Re: you could simply not put the creepy things in your home
The remote server is required for the quality voice recognition.
198 posts • joined 10 Nov 2010
That was a really good read. I have more questions.
How did they find the server in Iceland using the admins account? What was the security failure here, surely there was an encrypted reverse proxy?
How did they find connections from San Francisco to the server? Wasn't he using a VPN?
I'm all for increased security, so I went to their website, changed my password to a random generated one (I have no idea what it is) and saved it in my password manager Blur. Then I went to see if they had a 2FA option. There is yay! But only via sms/phone call, boo! But wait, after enabling SMS 2FA, I can then enable a backup 2FA via an Authenticator App, but you cannot remove the SMS 2FA.
I signed in on my mobile and it sent me an SMS rather than using the authenticator app.
They are nearly there, but they need to push to use the authenticator app as the first choice and give the option to remove SMS as 2FA (in fact encourage it), sim swapping is incredibly easy to do, use of it to take over accounts has exploded recently. SMS 2FA cannot be trusted anymore.
I've removed SMS 2FA from my google account, name cheap and anywhere else that gives me the option.
Sharefile is probably the most important account I have, I use it to transfer customer data. That thing needs to be secure. They should up their game with regards to 2FA.
I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.
Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.
You're just paranoid until it happens. Do you cover your house in CCTV and alarms, or do you wait to be burgled before installing them?
Getting secure in IT is just such a ball ache. It requires an incredible amount of work, for something that might never happen. Personally I try to do half of it, but I'd be screwed if targeted.
I turn off WiFi on the train as it is next to useless. With my free time I dream up personal windows suction mounted antennas, tethered to your phone somehow that you can use to boost your signal. I have yet to figure out the details on how that would actually work. Maybe I need another train journey to continue the dream.
When I looked into registrars a couple of years ago, everyone seemed to say they were the best. They were one of the first to implement 2FA which was one of the reasons I moved to them from GoDaddy.
I haven't any issues, but would be interesting to see what Google's Service is like.
I am that hoarder, but it's not because I want every email, it's just that I can't be bothered to sort them out. I have two types of email, read one and unread ones.
I am thinking I should really delete all my work ones (>10 years) as I was once told at an Oil & Gas firm that we should delete everything after 3 years of the project ending so that our own email records couldn't be used to sue us in the future.
I switched to qBitorrent (qBit) yesterday after reading recommendations on reddit. I was a bit reluctant as there has been so many features added to utorrent that other torrent programs didn't have such as the remote downloading, automatic seed ending, move completed downloads to another folder. But it turns out qBit has all the same features as far as I can see except the annoying adverts. It looks a lot like utorrent did before it went ad crazy. I should have switched ages ago.
Combined with Transdroid on your android phone for remote downloading and torrent searching, it's a perfect combination.
He even admitted he was stupid to put the logos on the CD. He should be convicted as he technically committed the crime, but it should be taken into account that there is zero cost to Microsoft from doing this, he copied something which can be obtained for free and he gains very little from this copyright infringement himself (there is some as people are more likely to buy the old PC if it comes with a legitimate looking restore disc)
There shouldn't be any prison sentence, make him destroy the discs, give him a small fine at worst.
Although he gives a good reality check, I think there is a lot of innovation that come come out of this, so it is a worthwhile exercise. The tech companies have money to burn like he says, so they might as well put it into something like this.
Some of my greatest successes have been when I started something that I had no idea how complicated it would actually be thankfully, otherwise I never would have started.
I know when watching Premier League games your viewing card number is shown in the top right of the screen intermittently and occasionally in the middle of the screen during transitions.
There must be some software in the Sky box doing it, so if you wanted to avoid that you'd need to use a third party sky decoder with a real card in it I guess.
They have been doing this for coming up to 5 years now. Basically they throttle everything except anything they have white listed. I used to be able to get round the throttling of P2P by encrypting the traffic, but when they changed to this method there was no way round it. I switched to slower 75Mb BT Infinity which effectively was faster as it is untouched (other BT packages are throttled). To get untouched traffic with VM they now have the option to pay for the gaming package I believe, it's the most expensive of course.
The US is wondering what the lack of Net Neutrality leads to, well we already know as it is here in the UK. If you want to have proper Internet access untouched then you have to buy the top *fast* package, which really just means they haven't screwed with it..
Yep, came here to say this. They just need to update the security model and strip the EXIF info if the app doesn't have permission for. Obviously that last bit is easier said than done when you get to the nitty gritty detail, but I'm pretty sure Apple/Google can figure it out.
I hate crapware, but went with the Samsung S8+ bought 2nd hand on eBay for about £530. They have only been out a few months, so most people selling them are unwanted upgrades. There is an app called BK Disabler which you can use to disable all the Samsung crapware including the Bixby button (no root required), install Nova launcher and it ends up looking like a normal android phone.
The only alternative I considered in the flagship but not £1000 price bracket are the OnePlus 5 which has a slightly worse camera, proprietary fast charging (which is better than all the rest, but means you can only buy charging accessories from OnePlus) and they only support software updates on their phones for about 18 months. But the best thing is no crapware, it's pretty much default android.
Unfortunately there is no obvious answer, it depends on what you care about. For me I care more about regular updates and a decent camera so went with Samsung s8+, but wish I didn't have to disable all the crapware, but it wasn't that hard and is a one off thing.
The best phone will probably be the next Google Pixel announced in the beginning of October, but it will probably cost around £1000.
I suspect their eyes are permanently damaged unfortunately. Their brain will make up for the damaged parts filling it in as best it can, but they will have destroyed part of their retina and now have blind spots.
Unfortunately due to branding people think anything sold on Amazon is quality, but really it's no better than buying something off a street market or eBay.
I am almost 30 days into their trial and really impressed with the software, it just works. Select the folders you want anywhere, with versions, it sits in the background and doesn't annoy you. I was going to quite happily carry on paying for the comfort of knowing if the worst happens I'm covered. All the alternatives mentioned like dropbox and google drive kind of suck. You have to move your files to the correct folders and I don't really trust their version control if hit by some sort of crypto malware.
I'll probably just stump up the higher price.
Yes, I came here to say this. It's so good to read about some really good police work. Don't cut corners, put the effort in, make sure it passes all legal requirements. They even went beyond the minimum needed to nab him, setting up CCTV and monitoring the network to 100% pin it on him, and all done legally! Fantastic!
I guess the only problem is the cost. If he hadn't made himself such a high profile target would the police have been allocated the resources to find him? It makes me think of The Wire and the constant struggle for the funds to do good police work. It was only when something was high profile that the police were given a blank cheque to do the job properly.
This makes no mention of the security feature that is on every gift card I have ever seen, the PIN on the back which you have to scratch to reveal.
You shouldn't be able to check the balance or purchase anything online without that PIN. Which means their attack would only work in physical stores, which with the amount of CCTV and loss prevention teams would be a bad idea, especially if you have to guess the last 3-4 digits(1 check digit).
You should never accept a card with that PIN already scratched off as it means someone could go online and use the credit. Someone could grab a load of blank cards from the counter, take them home, read the cards and scratch the PIN off, then go back and put them in the store and just wait for them to be loaded up.
Staff are supposed to be trained to check the cards haven't had the PIN scratched off before loading them up.
Most criminals are stupid.
If you wanted to stop internet based cameras you could cut the BT line entering the house and the virgin cable. But if they knew there was cameras they probably wouldn't bother...
Plus hopefully it will upload as it records.
I can't believe Google produced this piece of garbage that is Android Wear. It's like they decided on a bunch of features at a committee and then just shoved them all in without any thought.
You summed it up perfectly with swipe left and swipe right lets you change the watch face???? How could anyone ever think that was a good idea and actually get out to a live release?
The best solution for a smart watch seems to be buying one from a company that has gone bust, Pebble. They actually put some thought into how people might use it. That's a sad state of affairs for smart watches.
My only hope at the moment is that Apple will show Google how it's done like they did with the iPhone. I feel like I'm browsing the web on a Symbian S60 when I'm using Android Wear. It has all the features, but just isn't a fun experience, it's just easier to get your phone out.
There is always resistance to progress. I think it's a sign of a poor CEO, they blame everything on home workers as it wasn't how they succeeded. Where really it's up to them to empower workers giving them meaningful targets to ensure they provide the most for the company and themselves. But that's too much hard work, easier to just say I want bums on seats.
A lot of the streams are via AceStream which is really just a torrent which downloads in order as much as possible so you can watch it "live" (about 30 seconds delay). Displayed usually via VLC using the network stream option.
The other ones are HTML5 or flash which just show in the browser. (With a million adverts on top) I think most of the Kodi plugins use this method.
From what I have read you need a special plugin for AceStream which is not compatible with all hardware on top of the already special plugins you need to watch the illegal content via Kodi.
There is two things that can be blocked, the web page or server which lists the streams. (A good place to start), or the actual streaming servers for the flash content.
Either of those should have a significant impact on the low lying fruit, the people who just bought a box with no idea how it works. Nothing is going to stop the VPN.
I think that explains exactly why it's not there yet. if you just want to use it for a one off with an IT illiterate user that's a lot of hassle, it'd probably be easier to talk them through fixing the issue than connecting in to do it yourself.
With Teamviewer they have made the download button simple to find on their main screen, you can run it without installing it from the download, then it just gives you a number in your face you can ask the user for.
I started with Pebble v1.0 when it first came out and moved to Huwaei Watch when Pebble went bust.
The pebble was ugly but really useful for quickly reading a small message and deciding whether to get your phone out. Really good when speaking to someone or in a meeting, a quick look mid conversation without being rude.
Android wear is absolutely appalling. It is designed to show off, not be usable day to day.
With the pebble you received a message on your phone, the message immediately appeared on your watch to read, you had one button to press which scrolled down to read more, or the other button to cancel it. Most of the time I didn't even need to press a button, just twist my wrist and read what the notification was and make a mental note whether I could ignore it or not.
With android wear your receive a message on your phone, your watch shows a small semi circle on the bottom that I have to swipe up, then I have to select the notification I want to read, then if I want to read more than 4 words of text I need to click on this which then does different things depending on the app. Sometimes you have to swipe left then up, other times just up. TBH I still haven't figured it out, I just fumble around trying to read the message, then just give up and get my phones out.
How hard can you make it to read a bloody message!
I'm going to give Android Wear 2.0 a go, but I am seriously considering selling it and buying a nicer pebble and hope it works long enough for someone to make a decent watch and software.
The problem is I would really like the NFC with the new watches and integration with Android Pay, especially seeing as my house door opens with NFC, so I could use it for that...
Previously it was just the Western powers who could influence a small country's elections. But now with a bit of hacking it has opened it up to everyone.
It's really interesting watching the world change due to the Internet. I think back to when it was only us geeks using it, so much has changed in such a short period of time.
My neighbours in the fire service, will he now be able to see my search history? So what if I want to watch some adult content, I should be able to do that with privacy?
I'm considering setting up a permanent VPN from my internet connection. I'll probably set it up on a UK based server for speed and for the 2% reason you mentioned. I don't have anything to hide, but no need to make it easy to browse my history and block content at will. I want the control back...
They set a precedent when they screwed over OnePlus and left them hanging with no OS. They made themselves a very hard sell to other phone companies.
What's even worse is if they had carried on with OnePlus it would have been a fantastic example of a success story with their OS. Other phone manufactures would have wished to replicate the success of OnePlus.
They shot themselves in the foot.
Yes I am confused too.
I only know of two types of card, consumer and pub. The pub ones showing the beer glass logo at the bottom of the screen. If they were buying consumer cards and selling to businesses then it would be obvious that something is up. Perhaps there is different levels of business\pub sky card price based on the size of the pub. They purchased cheaper somehow then sold them on? Or maybe did multi screen as many pubs have lots of screens?
Fill in the detail for us Gareth!
"By happy coincidence I received my new V****n router on Saturday. I was surprised to see that the username and password was available in five places"
It is pretty shitty physical security. But the vast majority of people are computer illiterate and are never going to change the password anyway. If we have to sacrifice physical security to stop the far more plausible threat of attacks via the Internet, then I think it's a good compromise.
Biting the hand that feeds IT © 1998–2019