Looks like the vulnerabilities that impact Android are in the BlueZ bluetooth stack. Nothing to do with the MAC address of your Bluetooth/Wifi, of if Bluetooth and WiFi are contained in the same piece of hardware (I doubt any phone has a separate Bluetooth chip anyway, it would require a separate bluetooth antenna, cost more and take up more space)
From PDF in summery "If the device generates no Bluetooth traffic, and is only listening, it is still possible to “guess” the BDADDR, by sniffing its WiFi traffic. This is viable since WiFi MAC addresses appear unencrypted over the air and due to the widely accepted norm of OEMs and hardware manufacturers that the MACs of internal Bluetooth/WiFi adapters are either the same, or only differ in the last digit (one being +1 of the other"
Could be wrong as I don't know what BlueBorne app does. But reading the PDF it could be as easy as checking your "About Phone (device)" and seeing if your WiFi MAC address is one digit off of your Bluetooth MAC address. I show as vulnerable and my MAC addresses end with one a digit higher.
So one should be able to view MAC addresses and if sequential, vulnerable
I seem to recall reading about this as a kid back in the 60s in Popular Science. It was supposed to make shipping freight cheaper. But for some reason it never caught on. Is this round 2, fifty years later?
I seem to recall reading about this as a kid back in the 60s in Popular Science. It was supposed to make shipping freight cheaper. But for some reason it never caught on. Is this round 2, fifty years later?
I've read of this before, I gave it some 20 years ago. 60's sounds reasonable as it's such a simple a techonolgy. Popular Science does have a tendency of covering an new produce (what's new) that never makes it to the market/masses.
"limited progress toward implementing long-term waste management solutions. This is partly because the timeframes in question when dealing with radioactive waste range from 10,000 to millions of years" https://en.wikipedia.org/wiki/...
Not that it's an excuse, but in what universe is it OK to have internet-connected data repositories that don't have a password? When is that EVER a good idea? Why can you even create a bucket without some kind of authorization on it? That's just kinda stupid.
And yea, TigerSwan: You were freaking responsible for the data. You might not directly employ the guy who screwed up, but your contractors are YOUR problem. The fact that you obviously DIDN'T control your contractors properly indicates that you probably aren't the right guys for the job.
Since Digg came out with their much vaunted version 4 at the end of August, the social media blogs have documented in detail the trail of disaster which will surely become a case study in how to screw up a social site in business courses across the land. http://www.techradar.com/news/...
I've used snopes.com many times but found it behind most of the time. Just today linked from fark.com: "Health professionals report cases where people put sunscreen on their eyeballs to watch eclipse" http://www.foxnews.com/health/...
sunscreen +eclipse site:snopes.com - Nada on all variations.
Ha Ha - This. At one financial web site I use (with NoScript and Privacy Badger tuned to let it run without too many other things working), down in the lower left corner, is a single-pixel graphic somebody dropped there, which is fully ADA compliant - has a label saying "single-pixel graphic".
Normally they are transparent and why the GIF format is used, in the begining (of WWW) GIF was one the few formats that allowed it.
Quake is 21 years old man. Come on. I mean I still play games with CGA/EGA graphics but at the same time I still recognize that Quake ain't no spring chicken anymore.
But look where the Quake engine has taken us - http://i47.tinypic.com/14ke7bt... think I picked this up 5-10 years ago so not up to date.
Welcome back you were expected. I have a 4 second video nobody liked 400K times, the demographics are incredible with that traffic. There are three spikes in ages 36, 55, and 61 when people come back to games.
Slashdot Mirror
Looks like the vulnerabilities that impact Android are in the BlueZ bluetooth stack.
Nothing to do with the MAC address of your Bluetooth/Wifi, of if Bluetooth and WiFi are contained in the same piece of hardware (I doubt any phone has a separate Bluetooth chip anyway, it would require a separate bluetooth antenna, cost more and take up more space)
From PDF in summery
"If the device generates no Bluetooth traffic, and is only listening, it is still possible to “guess” the
BDADDR, by sniffing its WiFi traffic. This is viable since WiFi MAC addresses appear unencrypted
over the air and due to the widely accepted norm of OEMs and hardware manufacturers that the
MACs of internal Bluetooth/WiFi adapters are either the same, or only differ in the last digit (one
being +1 of the other"
Could be wrong as I don't know what BlueBorne app does. But reading the PDF it could be as easy as checking your "About Phone (device)" and seeing if your WiFi MAC address is one digit off of your Bluetooth MAC address. I show as vulnerable and my MAC addresses end with one a digit higher.
So one should be able to view MAC addresses and if sequential, vulnerable
Am I right?
While I have a cable to connect the two, Bluetooth connected headphones are just much nicer/easier. And BlueBorne found my Moto G4 vulnerable.
Dated September 8, 2017. It's as bad as the article claims https://trustedidpremier.com/s...
When the class action suit is settled you may have to prove you used them, not them hunting you down.
I have the results from Equifax I got from annualcreditreport.com as PDF's.
I seem to recall reading about this as a kid back in the 60s in Popular Science. It was supposed to make shipping freight cheaper. But for some reason it never caught on. Is this round 2, fifty years later?
I seem to recall reading about this as a kid back in the 60s in Popular Science. It was supposed to make shipping freight cheaper. But for some reason it never caught on. Is this round 2, fifty years later?
I've read of this before, I gave it some 20 years ago. 60's sounds reasonable as it's such a simple a techonolgy. Popular Science does have a tendency of covering an new produce (what's new) that never makes it to the market/masses.
that is all.
Long term storage of the fuel elements/rods should put most off https://www.nrc.gov/about-nrc/...
"limited progress toward implementing long-term waste management solutions. This is partly because the timeframes in question when dealing with radioactive waste range from 10,000 to millions of years" https://en.wikipedia.org/wiki/...
Not that it's an excuse, but in what universe is it OK to have internet-connected data repositories that don't have a password? When is that EVER a good idea? Why can you even create a bucket without some kind of authorization on it? That's just kinda stupid.
And yea, TigerSwan: You were freaking responsible for the data. You might not directly employ the guy who screwed up, but your contractors are YOUR problem. The fact that you obviously DIDN'T control your contractors properly indicates that you probably aren't the right guys for the job.
This has been done before and one of 4 times my data has been hacked. https://www.computerworld.com/...
http://i49.tinypic.com/rbejqu....
You and Dan Kaminsky should get naked and be cool together.
I LOL'd https://en.wikipedia.org/wiki/...
It's appears good, it's cloudflare.com not 127.0.0.1 cloudfront.net
https://www.robtex.com/dns-loo...
But does go through a lot of edge servers (can throttle network traffic to adjust loads).
Bail that answer that site is bad news, I posted too early search further I found this dire warning from Domain Registration
http://www.webhostingtalk.com/... and https://www.complaintsboard.co... first two searching eNom Inc.
Really sorry about that.
It's appears good, it's cloudflare.com not 127.0.0.1 cloudfront.net
https://www.robtex.com/dns-loo...
But does go through a lot of edge servers (can throttle network traffic to adjust loads).
Digg.com is a poster child of that phrase
Since Digg came out with their much vaunted version 4 at the end of August, the social media blogs have documented in detail the trail of disaster which will surely become a case study in how to screw up a social site in business courses across the land. http://www.techradar.com/news/...
I've used snopes.com many times but found it behind most of the time. Just today linked from fark.com: "Health professionals report cases where people put sunscreen on their eyeballs to watch eclipse" http://www.foxnews.com/health/...
sunscreen +eclipse site:snopes.com - Nada on all variations.
Sorry it came to this, and:
admin 54321
admin 123456
admin 7ujMko0admin
admin pass
admin meinsm
tech tech
m@t#er f#cker - curse filter
and
ubnt ubnt
root klv1234
root Zte521
root hi3518
root jvbzd
root anko
root zlxx.
root 7ujMko9vizxv
root 7ujMko0admin
root system
root ikwb
root dreambox
root user
root realtek
root 000000
admin 1111111
admin 1234
admin 12345
and:
root (none)
admin password
root root
root 12345
user user
admin (none)
root pass
admin admin1234
root 1111
admin smcadmin
admin 1111
root 666666
root password
root 1234
root klv123
Administrator admin
service service
supervisor supervisor
guest guest
guest 12345
admin1 password
administrator 1234
666666 666666
888888 888888
I saw a different list than is been seen now, it has been updated and the following is what I read
SecLists/Passwords/mirai_botnet.txt
a823fad on Oct 7, 2016
@danielmiessler danielmiessler Mirai botnet creds.
62 lines (60 sloc) 779 Bytes
root xc3511
root vizxv
root admin
admin admin
root 888888
root xmhdipc
root default
root jauntech
root 123456
root 54321
support support
I count 6 logins as even trying.
Ha Ha - This. At one financial web site I use (with NoScript and Privacy Badger tuned to let it run without too many other things working), down in the lower left corner, is a single-pixel graphic somebody dropped there, which is fully ADA compliant - has a label saying "single-pixel graphic".
Normally they are transparent and why the GIF format is used, in the begining (of WWW) GIF was one the few formats that allowed it.
As the bible says they all started to speak in different tongues.
Quake is 21 years old man. Come on.
I mean I still play games with CGA/EGA graphics but at the same time I still recognize that Quake ain't no spring chicken anymore.
But look where the Quake engine has taken us - http://i47.tinypic.com/14ke7bt... think I picked this up 5-10 years ago so not up to date.
Welcome back you were expected. I have a 4 second video nobody liked 400K times, the demographics are incredible with that traffic. There are three spikes in ages 36, 55, and 61 when people come back to games.
Very bad link, use this if wish to know of beacons https://en.wikipedia.org/wiki/...
or a 1 pixel x 1 pixel gif https://www.monster.com/career...