Re: Given the description of a controlled aliased signal
If it costs an extra 0.2¢, forget about it! They don't have money for security to close the FTP port so reworking a chip is well out!
356 posts • joined 11 Oct 2012
If it costs an extra 0.2¢, forget about it! They don't have money for security to close the FTP port so reworking a chip is well out!
<quote>There is a (very fine, at times) distinction between something not being lawful and it being a crime. For example, in the UK, a bye-law that says "no cycling on this path" means that cycling on a given path / track is not lawful. However the police do not arrest cyclists for committing a crime</quote>
Except, you know, that good old Jack 'boot' Straw changed the law in the UK so all offences are arrestable - nothing is too minor. Suspicion of littering? Arrestable. Cycling on a footpath? Also arrestable.
So now you know.
That's a very lawyerly response, is that! Have you been trying to use Bitcoin a little too much?
The old guy was right though - you can use the iPod as a mass storage device and siphon out gigabytes of data without issue. It would take not long to re-jig the firmware (indeed, entirely replace the hardware and firmware inside that sleek case) on an old iPod so that it would do whatever you wanted to the target machine. Also, Nation State Actors can easily reflash your iPod so that you're not even aware you are stealing the data until someone cuffs you. Finally, for those idiots as yet unconvinced, I can swap out your iPod cable for one with a built-in wifi hotspot. Explain that to security when they find it!
Please, when a Secret Squirrel's friend accidentally tells you something a Secret Squirrel told him, don't mock the guy, accept that he's likely been told this by someone who has done it. Because that's what the "higher ups" at the MOD and other places see, often long before us.
You're kidding right?
Something like 34% of Trump voters think Obama was /personally responsible/ for hurricane Katrina!
Good luck even finding the manufacturer, who is likely based in China.Talking to my Chinese friend who helps run one of the more legit manufacturers of lock tools, he was saying that a lot of the factories literally move daily to avoid being found by the Chinese state authorities. Which is insane, but apparently true.
You call them and they bring you the stuff, or you go to the market and get the stuff there. Even the manufacturers using the parts often don't know who actually made the part (which really is just like the UK! You buy a bag of nuts meeting a spec, you don't care where or who made the steel nor cut the thread. That's why aerospace stuff is so expensive - extreme traceability from the mine to the machined part)
Adding an unenforceable penalty to the manufacturers will do nothing - loads already sell stuff that literally doesn't work. The wholesalers don't care either - they know that no-one sends anything back because the postage costs more than the widget! (Which is another issue entirely - how can ChinaPost send a thing across the world for less than I can send a second class postcard to the next town? Oh yes, state postage subsidies!)
But it is a hiding to nothing. You can't even figure out who made the thing, there are that many clones of the clones going around. The reason we are in this mess is because they just rip the firmware, or download a bit of source code from a website, and use that, default passwords and all.
How to change that? Good luck!
But even that won't work.
Look at that guy fingered by the smart water meter - nothing useful there, except the extra 300 litres of water apparently used that early morning, which police believe was used to both wash the blood away and fill the bath.
Like the way advertisers can work out who you are by looking at the exact battery level and a few other things, multiple pathways leave the data easily extracted. Likewise VPN uncloaking using open port forwarding - only 7 people in the world have that set of fingerprints across those ports, and all are coming from the same VPN network, but different termination points? That's you busted, despite your 7 proxies!
Without a home AI firewall (A Icewall) to run it all for you, you're stuffed.
>an explosive charge that detects the date of the software and blows up the item if its software is older than yesterday.
Fixed that for you. Just because the product is new, £1 will get you 50p that the code is re-used.
Very rarely, we use this device called a digger, which allows access to underground things. But that is rare. Normally it is done at the meter.
Because it is wrong.
Engineers are sent out, daily, across the country. To cut off businesses and, mostly, force non-payers onto pre-pay with built-in debt recovery.
See the Rights of Entry (Gas and Electricity Boards) Act 1954 & Gas & Electricity Act 1968,as ammended.
Prepayment meters are massively over represented in the poorer neighbourhoods. That's a fact.
Yes, a lot of landlords also fit their own, to try to avoid warrant teams breaking in and cutting off their tenants for non-payment. Make sure the landlord is actually paying the power company though, if they are private meters.
Yes, these meters can be remotely switched to off and even been "prepay" & "credit", and it means there will be a hell of a lot of underemployed locksmiths soon, as well as meter readers and gas/electric meter fitters!
That's one reason I've scaled them right back - 5 years, and assuming we aren't all dead or homeless from trumping & Maybe doing us over, and the daily work that keeps about 300 expert locksmiths fed will be gone. Which may lead to some, er, issues...
You could toggle the power on and off rapidly, and knock out the trip, but that's about it on any modern house. Older ones with wire fuses, that would be harder to do, but eventually the switched on stuff would get fed up and die.
It isn't like it could inductively spark or switch thousands of volts through instead of 240!
It could attack the grid though ,and if every house needed a visit to replace the bricked meter, well, that's a major disaster! (Elderly in winter, etc. countrywide.)
The meter readers will happily not give a damn, because they're just subbed-out guys so have to check 300 houses a day or more.
The PDV, or PreDisconnection Visit, as we call them (one company has now renamed to something "less aggressive" but hey, it is what it is) will also happily leave if you are an arse, but generally get it resolved face to face.
The Warrants team however, are coming in, locked door, dog, whatever. Maybe not the first time, maybe with police, maybe with, in a couple of cases over many thousands I've done, a disc cutter and sledgehammer, TASER team and 10+ police.
So your mileage may vary.
Well, something like Ubikey might work for you. Physical hardware token.
[quote]But, this is all academic anyway - unless the hacker is in close proximity then they won't be trying to connect to to your WiFi. Hard to do that from half way round the world.[/quote]
Fortunately, you've got always-on broadband for those people.
I'd check that if I were you. Not having the right door locks (in the UK, a 5 lever British Standard door lock on a wooden door, or a multipoint lock on plastic) *invalidates* your insurance, whilst an alarm or not gets you a 15% discount which generally isn't worth the cost of the monitoring required!
IoT gear should not have a password until you boot it for the first time. I came up with "4 simple rules for IoT development" on Twitter after a challenge. That was number two.
"Ok, 4 simple IoT rules? I'll try: Close all unnecessary ports. No default password (prompt at 1st boot). Make firmware updates possible. Have an ID on device to link back to manufacturer & manual/website for tech & update support."
Indeed, this was pushed through the UK parliament (unopposed by the so-called "opposition") and signed into law just today.
Likewise - I'd happily buy one now, to be honest, and just charge it in a lipo bag. Or just take it apart and swap the battery out, or whatever. Exploding phones aren't great, but like others have said, it's a tiny fraction of the ones sent out, and an easy fix. And, if it really was the charge voltage, as someone posted somewhere I now can't track down, it's an easy easy firmware fix anyway.
Plus, think what it'll be worth to collectors in a few years!
No, it's a co-located server, so the physical infrastructure is under the control of the co-lo company (though you may or may not own the actual computing hardware) so access and the like is down to them and their security team. And so out of direct control by your boss.
Fortunately, most see sense when you explain the long prison term for corporate manslaughter.
Blocking the fire escape with crap in the room most likely to have a fire? The directors will be in court, explaining it, if someone gets hurt.
It's not just a big fine anymore.
Some very witty comments here...
If you've the budget, electronic access control is way better than a £20 push button "any order" XYZ mechdigi lock. Obviously!
You can't set the XYZ up for simultaneously pushed buttons. You're thinking of the Unican range, which start at around £200 not fitted. And few seem to be able to master those four picking or decoding. (and the electronic version is superb!)
For maybe £400 you can get a basic electronic access control system. But do yourself a favour, ask a professional to design and install it! Yes, it'll cost more, do more and be better - just like your IT system design is better than the boss's "great idea".
It's hard to believe this is still on-going! This is well past the stage of "He might be doing the right thing". Now, he's taking the piss. Batelli needs fired imo.
Hope you guys realise that a segregated wifi network generally isn't actually secure unless it is running on separate hardware too?
That's just not going to happen.
For one thing ,it would show down the registration process - lost your domain to someone who passed it through vetting a bit faster? Bad luck!
B) The cheap domain names that keep the Internet expanding are automated at the seller end to keep costs right down.
III) People would bypass it anyway. Whether by pretending to be the domain owner wanting the typo domain name to catch otherwise list traffic, by clever boys trying next obscuration with Cyrillic or Arabic character sets, or by simply submitting a few million requests in a DoS.
Just saying. The orange faced wankpuppet won.
All he had to do was have the GOP remove half the opposition voters from the rolls, & bingo! Nearly a majority.
Except that it *is* powerful kit. Modern smart phones do full screen video at HD with colour & sound far beyond a PC from 10 years ago.
Not comparable to the state of the art PC plugged into the mains, but still remarkable. Just because it is mostly hidden, doesn't mean it isn't there.
I wouldn't worry. I bought all three off Amazon. Free next day with Prime. Mostly basic, but then all three are seemingly written by/for the US Army.
I'm anticpating a more dangerous & violent world. Signs point to it, as do portents. My clients expect a good security review, so that's what they'll get.
Ban thinking! Think of the children!!
However accurate the rest of your post is (very accurate), you miss that in another ten years there simply won't be any jobs for those people to do. Literally the whole point of Uber is to get rid of their drivers. Mercedes Benz and Tesla both have self-driving vehicles, and so those millions of trucking jobs will soon disappear. Uber as a side gig is great, for some, but that'll vanish once there is a fleet of self-driving taxis that use tracking apps and location services to predict where to be for the best fares.
Literally, by the time this matters again, it won't matter at all. You can't bring those jobs back from China in any meaningful way, as I've tried to explain a thousand times with varying degrees of success. Not only are the wages lower, but the Chinese factories are now practically fully automated. Foxconn just laid off thousands of workers because the robots they are building are doing the jobs that the people who used to build the robots are now doing for, near as dammit, free, 24/7. Robots beat even slave wages - they don't need to sleep!
We are rapidly being replaced in most "bulk" jobs. Expensive speciality "knowledge workers" are also highly at risk from some gimp with a CS degree building an expert system over their lunch, too.
I'm in a job that literally cannot be outsourced, and cannot be completely de-skilled, though a lot of un- & underskilled people are flooding the market, and learning via YouTube and forums. So as everyone in the country tries to become a locksmith, the market saturates, and bingo, no-one needs to pay a locksmith again, because they are one or they know one. Likewise with basic IT skills being learned by lots of people, some will become highly skilled, but others will always use YouTube and StackOverflow and GitHub, and, well, you end up with hte Internet of Shit, and massive DDoS attacks run by toasters.
Back in my day, you had to craft the packets by hand before whistling them down the phone line yourself. Which reminds me - have you heard the one about the bugle player being replaced by a £20 electronic trumpet for Remembrance Day services? Because I heard it today...
Perhaps this is just too obvious, but couldn't we agree that all IoT traffic has to use Port 666 to 669 (or whatever) so that there is an option to block it easily?
Obviously, with attackers able to root & flash devices they can swap to whatever port(s) they want, and shape traffic as they see fit, but it would be a start for people trying to solve issues.
Truth is though, there's simply no good answer. Security costs time and money, & trust me, most people are cheap.
Yes, and that's how it should've been here - but it wasn't. You can go google the teardown yourself, the original Note7 firmware charged the battery to 4.3V, and the replacement bumped it up to a stupid 4.35V! Yes, they were meant to be able to take it, but surely the sensible thing to do would've been to turn it down, not up!
Well, there's a lot to be said for being able to blow up a person remotely by a simple tweak to their firmware. Because that's what this is - a tweak to the firmware maximum charge voltage value. Simply set it at 4.5V and you can be fairly sure that after most of a night on charge it'll burst into flame.
It's one line of code. Seriously, it isn't even that: it's one variable, the firmware charge voltage is set too high.
The charge voltage is set to 4.3V in the first explodo-phones, & the replacement units have it at at a frankly stupid 4.35V! Safe charging on a LiPo battery is 4.23V, absolute max, 4.2V is regarded as the same upper limit.
It is also a one second firmware fix! So what the hell is really going on?
The vanity of that man, thinking he is clever enough to understand the "purpose" of an AI. I suspect he can't even understand the average hamster, let alone a dog, dolphin or monkey.
He is as doomed as everyone else when it goes wrong, as it almost certainly will.
This is brilliant, so in 15 years, when we've got Brexit put to bed & we've finally got those trade agreements sorted, and finally manage to invite a foreign firm back to the UK with cut-price Marmite, they'll insist we install it, so they don't have to put up with patchy 3g/4g that's 20 years behind.
Of course, everywhere else will be on 6g by then...
Yeah, that is really not how that should work. "Businesses won't use our systems" - no, but that's the whole thing about spoofing! No-one can tell until it's too late!
I'm sure that would simply end up being very embarrassing for the USA. That billion dollar (ok, $300 million, currently, actual price classified!) aircraft will rapidly look outclassed by faster developed, more agile new stuff at far lower cost. Or indeed, just a dark swarm of 300 $1 million drones! (probably only $50k each in reality though - but 200,000 drones would have it's own logistics issues!)
Encouraging the USA's competitors to make their "crown jewel" tech companies look silly & slow would merely hasten the fall of the world's last superpower.
I seriously doubt that would work unless you could somehow convince the Turks to get all 100 planes up at the same time. Once 1 plane flew away, they'd be wise to the trick, & they'd be shipped by truck to a reverse engineering plant in Russia to cure the problem.
Both you & Ragarth have the same issue as me, the barware at BT simply abuse their monopoly position time & again.
BT won't even commit to telling us if they are *going to decide to commit* to installing fibre around our way!
Fortunately I have a plan, involving a real tall mast in a field, some directional antennas & a few data SIMs.
It'll still be cheaper/faster/much lower latency than the satellite system we currently have.
A few more weeks and it'll sort itself, is what you're saying then?
Indeed. See my post above for my thoughts on how this will be a new circle of hell.
Sadly AC has it right.
Being forced by your car to sit attentively so it will work is going to be the newest circle of hell.
Too tired to drive? Bad luck. Disabled & can't drive? Bad luck. Not sitting & passing the twice per second "paying attention" eye tracking check? Bad luck. No "auto" driving for you!
Even better, take control yourself, touch 31mph, get automatic tickets from the black box.
It really is going to be the most horrendous of futures.
And that's before you factor in the fact that *every single vehicle you see* could be a reprogrammed kill-bot, actively looking for your number plate in order to crash/ram/crush.
Hardly a fair statement, that. Android is the Apple iOS version of Linux, written by Google!
Well, it makes sense to not risk another few officers, but then, just like the guns, every civilian will demand their 2A right to a killer assault robot, & then it's going to get even messier...
And how's that working out for you now?
The pound has slumped against the dollar, but not so much against the euro, because we dragged that down with us. The FTSE 250 has sort of recovered, but mostly because the pound has dropped so far. The entire Brexit "winners circle jerk" has vanished - even farage has given up, having "won" without the slightest shred of a plan.
I've already seen prices pushed up - steel? We barely make any, so all this won't save that industry, and your hand-hewn artisanal coal that you are planning on selling for 3x the price of everyone else? Well, that's not going to save you either.
It's like a dog chasing a car, then, one day, it catches the car, and gets it's jaw ripped off.
That last paragraph is this whole f'd up mess in a nutshell.
This is what Vexatious Litigant laws are for. And this nice fellow is the absolute definition...
Like that doesn't already exist. You just can't see it because of Copyright.
Not sure they'd go to the Supreme Court, let alone Appeals, just for publicity. They aren't Donald Trump.
Biting the hand that feeds IT © 1998–2017