WTF Bites
-
@Zecc 1999.
-
-
… the vulnerability was just the tip of the iceberg when it came to sloppy security practices at Atrient. They saw casino WiFi network passwords stored in plaintext, user personal data stored in plaintext and no attempt to secure anything.
Predictably, other security researchers are now looking at Atrient as well:
So it turns out Atrient has been creating and releasing shitty Android apps in their customers' names. After having a closer look, I realized that Atrient packaged their clients' private RSA keys into the aforementioned apps, most likely used for backend communications. (2/?)
Source: @duniel_pls
-
WTF of my day: So, I've got this ASUS Geforce 1080Ti. I already exchanged it once because it had a fan problem - this thing has three fans. But it seems to measure the RPM only of the first fan while the others are driven at the same power level (I guess?)
This lead to the interesting phenomenon where the first fan would not spin for whatever reason (which is not a problem in desktop mode) but when playing a more demanding game, it would hit a temperature threshold which should engage the fans which seemingly didn't. Which then made the other two fans go into overdrive, i.e. spin at 100% and stay there until I powered down. 100% is fucking loud, by the way.
As I said, I replaced that one. The replacement didn't show that problem - until now.
But not in the same way - the fans will go into overdrive once again but only for, say, three minutes, after which they go back to normal. Reported RPM (as in the previous case) is once again zero.
Currently debating whether I'll have that one replaced as well or try to talk the merchant into an exchange for a completely different card (and brand).
-
… the vulnerability was just the tip of the iceberg when it came to sloppy security practices at Atrient. They saw casino WiFi network passwords stored in plaintext, user personal data stored in plaintext and no attempt to secure anything.
Predictably, other security researchers are now looking at Atrient as well:
So it turns out Atrient has been creating and releasing shitty Android apps in their customers' names. After having a closer look, I realized that Atrient packaged their clients' private RSA keys into the aforementioned apps, most likely used for backend communications. (2/?)
Source: @duniel_pls
I mean, Atrient was gonna experience some scrutiny, but after the shit they pulled to silence the white hats, the security people are gonna pile on like crazy looking for holes in everything they ever did.
And the black hats will have some fun too.
-
@Rhywden
I may be undervaluing your sense of meticulousness (a lot, all things considering), but did they give you an actually new one? New box (if any), different S/N and all? Because, you see, back when I wasMordac, the Preventer of Warranty Servicesdoing my utmost to facilitate quick and painless resolution of customers' complaints of hardware malfunctions in full commitment to professional ethics, moral dimension and most accurate compliance with the consumer law... well...
-
@Applied-Mediocrity said in WTF Bites:
@Rhywden
I may be undervaluing your sense of meticulousness (a lot, all things considering), but did they give you an actually new one? New box (if any), different S/N and all? Because, you see, back when I wasMordac, the Preventer of Warranty Servicesdoing my utmost to facilitate quick and painless resolution of customers' complaints of hardware malfunctions in full commitment to professional ethics, moral dimension and most accurate compliance with the consumer law... well...Yeah, that was definitely a new one. From my quick research on the web regarding this issue, I'm not the only one experiencing this - one YouTube video even proposes modifying the firmware to get at the root issue.
I'm not doing that while it's still under warranty.
-
-
There are an astounding number of "No" in this FAQ, with the workarounds also appearing to consist of "No".
-
If your Android device's security patch level is dated February 2019, then you're up to date. If not, then check for updates and install them – some may be available. And if your device is more than 3 years old, you're pretty well boned.
-
The AMD Radeon Adrenalin manager thingie is failing to install on my computer. Not the driver, that installed and is working fine, just the auxiliary program. It's weird.
-
@anonymous234 I ended up considering it a feature when geforce experience committed sudoku during an update. Never reinstalled it afterwards.
-
There are an astounding number of "No" in this FAQ, with the workarounds also appearing to consist of "No".
Seems appropriate. Silicon Dust sounds like a good way to get silicosis.
-
Silicon Dust sounds like a good way to get silicosis.
Silica dust causes silicosis.
-
@HardwareGeek Silicon dioxide, yes. As far as I know, nobody's breathed enough silicon dust for a long enough time to see whether it does the same thing, and I'd just assume not be the guy who finds out.
-
Power BI, why are you emailing me "insights" about the 'Backlog Hours' of somebody who I've never heard of, or 'Coverage Hours %' trend of something, and how did you find these "insights" in "my" data.
-
@HardwareGeek
If it is uploaded into the cloud it is no longer yours
-
@Luhmann Given that I don't know the person or what is (or isn't, based on the trend) being covered, I don't think it ever was.
-
If your Android device's security patch level is dated February 2019, then you're up to date. If not, then check for updates and install them – some may be available. And if your device is more than 3 years old, you're pretty well boned.
Or you use AT&T. (My S7 is at Dec 3rd.)
-
If your Android device's security patch level is dated February 2019, then you're up to date. If not, then check for updates and install them – some may be available. And if your device is more than 3 years old, you're pretty well boned.
Or you use AT&T. (My S7 is at Dec 3rd.)
Or you use custom ROMs that are dead.
-
@Tsaukpaetra
Or you don't want to. I'm on September, 2018, Oreo 8.0.0. The next available update that's been bugging me is 9.0 - there is no Oreo, only Pie. What if the Pie doesn't like me?
It cannot be downgraded back to Oreo without unlocking the bootloader. On SQNY devices doing so is a fuckery that just might fuck up DRM keys, the loss of which disables camera and audio.
#firstworldproblems #bumfuckistanisnotreallyfirstworldbuthasthesesortsofproblemsnevertheless #howsthatforahashtag
-
@Applied-Mediocrity If Sony's going to make it difficult, do not I repeat do not unlock the bootloader. You're liable to wipe your phone by doing that, without it telling you first. Found that out the hard way. FWIW Pie is pretty good.
-
@pie_flavor said in WTF Bites:
You're liable to wipe your phone by doing that, without it telling you first.
Yeah, made that mistake on my current phone, wasn't careful when trying to repartition. Buh-bye radio firmware blobs!
That was not a fun day...
Coming out of that, though, now my phone is in development mode, and I can boot whatever I want on it now!
-
-
@pie_flavor said in WTF Bites:
FWIW Pie is pretty good
Of course you'd say that
Now, I'm not entirely clueless as to the process (!= hold my beer) That is, I've done it with my Z1c and Z3c. Sony officially allows unlocking the bootloader. It may or may not wipe the radios (hasn't so far), but what it definitely wipes is the partition containing Bravia DRM stuff. At least two things then stop working - camera (why?) and DSEE HX OMGZZZWEE audio. The camera is a fucking turd (they always have been), but I'd still like to use it from time to time. The audio thingamajig... I suppose I could live without it, but I swear they've made it the other way round - it "accidentally" makes audio more shit if disabled.
The only practical solution has been to root before unlocking, back up the damn partition, back it up again just in case and back up the backup (because if you ever lose it, you're screwed), install pre-rooted or root-able ROM, then restore it afterwards and pray that gods took a liking to your rain dance and tambourine performance.
Last time I checked (that is, before purchase) there were no exploits sufficient to do all the steps. A quick glance suggests there is now. However, the stock ROM is pretty clean (or at least it has allowed me to disable most of the annoying stuff) and without any custom GUI crap. What remains is the gnawing feeling that perhaps I should because it's there.
-
-
Of course you'd say that.
@Applied-Mediocrity said in WTF Bites:
Of course you'd say that
Not sure how well that turned out for the miners in The Expanse (which is worth a watch IMO)
-
@Applied-Mediocrity said in WTF Bites:
What remains is the gnawing feeling that perhaps I should because it's there.
Unwise. Still, it's your funeral.
-
@pie_flavor said in WTF Bites:
Of course you'd say that.
@Applied-Mediocrity said in WTF Bites:
Of course you'd say that
Not sure how well that turned out for the miners in The Expanse (which is worth a watch IMO)
TL;DW?
-
@Gąska Dunno, still watching it.
-
@pie_flavor okay, so maybe a TL;DW of the part you did watch, so I could understand why you made that reference when we were talking about pies?
-
-
@pie_flavor yes, I know. That's why I'm asking.
-
@Gąska it's a thing that gets posted when you double-post or get ninjad by the exact same text.
-
@pie_flavor you should make KYM article on that. You know, for future reference.
-
@Gąska why? It's a WTDWTF-specific joke.
-
@pie_flavor is it? I thought you just made it up on the spot right here.
-
@pie_flavor said in WTF Bites:
@Applied-Mediocrity said in WTF Bites:
What remains is the gnawing feeling that perhaps I should because it's there.
Unwise. Still, it's your funeral.
They said the same about custom marshaler for variable length arrays (of structs with unions potentially containing more variable length arrays of structs) I was making for our mission critical service because
BinaryReader
is "slow"!Oh waiyS.4kó²BãJPÙ>ÿ~ÔÍ·Ö±Þ'Q/(ÀéÎp¢75£ÉÜäå)ÿ3EJÁu}eUCSa»¢iÇæâ1Añµ ¶õz
-
@Gąska search it.
-
@pie_flavor good one!
-
@Applied-Mediocrity said in WTF Bites:
that just might fuck up DRM keys, the loss of which disables camera and audio.
Is this common, or is this just another we'll-put-rootkits-on-your-pc sony madness such that you don't use the camera and a wooden table to record Spiderman 23?
-
@topspin
The madness one. And it's been like that since forever (or at least 2014). I don't recall having seen any remotely reasonable explanation.Technically:
it stores DRM keys, Bravia Engine Code and warranty of your device
Except that isn't remotely reasonable.
Now then, if it's absent, you're fine, but if it doesn't pass ARM TrustZone signature check, it's a proper brick.
-
@pie_flavor said in WTF Bites:
You're liable to wipe your phone by doing that, without it telling you first.
Maybe Sony is different, but every time I've done that with any phone I'm pretty sure I had multiple warnings.
-
@Applied-Mediocrity said in WTF Bites:
It cannot be downgraded back to Oreo without unlocking the bootloader. On SQNY devices doing so is a fuckery that just might fuck up DRM keys, the loss of which disables camera and audio.
I know why the Walkman was the last product or theirs I owned, but it's reassuring to hear that their habit of savagely penetrating every orifice in their customers' body with their throbbing, uncircumcised DRM hasn't changed a bit since their rootkit-on-a-CD days.
-
savagely penetrating every orifice in their customers' body with their throbbing, uncircumcised DRM
-
Hooray for vendors who send out "hey, we're changing ownership and e-mail domains" e-mails to everyone in their sales guy's contact list. Without using BCC.
Another vendor for my greylist
-
@hungrier The first time I got a warning. The second one I didn't; this was the finding out the hard way.
-
@pie_flavor the first big warning was Sony
-
savagely penetrating every orifice in their customers' body with their throbbing, uncircumcised DRM
You might be consufing semitism with sodomy.
-
@Zecc I'm Christian. I don't see much difference