But it was secure yesterday
327 posts • joined 11 Oct 2012
Perhaps this is just too obvious, but couldn't we agree that all IoT traffic has to use Port 666 to 669 (or whatever) so that there is an option to block it easily?
Obviously, with attackers able to root & flash devices they can swap to whatever port(s) they want, and shape traffic as they see fit, but it would be a start for people trying to solve issues.
Truth is though, there's simply no good answer. Security costs time and money, & trust me, most people are cheap.
Yes, and that's how it should've been here - but it wasn't. You can go google the teardown yourself, the original Note7 firmware charged the battery to 4.3V, and the replacement bumped it up to a stupid 4.35V! Yes, they were meant to be able to take it, but surely the sensible thing to do would've been to turn it down, not up!
Well, there's a lot to be said for being able to blow up a person remotely by a simple tweak to their firmware. Because that's what this is - a tweak to the firmware maximum charge voltage value. Simply set it at 4.5V and you can be fairly sure that after most of a night on charge it'll burst into flame.
It's one line of code. Seriously, it isn't even that: it's one variable, the firmware charge voltage is set too high.
The charge voltage is set to 4.3V in the first explodo-phones, & the replacement units have it at at a frankly stupid 4.35V! Safe charging on a LiPo battery is 4.23V, absolute max, 4.2V is regarded as the same upper limit.
It is also a one second firmware fix! So what the hell is really going on?
The vanity of that man, thinking he is clever enough to understand the "purpose" of an AI. I suspect he can't even understand the average hamster, let alone a dog, dolphin or monkey.
He is as doomed as everyone else when it goes wrong, as it almost certainly will.
This is brilliant, so in 15 years, when we've got Brexit put to bed & we've finally got those trade agreements sorted, and finally manage to invite a foreign firm back to the UK with cut-price Marmite, they'll insist we install it, so they don't have to put up with patchy 3g/4g that's 20 years behind.
Of course, everywhere else will be on 6g by then...
Yeah, that is really not how that should work. "Businesses won't use our systems" - no, but that's the whole thing about spoofing! No-one can tell until it's too late!
I'm sure that would simply end up being very embarrassing for the USA. That billion dollar (ok, $300 million, currently, actual price classified!) aircraft will rapidly look outclassed by faster developed, more agile new stuff at far lower cost. Or indeed, just a dark swarm of 300 $1 million drones! (probably only $50k each in reality though - but 200,000 drones would have it's own logistics issues!)
Encouraging the USA's competitors to make their "crown jewel" tech companies look silly & slow would merely hasten the fall of the world's last superpower.
I seriously doubt that would work unless you could somehow convince the Turks to get all 100 planes up at the same time. Once 1 plane flew away, they'd be wise to the trick, & they'd be shipped by truck to a reverse engineering plant in Russia to cure the problem.
Both you & Ragarth have the same issue as me, the barware at BT simply abuse their monopoly position time & again.
BT won't even commit to telling us if they are *going to decide to commit* to installing fibre around our way!
Fortunately I have a plan, involving a real tall mast in a field, some directional antennas & a few data SIMs.
It'll still be cheaper/faster/much lower latency than the satellite system we currently have.
A few more weeks and it'll sort itself, is what you're saying then?
Indeed. See my post above for my thoughts on how this will be a new circle of hell.
Sadly AC has it right.
Being forced by your car to sit attentively so it will work is going to be the newest circle of hell.
Too tired to drive? Bad luck. Disabled & can't drive? Bad luck. Not sitting & passing the twice per second "paying attention" eye tracking check? Bad luck. No "auto" driving for you!
Even better, take control yourself, touch 31mph, get automatic tickets from the black box.
It really is going to be the most horrendous of futures.
And that's before you factor in the fact that *every single vehicle you see* could be a reprogrammed kill-bot, actively looking for your number plate in order to crash/ram/crush.
Hardly a fair statement, that. Android is the Apple iOS version of Linux, written by Google!
Well, it makes sense to not risk another few officers, but then, just like the guns, every civilian will demand their 2A right to a killer assault robot, & then it's going to get even messier...
And how's that working out for you now?
The pound has slumped against the dollar, but not so much against the euro, because we dragged that down with us. The FTSE 250 has sort of recovered, but mostly because the pound has dropped so far. The entire Brexit "winners circle jerk" has vanished - even farage has given up, having "won" without the slightest shred of a plan.
I've already seen prices pushed up - steel? We barely make any, so all this won't save that industry, and your hand-hewn artisanal coal that you are planning on selling for 3x the price of everyone else? Well, that's not going to save you either.
It's like a dog chasing a car, then, one day, it catches the car, and gets it's jaw ripped off.
That last paragraph is this whole f'd up mess in a nutshell.
This is what Vexatious Litigant laws are for. And this nice fellow is the absolute definition...
Like that doesn't already exist. You just can't see it because of Copyright.
Not sure they'd go to the Supreme Court, let alone Appeals, just for publicity. They aren't Donald Trump.
Might I suggest not actually just shutting them down? Block their traffic. If there's immediate crashes and screams, it's a sub-second fix! If no screams, then after a short while shut them down.
It's just a ransom to be paid when demanded *some unknown time in the future*
More secure? My parent's brand new Win10 laptop was ransomwared by the 4th day, I think because it had a "free" trial of Office and hence a macro was run.
(Proper "Yours files are in the same place heavily encrypted" ransomware, not the Win10 update!)
So, right, M$ are nicknamed that because they love the big bucks. Yet they are tricking and forcing people to take their product *for free*.
So when and how will they be taking payment? Because they will.
(And clicking a 5* review for "Calculator.exe" isn't going to be enough.)
Surely someone could make a "HDD" that simply takes SD cards in an array, & handles the wear leveling at a higher level (as well as the in-built on the individual cards)
You plug in a few ?Gb, ??Gb or ???Gb (micro?)SD Cards, and the controller, in the form of a regular HDD sized thing, gets on with it. Uses JBOD architecture or some fancy RAID, according to your tastes, & presents as a standard SSD/HDD.
Completely removes a single point of failure too as if the controller dies just put the SD cards in another controller. If any one card dies, you get an alert and you swap that card.
This already exists, doesn't it? (It's too simple and obvious)
Just avoid 3Gb drives - they appear to have far higher failure rates than 2 or 4Gb disks.
(This was tested across loads of disks, there's an article on here somewhere about it I think)
I use different manufacturers now. Once had a RAID that died, & the second (paired) disk died literally two hours later during the restore! Cue data recovery required.
Because SMART isn't. YMMV but I've seen discs that don't work, yet SMART says all is well, & I've seen disks with dodgy SMART results that have worked for ages after.
And how often does Microsoft patch their version? Are you sure that the dozen or so MS lawye^wcoders are up to the same standard as the hundreds of eyeballs looking at OpenSSL? Or do we think that because the source is opaque there aren't any of these often very subtle bus?
Couldn't he have just done it "because he could"?
Well, that's the theory at least.
And besides, adding more domain names is weakening security - without certainty, people are more likely to be unconcerned with a slightly different domain name.
(How do I edit? Never figured that out!)
However, when downloading 55 million voters' data from the Philippines (apparently including fingerprint data!) with terabytes of data (which is what would get you done as proof of the crime!) TAILS can't help you. Because you have to store it somewhere.
Yes, TAILS. The Amnesiac Incognito Live System. Designed to leave no trace of booting and routes everything through TOR.
Still leaves certain clues behind but a great starter for ten.
It's a subtle distinction in practise though. Extra-specially in rare cases.
The government simply has you arrested due to a new policy of being tough on alleged hackers, then while you sweat they change policy to be tough on *whatever they find out about you*. (Which affects no-one else - you're the only person accused of hacking the DoD and this week we are being extra tough on hacking them.)
For an example, look at the entirely disproportionate sentences handed out to the 2011 rioting kids! Far harsher than actual criminals ever get. Because policy was changed. But the government *didn't get involved in any individual case*.
*Simples then.... give him the PC back. If he logs into it, they own him. If he doesn't, than he probably did forget it.*
After it has had whatever they've secretly done to them done? Plug it in, get password wrong a few times, then go smash them with a hammer. Then burn them.
(Maybe scan with a microscope and publish photos of very subtle electronic tampering before you do?)
And he was dumb enough not to be logged in as someone else? Wow. Double dumb.
If you claim to be an engineer and have never used a spanner in your life, you likely aren't much of an engineer, truth be told.
If you've never had the inclination to follow the life cycle of your product from cradle to grave, & play with, or even build, the machines that make your machines, you'll never be best at what you do.
It's like saying you are a computer guru but never in your life touched a hard disk.
I bought a new HDD and did a full system backup, only to then find the thing was faulty on checking it. (You do check your backups actually work, right?)
It's lost money - no way is a copy of my entire electronic life going back to the supplier. Accounts, key codes, etc.
Surely if you buy a decent company as a going concern, you *can* just leave it to carry on?
Only if you have to should you, as an investor, get involved in "wreck or rescue" operations.
If it ain't broke, don't fix it.
It takes longer than that to get into Google+!
That'll be why they're forcing people who can't afford electric or a phone line to claim their benefits via the Internet then!
Fortunately, this film about predicting the internet will likely be available on the internet.
There's easier ways to infect cars? Is he kidding?
The garage will *literally* come collect your hacked car, infect their systems, & bring it back!
No idea why some fool downvoted your comment!
There are indeed specialists who work with companies and, in my experience, non-profits, to get grants. And they are effectively self-funding, operating on a no-win, no-fee basis. They wrote their costs into the grant.
Tax payer money hard at work, at least keeping some in a job!
Shocking. He may have used *email* to contact someone. If only you'd given him your phone number instead.
This isn't a new threat.
What's clever here is the way they've used the mouse commands as a way in, & also that manufacturers have aimed for cheaper models' compatability so allowing defeat of the more expensive systems.
It's like not encrypting your backups because of the overhead!
Just because they only tested 17 models, and found 15 broken, doesn't mean lots of other ones aren't also similarly flawed.
It costs a lot to test gear that you have to buy retail yourself - at say £50 a set that's over £800, & lots of keyboard/mice cost more than that!
@AC: well, perhaps millions of people are looking, but only a few will find what they seek. And get paid.