead of a 404
Warn other drivers by DSRC
I have an idea, its not a particularly good one, but it would be workable.
Globally car manufacturers are working on implementing DSRC "Digital short range communications" aka your car broadcasting its status to other cars within about 380m using 802.11p wireless , so your car will be able to listen to the cars around it and warn you not to overtake if say there is an oncoming vehicle.
Perhaps there could be a status in this standard for driver on phone so your car will alert all the other cars in the area you're on the phone and will be driving badly, in addition to telling the world + dog your speed :)
Its going to be a brave new world.
For more info watch the video here:
Like hiding diamonds in lumps of coal
Where do i buy one? a small computer with wifi and mains powersupply for £10 or so and all i have to do is extract it from the crap kettle its packed in, bargain.
Re: On reading the article
Compile it and see if it works, if it does then that is the sum total of the disputed code, if it doesnt then some secret sauce is missing.
There isnt a facepalm big enough.
"they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act."
For example they could have uploaded it all to github 7 months ago with their name on it.
I cannot find the words to describe the stupidity of this decision.
Should publish these for all phones
OK I'm fairly sure I have the right leaked service manual in front of me and i can see "16Gb(SDRAM DDR2)" which I'm quite certain is wrong, unless they are using 14Gb of it for the baseband, which would be wasteful.
One thing I particularly appreciate is they list how many bars in the signal strength == what dBm.
I would paste the table here but I'm sure that would draw the ire of the moderator.
I for one salute LG for there attempt at ending the bullshit that is random uncalibrated signal strength meters, and I shall be happy in the knowledge that if I am ever using LTE and have 4 bars I have better than -85dBm±3dBm signal strength.
Re: How many hackers does it take to change a lightbulb?
> Seriously, you'd hope - against all common sense and reason - that anything that was actually critical
> would be a long, long way from being accessible over the internet.
Step 1) Have a play on SHODAN http://www.shodanhq.com/ (although it appears to be dead at the moment)
Step 2) Be sad because of what you have seen.
Ban powerline networking equipment, and engage roaming black ops hit squad to locate and remove it with extreme prejudice, then once they have done that send them round to the ISP's to have a word about the usage of the word unlimited, with even more prejudice. If time allows send them on a jolly to India to sort out the sales calls, but that could also be done with cruise missiles.
Re: Once something become possible
@Scott Wheeler, whilst this isnt a step by step DIY guide to making a nuke in your shed theres some interesting insights into building a plutonium implosion bomb here:
Although I would dock them points for using a polonium-beryllium initiator (PoBe) a plutonium-beryllium initiator (PuBe) has much more scope for mirth and giggles.
Is it really financially viable to extract fake vanilla flavour from the arses of beavers rather that knock up a batch of fake vanilla flavour in a lab?
How much do beaver arse glands go for by the tonne?
Re: *Off Topic Feature Request*
cornz 1 could you get away with using a pair of rs232 to bluetooth adapters? Such as a pair of these which i give as an example only i have no idea if they are any good http://r.ebay.com/HBG33B
GCHQ Can you find it
Unless i missed it the reg hasnt run anything about this years GCHQ challenge which you can find here:
I found the omission of a story a bit odd since they are hosting one of the pages, I only found out about it from the sponsered links section on the bottom left.
Shift the offensiveness 1 to the left
Re: It always starts at the low end.
The fluff in my bellybutton is worth more than Nokia.
I quite enjoy the cold calls, I know this isn't going to be to everybody's tastes but I like the opportunity to be creatively stupid.
The last time I had a call about double glazing I told the sales guy that I didn't need it as i had bricked up all the windows, "why did you do that?" he asked, Because i'm a vampire.
And the solar panel seller who was told I couldn't have panels fitted because I live in the arches under a railway bridge and the trains would smash the solar panels.
Embrace the madness, the hardest part is not laughing while acting like an idiot.
Re: Huge flaw in article
It was Tommy Flowers from the GPO that pretty much invented the computer.
One of the few cases where GCHQ should be intercepting and analysing calls to attempt to collect intelligence on criminal activities and they arent.
Turn a blind eye to the phones and listen in and catch them out doing naughty things.
The government really are as thick as pigshit when it comes to technology arent they?
Better devs, shinier turd
"It is difficult for Japanese companies like Sony to neglect the audio and visual quality engineering, as there are so many super engineers in these segments. On the other hand, they do not have enough engineering resources for the application software development."
Yes it was totally a lack of skilled developers that made sonic stage such a steaming pile of turd and nothing to do with trying to force people to use ATRAC in the age of the MP3 resulting in an overly annoying device to use while the competitions offerings just required plugging in and copying your music over.
Its not a lack of developers preventing sony from getting a high gloss shine on that particular turd that puts customers off, its the turd itself.
Im with Neil Barnes, "browses the web and reads books all day" id kill for that job
Oh god they're trying to build talkie toaster but as a bin.
You seen one fanny, you seen 'em all
Re: In the UK
And then the ensuing fight will be recorded on a dozen different smartphones and uploaded to youtube, followed by the police turning up reviewing CCTV of the area to establish what happened and potentially just for kicks requesting from the telcos a list of mobiles in the area so they can work out who to question.
All in all your best of staying home with the battery removed from your cellphone, google glass will just be the most visible threat to privacy, not the only one, and quite possibly not the most serious.
Its not perfect but you can bypass alot of the filtering on uk mobile phone networks by using https instead of http to get your smut, im sure this new filtering isnt going to be much better.
I call knockoff charger.
A teardown of 2 fake Chinese apple chargers, the fake chargers are a sack of shit, the same goes for knockoff laptop power supplys, I have seen one fake laptop PSU explode on being plugged in.
"The generator was driven by a very early electric drill - something that would make no sense in real life."
Unless you want to generate 3 phase for a home lathe/mill from a single phase mains input and your too cheap to buy an electronic converter.
Re: Black boxes
"and they could quite easily have slapped a d-notice"
They did but D-notices dont work any better for the government than they did for Barbra Streisand they merely act as a big neon sign saying there is muck here that need raking but youll have to post the results on said raking on your international news site.
http://www.andmagazine.com/content/phoenix/13003.html << see example
- Vid Hubble 'scope scans 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad