Re: Smaller Companies - Bugs
No, you get money for it. It's not public disclosure.
83 posts • joined 10 Nov 2010
No, you get money for it. It's not public disclosure.
This is why I think a middle man is best. They can get lawyers involved and sort out all the technicalities that individuals can't do. e.g. Making sure it is made absolutely clear that this is not blackmail for starters.
I'm no lawyer, but I'm pretty sure for Blackmail or extortion it's a case of pay up or I'll do such and such to harm you. In this case it's pay up or I will do nothing except keep the information to myself.
Want to make some money?
Setup a site where people can log these issues against specific sites to act as a middle man. The site will then email the company on your behalf and offer the info at a price. The middle man obviously will take a cut.
List on your site the web sites exploits have been found for and what type it is, but obviously no details, that should get them paying!
There needs to be a standard we were hacked announcement including certain details. The two main things I want to know are:
What algorithm was used for encrypting the passwords?
Were the passwords individually salted?
Maybe they don't include these details because they don't want to confuse the public, but the cynic in me says they don't include these details because they are too embarrassed to admit they weren't.
I don't understand that either, maybe they just mean on public land.
The profit would definitely go to the shareholders, but it would also allow them to expand into rural areas so we both would win.
Isn't the simple solution to just offer a discounted price in the rural areas and leave the rest of the country as is?
Now everybody knows about their spying there is no need to keep it top secret, they can now use it in standard operations.
I'm all against mass snooping, but if you're going to bug a house maybe its easier to just turn their PC into a bug with a bit of malware?
Seems fair enough as long as we are just swapping one technology for another.
Who they target, and if it is signed off by a judge is a different matter though.
This exactly. They probably broke in and downloaded the company address book to see who worked in each department. They then used real world spying to get an employee to do the work for them.
If you read this wikipedia article about it below you can see it has the ability to listen into the device by forcing the phone to use crappy encryption A5/2 which can be cracked real time allowing them to perform a MITM attack with the real cell tower.
I suspect this and its other capabilities is what they are trying to hide, rather than the ability to see what phones are in the general vicinity.
Also they seem to say it isn't being used to track people, but in this case that seems iffy.
How did they come to suspect who was the robber? Was it a case of seeing what mobile phones were next to his phone at that specific time he was robbed using stingray? This would normally require a court order to get info from the mobile phone companies. (hardly worth it for a mugging)
Or did they have a suspect in mind and just used the stingray to find his SIM and then find him? But then that opens the question, how did they know his SIMs IMSI without obtaining a court order from the mobile phone company?
The stingray has the capabilities to track a SIMs unique IMSI number and location. The question is, is this being deployed city wide to track all mobiles and location? So when a crime is committed they can back track and see what mobiles were in that vicinity, then track where they are now. They don't even need to know who the people are to send someone to the phones current location. The massive benefit to them is that they don't have to get a court order to request data from the mobile phone companies.
The very fact that they are not being open about it shows they have something to hide.
I'm pretty sure the detector vans are just to cause FUD in the population. Apparently they did have one detector van for the whole UK which they got out for TV appearances, but there is no evidence of it actually being used outside of news segments. I don't believe this is because of them hiding it, if anything they are avoiding the fact that they are not using them. It's much easier to just have someone look through your window or put an ear to the door.
Something smells fishy here. How can 20Mbps difference in speed from 70-90Mbps be the difference between rolling wireless out or not for all these providers. That is only a theoretical speed, each house is different? As I'm sure we all know here, there is plenty of other issues with wireless than simply the bandwidth.
The thought that they can increase the bandwidth by 20Mbps and you'll have no more wireless problems, it's just... what, no words can describe that thought process that this article is trying to convey.
Hey any improvement to the technology is great, don't get me wrong, but lets not go over the top on what this means.
This seems like perfectly sensible legislation for the current times. When the cargo drones actually turn up then we can deal with that. I for one would like to think an operating license would be required that would require regular inspections and general oversight to ensure all safety precautions are being followed.
It must have been about 1996 I remember thinking to myself, only a few years and nobody will know what GIF is and we will all be using PNG... Screw Compuserve!
IE screwed us over on that one in the early days, but it's 2015 ! I really don't get why people still use GIF, I can't think of a single app/device that can't handle PNG.
Yep, he's lost this one. I would expect the jury to spend half a day deliberating at most if they were taking their job seriously, otherwise it'd be the 5 minutes taken to all vote.
It scares me to say it, but the only way to have any impact on this is to require eBay etc to enforce the rules, otherwise you are just playing whack a mole.
It reminds me of copyright and torrent search engines, that's why it scares me to suggest we need to change the laws... who knows what we will be unleashing on ourselves, and can we even stop them?
Perhaps if we can't beat them then we should join them? There is only certain products which are worthwhile selling from China. Usually light weight high value items (i.e. electronics). It might be a radical change, but perhaps we should just scrap the VAT on items like that and make up for it elsewhere.
Alternatively, increase the postage for items from abroad. They seem to be able to post parcels to us in the UK cheaper than I could send a letter, never mind a parcel to another person in the UK. Although this goes against the free market principle.
There's three crappy solutions for you, hence we will do nothing about it apart from an occasional HMRC crackdown headline!
I guess that's only for the front facing lobbyists. They could have a massive team in the background writing draft legislation, figuring out who to speak to and what angle to take etc.
I guess there's only so many front facing people you can have without overloading the politicians.
Yep that was the one. It was quite a while ago, your memory is doing well for the old age!
I remember a bug in the Amiga Frontier Elite II where if you tried to warp to a coordinate greater than than max int 32 you got warped to somewhere random in the game.
I actually bought that game, and there was so many bugs I ended up downloading a dodgy version from a BBS which was more up to date and didn't require me to open up the manual to find the letter it was looking for every hour or whatever it was.
Not much changes, pirates have always got it better.
Someone posted a link to another hacker group who had the names, addresses, pictures and names of all the devices on their network, all known IPs etc. for the lizard squad. It seems to be deleted now as I can't find it in my up vote history. There was two in the UK if I remember correctly, this guy in Twickenham who is attending or working at the college/uni there and some 13 year old from Kent. This is from memory so could be slightly off.
It is perfectly legal to sell the items from outside the UK without VAT, but then you have to pay import duty and VAT on top when it goes through customs.
The problem is that there is a self declarations of the value of the goods. It is standard practice when buying from China for them to write on the customs declaration that the value is under $20 and is a gift, therefore no VAT or duty is paid. The people in China don't care, customs can't touch them. HMRC can't open each package to check. In the end it's a bit of a mess with no easy solution.
I did the exactly the same and bought a cheap HP ePrinter. I was a bit sad to see my old fancy canon printer with its photo quality DPI, and CD printing be moved to a box in the garage! But being able to print from anywhere sold it for me.
How often do you print anything that needs high quality anyway, that's what the work colour laser printer is for? (Unless you're my Dad and print all your photos on full size A4 to show me when you visit... I did contemplate mentioning one of the many online printing services, but a voice in my head said "you do not want to go down that route".)
That sounds unlikely considering they don't let you store your CC details with them. That's one of the most annoying things about aliexpress, no paypal and no stored CC. It's probably for the best, but it means you have to go find your card every single time...
I'm pretty sure it's chinese... not that it is limited to any country...
I've seen a similar issue on Santander's online banking. Enter a sort code and account number for a standing order and it automatically filled in their account name for you! They fixed that one very quickly.
I find it's Google Sync that's the problem. I go into my google settings on their web page and it says I'm syncing something ridiculous like 64,000 bookmarks. I clear it and it keeps gradually increasing even though I have added no new bookmarks.
Windows is nothing compared to Chrome on Android though, it'd freeze for 20 seconds every time I opened it. In the end I just disabled Chrome sync and that fixed it.
I got the Nexus 5 when it was released and pretty much every wireless charger to go with it.
These days I only use wireless charging when in the car on a short journey or when I plonk the phone on my desk wireless charger. Any time my battery is >70% full anyway, just to keep it topped up.
The problem is they are no competition to a good 2 Amp wired charger. Wireless takes twice as long to charge. If I actually need to charge it as it's running out or I am going on a long car journey, I always go for a wired charger.
Extra security is always good, but the NSA/GCHQ are perfectly capable of stealing someone's signing key to make their drivers pass these tests.
This sounds fantastic, I'd love to try it out. But $39.99 a month? There's no frikkin way I am paying that.
I understand if you're using it for work then $39.99 is nothing, but can't they give us some sort of decent tiering on these services? I've probably pay $59.99 a year for it just for my own personal\family use. But at the current cost they are getting nothing from me. I'll just carry on using the Free 22Gb from DropBox.
You appear to be comparing apples and pears... Dropbox's free package versus the paid package for Office 365.
Despite all that, usability is what counts. How much space do you really need? I tried the rest and stuck with Dropbox as it works and does everything I want. (I do have 22Gb of space though due to referrals)
The one I'm getting for my composite from door has a normal key slot. Guess I'll have to leave it with someone I can trust in case the power goes out.
Regarding the insurance for the locks, for this reason you can now buy automatic locking triple lock doors. Google MACO UK Z-TA Automatic Door Lock for one example, although there is about 3-4 different manufactures of similar products now. You need the door drilled out for it to fit, so you'd usually ask for it when buying the door.
Then just wire it up to an access control system. You can buy them on eBay at £15 for an RFID one (but they are ugly). You could take it apart and hide it behind a house numberplate or something though.
I ended up going for the manufacturer access control system to guarantee it works and looks nice. Installed next month, but cost a f***in fortune. I decided to go with it anyway after doing months of research.
If I was doing it again, I'd say just give me a standard key, so much hassle dealing with brand new and expensive tech.
I find wifi hotspots more annoying than useful the majority of the time. Usually I'm wondering why I have no internet connection any more, then realising I've automatically connected to a BT hot spot with 1 bar...
It is handy for the tube and when out of mobile signal though.
Androids Lollipop update is apparently going to resolve this by not forcing you to use wifi when connected unless it is actually working. We will see, I hope it works.
Nice in theory, but I can't see how this can work in the long run as they have a conflict of interest.
Nobody wants to lose a paying customer, and ultimately that's what they'd have to force themselves to do if they want to have a trusted service. With targets to meet they will ultimately be inclined to keep the customer.
Sounds like someone is doing us a favour ensuring that any hosts with default SNMP passwords are being taken offline.
I remember reading years ago that most ISPs hadn't secured SNMP and it was possible to get the name\address details of a customer with only their IP. I never saw any details on how to actually do it though.
You can't restore your device if the authenticator app was on the device... Which is why they didn't require a 2nd level authentication for backups... This was their flawed thought process.
The solution posted in this very article says to use email as the 2nd level authentication for backups which should be accessible even if your device isn't.
Brilliant, I must downgrade my browser to bring back the old page. Why they thought 1 click to get to maps or news would be better with 3?
You're in a similar position to me using it for VPN and upload speed is very important. I moved away from Virgin to BT and got theoretically slower internet at 73Mb Down and 18Mb Up. But the up speed makes up for the lower down speed. The best thing is BT actually provide the speed they say you will get and don't do throttling like Virgin.
It's amazing how things have changed, BT used to be the worst for actual speed and Virgin Media (NTL) the best. It's easy to advertise and sell faster speeds, but actually providing those speeds seems to be something that is very rare.
If I had shares in Virgin Media I'd be selling them. They had the advantage in bandwidth to the door, but didn't make the most of it. Now BT is almost caught up and will soon overtake with their FTTP in the next 10 years, at which point Virgin Media loses its relevance.
That averages $16,713 (£9,909) per employee.
Sounds like an unintended benefit to me...
Very interesting, a good read.
Funny they went to all the trouble of setting up proxy servers etc. but then just communicated via email using gmail and hotmail registered in his real name and even linked to his own company... But I suppose the ones doing the hacking in China are safe and don't care about their Canadian living Chinese colleague advising them on the aircraft.
This a real shame. I don't use Tor myself as I have no need, but from a technologist perspective I'd love to know what methods the security services have been using to circumvent the system.
There has been so many cases in the news where criminals using Tor have been caught. Usually there is something saying "we found them as they accidentally used their email address..." I don't believe that for a minute, they obviously have cracked Tor and then look for some other reason to say how they found them. Just like how we did with U boats when we cracked their code and sent out spotter planes to make it look like we got lucky.
When looking into it on Saturday I saw that there was two major routers with issues. One was a BT router in telehouse, the other was a Demon router (I don't recall the location, probably telehouse too). That might explain the virgin media issues some were having? I'm not sure who owns Demon now, but I thought they had some links to Cable & Wireless...
Anyway after getting a banned from CS:GO due to the network issues making me abandon a game, and figured out who to blame, I decided to go out and mow the lawn.
I was with Virgin from when they were NTL and luckily for me testing this new BB system in my area in ~1999. I would always promote Virgin over other services even in the early years when the customer service was truly shocking, simply due to the fact they have the better system as the only cable provider.
I switched away from them about a year ago due to the throttling of certain network traffic (not the data caps, that's a different thing). What's the point of having >50Mb if you can't use it? Now I get 80Mb with BT Infinity that really is 80Mb and is totally unlimited, no throttling any network traffic and no data caps. As soon as BT open up FTTP for consumers I'll have a bit of that.
VM\NTL spent all this money laying cable to give them massive bandwidth, but did FA with it. They could have gone leaps ahead in speed of other providers, but instead they just offered comparable packages. They market more about their cheapest deal than their massive bandwidth. They throttle their customers to stop them using their massive bandwidth.
I'd totally confuses me why after all these years they never played up the one massive advantage they had over all the other providers, in fact if anything they downplayed it. It's like they are trying to fail.
Is bacon not unprocessed meat? I thought they just sliced it and put it in an impossible to open packet.
While the ISPs have done a great job limiting this scheme to the bare minimum, I do worry it is a foot in the door giving the BPI etc. the opportunity to ask for penalties a few years down the line due to this scheme most likely being proved to be ineffective at combating piracy.
With the government telling the ISPs they have to do more to combat piracy I guess they had no choice but to let them get a foot in the door, or in this case more like a little toe.
But it appeared that most of the reviewers of his app were fake, which you can't do without buying it. So did Google just refund all his fake reviewers with £5?
He was out of money, now he's in the money! All he needs to do is make another slightly less obviously fake app and use all his fake google accounts to purchase it with their £5 credit, thanks Google.
I haven't used the free DNS for a while as I got bored having to activate it every month via email to say it's still alive.
The solution I have used, although not totally free is as cheap as it gets is to buy your own domain name, and use a free acount on ZoneEdit.com to control the DNS. The first domain name is free.
ZoneEdit.com supports Dynamic DNS the same way DynDNS did, so you can set it up via your router, install a program, whatever you like to change your IP address.
I did some research about a year ago and there is quite a few of the DNS hosting companies who allow Dynamic DNS now. I don't remember off the top of my head who they are. But I stuck with ZoneEdit.com as it was free and working.
Ofcom is making all the mobile networks stop charging for freephone calls and a number of other changes. They just did it early so they can boast about it being for the customers, not because they were forced to.
They still deserve some kudos for doing it early, I also don't think everything they are doing would have been forced by Ofcom.
So because I state that women don't want something manly I'm sexist. If they come out with a girly watch I wouldn't want to wear it either? That makes me sexist? Men and women have different tastes, that's just the way it is.
It will take off, but not in the way shown in the Google demo.
I am the owner of a Pebble Smart Watch, I've installed loads of apps for it, but the one killer feature I use is Notification Alerts.
Any time my phone alerts me about something I don't have to get the phone out of my pocket, I just check my watch and I can read the tweet, email(name, subject, first few lines), sms etc... I check my watch to see if I need to get my phone out. Anything that appears in the drop down at the top of your phone appears on your watch.
And that is it, that alone that makes the watch worth it. Yeah I have all these crazy other apps that tell me the weather etc. but they are just gimmicks and get used very rarely.
I am absolutely convinced this is the future for our mobiles, it is extremely useful, my wife even wants one which says to me this is mainstream. She says they are too manly though. As soon as the first Marc Jacobs/Gucci Smart Watch comes out this will be the next fashion accessory every women wants.
Warning, random rant about Virgin Media follows.
I don't understand Virgin Media's business plan. Surely you make the most of the advantages you have over other competitors. Virgin Media have the only cable network in the country with massive potential bandwidth. Why then have they been dragged into offering faster speeds through the last decade just so they can compete with other ISPs speed offerings?
Even now for the fastest speed you are best going with BT. Technically Virgin Media can go faster, but with the amount they throttle it's useless.
Their advantage is their own cable network, they should be boasting faster speeds than any other ISP... I just don't get it...