So, now let's let some reality settle in. I don't need 1tb of storage when I'm out and about, and I keep the things I do need either on my phone's 64gb or on my self-hosted cloud. It's not tied down, it's still quite mobile, being my phone (and not a tablet). I keep a fairly decent security perimeter around that server, with tight access controls, periodic log reviews, and encrypted offsite backups twice per day. I'm guessing it's a bit more secure than your wallet against both theft and loss, and the 1tb drive stays locked in a cabinet with just a USB port for access. Sometimes, especially if your data is sensitive or important, size does matter; and bigger is better in terms of not accidentally dropping and losing something important.
Can't say I've ever been "burned" by Amazon, but alright. Way to miss my point; you don't know that the cart you pick up off the shelf wasn't bought cheap by the vendor that supplies the store you're buying from. After all, these are legitimate Xerox cartridges and will be in sealed Xerox retail packaging.
No. Actually, the region chips are openly available. What this is, is Ford telling you a Ford tire costs $X in the US and $Y in Europe, and the tires are region encoded so they won't fit vehicles from other regions.
It's not about 3rd party ink, it's about 1st party toner. Xerox sells their toner for different prices based on region, then chips the cartridges and locks the printer the the region of the first cartridge used in it. It's right there in the summary. And the article. Even the headline. Did you read anything?!
The last Epson printer I bought, with their newest and bet technology, suffered print head damage within 100 pages. It took a month to get my $300 printer replaced. When it came time to buy a laser printer, I was considering Epson, but then I kept that in mind and bought Xerox. At least I have a legitimate source for the region chips and OEM toner for it, so refills aren't a problem. And when I say a legit source for the OEM toner, I mean the actual OEM of the toner.
It's not about knockoffs, it's about the fact that the exact same Xerox first-party cartridges sell cheaper in other parts of the world. Already use a US-coded cartridge? Found your Xerox-branded cart cheaper on Amazon, but shipping from Europe? Well, you're out the cost of that cart when you get it, because your printer won't accept it and the seller won't take it back open. Oops.
And I say this having just bought a Xerox laser printer. I've since sourced the chips needed and learned who manufactures their toner so I can order direct. Since the cartridges in my printer do nothing more than deliver toner, I'll be refilling. With OEM toner.
I got a check for nearly $40 last week, because Capital One autodialed my cell phone with a recorded message, once, which qualified me as a class member in the suit against them for that practice. The wife and I were planning on leftovers, but we had a free meal out that night instead. That's a benefit, for sure.
Mind you, the 4 past class actions I was a member of netted me less than this one, combined. It's rare, but to say it never happens, is just... incorrect.
Meds. You're off yours. You act like this is all some conspiracy we don't all already know about. Anyone in tech already knows this stuff, it's not relavent to this discussion, though.
Oh, and for the record, one email I got from them was about my Time Capsule being used in a DDOS. Fucking Apple ships the things with SNMP on by default, with default communities and no security; and no version of AirPort utility that runs on an Intel CPU can change the setting. I had to boot up an old Windows machine to fix that.
My ISP knows I pen-test for a living. I pay a premium for my bandwidth and they leave me alone as a result. I do get an email from them once in a while if I've been testing a new exploit, making sure I'm actually the one doing it and not an infected system. A portscan? I doubt theyd even blink. Connecting to a couple hundred or so IPs in the frame of an hour? No ISP would think twice about it, especially if you're connecting on 443. Normal browsing habits for most households.
Yes, when you're a government or quasi-government organization and have taps on every internet backbone to collect every single bit of traffic, you can do this. The company compiling this list? Not so much.
That seems more targeted than random to me. Also easy to combat with a whitelist overlaid on top of the blacklist. Truly hitting a few dozen, or a few hundred random IPs with every phone home to the actual C&C or dump server would render any blacklist based on those IPs useless. Think about it, if each machine hits 24 random IPs and 1 legit IP every time it phones home, only rotates out half of those so you can't easily pick out the one that's always the same, and phones home hourly, that's 12 new IPs per hour in the blacklist, 288 per day, 8,064 per month, 105,120 per year. From one machine.
Now, here's where I start to get really wordy. I'm going somewhere with this, though, and I'm interested in actual workable mitigation techniques, as none come to mind for me, so please read through.
There are 3,706,452,992 public ipv4 addresses. If 1 infected machine can blacklist 100k per year, that means less than 40k infected machines can blacklist the entirety of the ipv4 internet in under a year. Yes, of course, with randomness there will be much overlap and repetition, so it will take more machines, more time, or both, but it will happen eventually. And that's with a minimal number of fake IPs being pinged and a minimal effort to mask what is being done.
And even with that minimal attempt, the best mitigation that can be done is to only blacklist the 13 (12 fake + 1 real) IPs that are not being rotated. That means our 40k machines can now only blacklist 480,000 false IPs (plus the 1 legit one). However, it also means that, by rotating between multiple C&C and data dump IPs, you can keep those IPs off the blacklist so the blacklist no contains only false positives, at least for your specific piece of malware. So, that mitigation technique actually harms the list more than it helps, by removing any possibly valid data along with only a portion of the invalid data.
Going in the other direction, let's suppose that our malware has 100 C&C IPs and 100 data dump IPs, and rotates through them with each phone home. Let's also assume that, alongside the randomly-selected-from-our-known-pool IP address we're going to connect to, we also connect to 99 additional addresses on our first connection. On our second connection, we use a different C&C/dump IP, drop 49 of the random addresses used in the previous attempt (so we now have 50 different IPs and 50 repeated IPs, we've dropped half of the set), and connect to another 100 random IP addresses, for a total of 150 IP addresses. 3rd iteration, we use a different pool IP and drop 124 of the previous addresses, halving our connection pool again, then add 100 more randoms for a total of 225 IP addresses. The 4th run will be a little different because we have an odd number of addresses already. We swap out out pool address, drop 112 (half) of the old addresses, add 100 new ones, and we've now got 213 IP addresses to connect to. 5th run we swap the pool IP, drop 106, add 100, to get 207 IP addresses to connect to. 6th: swap, drop 103, add 100: 204. 7th: swap, drop 102, add 100: 202. 8th: swap, drop 101, add 100: 201. 8th: swap, drop 101, add 100: 200. 9th and on, swap, drop 99, add 99: 200.
By the time we reach the 9th iteration, at which point each new iteration adds 100 new addresses to the list (99 false and 1 from the pool), we've already seen 808 unique IP addresses, at least 1/4 of which have been used repeatedly, and only 8 of which are legit C&C or data dump IPs. At iteration 9, until we've exhausted out C&C/dump pool, we're adding 100 new IPs to the list with each iteration; after the pool is exhausted, we're adding 99 with each iteration. Let's assume, for simplicity, that we exhaust the pool with our last iteration one day, so the next day starts by adding 99 new addresses to the list (since we're not considering past addresses added, again for simplicity, we don't have to concern with overlap; and we can also assume the malware tracks which addresses it has used and does not reuse ones it has dropped until
It sounds to me like it's blacklisting the IPs being connected to. Easy to spoof, though, just have your malware connect to dozens of random IPs along with the few actual IPs you're using, then the list becomes so full of false positives that it is rendered useless.
You did not mention where the plane gets its authorization to fly over private property. In fact, you did not mention at all that they even were authorized, just stated their existence as a natural fact. Beyond that, yes, the rules and laws do create a legal expectation of privacy. Of course anyone who can see, legally or not, can see. If they have to put their camera over your fence to see, as you said yourself, that is most likely illegal.
If you want to test that in court, go ahead and fly your drone over my fence without permission. Anyone else who asks will have said permission; you, never. Let's see how it plays out.
Outdoors, you would need to be under a cover, or you don't have any expectation of privacy, because those airplanes are authorized.
Well hmm, that sounds familiar, almost as though one of us already said it... Oh, that's right! It was ME!
A plane flying overhead does have authorization, their route was explicitly approved by the FAA, the governing body that controls the airspace above US soil.
You're right that you don't have an expectation of privacy from planes flying their FAA-approved flight paths in your privacy-fenced-but-not-covered back yard; however, a plane deviating from that flight path without FCC authorization (e.g. due to an emergency) is no longer in legal airspace and you do have an expectation of privacy from those craft, along with any other craft not flying either an FAA-approved flight path or over the pilot's own property.
You may also not have an expectation of privacy from your neighbor looking out their 2nd story window, or up a tree or on a ladder (not leaning on your fence, as that is your property) on their own property, or even from their drone flying above your fenceline on their property, but once that craft leaves the airspace over their property, a likely interpretation of FAA regulations reads such that the craft is no longer flying legally and, therefore, one should have a reasonable expectation of privacy from that craft. I'm pretty sure I covered that with this line:
If you can't see what's going on on the other side of that 6ft fence and you are not authorized to be within the confines of that fence, then you cannot legally photograph anything within the confines of that fence
That is to say, if you can see it from a tree, ladder, or window on your property, well, you can see it.
The bar isn't so high that if anyone can legally see it, everyone can. You said it yourself, and I said it previously, the reasonable expectation is of privacy from those not legally allowed to be there. That would include, in your own words...
And in most cases, physical presence in such a location, such as reaching over a fence with a camera, is criminal trespassing.
In fact, it would help their sales. Geeks love transparency. And if I know it's there and I know that MS dictates that it must be able to be disabled, I now have a reason to call them so they can make a sales pitch, as I'm sure they won't document how to disable it without a phone call.
What we have above is a typical -1: Disagree moderation. Overrated? That moderation is intended to counter positive moderation with which a user disagrees, not to push down a comment they don't like. Hell, if you're going to abuse the moderation system in that way, there are better moderations for that. Oh well, at least it doesn't affect karma, not that I don't have plenty to spare.
Next time, why don't you just tell me why I'm wrong?
Right, then you can escalate from there. There is no escalation without communication, so it is reasonable to start with a show of force in instances where communication is not possible; much less so where it is.
So, now let's let some reality settle in. I don't need 1tb of storage when I'm out and about, and I keep the things I do need either on my phone's 64gb or on my self-hosted cloud. It's not tied down, it's still quite mobile, being my phone (and not a tablet). I keep a fairly decent security perimeter around that server, with tight access controls, periodic log reviews, and encrypted offsite backups twice per day. I'm guessing it's a bit more secure than your wallet against both theft and loss, and the 1tb drive stays locked in a cabinet with just a USB port for access. Sometimes, especially if your data is sensitive or important, size does matter; and bigger is better in terms of not accidentally dropping and losing something important.
Don't lose your wallet, buddy.
Who needs microSD? 1TB USB disk and a host adapter FTMFW.
Can't say I've ever been "burned" by Amazon, but alright. Way to miss my point; you don't know that the cart you pick up off the shelf wasn't bought cheap by the vendor that supplies the store you're buying from. After all, these are legitimate Xerox cartridges and will be in sealed Xerox retail packaging.
No. Actually, the region chips are openly available. What this is, is Ford telling you a Ford tire costs $X in the US and $Y in Europe, and the tires are region encoded so they won't fit vehicles from other regions.
It's not about 3rd party ink, it's about 1st party toner. Xerox sells their toner for different prices based on region, then chips the cartridges and locks the printer the the region of the first cartridge used in it. It's right there in the summary. And the article. Even the headline. Did you read anything?!
The last Epson printer I bought, with their newest and bet technology, suffered print head damage within 100 pages. It took a month to get my $300 printer replaced. When it came time to buy a laser printer, I was considering Epson, but then I kept that in mind and bought Xerox. At least I have a legitimate source for the region chips and OEM toner for it, so refills aren't a problem. And when I say a legit source for the OEM toner, I mean the actual OEM of the toner.
It's not about knockoffs, it's about the fact that the exact same Xerox first-party cartridges sell cheaper in other parts of the world. Already use a US-coded cartridge? Found your Xerox-branded cart cheaper on Amazon, but shipping from Europe? Well, you're out the cost of that cart when you get it, because your printer won't accept it and the seller won't take it back open. Oops.
And I say this having just bought a Xerox laser printer. I've since sourced the chips needed and learned who manufactures their toner so I can order direct. Since the cartridges in my printer do nothing more than deliver toner, I'll be refilling. With OEM toner.
I got a check for nearly $40 last week, because Capital One autodialed my cell phone with a recorded message, once, which qualified me as a class member in the suit against them for that practice. The wife and I were planning on leftovers, but we had a free meal out that night instead. That's a benefit, for sure.
Mind you, the 4 past class actions I was a member of netted me less than this one, combined. It's rare, but to say it never happens, is just... incorrect.
Doesn't Soylent get mixed with water?
Meds. You're off yours. You act like this is all some conspiracy we don't all already know about. Anyone in tech already knows this stuff, it's not relavent to this discussion, though.
Oh, and for the record, one email I got from them was about my Time Capsule being used in a DDOS. Fucking Apple ships the things with SNMP on by default, with default communities and no security; and no version of AirPort utility that runs on an Intel CPU can change the setting. I had to boot up an old Windows machine to fix that.
My ISP knows I pen-test for a living. I pay a premium for my bandwidth and they leave me alone as a result. I do get an email from them once in a while if I've been testing a new exploit, making sure I'm actually the one doing it and not an infected system. A portscan? I doubt theyd even blink. Connecting to a couple hundred or so IPs in the frame of an hour? No ISP would think twice about it, especially if you're connecting on 443. Normal browsing habits for most households.
Yes, when you're a government or quasi-government organization and have taps on every internet backbone to collect every single bit of traffic, you can do this. The company compiling this list? Not so much.
That seems more targeted than random to me. Also easy to combat with a whitelist overlaid on top of the blacklist. Truly hitting a few dozen, or a few hundred random IPs with every phone home to the actual C&C or dump server would render any blacklist based on those IPs useless. Think about it, if each machine hits 24 random IPs and 1 legit IP every time it phones home, only rotates out half of those so you can't easily pick out the one that's always the same, and phones home hourly, that's 12 new IPs per hour in the blacklist, 288 per day, 8,064 per month, 105,120 per year. From one machine.
Now, here's where I start to get really wordy. I'm going somewhere with this, though, and I'm interested in actual workable mitigation techniques, as none come to mind for me, so please read through.
There are 3,706,452,992 public ipv4 addresses. If 1 infected machine can blacklist 100k per year, that means less than 40k infected machines can blacklist the entirety of the ipv4 internet in under a year. Yes, of course, with randomness there will be much overlap and repetition, so it will take more machines, more time, or both, but it will happen eventually. And that's with a minimal number of fake IPs being pinged and a minimal effort to mask what is being done.
And even with that minimal attempt, the best mitigation that can be done is to only blacklist the 13 (12 fake + 1 real) IPs that are not being rotated. That means our 40k machines can now only blacklist 480,000 false IPs (plus the 1 legit one). However, it also means that, by rotating between multiple C&C and data dump IPs, you can keep those IPs off the blacklist so the blacklist no contains only false positives, at least for your specific piece of malware. So, that mitigation technique actually harms the list more than it helps, by removing any possibly valid data along with only a portion of the invalid data.
Going in the other direction, let's suppose that our malware has 100 C&C IPs and 100 data dump IPs, and rotates through them with each phone home. Let's also assume that, alongside the randomly-selected-from-our-known-pool IP address we're going to connect to, we also connect to 99 additional addresses on our first connection. On our second connection, we use a different C&C/dump IP, drop 49 of the random addresses used in the previous attempt (so we now have 50 different IPs and 50 repeated IPs, we've dropped half of the set), and connect to another 100 random IP addresses, for a total of 150 IP addresses. 3rd iteration, we use a different pool IP and drop 124 of the previous addresses, halving our connection pool again, then add 100 more randoms for a total of 225 IP addresses. The 4th run will be a little different because we have an odd number of addresses already. We swap out out pool address, drop 112 (half) of the old addresses, add 100 new ones, and we've now got 213 IP addresses to connect to. 5th run we swap the pool IP, drop 106, add 100, to get 207 IP addresses to connect to. 6th: swap, drop 103, add 100: 204. 7th: swap, drop 102, add 100: 202. 8th: swap, drop 101, add 100: 201. 8th: swap, drop 101, add 100: 200. 9th and on, swap, drop 99, add 99: 200.
By the time we reach the 9th iteration, at which point each new iteration adds 100 new addresses to the list (99 false and 1 from the pool), we've already seen 808 unique IP addresses, at least 1/4 of which have been used repeatedly, and only 8 of which are legit C&C or data dump IPs. At iteration 9, until we've exhausted out C&C/dump pool, we're adding 100 new IPs to the list with each iteration; after the pool is exhausted, we're adding 99 with each iteration. Let's assume, for simplicity, that we exhaust the pool with our last iteration one day, so the next day starts by adding 99 new addresses to the list (since we're not considering past addresses added, again for simplicity, we don't have to concern with overlap; and we can also assume the malware tracks which addresses it has used and does not reuse ones it has dropped until
You... edited?
Moo?
It sounds to me like it's blacklisting the IPs being connected to. Easy to spoof, though, just have your malware connect to dozens of random IPs along with the few actual IPs you're using, then the list becomes so full of false positives that it is rendered useless.
Somebody create a piece of malware that connects to random IP addresses!
It should be as hard as possible to screw up a working firmware.
You did not mention where the plane gets its authorization to fly over private property. In fact, you did not mention at all that they even were authorized, just stated their existence as a natural fact. Beyond that, yes, the rules and laws do create a legal expectation of privacy. Of course anyone who can see, legally or not, can see. If they have to put their camera over your fence to see, as you said yourself, that is most likely illegal.
If you want to test that in court, go ahead and fly your drone over my fence without permission. Anyone else who asks will have said permission; you, never. Let's see how it plays out.
Outdoors, you would need to be under a cover, or you don't have any expectation of privacy, because those airplanes are authorized.
Well hmm, that sounds familiar, almost as though one of us already said it... Oh, that's right! It was ME!
A plane flying overhead does have authorization, their route was explicitly approved by the FAA, the governing body that controls the airspace above US soil.
You're right that you don't have an expectation of privacy from planes flying their FAA-approved flight paths in your privacy-fenced-but-not-covered back yard; however, a plane deviating from that flight path without FCC authorization (e.g. due to an emergency) is no longer in legal airspace and you do have an expectation of privacy from those craft, along with any other craft not flying either an FAA-approved flight path or over the pilot's own property.
You may also not have an expectation of privacy from your neighbor looking out their 2nd story window, or up a tree or on a ladder (not leaning on your fence, as that is your property) on their own property, or even from their drone flying above your fenceline on their property, but once that craft leaves the airspace over their property, a likely interpretation of FAA regulations reads such that the craft is no longer flying legally and, therefore, one should have a reasonable expectation of privacy from that craft. I'm pretty sure I covered that with this line:
If you can't see what's going on on the other side of that 6ft fence and you are not authorized to be within the confines of that fence, then you cannot legally photograph anything within the confines of that fence
That is to say, if you can see it from a tree, ladder, or window on your property, well, you can see it.
The bar isn't so high that if anyone can legally see it, everyone can. You said it yourself, and I said it previously, the reasonable expectation is of privacy from those not legally allowed to be there. That would include, in your own words...
And in most cases, physical presence in such a location, such as reaching over a fence with a camera, is criminal trespassing.
...a drone with a camera.
Apple is in California, so the original lyrics work, as well.
That wouldn't hurt their sales at all
In fact, it would help their sales. Geeks love transparency. And if I know it's there and I know that MS dictates that it must be able to be disabled, I now have a reason to call them so they can make a sales pitch, as I'm sure they won't document how to disable it without a phone call.
What we have above is a typical -1: Disagree moderation. Overrated? That moderation is intended to counter positive moderation with which a user disagrees, not to push down a comment they don't like. Hell, if you're going to abuse the moderation system in that way, there are better moderations for that. Oh well, at least it doesn't affect karma, not that I don't have plenty to spare.
Next time, why don't you just tell me why I'm wrong?
Right, then you can escalate from there. There is no escalation without communication, so it is reasonable to start with a show of force in instances where communication is not possible; much less so where it is.