Here's the link you all really want...
16 posts • joined 21 Aug 2014
I won't say where (though it's trivial to establish with a little Google foo), but a large number of Axis cams were installed in a new build and linked to the B.M.S.
The cameras were all added to CCTV module which was compiled with hard coded credentials...which of course were default. To make matters worse the the BMS company (Massive "professional" outfit) installed the cameras and BMS on the same VLAN as the standard traffic. Anyone on the WiFi or plugging into an ethernet port (oh btw they fitted active ones in the loos) can simply load up the Axis camera management tools and discover and access every camera on the network without needing any CVEs at all.
So yeah....plenty of places with Attack Vectors, some places are worse and have them on the internet
A number of years ago I contacted Apple and Facebook regarding a security flaw whereby tokens and passwords were accessible in plists.
I didn't hear back from Apple and Facebook said it wasn't a flaw so I reported it to El Reg who published the article.
A few weeks later and a vast number of Apps on the app store has been updated to mitigate the flaw, iOS had been updated to prevent file level access and someone else wrote up the same exploit citing my work and got a bug bounty from Facebook.
I guess Facebook were just pissed off they had egg on face.
The military security concerns revolve around the black box SD card glued into the drones.
It stores flight logs, co-ordinates, images used for precision takeoff and landing as well as logs re: rf interference etc.
Should a drone crash or be shot down, an enemy can recover and gather valuable intel.
You forget that at this point they've been running from one side of the hospital to another for 14 hours straight with no break, nothing to drink or something to eat. Shouted at, argued with, comforted a family who child has just died. Spent an hour waiting for results from one system or another to print because printers are the spawn of Satan himself. Heel pricks, jabs, bags, drips, broken limbs and then there's the larger louts and pissed up arseholes, the attempted suicides and the successful the parents who bring their kids into A&E rather then buy some feckin calpol.
I've worked in IT all my life. I've also been a carer, and I'm married to a Dr I barely ever get to see because she's constantly working 13-15 hours a day, before driving home crashing for a few hours then going back to work. Granted, she wouldn't have made the mistake of not turning a computer on, but I, sitting at home with my laptop wouldn't have blamed her if she did.
Does common sense suffer with sleep deprivation? YES! Does that make them any less professional, no.
Yet our government is trying to remove the maximum working hours and drop their pay by upto 30% and most of the British public doesn't have a clue about it.
DNS tunnel out on the hotel Wifi so you don't have to pay the extortionate charges, De-auth any macs that aren't my spoofed one and set up my own Wifi network with the hotels SSID and provide the free WiFi the hotel should be providing in the first place to anyone in range.
They're playing a dangerous game which is sure to escalate quickly and frankly my Wi-Fu is better than theirs.
Some very prevalent brands of temporary traffic lights in the UK use the same basic OOK now that those particular sets of lights in Sheffield used in the 1980s.
As such they don't care if it's AM/FM etc so long as the carrier wave is at about the right frequency. I wouldn't be surprised if it was just the presence of a cw that triggered the lights as you'd have to be pretty fluky to nail the OOK sequence.
Biting the hand that feeds IT © 1998–2020