That would be nice.
369 posts • joined 11 Oct 2012
Indeed - anyone who runs it can see the connection attempt via burp or proxy or whatever. Marcus was just the "first to file".
And the FBI did no work at all. Marcus was doxed by the UK newspapers!
That's only in the UK. You can remain silent in the USA without dodgy inferences being made.
Someone wants to use your code for "commercial ends"? Then you kind of expect to get paid for it.
Really? They're that stout? Wow.
I hit a badger last night, the largest common non-deer in the UK, and it died instantly, with no damage to the van.
I wouldn't. Patch/update to Rock 2,otherwise you don't get Slate & Chalk. Either way, it's still stable, even if it is 350 million years old.
I remain fairly convinced that Clinton's emails was a storm in a tea cup. It was overblown to say the least. Not least because trump and his cronies have and are doing the exact same thing.
And the more that comes out about trump, the worse he looks - the access to visas scandal (from what, yesterday?) as just one obviously criminal example.
Clinton was a bad candidate, but she'd have won against a clearly worse candidate if not for a dozen different reasons, including the hacks, sexism, Comey's dubious FBI statements on the eve of the election, voter disenfranchisement, and Gerrymandering. Each only affected the outcome by a few percent, but it added up to a victory for trump - where she won by 3 million votes, but lost the electoral college FPTP system.
Russian attacks and dark money are clearly also in there too, but there it was just more grist to the mill that wore HRC down.
France was way more obvious - Russian funding of the one side, and targeted leaking against the other.
Meanwhile the BBC sits there having a go at French reporting for "not being balanced"! One side is a nice enough guy, the other is a woman who wants concentration camps again! Fecking "balance"! From the organisation that has 2/3rds of UKIP's seats, on Question Time every week!
I wouldn't call Wikileaks a Russian front. More a convenient tool.
Wikileaks exists in part to reveal state secrets to the common people. Russia knows that often, making sure their right secret leaks is to their advantage.
If that were true, Wikileaks would have released the data dump two weeks ago or today, not yesterday.
The timing is why it is obvious that Putin is behind this, and Julian Ass is clearly complicit.
The brighter thing to have done, since Le Pen was clearly doomed (biggest loss since her Nazi dad's try in 2002, or possibly even since 1958!) would've been for them to leak *Le Pen's* secrets, so WL could at least pretend to be neutral. Then the next WL tampering attempt might have been more successful.
Now, surely, since everyone predicted that WL would shill for the Russians, and did, it is confirmed we can't trust them any more.
@P Lee, you're not thinking it through. It doesn't matter that Macron was apparently pretty much clean, they dumped 9gb of data and made claims, and had some fake documents embedded in it which they immediately started to push.
The idea here was clearly that they didn't have anything to report, so they lied and pretended they did!
Fortunately the game was easily spotted and some of the fakes were hilariously bad - the fake "returned cheque" letter, for instance, wasn't flattened in Photoshop, so the layers showing the header and text are separate scans are still there!
So it simply lowered the turnout. Not by enough to make a difference, fortunately.
And so, the Nazis were defeated in Europe for a second time.
The problem is, they are evolving, and worse, rebranding. What will come next?
And don't forget that vulnerabilities are daisychained to get things like VNC type access - AMT is very low level, so could be used to pipe into/out of any hardware, including a video card or USB device (webcam included) using high or low level hardware commands.
Was Intel's response Null? Because that could have been a hint.
As regards to it being a cunning backdoor, surely they'd have set a password? Or is this for plausible denial purposes?
Just plug into your box via this formerly obscure flaw and fix it yourself!
Well, without that you'd not be able to boot from a USB stick, so there are obvious trade-offs. They can own your machine, and you can own other people's.
If it costs an extra 0.2¢, forget about it! They don't have money for security to close the FTP port so reworking a chip is well out!
<quote>There is a (very fine, at times) distinction between something not being lawful and it being a crime. For example, in the UK, a bye-law that says "no cycling on this path" means that cycling on a given path / track is not lawful. However the police do not arrest cyclists for committing a crime</quote>
Except, you know, that good old Jack 'boot' Straw changed the law in the UK so all offences are arrestable - nothing is too minor. Suspicion of littering? Arrestable. Cycling on a footpath? Also arrestable.
So now you know.
That's a very lawyerly response, is that! Have you been trying to use Bitcoin a little too much?
The old guy was right though - you can use the iPod as a mass storage device and siphon out gigabytes of data without issue. It would take not long to re-jig the firmware (indeed, entirely replace the hardware and firmware inside that sleek case) on an old iPod so that it would do whatever you wanted to the target machine. Also, Nation State Actors can easily reflash your iPod so that you're not even aware you are stealing the data until someone cuffs you. Finally, for those idiots as yet unconvinced, I can swap out your iPod cable for one with a built-in wifi hotspot. Explain that to security when they find it!
Please, when a Secret Squirrel's friend accidentally tells you something a Secret Squirrel told him, don't mock the guy, accept that he's likely been told this by someone who has done it. Because that's what the "higher ups" at the MOD and other places see, often long before us.
You're kidding right?
Something like 34% of Trump voters think Obama was /personally responsible/ for hurricane Katrina!
Good luck even finding the manufacturer, who is likely based in China.Talking to my Chinese friend who helps run one of the more legit manufacturers of lock tools, he was saying that a lot of the factories literally move daily to avoid being found by the Chinese state authorities. Which is insane, but apparently true.
You call them and they bring you the stuff, or you go to the market and get the stuff there. Even the manufacturers using the parts often don't know who actually made the part (which really is just like the UK! You buy a bag of nuts meeting a spec, you don't care where or who made the steel nor cut the thread. That's why aerospace stuff is so expensive - extreme traceability from the mine to the machined part)
Adding an unenforceable penalty to the manufacturers will do nothing - loads already sell stuff that literally doesn't work. The wholesalers don't care either - they know that no-one sends anything back because the postage costs more than the widget! (Which is another issue entirely - how can ChinaPost send a thing across the world for less than I can send a second class postcard to the next town? Oh yes, state postage subsidies!)
But it is a hiding to nothing. You can't even figure out who made the thing, there are that many clones of the clones going around. The reason we are in this mess is because they just rip the firmware, or download a bit of source code from a website, and use that, default passwords and all.
How to change that? Good luck!
But even that won't work.
Look at that guy fingered by the smart water meter - nothing useful there, except the extra 300 litres of water apparently used that early morning, which police believe was used to both wash the blood away and fill the bath.
Like the way advertisers can work out who you are by looking at the exact battery level and a few other things, multiple pathways leave the data easily extracted. Likewise VPN uncloaking using open port forwarding - only 7 people in the world have that set of fingerprints across those ports, and all are coming from the same VPN network, but different termination points? That's you busted, despite your 7 proxies!
Without a home AI firewall (A Icewall) to run it all for you, you're stuffed.
>an explosive charge that detects the date of the software and blows up the item if its software is older than yesterday.
Fixed that for you. Just because the product is new, £1 will get you 50p that the code is re-used.
Very rarely, we use this device called a digger, which allows access to underground things. But that is rare. Normally it is done at the meter.
Because it is wrong.
Engineers are sent out, daily, across the country. To cut off businesses and, mostly, force non-payers onto pre-pay with built-in debt recovery.
See the Rights of Entry (Gas and Electricity Boards) Act 1954 & Gas & Electricity Act 1968,as ammended.
Prepayment meters are massively over represented in the poorer neighbourhoods. That's a fact.
Yes, a lot of landlords also fit their own, to try to avoid warrant teams breaking in and cutting off their tenants for non-payment. Make sure the landlord is actually paying the power company though, if they are private meters.
Yes, these meters can be remotely switched to off and even been "prepay" & "credit", and it means there will be a hell of a lot of underemployed locksmiths soon, as well as meter readers and gas/electric meter fitters!
That's one reason I've scaled them right back - 5 years, and assuming we aren't all dead or homeless from trumping & Maybe doing us over, and the daily work that keeps about 300 expert locksmiths fed will be gone. Which may lead to some, er, issues...
You could toggle the power on and off rapidly, and knock out the trip, but that's about it on any modern house. Older ones with wire fuses, that would be harder to do, but eventually the switched on stuff would get fed up and die.
It isn't like it could inductively spark or switch thousands of volts through instead of 240!
It could attack the grid though ,and if every house needed a visit to replace the bricked meter, well, that's a major disaster! (Elderly in winter, etc. countrywide.)
The meter readers will happily not give a damn, because they're just subbed-out guys so have to check 300 houses a day or more.
The PDV, or PreDisconnection Visit, as we call them (one company has now renamed to something "less aggressive" but hey, it is what it is) will also happily leave if you are an arse, but generally get it resolved face to face.
The Warrants team however, are coming in, locked door, dog, whatever. Maybe not the first time, maybe with police, maybe with, in a couple of cases over many thousands I've done, a disc cutter and sledgehammer, TASER team and 10+ police.
So your mileage may vary.
Well, something like Ubikey might work for you. Physical hardware token.
[quote]But, this is all academic anyway - unless the hacker is in close proximity then they won't be trying to connect to to your WiFi. Hard to do that from half way round the world.[/quote]
Fortunately, you've got always-on broadband for those people.
I'd check that if I were you. Not having the right door locks (in the UK, a 5 lever British Standard door lock on a wooden door, or a multipoint lock on plastic) *invalidates* your insurance, whilst an alarm or not gets you a 15% discount which generally isn't worth the cost of the monitoring required!
IoT gear should not have a password until you boot it for the first time. I came up with "4 simple rules for IoT development" on Twitter after a challenge. That was number two.
"Ok, 4 simple IoT rules? I'll try: Close all unnecessary ports. No default password (prompt at 1st boot). Make firmware updates possible. Have an ID on device to link back to manufacturer & manual/website for tech & update support."
Indeed, this was pushed through the UK parliament (unopposed by the so-called "opposition") and signed into law just today.
Likewise - I'd happily buy one now, to be honest, and just charge it in a lipo bag. Or just take it apart and swap the battery out, or whatever. Exploding phones aren't great, but like others have said, it's a tiny fraction of the ones sent out, and an easy fix. And, if it really was the charge voltage, as someone posted somewhere I now can't track down, it's an easy easy firmware fix anyway.
Plus, think what it'll be worth to collectors in a few years!
No, it's a co-located server, so the physical infrastructure is under the control of the co-lo company (though you may or may not own the actual computing hardware) so access and the like is down to them and their security team. And so out of direct control by your boss.
Fortunately, most see sense when you explain the long prison term for corporate manslaughter.
Blocking the fire escape with crap in the room most likely to have a fire? The directors will be in court, explaining it, if someone gets hurt.
It's not just a big fine anymore.
Some very witty comments here...
If you've the budget, electronic access control is way better than a £20 push button "any order" XYZ mechdigi lock. Obviously!
You can't set the XYZ up for simultaneously pushed buttons. You're thinking of the Unican range, which start at around £200 not fitted. And few seem to be able to master those four picking or decoding. (and the electronic version is superb!)
For maybe £400 you can get a basic electronic access control system. But do yourself a favour, ask a professional to design and install it! Yes, it'll cost more, do more and be better - just like your IT system design is better than the boss's "great idea".
It's hard to believe this is still on-going! This is well past the stage of "He might be doing the right thing". Now, he's taking the piss. Batelli needs fired imo.
Hope you guys realise that a segregated wifi network generally isn't actually secure unless it is running on separate hardware too?
That's just not going to happen.
For one thing ,it would show down the registration process - lost your domain to someone who passed it through vetting a bit faster? Bad luck!
B) The cheap domain names that keep the Internet expanding are automated at the seller end to keep costs right down.
III) People would bypass it anyway. Whether by pretending to be the domain owner wanting the typo domain name to catch otherwise list traffic, by clever boys trying next obscuration with Cyrillic or Arabic character sets, or by simply submitting a few million requests in a DoS.
Just saying. The orange faced wankpuppet won.
All he had to do was have the GOP remove half the opposition voters from the rolls, & bingo! Nearly a majority.
Except that it *is* powerful kit. Modern smart phones do full screen video at HD with colour & sound far beyond a PC from 10 years ago.
Not comparable to the state of the art PC plugged into the mains, but still remarkable. Just because it is mostly hidden, doesn't mean it isn't there.
I wouldn't worry. I bought all three off Amazon. Free next day with Prime. Mostly basic, but then all three are seemingly written by/for the US Army.
I'm anticpating a more dangerous & violent world. Signs point to it, as do portents. My clients expect a good security review, so that's what they'll get.
Ban thinking! Think of the children!!
However accurate the rest of your post is (very accurate), you miss that in another ten years there simply won't be any jobs for those people to do. Literally the whole point of Uber is to get rid of their drivers. Mercedes Benz and Tesla both have self-driving vehicles, and so those millions of trucking jobs will soon disappear. Uber as a side gig is great, for some, but that'll vanish once there is a fleet of self-driving taxis that use tracking apps and location services to predict where to be for the best fares.
Literally, by the time this matters again, it won't matter at all. You can't bring those jobs back from China in any meaningful way, as I've tried to explain a thousand times with varying degrees of success. Not only are the wages lower, but the Chinese factories are now practically fully automated. Foxconn just laid off thousands of workers because the robots they are building are doing the jobs that the people who used to build the robots are now doing for, near as dammit, free, 24/7. Robots beat even slave wages - they don't need to sleep!
We are rapidly being replaced in most "bulk" jobs. Expensive speciality "knowledge workers" are also highly at risk from some gimp with a CS degree building an expert system over their lunch, too.
I'm in a job that literally cannot be outsourced, and cannot be completely de-skilled, though a lot of un- & underskilled people are flooding the market, and learning via YouTube and forums. So as everyone in the country tries to become a locksmith, the market saturates, and bingo, no-one needs to pay a locksmith again, because they are one or they know one. Likewise with basic IT skills being learned by lots of people, some will become highly skilled, but others will always use YouTube and StackOverflow and GitHub, and, well, you end up with hte Internet of Shit, and massive DDoS attacks run by toasters.
Back in my day, you had to craft the packets by hand before whistling them down the phone line yourself. Which reminds me - have you heard the one about the bugle player being replaced by a £20 electronic trumpet for Remembrance Day services? Because I heard it today...
Perhaps this is just too obvious, but couldn't we agree that all IoT traffic has to use Port 666 to 669 (or whatever) so that there is an option to block it easily?
Obviously, with attackers able to root & flash devices they can swap to whatever port(s) they want, and shape traffic as they see fit, but it would be a start for people trying to solve issues.
Truth is though, there's simply no good answer. Security costs time and money, & trust me, most people are cheap.
Yes, and that's how it should've been here - but it wasn't. You can go google the teardown yourself, the original Note7 firmware charged the battery to 4.3V, and the replacement bumped it up to a stupid 4.35V! Yes, they were meant to be able to take it, but surely the sensible thing to do would've been to turn it down, not up!
Well, there's a lot to be said for being able to blow up a person remotely by a simple tweak to their firmware. Because that's what this is - a tweak to the firmware maximum charge voltage value. Simply set it at 4.5V and you can be fairly sure that after most of a night on charge it'll burst into flame.
It's one line of code. Seriously, it isn't even that: it's one variable, the firmware charge voltage is set too high.
The charge voltage is set to 4.3V in the first explodo-phones, & the replacement units have it at at a frankly stupid 4.35V! Safe charging on a LiPo battery is 4.23V, absolute max, 4.2V is regarded as the same upper limit.
It is also a one second firmware fix! So what the hell is really going on?
The vanity of that man, thinking he is clever enough to understand the "purpose" of an AI. I suspect he can't even understand the average hamster, let alone a dog, dolphin or monkey.
He is as doomed as everyone else when it goes wrong, as it almost certainly will.
This is brilliant, so in 15 years, when we've got Brexit put to bed & we've finally got those trade agreements sorted, and finally manage to invite a foreign firm back to the UK with cut-price Marmite, they'll insist we install it, so they don't have to put up with patchy 3g/4g that's 20 years behind.
Of course, everywhere else will be on 6g by then...
Yeah, that is really not how that should work. "Businesses won't use our systems" - no, but that's the whole thing about spoofing! No-one can tell until it's too late!
Biting the hand that feeds IT © 1998–2017