Their communication between device and server has yet to be hacked
This isn't:
One would need intimate knowledge of the BES set up to actually extract information from the server.
Their communication between device and server has yet to be hacked
From the KB warning:
"Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account."
Access to the besadmin account gives an attacker all sorts of access to the server. That account has sendas permissions on all users mailboxes, can make configuration changes to the BES configuration, including changing device settings, and pushing applications to the devices.
It really wouldn't be all that hard to completely compromise an organization's Blackberry configuration -- server and device -- and there's a good chance that you'd be able to escalate privileges onto other servers within the network.
Sadly, the subject-line of this post is more interesting than everything already posted on Google+ combined with everything that will ever be posted on Google+.
I've seen junk get onto a computer with all the latest windows updates where the infected user never intentionally ran a single program they downloaded from the web.
Pro-tip: "all the latest windows updates" don't install updates for java, adobe reader, or adobe flash.
Not all information should be "free", nor do you have a right to know everything. An organization, or an individual, wanting to keep something secret is not, in and of itself, evil.
When did I say that all information should be free? Care to quote me?
When did I say that I have a right to know everything? Care to quote me?
When did I say that an organization or an individual wanting to keep something secret is in and of itself evil? Care to quote me?
That's quite a lot of inferring you did there, and none of it's remotely accurate. Excellent job, champ.
But please tell me how it's beneficial for people not to know rhat Lockheed was broken into through an RSA vulnerability? Please tell me how it's beneficial to current users of RSA's product to know the extent to which they are at risk. I encourage you to answer both questions directly in lieu of making half-assed inferences.
dailykos, being a political site, is one giant bias on discussion. why even bother to mitigate it? you're only allowed to disagree within a preset popularity-determined sandbox of preset counter-arguments. after that, you're labeled troll and canned.
It's a site dedicated toward electing Democrats, and discussing Democratic Party principles. Yes, it is true, as per the site's FAQ, that it is not a site where non-Democratic Party principles are discussed. Just like NASA forums don't spend time arguing over whether the moon is or is not made of cheese, DailyKos doesn't rehash base philosophies that have already been agreed upon. If you think the site is a "sandbox", you've never read it, are only pretending to have read it, or don't understand the concept of what is or what is not "off-topic." There is quite a schism among users regarding any major issue: from President Obama's handling of extending Bush's tax cuts for income over $250000, the Senate's and the President's handling of health care reform, to the handling of Libya, to the handling of Osama Bin Laden's capture. The site is anything but a consensus, there's much disagreement (which is what you get in a "big tent" party), and you're being wholly disingenuous to state otherwise. I'm sorry that you apparently got banned from the site. How many sockpuppets have you had to go through?
Both require users to spend some time contributing to the site before they're awarded the ability to mod: over here it's by acquiring 'karma', and at dkos, it's by acquiring 'mojo'. An advantage, imho, of the kos model is you get to see who upranked any given comment. This allows you to see which mods are abusing their privilege to mod up trolls, as well as to see what little cliques exist who spend their time uprating their friend's comments regardless of content, or downrate their internet-enemies' comments.
Slashdot has the issue of anonymous cowards. It has it's benefits, I'm sure, but it makes driveby trolling a hell of a lot easier. Is there any means to report a chronic troll? Is there any backend slash-fu to try to detect sockpuppets beyond IP?
And then you have sites like Boingboing: an idiot mod protecting the fee-fee's of idiot writer's like Xeni and Cory when they make idiot remarks about topics they'd like to pretend they have any expertise on.
...Reagan didn't act like a petulant fucking child in 1986 when he tore down the White House's solar panels, and instead opted to invest in infrastructure and lead by example?
Granted, that might've delayed the booming 25 years of trickle down wealth we've all enjoyed, but perhaps it would've been worth it?
You're oversimplifying and being ridiculous. If a group is trying to collaborate together to achieve a common goal, it would be ridiculous to allow discussions that are outside of that goal.
Time is limited. If a group is trying to develop a consensus of opinion or discuss the nuances within an issue, it would be self-defeating to waste time having conversations that are off-topic. Just as an anti-abortion blog isn't going to discuss the merits of making Plan B prescriptions available to women, a blog that is devoted to electing Democrats isn't going to waste it's time discussing another party's platform: that discussion has already been had by the very definition of people already deciding that they want to be part of a group dedicated to electing Democrats. Why would they waste their time discussing an issue that they've already reached a conclusion on? By your logic, at the next townhall I go to, I should raise my hand and ask my rep "So, are we sure we've thought this revolt against King George through? Belonging to the British empire, does have it's merits...
Anyone who's ever read Dailykos, even briefly, would have noticed much disagreement among the users. From the split between Hillary and Obama supporters in 2008, toward opinions regarding things like the Health Care bill, the site is far from any sort of "group think." The premise of the site is "electing more and better Democrats", all conversations start from that premise but hardly arrive at a consensus of opinion. But it's true, the site doesn't allow debate on things like repealing Social Security; it's antithetical to the premise. I'm sorry that such a simple concept is confusing to you.
If 'Misery' can auto-magically detect trolling why not just auto-ban or auto-suspend and give an explanation?
That assumes of course that 'Misery' can detect trolling reliably -which I doubt- so realistically it's going to annoy 'normal' users, ie the ones your web site presumably wants to keep, who will just think your web site is badly written and buggy.
In short: it's a stupid idea and a stupid plugin.
I agree: stupid assumptions lead to a stupid premise which results in one coming to stupid conclusions.
A developer or tester of a web site needs each browser.
Bingo! Congratulations, you win a no-prize.
So wait, you're a web dev, but still ask "Uh... Internet Explorer?...Why? Does it do something else i'm unaware of?"
What kind of hack of a developer doesn't test his sites for IE compatibility?
I'm sure someone with more time to research than I will come up with this answer, but what is the limitation of IP? When does software become "abandonware" as so many products out there are? An Ultima 4 port to Windows was given away with a magazine in the mid- late 90s.
Someone should let EA know that they've abandoned the Ultima franchise so that they can shut down the UO servers.
I guess you missed the point that it's an idiotic statement to tell people that if they're unhappy with the availability of software solutions, they should learn to be software developers.
So is this an asperger's thing, or just an inability to comprehend really obvious sarcasm?
But you can have approved apps on the Apple appstore and write your own apps and install them. Just join the developer program ($99), write your xCode and install it on your phone. Bam! Mr. Jobs doesn't come and tell you you can't do it. It's legit.
This is exactly how it works in the corporate world. Just today, the head of my accounting department was fretting over the cost of a new GL package she needed to purchase. I was all "50 grand? Dude, why not just download Visual Studio Express and code that shit ourselves?" That conversation was at noon, and by 5:30 we had already skipped over the alpha version and were pussy deep in testing out the beta.
Back a few decades when I was growing up I think things in many ways were better, for general quality of life.
1. You went to the airport without going through even a metal detector, and even when they put those in..people went to the gates with you to wait and see you off. They also met you at the gate when getting off a plane. No such thing as a patdown, or taking your fucking shoes off.
2. Families by and large sat and ate dinner together. Mostly 2 parent households.
So what are you statistics regarding families currently not eating together? Why are the "2 parent households" of the alleged "good old days" so admirable when unhappy marriages were severely restricted in their legal ability to divorce? It wasn't until the late 70's/early 80's when spouses were allowed to divorce in all 50 states due to "irreconcilable differences", and this is a bad thing to you? "Yay! It's a 2 parent household, and the wife can't divorce her asshole husband even if she wanted to! Cheers!"
3. Ok..only 3 channels, but when nothing was on those three channels worth watching, you went outside to play as a kid, or did family things together around the house or outside.
Kids can and still do that.
4. Kids could be kids. My whole fucking day wasn't planned out. During the summers I ran the neighborhood with my friends on bike, foot and skateboard. The only rule when I was young, was to call home from a friend's house every couple of hours or so to check in. No, my parent's weren't worried about me being kidnapped, etc..geez, we didn't even have cell phones...how did we ever survive?
Why are you under the impression that kids don't bike, foot, skateboard, or roam around their neighborhoods? If your parents weren't worried about you, why did you have to call home every couple of hours?
5. We pretty much knew all our neighbors...and as a kid, if you acted up, a neighbor would easily discipline you (I got swatted by a friends mom more than once)..then, they'd call your parents, and you'd get it again when you got home. Taught kids to behave.
Oh please. No adult has any business physically disciplining someone else's child. Your patriarchal dominance finally reveals itself here: the only way you can conceive of teaching a kid to behave is by beating them.
6. There were no such things as guns in schools...if someone ever got caught with a knife, it was news for months in the city.
7. Drinking age in many cities was 18yrs. States still had more rights than the Feds..at least MANY more than they have today.
Examples of these "MANY" rights?
8. No one had a problem if you brought a fucking peanut butter and jelly sandwich to school.
Your inclusion of the word "fucking" shows that this one really angers you. Why does it anger you that children with peanut allergies can have severe allergic reactions to small particles of peanuts?
9. There was actually good music to be found on the common FM radio stations in town. You could find new and good music on radio while driving around.
You really need to explain how it is "genius" of the CFO to purposefully allow the firm's reputation to be destroyed. If a potential client can't expect their data to be protected, why would they do business with HBGary?
Which side are you talking about, exactly? The stuff done here was presumably a lot more traceable and punishable than a DDoS attack by thousands of angsty teenagers.
The DDoS was using that point-and-click "LOIC" tool that doesn't even attempt to conceal the user's IP Address; what about this attack makes it "a lot more traceable" than the simplest of script-kiddie tools?
give access to real data or harm your firm's business reputation:
From the article:
"The Twitter account of HBGary's CEO, Aaron Barr, was also compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised "in minutes.""
That's a pretty piss-poor honeypot if you're a security firm in the business of assuring clients that you have the technical ability to protect private data.
I've never seen a case where you patch the GPS code in any way, though...it's all about removing the DRM from the map, or finding a code so that the GPS unit will be able to decode the DRM.
I was going by the instructions listed for the TomTom, primarily because that's the brand I own, but also because as the article states, TomTom is at least one of the few people who's updating their maps when they're told of these issues. The overview of the steps involved (as listed on that forum) for putting pirated Maps on a TomTom are:
1 Update the software (navcore) on your TT
2 Modify the new navcore to accept a new map (patching)
3 Find a new map, suitable for your TT
4 Make the new map accepted by your TT system (generate a key)
"The map you are going to install will not work with the official navcore. For it to work you need to patch (modify) the file 'ttsystem' on your TT. Patching the ttsystem file is easy. Simply run the yDGpatch (made by yDdraigGoch). It allows you to select ttsystem from your TT and do it's magic. It can patch the.dll for the emulator in HOME ("operate my TomTom") too."
I admit that I can't speak expertly about the ttsystem file, but the nature of crack programs is that you can't really guarantee that they're only touching that one file, and patching a dll for the TomTom pc software could possibly be an issue. Most likely, things are alright as people don't appear to be reporting problems, but then again, there's always people commenting on piratebay torrents about how their AV didn't detect a virus in the crack util, and thus everything's okay.
Don't get me wrong, as a TomTom owner, I'm glad to see that they're on top of this. But when it's an issue of an outdated map potentially putting a person in a life-threatening situation, I take issue with having to spend $49.95 to update the content of a $200 piece of hardware.
Your first point is bull. Have you ever been out hiking? In cases where the trail is too far from civilization and the local authority doesn't have the resources, then you won't find nicely written signs at every turn.
I don't hike while driving my car, and sticks and bushes don't make good markers for people driving at night time.
Installing pirated maps requires running an executable to patch your GPS. So not only do I have to worry about said executable having a malicious payload that could effect my PC (granted I could run it once in a VM), I have to worry about said executable having a malicious payload that could effect my TomTom. That, and I have to hope that the pirated maps haven't been screwed with by a merry prankster. Other than that, great suggestion!
Slashdot Mirror
A god that demanded the murder of infants, gives him...hope? That's a normal mental condition?
Their communication between device and server has yet to be hacked
This isn't:
One would need intimate knowledge of the BES set up to actually extract information from the server.
Their communication between device and server has yet to be hacked
From the KB warning:
"Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account."
Access to the besadmin account gives an attacker all sorts of access to the server. That account has sendas permissions on all users mailboxes, can make configuration changes to the BES configuration, including changing device settings, and pushing applications to the devices.
It really wouldn't be all that hard to completely compromise an organization's Blackberry configuration -- server and device -- and there's a good chance that you'd be able to escalate privileges onto other servers within the network.
tl;dr: I took a shit!
to just buy the CEO a pair of clip-on sideburns?
I've seen junk get onto a computer with all the latest windows updates where the infected user never intentionally ran a single program they downloaded from the web.
Pro-tip: "all the latest windows updates" don't install updates for java, adobe reader, or adobe flash.
Not all information should be "free", nor do you have a right to know everything. An organization, or an individual, wanting to keep something secret is not, in and of itself, evil.
When did I say that all information should be free? Care to quote me?
When did I say that I have a right to know everything? Care to quote me?
When did I say that an organization or an individual wanting to keep something secret is in and of itself evil? Care to quote me?
That's quite a lot of inferring you did there, and none of it's remotely accurate. Excellent job, champ.
But please tell me how it's beneficial for people not to know rhat Lockheed was broken into through an RSA vulnerability? Please tell me how it's beneficial to current users of RSA's product to know the extent to which they are at risk. I encourage you to answer both questions directly in lieu of making half-assed inferences.
Yes, I'm not a moron
And what exactly is your evidence that you're not a moron?
dailykos, being a political site, is one giant bias on discussion. why even bother to mitigate it? you're only allowed to disagree within a preset popularity-determined sandbox of preset counter-arguments. after that, you're labeled troll and canned.
It's a site dedicated toward electing Democrats, and discussing Democratic Party principles. Yes, it is true, as per the site's FAQ, that it is not a site where non-Democratic Party principles are discussed. Just like NASA forums don't spend time arguing over whether the moon is or is not made of cheese, DailyKos doesn't rehash base philosophies that have already been agreed upon. If you think the site is a "sandbox", you've never read it, are only pretending to have read it, or don't understand the concept of what is or what is not "off-topic." There is quite a schism among users regarding any major issue: from President Obama's handling of extending Bush's tax cuts for income over $250000, the Senate's and the President's handling of health care reform, to the handling of Libya, to the handling of Osama Bin Laden's capture. The site is anything but a consensus, there's much disagreement (which is what you get in a "big tent" party), and you're being wholly disingenuous to state otherwise. I'm sorry that you apparently got banned from the site. How many sockpuppets have you had to go through?
Slashdot has the issue of anonymous cowards. It has it's benefits, I'm sure, but it makes driveby trolling a hell of a lot easier. Is there any means to report a chronic troll? Is there any backend slash-fu to try to detect sockpuppets beyond IP?
And then you have sites like Boingboing: an idiot mod protecting the fee-fee's of idiot writer's like Xeni and Cory when they make idiot remarks about topics they'd like to pretend they have any expertise on.
...Reagan didn't act like a petulant fucking child in 1986 when he tore down the White House's solar panels, and instead opted to invest in infrastructure and lead by example?
Granted, that might've delayed the booming 25 years of trickle down wealth we've all enjoyed, but perhaps it would've been worth it?
Time is limited. If a group is trying to develop a consensus of opinion or discuss the nuances within an issue, it would be self-defeating to waste time having conversations that are off-topic. Just as an anti-abortion blog isn't going to discuss the merits of making Plan B prescriptions available to women, a blog that is devoted to electing Democrats isn't going to waste it's time discussing another party's platform: that discussion has already been had by the very definition of people already deciding that they want to be part of a group dedicated to electing Democrats. Why would they waste their time discussing an issue that they've already reached a conclusion on? By your logic, at the next townhall I go to, I should raise my hand and ask my rep "So, are we sure we've thought this revolt against King George through? Belonging to the British empire, does have it's merits...
Anyone who's ever read Dailykos, even briefly, would have noticed much disagreement among the users. From the split between Hillary and Obama supporters in 2008, toward opinions regarding things like the Health Care bill, the site is far from any sort of "group think." The premise of the site is "electing more and better Democrats", all conversations start from that premise but hardly arrive at a consensus of opinion. But it's true, the site doesn't allow debate on things like repealing Social Security; it's antithetical to the premise. I'm sorry that such a simple concept is confusing to you.
If 'Misery' can auto-magically detect trolling why not just auto-ban or auto-suspend and give an explanation? That assumes of course that 'Misery' can detect trolling reliably -which I doubt- so realistically it's going to annoy 'normal' users, ie the ones your web site presumably wants to keep, who will just think your web site is badly written and buggy. In short: it's a stupid idea and a stupid plugin.
I agree: stupid assumptions lead to a stupid premise which results in one coming to stupid conclusions.
TL;DR: RTFA
You need four browsers on a system?
A developer or tester of a web site needs each browser.
Bingo! Congratulations, you win a no-prize.
So wait, you're a web dev, but still ask "Uh... Internet Explorer?...Why? Does it do something else i'm unaware of?" What kind of hack of a developer doesn't test his sites for IE compatibility?
I'm sure someone with more time to research than I will come up with this answer, but what is the limitation of IP? When does software become "abandonware" as so many products out there are? An Ultima 4 port to Windows was given away with a magazine in the mid- late 90s.
Someone should let EA know that they've abandoned the Ultima franchise so that they can shut down the UO servers.
So is this an asperger's thing, or just an inability to comprehend really obvious sarcasm?
But you can have approved apps on the Apple appstore and write your own apps and install them. Just join the developer program ($99), write your xCode and install it on your phone. Bam! Mr. Jobs doesn't come and tell you you can't do it. It's legit.
This is exactly how it works in the corporate world. Just today, the head of my accounting department was fretting over the cost of a new GL package she needed to purchase. I was all "50 grand? Dude, why not just download Visual Studio Express and code that shit ourselves?" That conversation was at noon, and by 5:30 we had already skipped over the alpha version and were pussy deep in testing out the beta.
Prior to the 70's, only 2 planes had ever been hijacked. What is so offensive about metal detectors?
Prior to the airline terrorism of the 70's, it still wasn't the "good ole days": http://en.wikipedia.org/wiki/Terrorism_in_the_United_States#1900.E2.80.9359
So what are you statistics regarding families currently not eating together? Why are the "2 parent households" of the alleged "good old days" so admirable when unhappy marriages were severely restricted in their legal ability to divorce? It wasn't until the late 70's/early 80's when spouses were allowed to divorce in all 50 states due to "irreconcilable differences", and this is a bad thing to you? "Yay! It's a 2 parent household, and the wife can't divorce her asshole husband even if she wanted to! Cheers!"
Kids can and still do that.
Why are you under the impression that kids don't bike, foot, skateboard, or roam around their neighborhoods? If your parents weren't worried about you, why did you have to call home every couple of hours?
Oh please. No adult has any business physically disciplining someone else's child. Your patriarchal dominance finally reveals itself here: the only way you can conceive of teaching a kid to behave is by beating them.
You've either got a fuzzy memory of the "good old days", or you're correlating your bumpkin town to the rest of the country: http://en.wikipedia.org/wiki/List_of_school-related_attacks
Examples of these "MANY" rights?
Your inclusion of the word "fucking" shows that this one really angers you. Why does it anger you that children with peanut allergies can have severe allergic reactions to small particles of peanuts?
Well, that i
You really need to explain how it is "genius" of the CFO to purposefully allow the firm's reputation to be destroyed. If a potential client can't expect their data to be protected, why would they do business with HBGary?
Which side are you talking about, exactly? The stuff done here was presumably a lot more traceable and punishable than a DDoS attack by thousands of angsty teenagers.
The DDoS was using that point-and-click "LOIC" tool that doesn't even attempt to conceal the user's IP Address; what about this attack makes it "a lot more traceable" than the simplest of script-kiddie tools?
From the article:
"The Twitter account of HBGary's CEO, Aaron Barr, was also compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised "in minutes.""
That's a pretty piss-poor honeypot if you're a security firm in the business of assuring clients that you have the technical ability to protect private data.
I've never seen a case where you patch the GPS code in any way, though...it's all about removing the DRM from the map, or finding a code so that the GPS unit will be able to decode the DRM.
I was going by the instructions listed for the TomTom, primarily because that's the brand I own, but also because as the article states, TomTom is at least one of the few people who's updating their maps when they're told of these issues. The overview of the steps involved (as listed on that forum) for putting pirated Maps on a TomTom are:
1 Update the software (navcore) on your TT
2 Modify the new navcore to accept a new map (patching)
3 Find a new map, suitable for your TT
4 Make the new map accepted by your TT system (generate a key)
"The map you are going to install will not work with the official navcore. For it to work you need to patch (modify) the file 'ttsystem' on your TT. Patching the ttsystem file is easy. Simply run the yDGpatch (made by yDdraigGoch). It allows you to select ttsystem from your TT and do it's magic. It can patch the .dll for the emulator in HOME ("operate my TomTom") too."
I admit that I can't speak expertly about the ttsystem file, but the nature of crack programs is that you can't really guarantee that they're only touching that one file, and patching a dll for the TomTom pc software could possibly be an issue. Most likely, things are alright as people don't appear to be reporting problems, but then again, there's always people commenting on piratebay torrents about how their AV didn't detect a virus in the crack util, and thus everything's okay.
Don't get me wrong, as a TomTom owner, I'm glad to see that they're on top of this. But when it's an issue of an outdated map potentially putting a person in a life-threatening situation, I take issue with having to spend $49.95 to update the content of a $200 piece of hardware.
Your first point is bull. Have you ever been out hiking? In cases where the trail is too far from civilization and the local authority doesn't have the resources, then you won't find nicely written signs at every turn.
I don't hike while driving my car, and sticks and bushes don't make good markers for people driving at night time.
Installing pirated maps requires running an executable to patch your GPS. So not only do I have to worry about said executable having a malicious payload that could effect my PC (granted I could run it once in a VM), I have to worry about said executable having a malicious payload that could effect my TomTom. That, and I have to hope that the pirated maps haven't been screwed with by a merry prankster. Other than that, great suggestion!