hate these ads?, log in or register to hide them
Page 29 of 30 FirstFirst ... 192627282930 LastLast
Results 561 to 580 of 586

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #561
    Donor Spawinte's Avatar
    Join Date
    April 9, 2011
    Location
    Ireland
    Posts
    6,288
    What the fug


  2. #562
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    3,192
    This is only going to get worse as the "internet of things" advances and your toaster has a microphone/SD card in it etc

  3. #563
    Donor Spawinte's Avatar
    Join Date
    April 9, 2011
    Location
    Ireland
    Posts
    6,288
    I should have mentioned the linked article is from 8 years ago. Sorry.

  4. #564

    Join Date
    May 31, 2011
    Posts
    3,719
    Quote Originally Posted by Spawinte View Post
    What the fug

    After we changed our supplier and returned our leased printers, after a couple of weeks we started receiving "out of toner" notification emails in Polish to the email address we set up in the printers for that back in the day ...

  5. #565
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,392
    Quote Originally Posted by Spawinte View Post
    I should have mentioned the linked article is from 8 years ago. Sorry.
    Is it worrying I remember reading it all those years ago?

    Quote Originally Posted by erichkknaar View Post
    Quote Originally Posted by elmicker View Post
    A reprogrammable plate? Why on earth do plates even need to change? Haven't these people got ANPR like the rest of the world?
    In California, they currently send you a sticker you have to put on your back plate when you pay your yearly vehicle registration, color coded by month. There is an additional permanent sticker on your plate showing the month your registration needs to be renewed by. I'm assuming that this is the bit that will be updateable, along with the vanity, myspace-like, bejazzled background picture.
    On stickers, in general:

    As of 2011 we had a review here in NSW that established that from 2013 we would no longer have registration stickers in addition to license plates. Importantly, the review suggested that a visible label was not a reliable indicator of valid vehicle registration. Other reasons cited were the cost (of producing labels), the inconvenience (having to replace labels) and the environmental impact (printing and disposal of waste). The main risks were identified as "effectiveness of law enforcement" and a concern motorists would fail to renew. Regarding enforcement it wasn't totally unfair, as state-wide, there were only 77 police traffic cameras with ANPR capability tied into the registration database at the time. I doubt anyone in government was too worried about an increase in people failing to renew, when...

    In the 2010/11 financial year the the State Debt Recovery Office saw 13,000 registration label offence penalty notices issued in NSW. The fine amount was $88. So, a little over $1.1 million dollars worth of infringements. As an aside, there would usually be further fines on top of that assigned by the police (such as being caught in the act of "driving an unregistered vehicle").

    Now, copy-pasting an extract of an article from 2015, in one of the local rags:

    The move to abolish stickers was sold to drivers as ‘making life easier’ — but with some drivers claiming they never received renewal reminders in the post, the annual errand has gone unnoticed, resulting in costly fines of more than $1200.

    According to figures obtained from the State Debt Recovery Office, 52,871 penalty notices had already been issued in the first 10 months of this year, raising more than $32.4 million in revenue.

    That is almost double the $17.4 million raised in the 12 months of 2010, when only 34,085 fines were issued.

    In 2013, the first year of NSW having no visible registration stickers, some 58,968 drivers were fined, with a face value of $35.49 million.
    The renewal reminders are only a courtesy, overall it's basically a tax on the stupid who can't so much as write a date on a calendar. That article has people whining that they didn't get their letter. Well, there are actually three letters. One six weeks before you're due, one if you miss the due date and one that comes two weeks after you miss the due date. Meanwhile, there was and still is a free registration renewal service whereby customers receive an email or a text message in the days leading to their expiry date.

    Ditching stickers and moving to ANPR works, even the patrol cars have linked ANPR now.

    Quote Originally Posted by erichkknaar View Post
    That said,

    Quote Originally Posted by Sparq
    That whole "get a stolen car to display STOLEN on the plates" thing isn't going to last.
    Alternatively, great trick to play on your ex, eh?
    Really don't like someone? Hack their plate to alternately flash "REGISTERED" and "PEDOPHILE", bonus points if it only displays during school hours.
    I'm going to assume that the system to control it is going to be under the control of Law Enforcement, much like the current Amber Alert billboards all up and down California on every major highway that display the same and things like kidnapping information on them, so while it's not preposterous they could be hacked, it's not like that system has been (much). I really don't see how your point is an impediment to this kind of technology (not necessarily this implementation).
    The central system that broadcasts to plates (probably) won't be what gets compromised. The plates themselves are most vulnerable because they need to communicate at least one way (receive) and are outside the physical control of law enforcement - leaving aside the whole problem of normalizing something that isn't a simple tamper proof metal plate, which opens the door to camouflaged custom hardware.

    Nothing I cited in my first post is an "impediment", because all the scenarios are only realized once the system is widespread and the end-user hardware is widely accessible so it can be reverse engineered and then compromised. If you want an impediment, rather than re-inventing the wheel just use a proven solution like APNR camera systems tied to the existing registration database.

    If people get suckered into replacing a sticker with a $700 gadget (that they then have to pay $72 a year just to keep using) which they have no control over, well that's just people being suckers.
    Last edited by Sparq; May 12 2018 at 06:32:21 AM.

  6. #566
    Donor erichkknaar's Avatar
    Join Date
    April 9, 2011
    Posts
    10,092
    Quote Originally Posted by Sparq View Post
    rather than re-inventing the wheel just use a proven solution like APNR camera systems tied to the existing registration database.
    This is America. That isn't how we roll.

    As an aside on tamper proof metal plates, I often see people here with the clear polyvinyl curved coating on their plates here. The one that defeats cameras, so yeah. This is all moot when human drivers are banned, anyway.
    meh

  7. #567
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,392
    Quote Originally Posted by erichkknaar View Post
    Quote Originally Posted by Sparq View Post
    rather than re-inventing the wheel just use a proven solution like APNR camera systems tied to the existing registration database.
    This is America. That isn't how we roll.
    yes it is

    Quote Originally Posted by erichkknaar View Post
    As an aside on tamper proof metal plates, I often see people here with the clear polyvinyl curved coating on their plates here. The one that defeats cameras, so yeah.
    ~ yes yes, and other people use an IR LED array wired into their plate lighting. Obfuscation isn't solved by 'digital' plates, either.

    Quote Originally Posted by erichkknaar View Post
    This is all moot when human drivers are banned, anyway.
    Driver-less vehicles won't be taxed or insured? Sure, mate. Though, we're getting off topic.
    Last edited by Sparq; May 13 2018 at 05:40:25 AM.

  8. #568
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,392
    Quote Originally Posted by Spawinte View Post
    I should have mentioned the linked article is from 8 years ago. Sorry.
    Addendum: you know it'd be cool if, these 8 years later, they went out again to see if anything has changed. Whether security or encryption packages became standard or whether there are machines now reaching EOL that are still packed full of goodies.

  9. #569
    Donor erichkknaar's Avatar
    Join Date
    April 9, 2011
    Posts
    10,092
    Quote Originally Posted by Sparq View Post
    Quote Originally Posted by erichkknaar View Post
    Quote Originally Posted by Sparq View Post
    rather than re-inventing the wheel just use a proven solution like APNR camera systems tied to the existing registration database.
    This is America. That isn't how we roll.
    yes it is
    The comment was more about how we'll never choose the easiest, most common sense solution when something else is available. OFC we have ANPR. This is how I pay for tolls over the Golden Gate Bridge.

    Quote Originally Posted by Sparq View Post
    Quote Originally Posted by erichkknaar View Post
    This is all moot when human drivers are banned, anyway.
    Driver-less vehicles won't be taxed or insured? Sure, mate. Though, we're getting off topic.
    OFC, you'll just have less "choice" in trying to evade those, because an unlicensed automatic car simply won't go anywhere.
    meh

  10. #570
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    21,448
    https://arstechnica.com/information-...uninstall-now/

    Last edited by Stoffl; May 14 2018 at 08:14:20 AM.
    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  11. #571
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    9,392
    Yes. There was some unhelpful shouting on twitter when it broke along the lines of HURF BLURF UN-PGP ALL THE THINGS and the researchers didn't communicate very well initially.


  12. #572
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,909
    Quote Originally Posted by Daneel Trevize View Post
    Twitter, perhaps having done an audit after GitHub found they'd been logging plaintext passwords during resets, have found they're doing 1 better by logging all plaintext passwords all the time. ~330million users.
    I'll do you one better: T-Mobile apparently thinks it's okay to store passwords in plaintext and have them visible to employees!

    https://twitter.com/tmobileat/status...300224?lang=en
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  13. #573
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,306
    (I might have already ranted about this, but) Plusnet was doing that as of 2 months ago, with an update scheduled by May to make it so that the customer service employees also only see the chosen characters that the customer are to supply for that call session.
    Why store plaintext? Because they reuse the same web portal credentials for the actual modem connection, and can't figure out instead generating signed key pairs while shipping the hardware...

    Not that it matters, the routers probably have hardcoded backdoors, both in the home and the backbone network, because Cisco got caught with yet another one...

    Oh and every US phones' location was being leaked by some data broker.
    Last edited by Daneel Trevize; May 20 2018 at 02:36:06 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  14. #574

    Join Date
    May 31, 2011
    Posts
    3,719
    OK, folks, predection time. With the increasingly better AIs out there and their most of the time free to plugin APIs: when is the first malware using AI-powered methods caught/reported? (Proof-of-concept doesn't count, needs to be an actual in the wild malware)


    I don't think we're that far away, so I throw out the second half of this year as my entry, even sooner than later, so more Q3 than Q4.

  15. #575

    Join Date
    April 13, 2011
    Posts
    6,105
    I'd be willing to bet it's already happened. The theories and proofs of concept of using AI techniques to produce malware are well published, and have been practical for several years. The difficulty is identifying them. Unless someone outright admits to using AI to develop new attacks, we're not really going to be able to tell. What's being focused on at the moment is not so much novel techniques, but obfuscation of existing techniques.

    Thankfully, it turns out those same AI techniques are exceptionally good at detecting previously undetected malware, and classification is always cheaper than production. They're also really, really good at problems we've always found challenging, like attribution. Likewise the infrastructure improvements that have enabled AI have enabled the resurrection of previously impractical advanced hardening techniques like large scale fault injection and fuzzing. We're also not that far off batshit insane techniques like homomorphic encryption, which will blow this shit wide open.

  16. #576
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,372
    TBH this is how it will end.. Mailware AI becomes self aware, infects everything and kills off humanity.. None of this 'robots are going to kill us' crap, it just needs to make the internet unusable for a week and we will kill ourselves..
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  17. #577
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    5,799
    Quote Originally Posted by Lana Torrin View Post
    TBH this is how it will end.. Mailware AI becomes self aware, infects everything and kills off humanity.. None of this 'robots are going to kill us' crap, it just needs to make the internet unusable for a week and we will kill ourselves..
    So say we all.
    Guns make the news, science doesn't.

  18. #578

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,068
    All chips are fucked, mk IV:

    Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE-2017-5715), and variant 3 is Meltdown (CVE-2017-5754). Today, variant 4 (CVE-2018-3639) was disclosed by Microsoft and Google researchers.

    It affects modern out-of-order execution processor cores from Intel, AMD, and Arm, as well as IBM's Power 8, Power 9, and System z CPUs. Bear in mind, Arm cores are used the world over in smartphones, tablets, and embedded electronics.

    The fourth variant can be potentially exploited by script files running within a program – such as JavaScript on a webpage in a browser tab – to lift sensitive information out of other parts of the application – such as personal details from another tab.
    https://www.theregister.co.uk/2018/0...rosoft_google/
    Please don't teach me what to do with my pc.

  19. #579
    tulip's Avatar
    Join Date
    April 11, 2011
    Posts
    2,032
    Request thread title be amended to include "Javascript>hardware".
    Quote Originally Posted by Tarminic View Post
    Just for the record, "sending a needy text" is never the right answer.

  20. #580
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,909
    Quote Originally Posted by tulip View Post
    Request thread title be amended to include "Javascript>hardware".
    Request denied.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •