* Posts by YetAnotherLocksmith

365 posts • joined 11 Oct 2012

Page:

Blunder down under: self-driving Aussie cars still being thwarted by kangaroos

YetAnotherLocksmith

Re: What about wombats

Really? They're that stout? Wow.

I hit a badger last night, the largest common non-deer in the UK, and it died instantly, with no damage to the van.

0
0

Huge ransomware outbreak spreads in Ukraine and beyond

YetAnotherLocksmith

Re: Right !!!111

I wouldn't. Patch/update to Rock 2,otherwise you don't get Slate & Chalk. Either way, it's still stable, even if it is 350 million years old.

2
0

Hackers emit 9GB of stolen Macron 'emails' two days before French presidential election

YetAnotherLocksmith

Re: "... We will never see 1 piece of proof that it was Russia ..."

I remain fairly convinced that Clinton's emails was a storm in a tea cup. It was overblown to say the least. Not least because trump and his cronies have and are doing the exact same thing.

And the more that comes out about trump, the worse he looks - the access to visas scandal (from what, yesterday?) as just one obviously criminal example.

Clinton was a bad candidate, but she'd have won against a clearly worse candidate if not for a dozen different reasons, including the hacks, sexism, Comey's dubious FBI statements on the eve of the election, voter disenfranchisement, and Gerrymandering. Each only affected the outcome by a few percent, but it added up to a victory for trump - where she won by 3 million votes, but lost the electoral college FPTP system.

Russian attacks and dark money are clearly also in there too, but there it was just more grist to the mill that wore HRC down.

France was way more obvious - Russian funding of the one side, and targeted leaking against the other.

Meanwhile the BBC sits there having a go at French reporting for "not being balanced"! One side is a nice enough guy, the other is a woman who wants concentration camps again! Fecking "balance"! From the organisation that has 2/3rds of UKIP's seats, on Question Time every week!

3
0
YetAnotherLocksmith

Re: So, just another day in the office...?

I wouldn't call Wikileaks a Russian front. More a convenient tool.

Wikileaks exists in part to reveal state secrets to the common people. Russia knows that often, making sure their right secret leaks is to their advantage.

If that were true, Wikileaks would have released the data dump two weeks ago or today, not yesterday.

The timing is why it is obvious that Putin is behind this, and Julian Ass is clearly complicit.

The brighter thing to have done, since Le Pen was clearly doomed (biggest loss since her Nazi dad's try in 2002, or possibly even since 1958!) would've been for them to leak *Le Pen's* secrets, so WL could at least pretend to be neutral. Then the next WL tampering attempt might have been more successful.

Now, surely, since everyone predicted that WL would shill for the Russians, and did, it is confirmed we can't trust them any more.

1
2
YetAnotherLocksmith

Re: So, just another day in the office...?

@P Lee, you're not thinking it through. It doesn't matter that Macron was apparently pretty much clean, they dumped 9gb of data and made claims, and had some fake documents embedded in it which they immediately started to push.

The idea here was clearly that they didn't have anything to report, so they lied and pretended they did!

Fortunately the game was easily spotted and some of the fakes were hilariously bad - the fake "returned cheque" letter, for instance, wasn't flattened in Photoshop, so the layers showing the header and text are separate scans are still there!

So it simply lowered the turnout. Not by enough to make a difference, fortunately.

And so, the Nazis were defeated in Europe for a second time.

The problem is, they are evolving, and worse, rebranding. What will come next?

7
1

How to remote hijack computers using Intel's insecure chips: Just use an empty login string

YetAnotherLocksmith

Re: M$ grade Fubar

Agreed.

And don't forget that vulnerabilities are daisychained to get things like VNC type access - AMT is very low level, so could be used to pipe into/out of any hardware, including a video card or USB device (webcam included) using high or low level hardware commands.

0
0
YetAnotherLocksmith

Re: You have to wonder how such a collosal clusterf**k could possibly get through.

Was Intel's response Null? Because that could have been a hint.

As regards to it being a cunning backdoor, surely they'd have set a password? Or is this for plausible denial purposes?

1
0
YetAnotherLocksmith

Re: Other vendors?

Just plug into your box via this formerly obscure flaw and fix it yourself!

0
0
YetAnotherLocksmith

Re: It's just the tip of an iceberg

Well, without that you'd not be able to boot from a USB stick, so there are obvious trade-offs. They can own your machine, and you can own other people's.

0
0

Boffins Rickroll smartphone by tickling its accelerometer

YetAnotherLocksmith

Re: Given the description of a controlled aliased signal

If it costs an extra 0.2¢, forget about it! They don't have money for security to close the FTP port so reworking a chip is well out!

3
0

COP BLOCKED: Uber app thwarted arrests of its drivers by fooling police with 'ghost cars'

YetAnotherLocksmith

Re: Cleared?

<quote>There is a (very fine, at times) distinction between something not being lawful and it being a crime. For example, in the UK, a bye-law that says "no cycling on this path" means that cycling on a given path / track is not lawful. However the police do not arrest cyclists for committing a crime</quote>

Except, you know, that good old Jack 'boot' Straw changed the law in the UK so all offences are arrestable - nothing is too minor. Suspicion of littering? Arrestable. Cycling on a footpath? Also arrestable.

So now you know.

1
0
YetAnotherLocksmith

Re: All hail Uber!!

That's a very lawyerly response, is that! Have you been trying to use Bitcoin a little too much?

2
0

Top cop: Strap Wi-Fi jammers to teen web crims as punishment

YetAnotherLocksmith

Re: Every so often...

The old guy was right though - you can use the iPod as a mass storage device and siphon out gigabytes of data without issue. It would take not long to re-jig the firmware (indeed, entirely replace the hardware and firmware inside that sleek case) on an old iPod so that it would do whatever you wanted to the target machine. Also, Nation State Actors can easily reflash your iPod so that you're not even aware you are stealing the data until someone cuffs you. Finally, for those idiots as yet unconvinced, I can swap out your iPod cable for one with a built-in wifi hotspot. Explain that to security when they find it!

Please, when a Secret Squirrel's friend accidentally tells you something a Secret Squirrel told him, don't mock the guy, accept that he's likely been told this by someone who has done it. Because that's what the "higher ups" at the MOD and other places see, often long before us.

0
0

Hacker: Lol, I pwned FBI.gov! Web devs: Nuh-uh, no you didn't

YetAnotherLocksmith

Re: Waiting on...

You're kidding right?

Something like 34% of Trump voters think Obama was /personally responsible/ for hurricane Katrina!

5
1

Put walls around home Things, win $25k from US government

YetAnotherLocksmith

Good luck even finding the manufacturer, who is likely based in China.Talking to my Chinese friend who helps run one of the more legit manufacturers of lock tools, he was saying that a lot of the factories literally move daily to avoid being found by the Chinese state authorities. Which is insane, but apparently true.

You call them and they bring you the stuff, or you go to the market and get the stuff there. Even the manufacturers using the parts often don't know who actually made the part (which really is just like the UK! You buy a bag of nuts meeting a spec, you don't care where or who made the steel nor cut the thread. That's why aerospace stuff is so expensive - extreme traceability from the mine to the machined part)

Adding an unenforceable penalty to the manufacturers will do nothing - loads already sell stuff that literally doesn't work. The wholesalers don't care either - they know that no-one sends anything back because the postage costs more than the widget! (Which is another issue entirely - how can ChinaPost send a thing across the world for less than I can send a second class postcard to the next town? Oh yes, state postage subsidies!)

But it is a hiding to nothing. You can't even figure out who made the thing, there are that many clones of the clones going around. The reason we are in this mess is because they just rip the firmware, or download a bit of source code from a website, and use that, default passwords and all.

How to change that? Good luck!

1
0
YetAnotherLocksmith

Re: One idea

But even that won't work.

Look at that guy fingered by the smart water meter - nothing useful there, except the extra 300 litres of water apparently used that early morning, which police believe was used to both wash the blood away and fill the bath.

Like the way advertisers can work out who you are by looking at the exact battery level and a few other things, multiple pathways leave the data easily extracted. Likewise VPN uncloaking using open port forwarding - only 7 people in the world have that set of fingerprints across those ports, and all are coming from the same VPN network, but different termination points? That's you busted, despite your 7 proxies!

Without a home AI firewall (A Icewall) to run it all for you, you're stuffed.

1
0
YetAnotherLocksmith

Re: Simple

>an explosive charge that detects the date of the software and blows up the item if its software is older than yesterday.

Fixed that for you. Just because the product is new, £1 will get you 50p that the code is re-used.

0
0

Hackers could turn your smart meter into a bomb and blow your family to smithereens – new claim

YetAnotherLocksmith

Re: Alarmist nonsense?

Very rarely, we use this device called a digger, which allows access to underground things. But that is rare. Normally it is done at the meter.

1
0
YetAnotherLocksmith

Re: Alarmist nonsense?

Because it is wrong.

Engineers are sent out, daily, across the country. To cut off businesses and, mostly, force non-payers onto pre-pay with built-in debt recovery.

See the Rights of Entry (Gas and Electricity Boards) Act 1954 & Gas & Electricity Act 1968,as ammended.

2
1
YetAnotherLocksmith

Re: Poor?

Prepayment meters are massively over represented in the poorer neighbourhoods. That's a fact.

Yes, a lot of landlords also fit their own, to try to avoid warrant teams breaking in and cutting off their tenants for non-payment. Make sure the landlord is actually paying the power company though, if they are private meters.

Yes, these meters can be remotely switched to off and even been "prepay" & "credit", and it means there will be a hell of a lot of underemployed locksmiths soon, as well as meter readers and gas/electric meter fitters!

That's one reason I've scaled them right back - 5 years, and assuming we aren't all dead or homeless from trumping & Maybe doing us over, and the daily work that keeps about 300 expert locksmiths fed will be gone. Which may lead to some, er, issues...

3
1
YetAnotherLocksmith

Re: What devices connect to 'Smart' meters?

You could toggle the power on and off rapidly, and knock out the trip, but that's about it on any modern house. Older ones with wire fuses, that would be harder to do, but eventually the switched on stuff would get fed up and die.

It isn't like it could inductively spark or switch thousands of volts through instead of 240!

It could attack the grid though ,and if every house needed a visit to replace the bricked meter, well, that's a major disaster! (Elderly in winter, etc. countrywide.)

2
0
YetAnotherLocksmith

Re: permission to enter to do the install

Well...

The meter readers will happily not give a damn, because they're just subbed-out guys so have to check 300 houses a day or more.

The PDV, or PreDisconnection Visit, as we call them (one company has now renamed to something "less aggressive" but hey, it is what it is) will also happily leave if you are an arse, but generally get it resolved face to face.

The Warrants team however, are coming in, locked door, dog, whatever. Maybe not the first time, maybe with police, maybe with, in a couple of cases over many thousands I've done, a disc cutter and sledgehammer, TASER team and 10+ police.

So your mileage may vary.

4
0

Good luck securing 'things' when users assume 'stuff just works'

YetAnotherLocksmith

Well, something like Ubikey might work for you. Physical hardware token.

0
0
YetAnotherLocksmith

Re: How about what BT/VM do?

[quote]But, this is all academic anyway - unless the hacker is in close proximity then they won't be trying to connect to to your WiFi. Hard to do that from half way round the world.[/quote]

Fortunately, you've got always-on broadband for those people.

0
0
YetAnotherLocksmith

Re: Who bears the losses ?

I'd check that if I were you. Not having the right door locks (in the UK, a 5 lever British Standard door lock on a wooden door, or a multipoint lock on plastic) *invalidates* your insurance, whilst an alarm or not gets you a 15% discount which generally isn't worth the cost of the monitoring required!

IoT gear should not have a password until you boot it for the first time. I came up with "4 simple rules for IoT development" on Twitter after a challenge. That was number two.

"Ok, 4 simple IoT rules? I'll try: Close all unnecessary ports. No default password (prompt at 1st boot). Make firmware updates possible. Have an ID on device to link back to manufacturer & manual/website for tech & update support."

0
0
YetAnotherLocksmith

Re: The free market bites again

Indeed, this was pushed through the UK parliament (unopposed by the so-called "opposition") and signed into law just today.

0
0

Huawei Mate 9: The Note you've been waiting for?

YetAnotherLocksmith

Re: Nope.

Likewise - I'd happily buy one now, to be honest, and just charge it in a lipo bag. Or just take it apart and swap the battery out, or whatever. Exploding phones aren't great, but like others have said, it's a tiny fraction of the ones sent out, and an easy fix. And, if it really was the charge voltage, as someone posted somewhere I now can't track down, it's an easy easy firmware fix anyway.

Plus, think what it'll be worth to collectors in a few years!

0
0

Stay out of my server room!

YetAnotherLocksmith

Re: Did you beat back the barbarians at the gates?

No, it's a co-located server, so the physical infrastructure is under the control of the co-lo company (though you may or may not own the actual computing hardware) so access and the like is down to them and their security team. And so out of direct control by your boss.

0
0
YetAnotherLocksmith

Fortunately, most see sense when you explain the long prison term for corporate manslaughter.

Blocking the fire escape with crap in the room most likely to have a fire? The directors will be in court, explaining it, if someone gets hurt.

It's not just a big fine anymore.

0
0
YetAnotherLocksmith

Re: Beware cheap combo locks

Some very witty comments here...

If you've the budget, electronic access control is way better than a £20 push button "any order" XYZ mechdigi lock. Obviously!

You can't set the XYZ up for simultaneously pushed buttons. You're thinking of the Unican range, which start at around £200 not fitted. And few seem to be able to master those four picking or decoding. (and the electronic version is superb!)

For maybe £400 you can get a basic electronic access control system. But do yourself a favour, ask a professional to design and install it! Yes, it'll cost more, do more and be better - just like your IT system design is better than the boss's "great idea".

0
0

Fallout from Euro Patent Office meltdown reaches Dutch parliament

YetAnotherLocksmith

It's hard to believe this is still on-going! This is well past the stage of "He might be doing the right thing". Now, he's taking the piss. Batelli needs fired imo.

11
0

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

YetAnotherLocksmith

Re: TWO days to get the Domain Administator password.

Hope you guys realise that a segregated wifi network generally isn't actually secure unless it is running on separate hardware too?

4
0
YetAnotherLocksmith

Re: "automatic domain registration"

That's just not going to happen.

For one thing ,it would show down the registration process - lost your domain to someone who passed it through vetting a bit faster? Bad luck!

B) The cheap domain names that keep the Internet expanding are automated at the seller end to keep costs right down.

III) People would bypass it anyway. Whether by pretending to be the domain owner wanting the typo domain name to catch otherwise list traffic, by clever boys trying next obscuration with Cyrillic or Arabic character sets, or by simply submitting a few million requests in a DoS.

So no.

1
0

PC sales sinking almost as fast as Donald Trump's poll numbers

YetAnotherLocksmith

Maybe change the headline?

Just saying. The orange faced wankpuppet won.

All he had to do was have the GOP remove half the opposition voters from the rolls, & bingo! Nearly a majority.

1
0
YetAnotherLocksmith

Re: It's simple, really

Except that it *is* powerful kit. Modern smart phones do full screen video at HD with colour & sound far beyond a PC from 10 years ago.

Not comparable to the state of the art PC plugged into the mains, but still remarkable. Just because it is mostly hidden, doesn't mean it isn't there.

0
0

Panicked WH Smith kills website to stop sales of how-to terrorism manuals

YetAnotherLocksmith

Re: Good job... or not...

I wouldn't worry. I bought all three off Amazon. Free next day with Prime. Mostly basic, but then all three are seemingly written by/for the US Army.

I'm anticpating a more dangerous & violent world. Signs point to it, as do portents. My clients expect a good security review, so that's what they'll get.

8
0
YetAnotherLocksmith

Re: Sites?

Ban thinking! Think of the children!!

17
2

Silicon Valley's oligarchs got a punch in the head – and that's actually good thing

YetAnotherLocksmith

Re: Kind'a

Indeed, kinda.

However accurate the rest of your post is (very accurate), you miss that in another ten years there simply won't be any jobs for those people to do. Literally the whole point of Uber is to get rid of their drivers. Mercedes Benz and Tesla both have self-driving vehicles, and so those millions of trucking jobs will soon disappear. Uber as a side gig is great, for some, but that'll vanish once there is a fleet of self-driving taxis that use tracking apps and location services to predict where to be for the best fares.

Literally, by the time this matters again, it won't matter at all. You can't bring those jobs back from China in any meaningful way, as I've tried to explain a thousand times with varying degrees of success. Not only are the wages lower, but the Chinese factories are now practically fully automated. Foxconn just laid off thousands of workers because the robots they are building are doing the jobs that the people who used to build the robots are now doing for, near as dammit, free, 24/7. Robots beat even slave wages - they don't need to sleep!

We are rapidly being replaced in most "bulk" jobs. Expensive speciality "knowledge workers" are also highly at risk from some gimp with a CS degree building an expert system over their lunch, too.

I'm in a job that literally cannot be outsourced, and cannot be completely de-skilled, though a lot of un- & underskilled people are flooding the market, and learning via YouTube and forums. So as everyone in the country tries to become a locksmith, the market saturates, and bingo, no-one needs to pay a locksmith again, because they are one or they know one. Likewise with basic IT skills being learned by lots of people, some will become highly skilled, but others will always use YouTube and StackOverflow and GitHub, and, well, you end up with hte Internet of Shit, and massive DDoS attacks run by toasters.

Back in my day, you had to craft the packets by hand before whistling them down the phone line yourself. Which reminds me - have you heard the one about the bugle player being replaced by a £20 electronic trumpet for Remembrance Day services? Because I heard it today...

15
3

Today the web was broken by countless hacked devices – your 60-second summary

YetAnotherLocksmith

But it was secure yesterday

n/t

0
0

IoT insecurity: US govt summons tech bosses, bashes heads together

YetAnotherLocksmith

A simple solution?

Perhaps this is just too obvious, but couldn't we agree that all IoT traffic has to use Port 666 to 669 (or whatever) so that there is an option to block it easily?

Obviously, with attackers able to root & flash devices they can swap to whatever port(s) they want, and shape traffic as they see fit, but it would be a start for people trying to solve issues.

Truth is though, there's simply no good answer. Security costs time and money, & trust me, most people are cheap.

0
0

Smell burning? Samsung’s 'Death Note 7' could still cause a contagion

YetAnotherLocksmith

Re: Is Apple to Blame? Conspiracy Theoriests Unite!

Yes, and that's how it should've been here - but it wasn't. You can go google the teardown yourself, the original Note7 firmware charged the battery to 4.3V, and the replacement bumped it up to a stupid 4.35V! Yes, they were meant to be able to take it, but surely the sensible thing to do would've been to turn it down, not up!

0
0
YetAnotherLocksmith

Re: "...cause a contagion."

Well, there's a lot to be said for being able to blow up a person remotely by a simple tweak to their firmware. Because that's what this is - a tweak to the firmware maximum charge voltage value. Simply set it at 4.5V and you can be fairly sure that after most of a night on charge it'll burst into flame.

0
0
YetAnotherLocksmith

Re: Is Apple to Blame? Conspiracy Theoriests Unite!

It's one line of code. Seriously, it isn't even that: it's one variable, the firmware charge voltage is set too high.

The charge voltage is set to 4.3V in the first explodo-phones, & the replacement units have it at at a frankly stupid 4.35V! Safe charging on a LiPo battery is 4.23V, absolute max, 4.2V is regarded as the same upper limit.

It is also a one second firmware fix! So what the hell is really going on?

0
1

Invasion of the virus-addled lightbulbs (and other banana stories)

YetAnotherLocksmith

Re: Surely not ...

The vanity of that man, thinking he is clever enough to understand the "purpose" of an AI. I suspect he can't even understand the average hamster, let alone a dog, dolphin or monkey.

He is as doomed as everyone else when it goes wrong, as it almost certainly will.

1
0

BT will HATE us for this one weird 5G trick

YetAnotherLocksmith

Great plan, so it'll never happen

This is brilliant, so in 15 years, when we've got Brexit put to bed & we've finally got those trade agreements sorted, and finally manage to invite a foreign firm back to the UK with cut-price Marmite, they'll insist we install it, so they don't have to put up with patchy 3g/4g that's 20 years behind.

Of course, everywhere else will be on 6g by then...

16
1

Sendspace shrugs at phishers exploiting free service

YetAnotherLocksmith

Re: specific sender email addresses can be blocked

Yeah, that is really not how that should work. "Businesses won't use our systems" - no, but that's the whole thing about spoofing! No-one can tell until it's too late!

3
0

What next for the F-35 after Turkey's threats to turn its back on NATO?

YetAnotherLocksmith

Re: Security First

I'm sure that would simply end up being very embarrassing for the USA. That billion dollar (ok, $300 million, currently, actual price classified!) aircraft will rapidly look outclassed by faster developed, more agile new stuff at far lower cost. Or indeed, just a dark swarm of 300 $1 million drones! (probably only $50k each in reality though - but 200,000 drones would have it's own logistics issues!)

Encouraging the USA's competitors to make their "crown jewel" tech companies look silly & slow would merely hasten the fall of the world's last superpower.

1
0
YetAnotherLocksmith

Re: Not the biggest problem...

I seriously doubt that would work unless you could somehow convince the Turks to get all 100 planes up at the same time. Once 1 plane flew away, they'd be wise to the trick, & they'd be shipped by truck to a reverse engineering plant in Russia to cure the problem.

1
0

UK local govt body blasts misleading broadband speed ads

YetAnotherLocksmith

Re: Well I never...

Both you & Ragarth have the same issue as me, the barware at BT simply abuse their monopoly position time & again.

BT won't even commit to telling us if they are *going to decide to commit* to installing fibre around our way!

Fortunately I have a plan, involving a real tall mast in a field, some directional antennas & a few data SIMs.

It'll still be cheaper/faster/much lower latency than the satellite system we currently have.

2
0
YetAnotherLocksmith

Re: Really?

A few more weeks and it'll sort itself, is what you're saying then?

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017