Internet of shit
-
Like if you needed another reason to NOT buy a SmartTV
-
@Lorne-Kates said in Internet of shit:
I bet by "radio issue" they mean that their radios were working exactly as fucking expected, but they didn't encrypt the communication protocols.
That sounds pretty likely.
SirenJack: Cracking a 'Secure' Emergency Warning Siren System – 51:20
— Black Hat
I don't rememer the details, but the security wasn't great.
-
@TimeBandit said in Internet of shit:
Like if you needed another reason to NOT buy a SmartTV
My coworker just commented "In Russia, TV watches you!"
-
@Applied-Mediocrity said in Internet of shit:
@Gurth
Or need a toilet to flush all the tablets?Sewers are clogged enough already by tissues and chip pan oil and whatever else people are flushing down toilets that isn’t water-soluble, now you want to chuck tablet computers down them too?
-
@Gurth I guess we need to engineer garbage-eating goldfish.
-
@CarrieVS said in Internet of shit:
garbage-eating
goldfishalligators
-
@Luhmann said in Internet of shit:
@CarrieVS said in Internet of shit:
garbage-eating
goldfishalligatorsHow about alligator-eating goldfish? Or water-soluble alligators?
-
@CarrieVS
We only need the gator eating goldfishes when the gators start to clog shit up
-
@Luhmann How about an alligator/goldfish hybrid?
-
@CarrieVS said in Internet of shit:
How about an alligator/goldfish hybrid?
I'm sure there's a Sy Fy original movie about that somewhere.
-
@mott555 There's an episode of River Monsters about the fish in that picture. There's also one about a fish that takes chunks out of crocodiles (and I'm sure it would take chunks out of alligators if it existed in the same waterways.)
-
@CarrieVS said in Internet of shit:
@mott555 There's an episode of River Monsters about the fish in that picture. There's also one about a fish that takes chunks out of crocodiles (and I'm sure it would take chunks out of alligators if it existed in the same waterways.)
What kind of fish is it? I thought it was an alligator gar. Which definitely cohabit with alligators.
-
@levicki said in Internet of shit:
@TimeBandit I posted that on a previous page. You've been ninja'd (why there is no ninja emoticon?).
There is. It's ()
:hanzo:
, for obscure in-joke reasons.
-
@levicki said in Internet of shit:
Bah, you kids and your 2016 game characters.
predates that particular game. See e.g. here.
It doesn't quite predate Saboteur, though.
-
-
@CarrieVS said in Internet of shit:
@Gurth I guess we need to engineer garbage-eating goldfish.
But we already have trust fund kids.
-
@Lorne-Kates said in Internet of shit:
But we already have trust fund kids.
Stop insulting the goldfish.
-
@cvi said in Internet of shit:
@levicki said in Internet of shit:
Bah, you kids and your 2016 game characters.
predates that particular game. See e.g. here.
It doesn't quite predate Saboteur, though.
Well.
-
@Zecc E_DIFFERENT_HANZO. That guy has a thing over the "o" in his name. Totally different.
-
ō_ō
-
@Zecc I mean ... try it: :hanzō:
See? Doesn't work.
-
@TimeBandit said in Internet of shit:
@levicki said in Internet of shit:
Back in my days we had Saboteur:
Man, you're old
Oh good! Another one to add to our club!
-
@Gurth said in Internet of shit:
@BernieTheBernie Do you need a tablet to flush the toilet?
Don't know.
But on the other hand, the toilet could send you some remainders:
"You forgot to flush the toilet"
"You did not wash hands after using the toilet"Some while later, the toilet will threaten you to forward such messages to all your contacts including a video taken with your tablet while you were using the toilet, except (of course) when you flush some Bitcoins to the toilet's wallet.
-
-
@dcon You are right... I ought to improve my knowledge of English aurthography.
-
@boomzilla said in Internet of shit:
@CarrieVS said in Internet of shit:
@mott555 There's an episode of River Monsters about the fish in that picture. There's also one about a fish that takes chunks out of crocodiles (and I'm sure it would take chunks out of alligators if it existed in the same waterways.)
What kind of fish is it? I thought it was an alligator gar. Which definitely cohabit with alligators.
It is indeed.
But the one that's known for biting lumps of flesh out of crocodiles (and anything else in the water including humans) is the goliath tigerfish, native to the Congo river basin in Africa. Apologies for being confusing.
The allligator gar, although it can give a nasty bite if threatened, is actually quite docile and a rather delicate feeder, and Jeremy Wade believes most if not all of the reports of unprovoked attacks on humans are actually the work of alligators being misidentified.
-
@CarrieVS said in Internet of shit:
But the one that's known for biting lumps of flesh out of crocodiles (and anything else in the water including humans) is the goliath tigerfish, native to the Congo river basin in Africa. Apologies for being confusing.
Ah, yes, I saw that episode.
The allligator gar, although it can give a nasty bite if threatened, is actually quite docile and a rather delicate feeder, and Jeremy Wade believes most if not all of the reports of unprovoked attacks on humans are actually the work of alligators being misidentified.
That would not surprise me. The guys on Swamp People fish for gar by tying their hook / line /bait to an empty plastic jug float and coming back later to harvest them.
-
Sorry for accidental mention I done goofed and made a post by mistake.
-
-
@Luhmann
@area_bel
?
-
@Luhmann said in Internet of shit:
@CarrieVS said in Internet of shit:
Congo river basin
Former !
Raise your hands! Oh ....I think that joke is probably a for most readers, since they likely have to declare their expenses differently.
-
@Gurth
It's first a reference to the hand chopping during the Congo colony.
-
@levicki said in Internet of shit:
Way too old for my own taste...
It could be worse, you could be a millenial
-
@Luhmann said in Internet of shit:
@Gurth
It's first a reference to the hand chopping during the Congo colony.Yes, I got that, which is why I made a follow-on joke about declaring expenses.
The chopping off of hands was initially a method of declaring expenses: those locals trusted by Leopold II’s underlings to carry firearms, were not trusted enough to use them for _only_ their intended purpose (shooting other unruly natives, rather than, say, hunting for food), so each bullet spent had to be justified by the hand of the person shot with it.From there on, things just went downhill and chopping off hands took on a life of its own.
-
@levicki said in Internet of shit:
@TimeBandit said in Internet of shit:
@levicki said in Internet of shit:
Back in my days we had Saboteur:
Man, you're old
Way too old for my own taste...
What, you don't want to go fuck yourself? Typical...
-
I'm shocked. Shocked I say.
As many as 750,000 heart devices made by Medtronic PLC contain a serious cybersecurity vulnerability that could let an attacker with sophisticated insider knowledge harm a patient by altering programming on an implanted defibrillator, company and federal officials said Thursday.
Medtronic, run from offices in Fridley, says the risk of physical harm to defibrillator patients appears to be low, even though one of the two issues described by Homeland Security was assigned a CVSS base score of 9.3 out of 10.
The vulnerabilities were discovered by two different teams of security researchers and reported to Medtronic, which reported it to authorities, Medtronic officials said.
Ben Ransford, CEO of medical-device security firm Virta Labs, said he agreed with the assessments of Medtronic and federal officials that the vulnerabilities in the Medtronic defibrillators were not serious enough to warrant replacement.
[…]
But Ransford did say it was surprising that issues like the ones in Thursday’s advisory continue to crop up in Medtronic defibrillators, since this variety of vulnerability has been known since 2008.A decade ago Ransford was part of a team of researchers that tested a bacon-wrapped Medtronic Maximo defibrillator and came to the surprising conclusion that it could be hacked.
In the groundbreaking paper, the researchers reported that they could cause their compromised device to issue shocks on command, shut down its lifesaving features and change functionality so the battery would wear out.
-
@DCoder said in Internet of shit:
I'm shocked. Shocked I say.
You have a Medtronic defibrillator?
a bacon-wrapped Medtronic Maximo defibrillator
These are hard to get right. You need to get the timing just right so you don't overcook the bacon or undercook the defibrillator.
-
@DCoder said in Internet of shit:
But Ransford did say it was surprising that issues like the ones in Thursday’s advisory continue to crop up in Medtronic defibrillators, since this variety of vulnerability has been known since 2008.
It must have been known from the start, at least to whoever approved it in the FDA. The article mentions that
The system doesn’t use formal authentication or authorization protections, which means an attacker with short-range access to the device could inject or modify data and change device settings, the advisory says.
and
However, Kowal noted that the vulnerabilities in Thursday’s alert must be exploited in close physical proximity to the patient.
Well, FDA approved it, because the close proximity means a couple of inches—and a special device—so nobody is doing a mass attack and few people are worth a targeted one. And, as the article also mentions
Deploying encryption in medical devices is tricky because is increases computational complexity and therefore uses the battery faster.
-
@Bulb said in Internet of shit:
Deploying encryption in medical devices is tricky because is increases computational complexity and therefore uses the battery faster.
What a complete load of bollocks they've come up with, transmission will be very rare for this use-case. I did a wireless device that had to last 5 years on a CR2032. I used XXTEA. The extra computation wasn't a problem because the device spent 99.9% of its time asleep at <2uA. Implementing it takes hardly any program or data memory and it's a damn sight better than nothing.
@Bulb said in Internet of shit:
Well, FDA approved it, because the close proximity means a couple of inches
Whenever they say stuff like this it's always with the implicit 'using the manufacturers' hardware'. Just like you can get RFID working out to meters with non-standard transceivers, just shove more power into the air and use a more sensitive receiver.
-
This post is deleted!
-
@Cursorkeys said in Internet of shit:
What a complete load of bollocks they've come up with, transmission will be very rare for this use-case.
For the devices that send periodic reports it is not that rare
@Cursorkeys said in Internet of shit:
the device spent 99.9% of its time asleep
Only if it has a separate chip for the communication.
@Cursorkeys said in Internet of shit:
Whenever they say stuff like this it's always with the implicit 'using the manufacturers' hardware'. Just like you can get RFID working out to meters with non-standard transceivers
Building a non-standard transceiver proves beyond any reasonable doubt your malicious intent, and provides a piece of evidence police can seize. And it is non-standard, so you have to build it. Are you building thousands of them to carry out a mass attack just for shits and giggles when it makes it pretty likely you'll get caught?
Technical security does not have to be perfect. It just has to be good enough that law enforcement can take over from there. This does not allow doing the attack remotely from ‘safety’ of North Korea, and is not easier than stabbing the victim or planting a bomb, so it is not worth much trying to prevent it.
(note: it is inductive just like RFID, so anything true for RFID does indeed apply)
-
@Bulb said in Internet of shit:
For the devices that send periodic reports it is not that rare
My fault, I completely missed that.
Still, I'm willing to bet XXTEA wouldn't significantly impact their power-budget.
-
@Bulb said in Internet of shit:
Technical security does not have to be perfect. It just has to be good enough that law enforcement can take over from there.
If your goal is to catch criminals, sure. But I think most people, rather than catch criminals, would want the victims to not die in the first place.
-
@Gąska The victims will die either way, whether the criminals use convoluted scheme involving reprogramming of their pacemaker, or simply stab them. As long as the former is harder than the later, there is no point in improving the security further. And due to all the expenses involved, it is, even without authentication.
-
@DCoder Hey, I remember Hacknet having that exact thing. You had to mercy kill a guy.
-
@Bulb the use case of a high profile target assassination is a bit different though. If you can reprogram their internal life support to fail when the evidence is long gone, you've got a pretty nice attack vector with this
-
One episode of Elementary had an unlucky sap's pacemaker being hacked and used to coerce him to change his vote on some historical protection thing. As you might imagine given the nature of the show (1 episode without a body at my last count), it didn't end well for him.
-
@coderpatsy said in Internet of shit:
the nature of the show (1 episode without a body at my last count)
How many TV crime shows are about crimes other than murder? For more than the odd episode?
-
@Gurth said in Internet of shit:
How many TV crime shows are about crimes other than murder? For more than the odd episode?
-
@Zerosquare Never watched that, but it’s very much the exception. I’ve long been thinking that it should be easily possible to make interesting, watchable crime shows about police who solve crimes like robberies, burglaries, or insurance fraud for all I care — but it’s almost invariably murder.