|
Cocoa Crispies posted:why is this in this thread security-> cliff stoll -> tech is bad -> is any tech unalloyed good? -> twitter thread of dubious opinions how we got here, anyway.
|
#
?
Dec 22, 2019 17:19
|
|
|
|
| # ? May 27, 2024 20:40 |
|
|
Cocoa Crispies posted:why is this in this thread
|
|
#
?
Dec 22, 2019 20:24
|
|
|
Cocoa Crispies posted:why is this in this thread gotta post somewhere
|
|
#
?
Dec 22, 2019 20:37
|
|
|
I think we need a new thread.
|
|
#
?
Dec 22, 2019 23:01
|
|
|
Celexi posted:I think we need a new thread. that was an oops not a panic
|
|
#
?
Dec 23, 2019 00:38
|
|
|
youre right, let’s get back on topic with something nice and uncontroversial like linux’s random number generation semantics and entropy: https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/
|
|
#
?
Dec 23, 2019 00:49
|
|
|
Soricidus posted:anal uterus please do not buzz market my grindcore band thx
|
|
#
?
Dec 23, 2019 02:01
|
|
|
Storysmith posted:youre right, let’s get back on topic with something nice and uncontroversial like linux’s random number generation semantics and entropy: https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ linus'd again
|
|
#
?
Dec 23, 2019 05:23
|
|
|
Cocoa Crispies posted:why is this in this thread iostream of consciousness
|
|
#
?
Dec 25, 2019 03:02
|
|
|
https://twitter.com/byourseff/status/1209562375478743040 infosec has kayfabe?
|
|
#
?
Dec 25, 2019 04:49
|
|
|
motoh posted:https://twitter.com/byourseff/status/1209562375478743040 table drop off the top rope
|
|
#
?
Dec 25, 2019 05:02
|
|
|
murray xyzmas waoh what the ff 
|
|
#
?
Dec 25, 2019 15:13
|
|
|
https://twitter.com/todayininfosec/status/1209958197034913797
|
|
#
?
Dec 26, 2019 03:11
|
|
|
put Kevin back
|
|
#
?
Dec 26, 2019 04:56
|
|
|
|
|
#
?
Dec 26, 2019 10:15
|
|
|
just set a back door with this door stop
|
|
#
?
Dec 26, 2019 12:58
|
|
|
Mitnick seems like one of the most “high on his own supply” (as the kids say these days) guys ever, tbh?
|
|
#
?
Dec 26, 2019 13:33
|
|
|
he's cool because all his work was just social engineering
|
|
#
?
Dec 26, 2019 13:46
|
|
|
I too am surprised that a con man would make any over the top claims.
|
|
#
?
Dec 26, 2019 14:25
|
|
|
i got a security camera for my wife for christmas since she asked for it cuz we can't see who's at the door easily. i explicitly got an IP camera that can just work with a NAS and doesn't need cloud bullshit because yeah no. i wasn't expecting much from the firmware but boy is this thing fun. first of all, in order to view the video at all if the firmware is earlier than a certain date, you need to install a chrome app that opens in a completely separate window and demands a ton of permissions. however once the firmware is updated to the latest version, the chrome app stops working entirely (and hasn't been updated since 2017 so it will never work again) so installing it was pointless. they did in fact make the web ui capable of showing the video so you don't need the stupid app, so that's some kind of improvement i guess anyway i go to make an account and it does that loving thing where it prevents you from pasting in a password, both in the user creation area and in the normal login screen and everywhere else a password is used. great, thanks. it's also an entirely javascript ui that's poorly written to boot so you can't just hit enter on any forms (even the login form), you have to click the button. that one's not a security issue i just loving hate developers that do that. it supports HTTPS... sort of. you can hit a button to "generate a certificate request", and then download it, and instead of a cert request you just get the public key (??). there's absolutely no way to actually get a CSR out of this thing as far as I can tell. fine, whatever. i generate a certificate externally and upload the public/private pair, and that works fine (after throwing an error saying it failed, of course). except, there's absolutely no way to turn off normal HTTP access, or any of the other insecure protocols it supports, or make it redirect to HTTPS or anything, you just have to remember to always go to https, great. at least it supports EC. it's also by default trying to forward all its sensitive, juicy unencrypted ports via upnp because of course it is anyway time to set up the external storage. it supports two modes for this, "FTP" and "NAS". i assumed "NAS" would be like, a samba share or something, but no it's some weird Synology-specific thing, so that's out. so the only option for file storage is plain old unencrypted FTP. great  i mean i know it's consumer-grade garbage and 99% of people are just going to buy the cloud service anyway but maaan e: also it only supports ipv4 or ipv6, not both, i have no idea why or how they even did that Shame Boy fucked around with this message at 16:36 on Dec 26, 2019 |
|
#
?
Dec 26, 2019 16:32
|
|
|
if it's anything like the other generic ip cams i've seen it almost certainly doesn't do any kind of firmware validation, so you could probably grab an update file, dump it with binwalker, hack out everything but rtsp or whatever and flash it to the device if you wanted to they're usually just an embedded linux kernel, a minimal shell, and some poorly configured services hung together with some jank-rear end scripts infernal machines fucked around with this message at 16:54 on Dec 26, 2019 |
|
#
?
Dec 26, 2019 16:41
|
|
|
Just make sure to roll your own image classifier to detect "suspicious*" people. *: Please consult your lawyer before attempting to define this word.
|
|
#
?
Dec 26, 2019 17:02
|
|
|
mystes posted:Just make sure to roll your own image classifier to detect "suspicious*" people. one of my earliest gigs was working on consumer in-vehicle navigation systems and we were introducing the ability to avoid "bad neighborhoods" when routing and a bunch of cities complained to us so we halted the feature.
|
|
#
?
Dec 26, 2019 17:05
|
|
|
let me guess, the complaints came from the wealthy people suddenly having through traffic routed through their sleepy quiet neighbourhoods?
|
|
#
?
Dec 26, 2019 17:07
|
|
|
no it was cities with high crime rates complaining that were going to make people avoid their cities.
|
|
#
?
Dec 26, 2019 17:18
|
|
|
CRIP EATIN BREAD posted:no it was cities with high crime rates complaining that were going to make people avoid their cities. lmao
|
|
#
?
Dec 26, 2019 17:20
|
|
|
i can understand people being offended by that but also i can understand maybe lowering the risk of a carjacking of a customer by taking a less-than-optimal route. navigation algorithms get extremely complex because just using a cost function of "number of seconds to traverse" isn't always the best. this was before every cellphone in the world had nav software, but the consumer market was getting extremely crowded, so every little feature you could add to the router was something you could slap on the box.
|
|
#
?
Dec 26, 2019 17:27
|
|
|
Didn't Google just recently add a "please don't rape me" function to Maps for pedestrians?
|
|
#
?
Dec 26, 2019 17:29
|
|
|
possibly. the company i worked for backed down just because they didn't expect the cities to get upset over it. there wasn't any possible backlash we could face, just didn't want to be jerks. google doesn't seem to care, though.
|
|
#
?
Dec 26, 2019 17:30
|
|
|
tbh, a group of programmers deciding what neighbourhoods/cities to further disadvantage by algorithmic fiat generally isn't a great look
|
|
#
?
Dec 26, 2019 17:33
|
|
|
It seems it was mostly rumors based on deactivated functionality in some Android firmware. I can see why the feature is controversial, but I have also myself wanted such a feature when walking in unfamiliar areas.
|
|
#
?
Dec 26, 2019 17:34
|
|
|
infernal machines posted:tbh, a group of programmers deciding what neighbourhoods/cities to further disadvantage by algorithmic fiat generally isn't a great look we just pulled stats of carjackings in areas and used that. all the locations that we would have avoided didn't have anywhere to stop, anyways, it was generally just locations with huge stretches of abandoned buildings etc. most of the stuff we did was based on customer feedback. once we got into the trucking nav business, guess what our #1 request was? have the voice that gave you directions be a little naked lady on the screen.
|
|
#
?
Dec 26, 2019 17:40
|
|
|
klafbang posted:Didn't Google just recently add a "please don't rape me" function to Maps for pedestrians? automatic incognito mode when it thinks google management is nearby?
|
|
#
?
Dec 26, 2019 17:44
|
|
|
Cocoa Crispies posted:automatic incognito mode when it thinks google management is nearby? 
|
|
#
?
Dec 26, 2019 18:39
|
|
|
Cocoa Crispies posted:automatic incognito mode when it thinks google management is nearby? google what?
|
|
#
?
Dec 26, 2019 18:43
|
|
|
klafbang posted:It seems it was mostly rumors based on deactivated functionality in some Android firmware. I can see why the feature is controversial, but I have also myself wanted such a feature when walking in unfamiliar areas.
|
|
#
?
Dec 26, 2019 19:09
|
|
|
CRIP EATIN BREAD posted:one of my earliest gigs was working on consumer in-vehicle navigation systems and we were introducing the ability to avoid "bad neighborhoods" when routing and a bunch of cities complained to us so we halted the feature. yikes. racism the gps is a powerful feature. too powerful
|
|
#
?
Dec 26, 2019 19:44
|
|
|
My tomtom loved taking me through the worst parts of DC to save 3 minutes of travel time over 495. Thanks tom tom. thomtom.
|
|
#
?
Dec 26, 2019 19:57
|
|
|
CRIP EATIN BREAD posted:we just pulled stats of carjackings in areas and used that. all the locations that we would have avoided didn't have anywhere to stop, anyways, it was generally just locations with huge stretches of abandoned buildings etc. weird how no one has done this with traffic accidents instead, to take a safer route. since a car accident is far more likely than a hijacking.
|
|
#
?
Dec 26, 2019 20:59
|
|
|
|
| # ? May 27, 2024 20:40 |
|
|
Vomik posted:yikes. racism the gps is a powerful feature. too powerful global phrenology system
|
|
#
?
Dec 26, 2019 22:26
|
|
