Kamkar, by convincing the victim to visit his malicious Web site, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to utilize Google Street View data to determine the location of a router – in his case, accurate within 30 feet.
Of course the request comes from inside of the subnet. That request, however, is modified by the router before it is sent to the public internet. Certainly, the router knows the MAC address of the original request, but that MAC isn't sent with the request, it's associated with the request by the router.
This attack only targets a verizon fios router using default credentials! Additionally, it utilizes a data source which relates mac addresses to physical locations - which is hardly complete.
Basically, this guy can identify the geolocation of your mac address if someone else has already identified it.
...is really just an extension to programs like medicaid.
...with jail-time and fines for non-participation and enforcement by the IRS.
From the press release: The JCT letter makes clear that Americans who do not maintain “acceptable health insurance coverage” and who choose not to pay the bill’s new individual mandate tax (generally 2.5% of income), are subject to numerous civil and criminal penalties, including criminal fines of up to $250,000 and imprisonment of up to five years.... According to the Congressional Budget Office the lowest cost family non-group plan under the Speaker’s bill would cost $15,000 in 2016.
That's more than I pay now for my entire family. Somehow I doubt that I'll be able to get on the $15,000 plan and that plan certainly won't have the same benefits. Additionally, I doubt that the level of care I receive will be comparable to what I can get now.
I can appreciate apportioned taxes for Government services like military protection. I can appreciate excise taxes (like the gas tax) because I can opt out if I don't want to pay. This health care plan will require that I pay more for less, and that I pay for yours too.
I heard a joke that isn't particularly funny.
McDonalds introduces the Obama meal. Order whatever you want and the guy behind you pays for it.
In my experience, 100% of routers with default credentials are factory configured to allow access only to addresses within the private subnet used by the router.
Defeating that requires either: 1. Physically going to the location and connecting via wifi to obtain one of the private addresses needed to access the router. While this isn't so hard in a crowded neighborhood, it becomes very dangerous in rural areas where it's harder to remain unnoticed. 2. Compromising one of the machines within the private subnet. 3. Or you could just leave other peoples stuff alone.
After reading TFA and visiting their website, I find that they don't collect a lot of extra information. The only thing I found unnecessary was gender - which might be a good courtesy measure (I've met a woman with my same name....it's a strange world.)
Lets do less-than-brain-surgery to determine what information is required.
Phone orders: Name, phone number, address, and the pizza order (size, crust, toppings, side orders, drinks, etc.) and the nearest franchise location. Possibly creating a list of previous pizza orders.
Lets look at these individually: Name: You could provide a fake one. I might choose Jacques - because it sounds cool.
Phone number: they might need this to confirm your order or to get directions - this should be a real number unless you're not actually hungry.
Address: not necessary unless you are asking for delivery.
Keeping a list of previous orders makes sense, so the operator can take orders like "what I ordered last time" (this is how I order pizza). It also makes sense from a marketing and management perspective.
Username/Password/email: Useful for preventing crank orders. Convenient for your customers who order frequently.
Graber is exceeding the speed limit on his motorcycle when an officer in an unmarked car speeds in front of him and cuts him off (at a traffic light, not while driving). The officer exits his vehicle with his gun drawn. The whole event was captured on Graber's helmet camera.
I understand pulling over a motorcyclist exceeding the speed limit, but I don't understand why the officer felt the need to draw his weapon. Perhaps that what they want hidden.
The commercial app does exist, and it's a per-use app that is controlled by a dongle and subscription (hint, more than $500 - plus usage).
Sticking it to the man has nothing to do with it, unless by "it" you mean money and by "the man" you mean my pocket.
Of course, any commercial developer will gladly make a custom app for $, but I guarantee that it will be more than $500. The developer did have plans to add the functionality...eventually. My $500 bought made it happen right now.
It was certainly silly of me to make over $50k using the newly modified software that I paid $500 for. That's only 9900% profit, so, you're absolutely right....I made a serious mistake.
I've given up working with ODesk. What looked like a good idea turned out to be a exercise in futility competing against =$10/hr programmers in India. Quality-be-damned, the client always picks the lowest price.
I've recently taken over a codebase written by a Ukrainian who believed that by naming your files model.php, view.php and controller.php magically turned applications into MVC frameworks. Of course, the pitch was that he would code in MVC. It turns out that meant My Value is Crap.
As far as the surveillance aspect, they don't need to watch all of the video in order for it to be useful.
They just need enough video on file so they can find a violation if they need for you to go away.
Nobody ever said anything about video anyway. Devices this small could be useful in pinpointing individuals after cell tower triangulation has provided a general location. They might be useful in following chemical trails. The possibilities go on and on: Targeting beacons, explosive/chemical/bio warfare delivery, wireless signal jammers, more and more!
I am a programmer, but we're all sometimes out of our element.
I found need for modifications to an open source application a few years ago. Rather than spend my time reading the source code to understand how the application worked, I decided to contact the developer. A few emails and a couple of days later, the project developer made the modifications for me and $500 for himself. The world then gained additional functionality in the open source application - everyone wins.
Some people forget, this is how many open source applications survive.
Your analogy is outlandish! If someone wants to drive a car to work, they buy a car. If they want a shark fin on the roof, they go to a custom body shop. If they want a killer stereo, they go to a stereo shop. If they want it to be pink and yellow like yours, they go to a paint and body shop. If they can do these things on their own, they'll do it. The difference being that if the car was open source, doing these things wouldn't void the warranty.
"Open-source is free only if your time has no value." - Jamie Zawinski
I offer an alternative viewpoint:
Open source is free if you truly understand freedom.
I'm free to use the application. I'm free to modify it. I'm also free to recognize my limitations and pay someone else to do these things for me.
I occasionally use simple, but misspelled words or names, or a combination of simple words that do not belong together, or simple phrases omitting spaces. One has to be careful not to choose common misspellings, or words that somehow go together, but a successful selection should be both easy to remember and immune to dictionary attack.
My brother and nephews and I play a game called "two great tastes" that involves choosing two foods that taste great, but not together. The purpose is to come up with the grossest combination. These words combined would make a combination of words that don't go together ("sauerkraut" and "candycorn" for example, or "Tabasco" and "milk"). There are a virtually unlimited number of foods that can be combined in this game.
Unfortunately, I cannot use these types for all passwords as some systems have strict rules in place which require numbers and/or characters or length restrictions.
I run Ubuntu with Crossover and MS Office, two versions of IE and various other MS software. Whatever won't run in Crossover will run in VMWare Server.
The Dell article (website) is clearly for those who don't know anything anyway.
Slashdot Mirror
INCORRECT:
Kamkar, by convincing the victim to visit his malicious Web site, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to utilize Google Street View data to determine the location of a router – in his case, accurate within 30 feet.
Of course the request comes from inside of the subnet. That request, however, is modified by the router before it is sent to the public internet. Certainly, the router knows the MAC address of the original request, but that MAC isn't sent with the request, it's associated with the request by the router.
This attack only targets a verizon fios router using default credentials! Additionally, it utilizes a data source which relates mac addresses to physical locations - which is hardly complete.
Basically, this guy can identify the geolocation of your mac address if someone else has already identified it.
Wow, he can query a data source.
...is really just an extension to programs like medicaid.
...with jail-time and fines for non-participation and enforcement by the IRS.
From the press release: ...
The JCT letter makes clear that Americans who do not maintain “acceptable health insurance coverage” and who choose not to pay the bill’s new individual mandate tax (generally 2.5% of income), are subject to numerous civil and criminal penalties, including criminal fines of up to $250,000 and imprisonment of up to five years.
According to the Congressional Budget Office the lowest cost family non-group plan under the Speaker’s bill would cost $15,000 in 2016.
That's more than I pay now for my entire family. Somehow I doubt that I'll be able to get on the $15,000 plan and that plan certainly won't have the same benefits. Additionally, I doubt that the level of care I receive will be comparable to what I can get now.
I can appreciate apportioned taxes for Government services like military protection. I can appreciate excise taxes (like the gas tax) because I can opt out if I don't want to pay. This health care plan will require that I pay more for less, and that I pay for yours too.
I heard a joke that isn't particularly funny.
McDonalds introduces the Obama meal.
Order whatever you want and the guy behind you pays for it.
In my experience, 100% of routers with default credentials are factory configured to allow access only to addresses within the private subnet used by the router.
Defeating that requires either:
1. Physically going to the location and connecting via wifi to obtain one of the private addresses needed to access the router. While this isn't so hard in a crowded neighborhood, it becomes very dangerous in rural areas where it's harder to remain unnoticed.
2. Compromising one of the machines within the private subnet.
3. Or you could just leave other peoples stuff alone.
I like #3.
Don't forget to mention that you didn't read it.
Maybe you should read this briefing paper.
Maybe he felt that full disclosure was a good form of payment.
...that much information...
After reading TFA and visiting their website, I find that they don't collect a lot of extra information. The only thing I found unnecessary was gender - which might be a good courtesy measure (I've met a woman with my same name....it's a strange world.)
Lets do less-than-brain-surgery to determine what information is required.
Phone orders:
Name, phone number, address, and the pizza order (size, crust, toppings, side orders, drinks, etc.) and the nearest franchise location. Possibly creating a list of previous pizza orders.
Web orders - https://hellpizza.co.nz/stores/choose-region/referrer/order :
Username, password, email address and all of the information required for a phone order.
Lets look at these individually:
Name: You could provide a fake one. I might choose Jacques - because it sounds cool.
Phone number: they might need this to confirm your order or to get directions - this should be a real number unless you're not actually hungry.
Address: not necessary unless you are asking for delivery.
Keeping a list of previous orders makes sense, so the operator can take orders like "what I ordered last time" (this is how I order pizza). It also makes sense from a marketing and management perspective.
Username/Password/email: Useful for preventing crank orders. Convenient for your customers who order frequently.
I had to get up my ass...
That's got to hurt!
Your story reminds me of a High School job I had making pizzas.
It was years before I could eat a pizza that I didn't make myself.
I remember seeing something about that in History of the World Part 1 (Mel Brooks)
For those who haven't seen the video:
Graber is exceeding the speed limit on his motorcycle when an officer in an unmarked car speeds in front of him and cuts him off (at a traffic light, not while driving). The officer exits his vehicle with his gun drawn. The whole event was captured on Graber's helmet camera.
I understand pulling over a motorcyclist exceeding the speed limit, but I don't understand why the officer felt the need to draw his weapon. Perhaps that what they want hidden.
I don't think that's what God intended.
I don't remember seeing a book in the bible that covers aircraft maintenance or aviation component failure.
Was it in one of the commandments?
"Thou shalt not allow a faulty inertial reference sensor to delay departure."
Maybe it's part of the 8th: Thou shall not steal - the right of your passengers to sue you for failing to uphold your departure commitment.
The commercial app does exist, and it's a per-use app that is controlled by a dongle and subscription (hint, more than $500 - plus usage).
Sticking it to the man has nothing to do with it, unless by "it" you mean money and by "the man" you mean my pocket.
Of course, any commercial developer will gladly make a custom app for $, but I guarantee that it will be more than $500. The developer did have plans to add the functionality...eventually. My $500 bought made it happen right now.
It was certainly silly of me to make over $50k using the newly modified software that I paid $500 for. That's only 9900% profit, so, you're absolutely right....I made a serious mistake.
it's like rent-a-coder
and ODesk
I've given up working with ODesk. What looked like a good idea turned out to be a exercise in futility competing against =$10/hr programmers in India. Quality-be-damned, the client always picks the lowest price.
I've recently taken over a codebase written by a Ukrainian who believed that by naming your files model.php, view.php and controller.php magically turned applications into MVC frameworks. Of course, the pitch was that he would code in MVC. It turns out that meant My Value is Crap.
As far as the surveillance aspect, they don't need to watch all of the video in order for it to be useful.
They just need enough video on file so they can find a violation if they need for you to go away.
Nobody ever said anything about video anyway. Devices this small could be useful in pinpointing individuals after cell tower triangulation has provided a general location. They might be useful in following chemical trails. The possibilities go on and on: Targeting beacons, explosive/chemical/bio warfare delivery, wireless signal jammers, more and more!
Buried lines are heavily insulated, but overhead lines are not.
Since overhead transmission lines are uninsulated, design of these lines requires minimum clearances to be observed to maintain safety.
http://en.wikipedia.org/wiki/Electric_power_transmission#Overhead_transmission
neither alternating current or Induction require a ground.
AC becomes safer for saltwater sacks (us) if a ground is used, but we're talking about robot spy birds here.
Remember, this is a potential domestic spying device.
It's more likely they'll be pooping on our liberties.
You beat me to it!
Coming soon: 89,999 windows phones on eBay. All except the one from the guy that actually likes windows 7 mobile.
A slight modification to the source and your hash is toast.
mmm.....hash and toast.....and eggs.....and orange juice.
I wish I had mod points for you.
"... unless you're not a programmer."
I am a programmer, but we're all sometimes out of our element.
I found need for modifications to an open source application a few years ago. Rather than spend my time reading the source code to understand how the application worked, I decided to contact the developer. A few emails and a couple of days later, the project developer made the modifications for me and $500 for himself. The world then gained additional functionality in the open source application - everyone wins.
Some people forget, this is how many open source applications survive.
Your analogy is outlandish! If someone wants to drive a car to work, they buy a car. If they want a shark fin on the roof, they go to a custom body shop. If they want a killer stereo, they go to a stereo shop. If they want it to be pink and yellow like yours, they go to a paint and body shop. If they can do these things on their own, they'll do it. The difference being that if the car was open source, doing these things wouldn't void the warranty.
"Open-source is free only if your time has no value." - Jamie Zawinski
I offer an alternative viewpoint:
Open source is free if you truly understand freedom.
I'm free to use the application. I'm free to modify it. I'm also free to recognize my limitations and pay someone else to do these things for me.
I occasionally use simple, but misspelled words or names, or a combination of simple words that do not belong together, or simple phrases omitting spaces. One has to be careful not to choose common misspellings, or words that somehow go together, but a successful selection should be both easy to remember and immune to dictionary attack.
My brother and nephews and I play a game called "two great tastes" that involves choosing two foods that taste great, but not together. The purpose is to come up with the grossest combination. These words combined would make a combination of words that don't go together ("sauerkraut" and "candycorn" for example, or "Tabasco" and "milk"). There are a virtually unlimited number of foods that can be combined in this game.
Unfortunately, I cannot use these types for all passwords as some systems have strict rules in place which require numbers and/or characters or length restrictions.
Examples (none that I use, of course):
Misspelled:
elixabeth
zpecialist
Combinations:
applespongewrap ("apple" + "sponge" + "wrap")
mustardeyedrops ("mustard" + "eyedrops")
Phrases:
islitasheet (part of "I slit a sheet, a sheet I slit, upon the slitted sheet I sit" tongue-twister)
ilikemynewjob ("I like my new job")
I run Ubuntu with Crossover and MS Office, two versions of IE and various other MS software. Whatever won't run in Crossover will run in VMWare Server.
The Dell article (website) is clearly for those who don't know anything anyway.
Dude, I'm not gettin' a Dell.....ever.
I'm an advanced user...
No you're not.
Parent failed to attribute Wikipedia ( http://en.wikipedia.org/wiki/Windows_Phone_Marketplace#Content_Restrictions )