This product is being sold as a replacement for secure products. The company very much pitch themselves as secure from advanced attackers. They've even boasted how their wireless side is secure:
https://www.videofied.com/_ass...
The system is actually quite different to a web-cam. It's been built from the ground-up to provide very small clips when a PIR has been detected.
It's not really any more broken than anything else on the market. A week prior, I published issues in a much more critical alarm system:
http://cybergibbons.com/securi...
If you are willing to share privately, please contact me via the contact form on the website cybergibbons.com
What you are describing sounds right up my street.
This is a massive part of it.
It's easy, even trivial, to develop a system more secure than this. You can just use HTTPS and any API. Even if you completely forget certificate pinning etc. it is still more secure than this.
I have been tempted. For each issue I disclose, there are probably ten others I have kept under my belt.
An RF jammer that takes out 80% of wireless alarms in the UK can be built for about £5 in parts...
I used to work on container ships.
Every vessel I was on could achieve at least 25kts, and some 26kts during sea trials. The engine was being loaded more than the design limits though, so the maximum we could achieve day to day was 24-24.5kts. We frequently did do this and could sustain it for a Pacific or Atlantic crossing. There were no real reliability problems, but fuel and cylinder oil lubrication went up massively. The planners clearly thought it was worth it though.
Warships can do much higher speeds - like you say, 30+kts isn't uncommon. However, the warships I have looked at have their already quite poor range halved by changing from 20kts to 30kts. We could circumnavigate the globe at full speed without refuelling.
Also because of the gas turbines warships use, they need to run on marine diesel oil, rather than the heavy fuel oil that slow speed diesel engines run on. MDO is about 4 times as expensive as HFO. So warships cost more to run.
So, we frequently found ourselves making journeys faster than warships. I'm not saying they couldn't have caught up if they wanted to, but they didn't.
... the next time I bypass the alarm systems, break into someone's office, hack into their PC (which is running a previously unseen user interface which is some bastard child of XP and OS/2 Warp), and begin copying their hard drive to my uber-leet turbo thumb-drive.
Every time I have done this before, they have come back with about 30 seconds left to finish, leaving me with little option but to hide in the filing cabinet.
James Bond
(Has anyone else noticed that the time remaining in films is always accurate, and doesn't jump around like the real life ones?)
Ethereal under Linux is perfectly capable of capturing the raw frame data from a wireless card. Most wireless cards support RFMON mode fine with standard drivers.
Windows, it isn't so easy and requires a small subset of cards. But it is still possible.
I'm training as a marine engineer. I like computers, but not as a job.
Learn about maintenance/repair of all the ship's systems (engines, generators, compressors, air con, reefer, hydraulics, boilers, steam systems, turbines, motors, conventional wiring, etc.). Throw in some control systems as well, and comms gear, to keep the IT stuff...
Learn how to use hand tools and machine tools to make almost anything.
Decent first aid and fire fighting training
Great sense of responsibility
Playing with massive expensive machines
A lot of holiday (one third of the year, but in great big month long chunks)
Reasonable pay - but tax free (at least in the UK, that is the case)
Uniforms always impress the ladies. Even if mine is a boiler suit....
The long periods away might not be to everyone's taste, but it means I can spend the rest of my time travelling or climbing, without the day to day worries of a job.
Jump starting cars improperly can sometimes trigger the central locking - when you are outside the car, with the keys in the ignition.
For this reason, when you are connecting up jump leads to a modern car, it's quite useful to have the keys of both cars in your hands to avoid this embarassing problem.
I think it may be that a flat battery in the second car produces a prolonged rapid surge which the ECU just wasn't designed to deal with.
I presume your at Imperial College... but that's not the point.
That motorway based route would not only be faster when there is no traffic (which is what most route finders assume), but it is a hell of a lot more simple. Simplicity is really important when your driving a route for the first time in London...
I don't see what you gain here using a hardware implementation of this. Surely it is possible to otherwise do this entirely in software (which would certainly be more elegant) or even by blending two DVI signals?
Like this, you end up with one display being a little fuzzy, and it just looks confusing to me.
The article really doesn't sell it either - "It's good cos you can have toolbars and pallettes" - done in software - "The box looks cool" - great, I'd expect it to look good if I paid that much.
FPGAs are my thing really, I think they are one of the best ways into electronic design if it isn't your career.
I'm not up on Xilinx at all, but I've used most of the Altera FPGAs available. They are all pretty amazing devices, and all have their own dedicated features such as memory, DSP, fast IO, things like that. Learn about the structure of the FPGA from the data sheets to see how they work, and recommended applications.
If you are doing anything reasonably complex, rely on the automated routing and placing. It's simply too complex for a human to do well. When you want that bit extra speed, or maybe when you are nearing 100% usage, then start manually tweaking the automated system - there are some really clever tricks to be done here.
I did some fairly basic projects to start with (a digital function generator, an IIR filter, a display processor) which were guided coursework assignments. They gave me the grounding in the tools and techniques required.
I think VHDL is my favourite language. It's so different to conventional programming, and again you can learn some really neat tricks to do jobs. A neat project was a biquad filter which used a systolic array of very similar blocks - watching how it ran as a simulation was interesting.
I think the best thing though is to come up with a complex and real world application, and build up from there. Buy some of the reference books, but do something that will really tax you - it's far more interesting doing something like this all by yourself than using books to do projects of things already designed 30 years ago.
Computer architecture is an exciting and unexplored field. Read some papers on new ideas, like asynchronous processors, or multicore processors, and try and implement some of the ideas. It's a good way to bring the world of hardware programming and software programming together.
I ended up developing a multiprocessor system on a chip. Which as an individual I think is a great achievement. I learnt so much doing it.
The books he references aren't exactly easy to get hold of... anyone know if there are any torrents or downloads of any of them that might be in the public domain? (or maybe illegal ones..)
With regards to the filenames, one of the worst offenders are Lexmark printer drivers. The filenames actually look like they were generated randomly. Oh for the days when a printer only needed a driver with no processes running (another reason to steer users away from cheap inkjets).
A Knoppix based cleaner would be an amazing tool - like someone said earlier though, the NTFS writing can be a tad fruity at times still, and that would need work on first.
I should have added that we always upgrade to SP2, the advantages far outweigh the disadvantages, especially on business machines.
The registry hacks that involve restricting activex, adding restricted sites etc. that we do are almost the same as the ones used by Spyware Blaster - expect we use more sources of information, and do several things this doesn't. Also works out a lot smaller, and doesn't need to be installed.
Do you find that the SP2 firewall is inadequate? After watching many users just click "Allow" in most third party firewall applications, I tried SP2 firewall, and found it to be more effective under the control of someone who does not know what they are doing. Though, in most situations, the machines are behind an existing hardware firewall.
That's fine in a environment where you are there all of the time. We're not, we go into a small business, and secure their machine the best we can. They aren't our machines, they're theirs, and all we can do is offer strong advice.
I estimate a convertion rate of about 20% after installing Thunderbird and Firefox, which can only get better.
Do you know if this is going to get an English translation? I can understand what is going on, but for end users, it would be harder... it seems like a very useful tool.
I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:
There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.
Sysinternals Utils are free and great. Process Explorer replaces the crippled useless tasklist in XP, and is quicker and easier to use than the command line utils. Filemon, Regmon, and Diskmon allow you to monitor files, registry keys, and disk access - you can see how, when, and why spyware is getting in.
WhoLockMe - appears on the right click menu in explorer, and shows what is causing a file to be locked. Again, this can be done at the command line, but this makes life that little bit easier.
Knoppix - for when it all goes very very wrong.... recover files, partition tables, reset passwords, even edit the registry
I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:
People don't know they have spyware on their computers. They are crawling along, at a stage I would call barely usable, and it doesn't bother them in the slightest. Or, better still, they find those new toolbars really useful...
A combination of Spybot S&D and Adaware will clean up most problems. Hijackthis will then allow you to remove anything else. Some people say that Hijackthis is the only tool you need - but it can only remove very apparent problems, whereas the other tools will remove nearly all associated keys, files etc.
To prevent re-infection, you need to lock down the machine whilst it remains usable. People really do not want to change, or put any effort in. You can try putting Firefox and Thunderbird on the PC, but most people will choose IE, or complain if you hide IE, so they don't have the option.
Change the settings for the zones in IE to be more secure.
Add a big list of bad sites to the restricted zone in IE. This includes some sites that have content, but it's generally porn, and as our users are business users, they won't call us back to give them access to a porn site.
Add an even bigger list of ActiveX CLSIDs to not run.
Stop the default action on windows scripting host files, scr files etc. from "run" to "edit". A lot of problems start with some user interaction, and this has cut down on quite a few (mainly non spyware) problems.
A lot more small registry tweaks can be done... most of the above is done automatically by scripts we have writen. One of the problems we found was adding keys once to each HKCU hive - you don't want to overwrite them at each login, or the user changes will be forgotten, but none of the Run, RunOnce etc. keys do it per user.
Add some buttons to the IE toolbar to put sites in the trusted or restricted zones, for when people have problems.
Install Spyware Guard - this provides some active protection against spyware.
This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.
Slashdot Mirror
Probably, but I don't see any secure alternative to glass windows. There are secure alternatives - at little to no cost - for crappy netsec though.
This product is being sold as a replacement for secure products. The company very much pitch themselves as secure from advanced attackers. They've even boasted how their wireless side is secure: https://www.videofied.com/_ass...
The system is actually quite different to a web-cam. It's been built from the ground-up to provide very small clips when a PIR has been detected. It's not really any more broken than anything else on the market. A week prior, I published issues in a much more critical alarm system: http://cybergibbons.com/securi...
If you are willing to share privately, please contact me via the contact form on the website cybergibbons.com What you are describing sounds right up my street.
This is a massive part of it. It's easy, even trivial, to develop a system more secure than this. You can just use HTTPS and any API. Even if you completely forget certificate pinning etc. it is still more secure than this.
I have yet to be approached by the mob, but I have had some very dubious emails.
I have been tempted. For each issue I disclose, there are probably ten others I have kept under my belt. An RF jammer that takes out 80% of wireless alarms in the UK can be built for about £5 in parts...
I used to work on container ships. Every vessel I was on could achieve at least 25kts, and some 26kts during sea trials. The engine was being loaded more than the design limits though, so the maximum we could achieve day to day was 24-24.5kts. We frequently did do this and could sustain it for a Pacific or Atlantic crossing. There were no real reliability problems, but fuel and cylinder oil lubrication went up massively. The planners clearly thought it was worth it though. Warships can do much higher speeds - like you say, 30+kts isn't uncommon. However, the warships I have looked at have their already quite poor range halved by changing from 20kts to 30kts. We could circumnavigate the globe at full speed without refuelling. Also because of the gas turbines warships use, they need to run on marine diesel oil, rather than the heavy fuel oil that slow speed diesel engines run on. MDO is about 4 times as expensive as HFO. So warships cost more to run. So, we frequently found ourselves making journeys faster than warships. I'm not saying they couldn't have caught up if they wanted to, but they didn't.
... the next time I bypass the alarm systems, break into someone's office, hack into their PC (which is running a previously unseen user interface which is some bastard child of XP and OS/2 Warp), and begin copying their hard drive to my uber-leet turbo thumb-drive.
Every time I have done this before, they have come back with about 30 seconds left to finish, leaving me with little option but to hide in the filing cabinet.
James Bond
(Has anyone else noticed that the time remaining in films is always accurate, and doesn't jump around like the real life ones?)
Ethereal under Linux is perfectly capable of capturing the raw frame data from a wireless card. Most wireless cards support RFMON mode fine with standard drivers. Windows, it isn't so easy and requires a small subset of cards. But it is still possible.
They were fixing the roof - it's a cover supported by scaffolding.
I'm training as a marine engineer. I like computers, but not as a job.
The long periods away might not be to everyone's taste, but it means I can spend the rest of my time travelling or climbing, without the day to day worries of a job.
Microsoft did the job quite well themselves I think...
Jump starting cars improperly can sometimes trigger the central locking - when you are outside the car, with the keys in the ignition.
For this reason, when you are connecting up jump leads to a modern car, it's quite useful to have the keys of both cars in your hands to avoid this embarassing problem.
I think it may be that a flat battery in the second car produces a prolonged rapid surge which the ECU just wasn't designed to deal with.
I presume your at Imperial College... but that's not the point.
That motorway based route would not only be faster when there is no traffic (which is what most route finders assume), but it is a hell of a lot more simple. Simplicity is really important when your driving a route for the first time in London...
They aren't satellite images, they are aerial photos, taken from a plane.
I don't see what you gain here using a hardware implementation of this. Surely it is possible to otherwise do this entirely in software (which would certainly be more elegant) or even by blending two DVI signals?
Like this, you end up with one display being a little fuzzy, and it just looks confusing to me.
The article really doesn't sell it either - "It's good cos you can have toolbars and pallettes" - done in software - "The box looks cool" - great, I'd expect it to look good if I paid that much.
Someone explain why? What can it be used for?
FPGAs are my thing really, I think they are one of the best ways into electronic design if it isn't your career.
I'm not up on Xilinx at all, but I've used most of the Altera FPGAs available. They are all pretty amazing devices, and all have their own dedicated features such as memory, DSP, fast IO, things like that. Learn about the structure of the FPGA from the data sheets to see how they work, and recommended applications.
If you are doing anything reasonably complex, rely on the automated routing and placing. It's simply too complex for a human to do well. When you want that bit extra speed, or maybe when you are nearing 100% usage, then start manually tweaking the automated system - there are some really clever tricks to be done here.
I did some fairly basic projects to start with (a digital function generator, an IIR filter, a display processor) which were guided coursework assignments. They gave me the grounding in the tools and techniques required.
I think VHDL is my favourite language. It's so different to conventional programming, and again you can learn some really neat tricks to do jobs. A neat project was a biquad filter which used a systolic array of very similar blocks - watching how it ran as a simulation was interesting.
I think the best thing though is to come up with a complex and real world application, and build up from there. Buy some of the reference books, but do something that will really tax you - it's far more interesting doing something like this all by yourself than using books to do projects of things already designed 30 years ago.
Computer architecture is an exciting and unexplored field. Read some papers on new ideas, like asynchronous processors, or multicore processors, and try and implement some of the ideas. It's a good way to bring the world of hardware programming and software programming together.
I ended up developing a multiprocessor system on a chip. Which as an individual I think is a great achievement. I learnt so much doing it.
The books he references aren't exactly easy to get hold of... anyone know if there are any torrents or downloads of any of them that might be in the public domain? (or maybe illegal ones..)
With regards to the filenames, one of the worst offenders are Lexmark printer drivers. The filenames actually look like they were generated randomly. Oh for the days when a printer only needed a driver with no processes running (another reason to steer users away from cheap inkjets).
A Knoppix based cleaner would be an amazing tool - like someone said earlier though, the NTFS writing can be a tad fruity at times still, and that would need work on first.
I should have added that we always upgrade to SP2, the advantages far outweigh the disadvantages, especially on business machines.
The registry hacks that involve restricting activex, adding restricted sites etc. that we do are almost the same as the ones used by Spyware Blaster - expect we use more sources of information, and do several things this doesn't. Also works out a lot smaller, and doesn't need to be installed.
Do you find that the SP2 firewall is inadequate? After watching many users just click "Allow" in most third party firewall applications, I tried SP2 firewall, and found it to be more effective under the control of someone who does not know what they are doing. Though, in most situations, the machines are behind an existing hardware firewall.
That's fine in a environment where you are there all of the time. We're not, we go into a small business, and secure their machine the best we can. They aren't our machines, they're theirs, and all we can do is offer strong advice.
I estimate a convertion rate of about 20% after installing Thunderbird and Firefox, which can only get better.
Do you know if this is going to get an English translation? I can understand what is going on, but for end users, it would be harder... it seems like a very useful tool.
I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:
spybotsd /autoupdate /autocheck /autofix /autoclose /autoimmunize /taskbarhide
There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.
I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:
This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.