Technically it wasn't designed 'these days'. Diameter (RFC3588) dates from 2003. Which probably makes it dangerously modern by telco standards..
331 posts • joined 22 Mar 2010
Technically it wasn't designed 'these days'. Diameter (RFC3588) dates from 2003. Which probably makes it dangerously modern by telco standards..
Strap a couple of SRBs to the corolla and point it directly upwards. It'll easily get to 1000mph then shortly do the same journey in reverse.
The much simpler solution of a box with a lock for which the amazon bloke has the key (or combination) doesn't seem to have been considered.
But that wouldn't net amazon 250 quid plus 20 quid a month subscription fees.
Yes you can theoretically mitigate it on the AP - it effectively turns into a DoS on the client, which is in many cases preferable to leaking information.
Aruba are the first I've heard to actually implement this if so (Unifi only fixed client mode).
Unless your ubiquiti hardware is a client you did nothing.
This is a client side vulnerability not AP side, and there's little that can be done on the AP to detect it (and unifi have said they currently aren't tackling that.
Too many people are installing AP updates and thing they've fixed it. Nope. You need to update every wireless client.
Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.
Also they failed to defensively register
As a result they've all been registered by a mixture of people having fun and miscreants stealing data.
They're probably hardened against that, being $800 locks.
It's like being able to open padlocks with bits of beercan or pick locks in about 10 seconds flat (I've seen an electric lockpick in action.. 10 seconds is an outlier - it's probably quicker than using the key..). A *lot* of locks are just security theatre, but most burglars don't know that, and of those that do, they'll go after the easy ones rather than the hard ones, so all you have to do is make sure you don't get your lock from the bargain bin like your neighbour did and you're probably safe
I lost count of the number of companies that would publish an email support address that would just autorespond with a phone number. I don't get the mentality.. To badly misquote yoda.. have an email or don't, there is no middle ground.
Given the price I'm at a loss why it didn't have backup firmware and switch to that when the update failed. The kind of thing that has been standard in consumer upgradable devices for years.
But that would have cost them 10p, and required them to give a shit.
I'm not sure their reservation system actually does anything.
For various reasons I needed an extra hard drive caddy.. could have got it next day from amazon but this couldn't wait, so I did a 'reserve' on the PC World website and set off up there... so arrived maybe half an hour later. It's a £10 fairly common item.. should be easy, right?
They had the reservation on their system, sure, but it took the staff completely by surprise that anyone would actually want to pick one up - it took multiple staff hunting around the back of the store.. I was stood at the till for another half an hour before they turned up with the caddy. I would have walked out, but needed the damned thing.
In my head a reservation would mean that a little thing would pop up and a minion would go to the right place in the stock room (catalogued.. if your'e searching for stock you're doing it wrong) and put it behind the till.. 2-3 minutes tops. That's clearly not what happens..
It also says a lot about how much verification was going on with the magstripes ie. none.
The longest I've had to wait was 30 seconds which is generally small shops with handheld cheap readers. In larger stores it's so fast I've got the notification the money has gone from my account before the receipt printer has finished printing.. it's sub-second.
Heck, modern cards here don't even *have* a functional magstripe any more. Clone the magstripe on my card and you got some random data, congratulations.
The US is oddly behind on something so simple.
That would be ipv6 then.
Although cripping the network using NAT would be just cutting your hand off to spite your face, given that address randomisation means you're not trackable anyway.
1 in 6 is a bit low considering how many users are on large ISPs which have enabled ipv6 like Sky and BT.
A home user that does nothing special will be running it without knowing or caring.
The electricity companies are refusing to install smart meters in houses with solar PV stating that smart meters can't work with them, so whatever the standards might say the companies that have to actually implement this stuff say they don't work.
I did wonder how people were quoting those repayment times.. I reliably calculate 20 years.. I did pay quite a bit more than they cost now, but I have the higher FIT to make up for it.
In practice the effect on energy consumption is minimal. They work during the day when I'm at work and the house is just drawing baseline, and don't work in the evenings when I'm at home and everything is on. Hence in practice they might have saved maybe £5 a month, except in winter when they rarely even generate baseline.
FIT is around £300-£500 a year. £8k initial cost. 20 years is about right. Not that I mind - those are the same calcs that I was seeing online when I initially bought them - wanted them because they're cool tech not because they save money.
It's not harder at all - You'd block the /64, since the bottom 64 bits refer to a local network and can change fairly easily (/48 possibly if you want to block an entire site owner).
It's an interesting problem. Triggering a warrant canary - even by inaction - could be considered informing the public, so in that case can the law compel someone to lie?
You could even contrive a warrant canary such that the only way to fake it would be to break the law. Can the law compel someone to break the law?
The definition is so loose that running an open wifi point could make you one. A&A used to (possibly still do) have a check box you could set saying 'I am a CSP'.
Definately not out of the door.. I can't see anything but a press release hawking features.
They probably will, if these allegations are proven.
And the startcom certs, since they're essentially the same company.
That's likely to have a bigger impact.
The problem is bank's ludicrously bad 'fraud detection' requires you to answer the phone otherwise they block all your cards because you apparently buying the same things you do every month is somehow suspicious.
You get a call from mumbai from someone with an accent so thick you can barely work out who they're from, demanding private information for 'security' and if you fail to answer correctly good luck spending any money for a whille.
It's a real concern. Banks should be hauled over the coals for it, as it not only encourages - even requires - behaviour that makes you vulnerable to fraud, they don't offer any alternatives - A simple text saying 'call the number on the back of your card' would suffice, but nope..
Why would it become a route for any network traffic? The OS shouldn't be changing its default route on a whim because something answered ping faster (maybe windows does, but I'm sure even MS aren't that stupid, surely?).
The 980 is listed as an option for that machine..
Or, maybe it works just fine and the article is bollocks?
I have a friend who has been forced to use a fake name because of this policy.
The name that everyone else knows him by was unacceptable to facebook because it isn't on his birth certificate, so he made up an obvious bullshit fake name and apparently that's fine...
Yeah I don't really know how you enforce WAN access only... The windows device has the password. This must be reversible to work, so it's only a matter of time (hours, days) before you can download a tool that tells you the password which bypasses the restriction.
Also, how do you restrict.. I can't see it being particularly troublesome to bypass that. Once you're on the network you have access to that network - simple software blocks (under the control of the attacker, no less) simply won't work. You could simply dump all the now unencrypted traffic straight off the wifi interface & get loads of information.
Basically the password is tied to the BSSID. You have 100 friends, all the networks that they connect to will be stored on your computer somewhere with reversible passwords.
That's quite a lot of passwords.. and I reckon it'll be about a day before you can download a tool to print out all those passwords (and malware starts dumping it across the internet).
Problem is.. can you be certain that everyone who visits your house has it turned off? your kids' friends?
I'm hoping there's some network based countermeasure that can be put in place to block devices with it enabled, or at least block devices using it (those that have not legitimately been given the password).
At home I found freeradius an absolute pig, but the LDAP I have using FreeIPA which does the trick for home.
Most of my devices don't allow WPA Enterprise though... not even the xbox one which is fairly recent. Or chromecasts.. so I still need a password based network for those. I'll have to invest in other countermeasures to defeat wifisense.
MAC filtering is a waste of time against attackers.
Against random windows 10 boxes connecting to your network because microsoft have given away all your passwords, it's quite effective.
I would really hope that it didn't apply to WPA Enterprise, otherwise it'll be sharing windows login details all over the place.
In small companies it's not uncommon to use a single password (smaller companies rarely have the requisite radius server setup or the experience to run one).
At home of course, it's all passwords. That said, from what they're saying you can detect wifisense users - it's saying they can't access local resources somehow.. in which case you can configure a network to break access for such users (for example redirect the first request outgoing to a local portal... if they don't click OK on that - which wifisense users won't be able to do - then no access).
Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem.
No browser manufacturer has shown any interest in implementing anything like it - it does make me wonder if the CAs are pushing brown envelopes in their direction sometimes.
That said, who cares if HTTP is 'insecure'. My home page with pictures of random stuff on it? Who give a stuff if someone can read that on the wire?
The TPS is simply not enforced.. it even says when you report a violation (or said, about a year ago before I gave up on it) that individual reports are only aggregated.
In fact, a quick google shows it's worse.. http://www.bbc.co.uk/news/business-22833965
You're *more* likely to be called if you're on the TPS, because the 'direct marketing association' just sent out a big list with your number on it..
If they MITM SSL you just wrap SSL in SSL.. they still only see encrypted traffic.
Not that it'd happen - ecommerce and banking, and therefore a large part of the economy, relies on secure financial transaciions.
It does seem that way.
A couple of years back I had the chance of the Hilton for one price on special offer and a 'cheaper' hotel for the same price. I took the Hilton offer.
They then proceeded to charge for *everything*. Parking.. (first time I've *ever* had to pay extra for parking at a hotel), breakfast, even though the offer said 'included', wifi was a stupid price, 1 channel of TV and everything else extra, the bar and restaurant were eyewateringly expensive, etc.
I've never been back. Nowadays I always look for the place with reasonable wifi first and avoid the 'well known' brands.
Some of them already are - I've been in a few hotels where the mobile signal mysteriously dropped to 0 the moment you walked in the door.
Wow.. wifi in wards? The local one goes apeshit if they even see a mobile phone switched on on the wards, or any electrical device.. you'll be ejected if you don't switch it off immediately - that that's not on the critical wards either.
The only internet access is through their overpriced and shitty 'patient line' (which thankfully was completely broken when my wife was last in hospital, as it was £30 a day and that mounts up over a couple of weeks).
I've quietly scanned a few times and there's no 2.4ghz or 5ghz anywhere even in outpatients, or at least nothing obvious.. they could be using a proprietary protocol of course.
Indeed I actually had this happen last week. I had a USB->Serial I'd been using in linux, and for a specific application needed to plug it into windows. Instant brick. Windows wouldn't even enumerate it, and neither would linux afterwards.
I'm fairly technical but I hadn't heard of this 'feature' of the FTDI driver at that point and nothing I could do could poke it back into life, so it went in the bin. It was, as far as I can tell, a 100% genuine cable (bought from an established site, not ebay) so it was a false positive too.
In future I'll ask what chipset is used and stick to PL2303, as they've never failed on me.
1. AOSP has not been killed off, and I've never heard anyone suggest that it would be. They're talking about the AOSP *browser* which has been replaced by Chrome.
2. 4.2.1 is not 75% of phones. The entire 4.2.x series is only 20%, and 4.2.2 would be the majority of that - and 4.2.2 was released 18 months ago. Note the CVE relates specifically to 4.2.1. You can't even get close to 75% by adding all the previous versions together (which would be bogus anyway unless you could prove it existed right back to froyo/gingerbread).
So bug exists in a small % of old phones. Other than saying 'time to upgrade' what are people expected to do?
It's mostly press exaggeration... gets hits. The only place I haven't been able to get HSDPA is in the middle of wales, and apparently that was just O2 being shit (three have better coverage there).
In villages like the one I'm currently sat in there's nowhere that doesn't get plenty of signal.
OTOH one of the reasons to use free wifi is it doesn't come off your allowance - I pay £2/mo plus data, but that data is quite pricey, so free wifi is a net win.
The local greggs has free wifi and continental style outside tables. They're the ideal breakfast/lunch destination.
DNSSEC + DANE does seem the best route, but DNSSEC rollout is basically nonexistant (none of the major banks even use it), and DANE isn't supported by any browser - it was added to Chrome then pulled.. they cynic in me says verisign is pushing out a lot of brown envelopes to keep it that way.
Spreading the packets across multiple exit points means that no one person has transmitted anything illegal, however I wouldn't put it past someone to define 1% of a CP image as equal to the entire image and lock everyone up..
Basically the authorities don't want TOR around, so they'll use any method to kill it. VPNs will be next, if they can find a way of legally distinguishing between business and private ones.
Example of an LG TV with spying enabled and no option to switch it off:
Maybe they 'fixed' the buggy option by removing it completely...
Install StartIsBack (if Start8 if that's more your style). Banishes TIFKAM to a distant memory (although you can still invoke it if you really want to).
Win8 without the metro bloat is a pretty competent upgrade to Win7.
If you start at entry level support you're a receptionist. The reason the bar to entry is so low is you're not expected to know any IT and you won't have any chance to learn any either.
Agreed with much of the above - if the reason you want to get into IT is for the pay etc. then you've picked the wrong career. That ship has sailed.. I earn only 60% of what I did 5 years ago and my job is harder. And that's normal. The days of 20%+ annual pay rises are long gone.
OTOH if you're doing it because you like working with computers then it may be worth doing, but start at entry level programming not support... and you're going to have to get whatever qualifications are 'trendy' at the moment to get your foot in the door* (haven't heard of any of the ones mentioned above.. when I did it it was HND at a minimum), then be treated like shit for at least 5 years before you have the experience to work your way up the ladder. That much hasn't changed.
* The qualifications won't actually tell you anything - if you've got any interest in computing at all you already know everything (and more, probably) they're likely to teach - but without them your CV will be straight in the bin.
** Thinking about it, we have no formal qualification - it's all experience, and we don't read CVs until late in the recruitment process, if at all.. but as a small company we can get away with that. Larger companies often use recruitment companies - who basically strip your CV for keywords then match with requirements and send everyone to interview who appears to match. Hence having a CV with lots of relevant qualifications/buzzwords on it is essential.
And all the 'under construction' gifs.
Then there's the ultimate horror.. the marquee tag.
If I wanted spelling that bad I'd read the daily mail!
Biting the hand that feeds IT © 1998–2017