...writing an extention that scans user code for AWS keys *before* it uploads, & alerts you if it would be publicly exposed?
233 posts • joined 11 Oct 2012
...writing an extention that scans user code for AWS keys *before* it uploads, & alerts you if it would be publicly exposed?
You can stand at the sign that says "Welcome to Hereford" on one main road, with lots of houses on it, and have not one dot of signal, let alone 4G. You might as well be holding a house brick.
Bromyard, my local town, hasn't had a working data signal on the high street as long as I've been checking it, despite it saying that there is 3G on the handset.
My house has 3G. Because we've dedicated the entire ADSL (at a blazing 0.8MBPS) to running a femtocell we bought, just so we could actually have communications for our businesses. Hell, we can't even get a second phone landline!
I'm just hoping that Facebook or Google actually do shame our government into action with their "Get internet to Africa with flying/floating things" initiatives.
*Excuse the pun.
Ah, but the American way is to outspend everyone else by using their credit to buy/develop the weapons they have. Hence trillions in debt, but no-one's brave enough to foreclose.
If I buy all your guns, I can then take your money. If I buy all your guns on credit, then I need never re-pay the debts.
We've skipped a few cyber world wars, and are going straight to WWW.
Being a lawyer or barrister doesn't make you better at remembering a card you registered 3 years ago on a web form has just expired, now does it?
Undoutably! There's millions of people out there who would like nothing better than to snag a group they don't like, & for £15 a time, with a few scripts watching, it'd be very doable.
You'd likely only target groups in a range that you didn't like, at that price, but then if you were using a stolen card would you care at all?
As for the money side,I doubt you could make it pay often, but for some groups it would be worth it to them to pay out big time to get their calender and email list back.
Eventually though, your CRT will stop warming up, and the only modern TV will have this crap built-in whether you want it or not. Bit like your phone, only worse.
She herself admits she is standing on the shoulders of giants. It's a cool thing to do, amazing from the perspective of even just 10 years ago, but today? Literally anyone competent can do this in a few days at their local hackspace, for under £100.
The pace of change is stunning.
Good article - and something that hadn't occurred to me in this respect.
You're thinking of FBI sting terror plots here, aren't you?
Well, you could take a hash of it?
(But then what if the hash generator was hacked to return the right value? It's an endless loop.)
Surely someone will say "Use the blockchain, duh!" in a minute?
At least he got it sorted quite easily.
I found that Samsung's "back up solution" for Android required over 560Mb free space in order to actually do the back-up of a 32Gb system! No such trivial fix existed as from the full disk I'd already freed 560Mb - it was now delete (some of) the data to be backed up, or nothing!
Fortunately I used USB-OTG to back that data up first.
Hardly "turn key" though!
but fewer and fewer seem to bother!
«Sigh. At the risk of being repetitive, no, it doesn’t, just like you can’t break into a house because someone left a window or door unlocked.»
Of course it does! If I can go through the open window or unlocked door, why the heck would I try picking the lock?
She clearly doesn't actually know any locksmiths, nor much about the bad guys trying to get in.
A neat idea.
There's a security company that uses the slogan "they can't steal what they can't see" & that's literally true here.
Also, after the first few gangs blow themselves to bits drilling holes for no useful result, no-one will touch them again!
That, in itself, is a nice first.
Does this mean that BT will be investing in anti-aircraft "monopoly protection missiles"? Or just the usual lawyers?
"For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone."
David "Fuckwit" Cameron, turning the law on it's head, May 2015
To be fair, they are flagging up that nothing has been done to fix this flaw yet, which is correct. And Which? is also correct.
Regarding security, surely these are vulnerable to a MITM radio attack? Use a booster scanner to get the signal to your radio bridge, then beam both sides of the conversation to/from your fake card which has a tiny radio in it and that plays back whatever is asked to the real card.
You know, just like car thieves do!
Cross-referencing with OPM will indeed be interesting.
Had to laugh at "Whatever the motives", right after the section with the hacker's demands.
Hopefully when he reads this article he'll realise you aren't dead after all.
You could be on to something there.
Ten anti-social morons who are "invincible keyboard warriors", sent to live in the Big Brother house as punishment by the courts. Or, for the worst of them, we could put just one into Love Island or something, to be mocked mercilessly for a few weeks & they'd never re-offend for fear of the lack of intelligent conversation they were faced with.
Security wise, we are moving towards two factor for computer systems, yet we are moving away from it for cars.
Cars had great two factor for years - aftermarket alarm and a physical car key, or immo and key, etc.
I have four factor on my van - two different physical keys as well as two electronic. (Yes, I would add face recognition or something if there were a decent way.) Yet it still won't stop someone determined enough.
A friend of mine gave a talk at Bsides London called "How I steal cars" - it's all very technical and expensive, but nearly anything with wheels we locksmiths can walk up to and take away now. And the newer stuff is easier! Manufacturers who literally refuse to believe we can clone it means they won't patch, & just a radio signal - no physical key - so it can be very fast.
Except that means you are late patching, which could really easily be fatal or lead to your car literally stealing itself - it wouldn't take much to tell a self-driving car to drive to the new owner in a foreign clime!
"Smaller car manufacturers" is relative. All the small ones have already been crushed under the costs of testing, inspections, recalls, etc., or simply bought out.
Going for Open Sorcery might work, but let's face it, none of it looks good from here - even the US government can't keep a secret these days, so you holding your car key (physical and/or electronic) on a server? What hope?
You were thinking of the SotB play testers?
This reminds me of how shear random factors can change the world.
BT charged something like 10p a minute for a local call to a BBS in the UK. Crushingly expensive!
Local calls in the USA were free. BBS calls could therefore also be free.
And that, really, is why the USA dominants the Internet today - just that fact about the cost of having two machines warble at 14.4kbps across town was zero instead of extortion.
I recall making a huge special trip to Evesham Micros to buy a 52Mb hdd and RAM expansion to 5Mb. :-)
They thought I was a mad rockstar Elon Musk: "No way you'll ever fill that!", "Surely 20Mb would do?"
It was like going into a shop and asking for a petabyte of storage would be these days.
Shortly later it was all compressed, & I had an old SCSI chain set up for more space, of course!
Fond memories of school days.
All the ST owners kept going on about the magical midi port. In the end I bought one for about £20 for my A1500, but couldn't fathom what the fuss was about!
I had better everything, they had a £20 add-on box included. Who were they kidding?
Shadow of the Best want really a game though, it was an advanced technology demo.
Any attempt at interaction was punished by things like invisible insta-kill traps, long climbs to death, or just a screen full of materialising enemies that killed with a touch.
Who precisely will be able to afford the cost of an Uber self driving commute?
With self driving cars uber will have to raise their prices because they will have to pay insurance, roadtax, maintain the cars (including washing them) and fund them in the first place to buy them new. They'll have to put their prices UP!
There won't be amortisation of costs from the driver who goes to work and adds a bit of cash to his income, whilst faster depreciating his car, so uber will have to get that all back.
Uber exploits the drivers. You get cheap journeying on the backs of both their labour and their equipment. Without that prices will rise.
Also, all these out of work people won't be buying cars or hiring them, what shall they do for money?
Not sure whether to up vote or down vote that.
I agree with what you are saying, but cannot condone what the words actually say.
It will be drones vs the rest of the world, eventually.
The library CCTV footage, perhaps, is at greater risk now than ever before.
I think you misunderstand. Society absolutely is paranoid. People on the whole are not. It is an important distinction.
c.f. A person is intelligent; people are dumb, panicky animals.
It is difficult. As a self employed person I have to answer the phone when it rings - it is likely a job, & an emergency at that. So whilst it is rude, & I'll apologise, I'll not ignore it unless I know it is something I can ignore.
Plus, it could well be money! You get a salary, regardless of how long you sit on your backside or how hard you work. My income is directly related to how hard I work, & my rate is still, for a call out at midnight, still likely less than many here get per hour.
Once I walk from your job, having solved your emergency or need, it'll be likely years or even decades before further work is needed. So I need to pull in the work, & not answering the phone is a sure way to go out of business fast.
I respect my customers, but I have to answer the phone.
It's never a good idea for your first response to be the same as your last resort.
Hang on, I thought this story was about America?
Surely they should copy the zero tolerance approach they have for violence, drugs and guns? Because that has always worked so well.
Few people realise that there are companies that do this, nor that they are simply tracking the Bluetooth beacons in phones, fitness trackers and even sat navs.
Works quite well.
It'll get worse in future, as things like smart locks and other devices demand a fixed MAC or other identifier to allow access! (And of course, that's a bad way to deal with security, and since developers are lazy...)
IPhones now scramble their wifi identifier iirc, & Bluetooth will be too - at least that's why at least one smart lock removed the "door unlocks as you get near" feature. But who knows?
I'd argue that a cheap lock is actually better than a Bluetooth beacon you can't turn off.
You can use the lock on a cupboard inside your house to keep family from drinking your vodka. The Bluetooth on the other hand will betray you even from inside your own home.
The guy in Walmart was on the phone, and he was handling the toy that the store sells! Opening fire on a man in a toy gun section of a shop without warning? Totally stupid.
As for the classic "they are all criminals", have you seen what they were hassling these guys for? Suspicion of selling loose cigarettes. Jay walking. Running away when shot. *Not actually* grabbing for an officers weapon. Resisting arrest also - because having 4 cops on the back of a man face down & cuffed with his hands behind his back does obviously require that you kneel on his neck until he not only passes out, but that you continue until he is brain dead, & then once cold you call for an ambulance.
They have been proven time and again to simply make the stuff up after the fact. It is just that with cameras the proof is it there.
Oh yes, & the new one: filming a police officer out in public.
What do you suggest? Anything you do will be tied to an IP gateway in about 15 minutes by someone, even if you don't allow it.
Even without, you'll end up with entire streets daisy chained together with BTLE devices paying data, or with ad hoc networks, or turning the lights on and off to get data transferred, or even, the weird virus idea bright to life, the devices communicating by ultrasound.
So once compromised, there will still be plenty of routes for stuff to hack other stuff. After all, you'll just Google the exploit for the bit of kit you are looking at, & it will tell you what comms paths it has.
Another vote for PSP7 here. Does the job really well, mostly.
Corel took out the vectors and text entirely, so I rolled back the upgrade. Used 7 ever since.
If they re-do GIMP with some sort of eye to being sane about what users want - copy paste sensibly, starting up in a useful state, cropping without animal sacrifice, decent UI - then in 10 years it might be usable.
Let's say you go to a kebab stall. The kebabs taste great, & they are cheap - cheaper than the other shop down the road.
The stand is cheaper because they don't pay rent. Ok, you can live with that. The council gets no money, but that's ok by you, you get a cheaper service.
And the food tastes great! They mix extra offal in. You don't know where they get it, you aren't an offal-and-pig-brain expert, are you? And they've got a halal symbol.
Then you get ill. You get tested, & hey, it is a rare disease. But that's ok - your kebab was cheaper, & most people were fine, right? Because you can't sue them - the name has changed, & it's in another lay-by now, with a different guy working there. And besides, it turns out he doesn't have insurance or a health certificate either. Just more of those cheap tasty meat patties.
(That was an analogy. Uber + driver are the tax dodging uninsured stand.)
You'd be stressed with 20 cops pointing guns at you and a helicopter over head.
As long as they started paying you. If they then don't let you in, that's not your problem.
I once worked with an Australian who was 100% convinced that any Englishman will laugh out loud at the mention of the word "bottoms".
Sorry, I'll get my coat.
Why waste your time walking back to the van?
These Matter locks are so poor a fire extinguisher or hammer can work, & often leaves the locks still usable.
You can even open them with a towel.
You can stop them, but for a shed is it worth it? A cheap hidden camera recording to SD card is probably best, position it do it gets a nice photo of them opening the door.
For a proper brick building, how much do you want to spend to stop what level of threat?
Of course, as a fellow locksmith said when asked on Wednesday night's lockpicking session at fizzPOP, "If I can drill a safe rated for £300,000, I can drill any door lock."
Hence layered security.
Problem is, nearly everything is easy to get, what with this new fangled Interwebz.
Security is done in layers, just like your PC. (Only with the physical world, a pro can ensure there are no APTs or the like.)
Bump keys are generally over rated imo. If you are trying to be subtle they are the equivalent of hammering, literally, on the door. Same with an EPG. There are better methods. And they cost more money to protect against!
You can buy specific tools to defeat nearly every single lock on the market with barely a trace in seconds or minutes, if your pockets are deep enough.
Just like the IT market for 0days!
But unlike IT, you can simply add another lock. ;-)
A sting that stinks. For a change.
Am I the only one who watched the video of the abuse and still have no idea what the mis-deeds were?
I strongly suspect that should it go to pieces, BT would be overjoyed to 'pick up the bits', & start charging through the nose for customers to get 5Mbps.
I'd rather have a really poor five connection running at 0.1% of it'ss capability than 'copper' pushed to 150%. Because 0.1% of a fibre is still 10+Mbps, still a full 10x faster than my current copper.
Also, the FUD used by BT is insane. As someone else pointed it, BT simply threaten to put your area on a list for evaluation for broadband upgrade in 2 years time, & it scares off the investors! It isn't even a promise they will do anything, merely that they will look at it! But that is enough of a chilling effect that it distorts the market. Because BT will squash nearly any competitor.