It seems to be solved quite well on my 2014 Honda: - qruise control keeps the speed, but lowers it if there is a car in front and keeps a configurale distance by automatically accelerating and decelerating (and braking if needed). It uses radar as opposed to Tesla's camera-only solution which is vulnerable to blinding low sunlight (which seems to be a possible culprit in this case). - lane guidance steers to keep the car in lane if i switch it on. But if I let go of the wheel, it will soon give an audible and visual warning and soon disable itself.
This for me is unintrusive enough to use on a highway, yet it is strictly "driver assist" not self-driving, so I will not lose focus.
What do you mean "off the map"? There will be no such places.
Also - it is my understanding that most of the selfdriving car development is based on cameras - therefore a selfdriving car can continue on unmapped territories as well as with missing gps just as good as a human driver - using visual cues. If you need to give it instructions how to get to point b, you poke with a finger on a map or an arial photo on the screen and leave the immediate obstacles to the automation.
But all that aside - i mainly meant that the wheel is useless in an emergency situation.
I remember a quote from google selfdriving car team that there is no point in having a steering wheel in a self driving car, because the "driver" would never be able to take over in time to avoid any danger. Which makes sense. We should not switch to automated driving before we are ready to surrender all control.
So you're saying forged packets aren't broadcasted in the open? I've seen plenty of firewall rules where the source from = public IP to destination = private IP. That could be internal 192.168.x.x or 10.x.x.x. Obviously, if that private IP subnet doesn't exist, there won't be a route for it.
You are misguided if you think that just setting a private ip as a destination address the packet would reach from the internet to a NATted LAN. The router only routes packets to NATted subnets for which there are NAT entries - either from configuration or dynamic port mappings that usually are generated from NATting outgoing traffic. It would be dropped even without the SPI.
Forged packets? I suppose HP printers will attempt communication via DNS lookup to the outside (because of all those stupid silly feature services for ease of access).
Do you mean that the attacker would forge packets to printer's tcp port 9100 as a forged answer to its outgoing DNS requests? That would again not work, as there is no NAT mapping in the router to printer's address port 9100 as a result of its DNS request unless the DNS request originated from port 9100...
My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets. If you try going around calling your opinions "professional", you should know that.
As far as private ips are concerned - it is quite obvious from the article that the printers had public ips. Universities put them on public ips. That in itself is not a bad practice as they have no shortage of ip addresses like the rest of us. Bad practice is leaving them open to internet.
Also - if you are "of the understanding that you can't pass NAT traffic from outside", how do you propose that they "guessed and "walked" (war dialed) the internal private IP range of 192.168.1.x and attempted port 9100" as you so elegantly put it?
Sysadmins have assigned public ip, because that is how it works in a uni. There is no NAT. NAT is a hack for the puny humans who do not have/16 ip blocks lying around. So assigning an ip from a private ip range would not work at all...
Also it is not at all stupid to assign said public ips with dhcp. On the contrary - it is very smart.
However it was stupid to allow public access from the internet to said ip addresses.
And it is stupid to assume that all networks are like your network at home.
In most likelyhood of a HP variety. Or something behind a jetdirect print server. If i remember correctly 9100 is HP proprietary standard although some other manufacturers have now started to listen to it.
You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works. Stateful package inspection has no relevance to inability to pass NAT to the internal network. It requires a reverse NAT action from their router to reach inside.
Also you assume that the printers were on private ip range and NATted - which they probably were not.
"Fixed" as opposed to what? I give out all my fixed ip's through dhcp. Its much easier to manage and everything is in a single plaece.
The question here is why the printers are accessible through the internet.
I myself have printed out many hefty manuals on the modern wifi printers that have been left with factory settings with public printing. I never considered that "hacking" though. It is strange what nowadays passes as "hacking".
Well. I have tried to fix the error i am having with my business on google maps.
Its an extremely strange one - google maps finds the business at the correct address. The pin is in the right place. But - and here it goes weird - if you click for driving directions, it takes you to a different location (our previous address from 5 years ago). If you zoom out, it is even visible that the route does not end on the pin, but elsewhere. But no one does that and people drive to the wrong address all the time. It is the same on mobile and web google maps.
I have contacted google repeatedly. Google my business support finally bounced it to maps team, and that does not have any support, but only "feedback" (which i have left repeatedly). Meanwhile our customers are directed to a wrong place.
might insuggedt requestpolicy into your list of anti-tracking measures. It blocks all cross-site requests, be it css, script or image unless you explicitly allow it. It seems to get rid of most ads and tracking wihtout much effort from me.
You mean that this one-paragraph exerpt from BBC news that reports something that happened in Germany now let the cat out of the bag and gives a legal loophole to sue everyone for anything?
First of all, it might come as a surprise for you, but not all people live in the US of A. Where i live, "search and frisk" is not something that i know to have been done to anybody that knows anybody i know.
Second of all - you probably get my point despite the maybe-not-so-universal analogy i gave. Maximum you should do, is null-route the portscanning ips automatically. Me - i just ignore them and have done so since the early nineties. If your network security relies on people in the internet NOT portscanning you, you are screwed anyway.
Then stop plugging some sophos bullshit here and install something free and open that lets you block things. For example pfsense or m0n0wall. I am sure there are others, but these are the ones that i use.
If you have a decent firewall you dont actually care about portscans. You have a couple of ports open and you need to make sure that services running on these are safe. Alerting you with portscans will not improve your security one bit. The only useful thing you could do is automatically drop packets after n different port accesses in a given time - but alerts? Why bother?
If in real life someone touches your doorhandle, are you gonna sue? If he tries to pick or break the lock, sure. But portscan is an equivalent of rattling your doorhandle.
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
Except to their potential customers to whom they have nothing to sell.
"We have sold it to customer Y exclusively, but come to us with any other needs"
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
Government agencies do not need exploits, they can order a backdoor, and probably have.
I am just saying it smells like a publicity bullshit.
And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who supposedly have vulnerability info that can be used. That "market recognition" can be monetized later much more easily than a certain exploit on a certain IOS version with a certain browser that only a minority of people have installed.
I am saying that these guys are just bullshitting.
Just because you don't like the idea of it.
I don't like the idea of what? I have not expressed any like or dislike towards either jailbreaking as such or this exploit buying matter. I am just saying it smells like a publicity bullshit.
Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I am saying that these guys are just bullshitting.
All this assumes that this press release is real. That somebody did really find this exploit. Which sound very unlikely. It has publicity bullshit written all over it.
Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free? And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook. For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection - ios 6?
Slashdot Mirror
It seems to be solved quite well on my 2014 Honda:
- qruise control keeps the speed, but lowers it if there is a car in front and keeps a configurale distance by automatically accelerating and decelerating (and braking if needed). It uses radar as opposed to Tesla's camera-only solution which is vulnerable to blinding low sunlight (which seems to be a possible culprit in this case).
- lane guidance steers to keep the car in lane if i switch it on. But if I let go of the wheel, it will soon give an audible and visual warning and soon disable itself.
This for me is unintrusive enough to use on a highway, yet it is strictly "driver assist" not self-driving, so I will not lose focus.
What do you mean "off the map"? There will be no such places.
Also - it is my understanding that most of the selfdriving car development is based on cameras - therefore a selfdriving car can continue on unmapped territories as well as with missing gps just as good as a human driver - using visual cues. If you need to give it instructions how to get to point b, you poke with a finger on a map or an arial photo on the screen and leave the immediate obstacles to the automation.
But all that aside - i mainly meant that the wheel is useless in an emergency situation.
I remember a quote from google selfdriving car team that there is no point in having a steering wheel in a self driving car, because the "driver" would never be able to take over in time to avoid any danger. Which makes sense. We should not switch to automated driving before we are ready to surrender all control.
You are advocating jumping on the VR bandwagon early as an opposite to being in your parent's basement?
You should really read up on some networking.
So you're saying forged packets aren't broadcasted in the open? I've seen plenty of firewall rules where the source from = public IP to destination = private IP. That could be internal 192.168.x.x or 10.x.x.x. Obviously, if that private IP subnet doesn't exist, there won't be a route for it.
You are misguided if you think that just setting a private ip as a destination address the packet would reach from the internet to a NATted LAN. The router only routes packets to NATted subnets for which there are NAT entries - either from configuration or dynamic port mappings that usually are generated from NATting outgoing traffic. It would be dropped even without the SPI.
Forged packets? I suppose HP printers will attempt communication via DNS lookup to the outside (because of all those stupid silly feature services for ease of access).
Do you mean that the attacker would forge packets to printer's tcp port 9100 as a forged answer to its outgoing DNS requests? That would again not work, as there is no NAT mapping in the router to printer's address port 9100 as a result of its DNS request unless the DNS request originated from port 9100...
You're welcome.
My point is that SPI is totally irrelevant on accessing NATted private IPs from outside. The router drops the packets from outside not because of SPI, but because it has no instruction what to do with those packets. If you try going around calling your opinions "professional", you should know that.
As far as private ips are concerned - it is quite obvious from the article that the printers had public ips. Universities put them on public ips. That in itself is not a bad practice as they have no shortage of ip addresses like the rest of us. Bad practice is leaving them open to internet.
Also - if you are "of the understanding that you can't pass NAT traffic from outside", how do you propose that they "guessed and "walked" (war dialed) the internal private IP range of 192.168.1.x and attempted port 9100" as you so elegantly put it?
Sysadmins have assigned public ip, because that is how it works in a uni. There is no NAT. NAT is a hack for the puny humans who do not have /16 ip blocks lying around. So assigning an ip from a private ip range would not work at all...
Also it is not at all stupid to assign said public ips with dhcp. On the contrary - it is very smart.
However it was stupid to allow public access from the internet to said ip addresses.
And it is stupid to assume that all networks are like your network at home.
In most likelyhood of a HP variety. Or something behind a jetdirect print server. If i remember correctly 9100 is HP proprietary standard although some other manufacturers have now started to listen to it.
You throw around nice terms like "walk" and "spi" having no clue of network architecture and how ip actually works. Stateful package inspection has no relevance to inability to pass NAT to the internal network. It requires a reverse NAT action from their router to reach inside.
Also you assume that the printers were on private ip range and NATted - which they probably were not.
"Fixed" as opposed to what? I give out all my fixed ip's through dhcp. Its much easier to manage and everything is in a single plaece.
The question here is why the printers are accessible through the internet.
I myself have printed out many hefty manuals on the modern wifi printers that have been left with factory settings with public printing. I never considered that "hacking" though. It is strange what nowadays passes as "hacking".
Well. I have tried to fix the error i am having with my business on google maps.
Its an extremely strange one - google maps finds the business at the correct address. The pin is in the right place. But - and here it goes weird - if you click for driving directions, it takes you to a different location (our previous address from 5 years ago). If you zoom out, it is even visible that the route does not end on the pin, but elsewhere. But no one does that and people drive to the wrong address all the time. It is the same on mobile and web google maps.
I have contacted google repeatedly. Google my business support finally bounced it to maps team, and that does not have any support, but only "feedback" (which i have left repeatedly). Meanwhile our customers are directed to a wrong place.
Haven't seen it, will check out.
might insuggedt requestpolicy into your list of anti-tracking measures. It blocks all cross-site requests, be it css, script or image unless you explicitly allow it. It seems to get rid of most ads and tracking wihtout much effort from me.
You mean that this one-paragraph exerpt from BBC news that reports something that happened in Germany now let the cat out of the bag and gives a legal loophole to sue everyone for anything?
First of all, it might come as a surprise for you, but not all people live in the US of A. Where i live, "search and frisk" is not something that i know to have been done to anybody that knows anybody i know.
Second of all - you probably get my point despite the maybe-not-so-universal analogy i gave. Maximum you should do, is null-route the portscanning ips automatically. Me - i just ignore them and have done so since the early nineties. If your network security relies on people in the internet NOT portscanning you, you are screwed anyway.
Then stop plugging some sophos bullshit here and install something free and open that lets you block things. For example pfsense or m0n0wall. I am sure there are others, but these are the ones that i use.
If you have a decent firewall you dont actually care about portscans. You have a couple of ports open and you need to make sure that services running on these are safe. Alerting you with portscans will not improve your security one bit. The only useful thing you could do is automatically drop packets after n different port accesses in a given time - but alerts? Why bother?
If in real life someone touches your doorhandle, are you gonna sue? If he tries to pick or break the lock, sure. But portscan is an equivalent of rattling your doorhandle.
You are confusing the german law system that is based on actual laws and the US/British precedent based "law system".
Essentially you are sayong that this news means that they have not killed the content, but the device?
Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
Except to their potential customers to whom they have nothing to sell.
"We have sold it to customer Y exclusively, but come to us with any other needs"
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
Government agencies do not need exploits, they can order a backdoor, and probably have.
I am just saying it smells like a publicity bullshit.
And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who supposedly have vulnerability info that can be used. That "market recognition" can be monetized later much more easily than a certain exploit on a certain IOS version with a certain browser that only a minority of people have installed.
I am saying that these guys are just bullshitting.
Just because you don't like the idea of it.
I don't like the idea of what? I have not expressed any like or dislike towards either jailbreaking as such or this exploit buying matter. I am just saying it smells like a publicity bullshit.
Which sound very unlikely.
Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I am saying that these guys are just bullshitting.
All this assumes that this press release is real. That somebody did really find this exploit. Which sound very unlikely. It has publicity bullshit written all over it.
Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook.
For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection - ios 6?
There is no 9.1 jailbreak released. Jailbreak was released for up to 9.0.2 and with 9.1 Apple "fixed" it.