Re: How do you warn them?
I assume the answer is that you don't email them, since their email account is locked out. I imagine it's just part of the login process, basically a forced password recovery.
13 publicly visible posts • joined 24 Sep 2010
It would be nice if this article actually explained what they were selling and how. Is this Cisco hardware or not?
"JDC Networking Inc altered Cisco products by using pirated software, and created labels and packaging in order to mislead consumers into believing the products it sold were genuine Cisco products"
What kind of product uses Cisco hardware running Cisco software but is somehow fraudulent? Were they simply adding cheap add-on PCBs to a real chassis?
You seem to have taken a technical story and removed all the technical from it :(
BT home broadband is a fully managed service. This means that I thoroughly expect them to detect and patch vulnerabilities in my BT supplied hardware. It is very clear that they have remote management capabilities to patch the firmware, so why are we attacking them for warning customers who are using dangerous BT supplied hardware using what is almost certainly a passive scan (the managed home hub is a DHCP server and a switch so it knows what's connected without any additional snooping).
I am going to stick my neck out and say that this is pointless. Personally I don't care if corporations want to build up data about browsing behaviour. I'd certainly 100% rather get served ads that actually interest me!
Wanting to prevent companies (whose products you are getting for free in most cases) from analysing your behaviour to make some money seems childish and counter-productive.
Can anyone explain *why* people object to this tracking? It's not as if the advertising networks are going to identify you personally then laugh at your browsing habits for their own amusement.
ps. I have no commercial interest here, I just want to see the web remain a success.
While it is very easy to dismiss this as impractical, I would disagree that it is not a serious issue to be considering. This specific exploit is obviously not at all practical in the real world, but it does raise an interesting point.
Huge numbers of exploits have been found in web browsers, allowing code to be executed when parsing a web page. Therefore it doesn't seem unlikely that vulnerabilities could be found in the various pieces of code that would be executed when a USB device is inserted.
This covers several several things, largely (but not only) on a desktop system. I don't claim to be an expert on this process, but I assume this would typically include: the USB enumeration code (think PS3 exploit), the mass storage device driver (disk size, device name, etc), partition table scanners (MBR, GPT).
Aftter this, on a desktop system, the system would also scan for known filesystems, read their labels, mount them, and scan for known types of content. Some systems may have also been accidentally or deliberately configured to open a file browser, which would include various file preview (thumbnail generation) tools.
What I am getting at is that it is not unlikely that vulnerabilities exist in one or more of these drivers and processes. Bearing in mind how many times browsers have been exploited, we shouldn't be complacent about other parts of the operating system.
Of course, I am not just talking about Linux. These things could be equally exploited in Windows, OSX.
"Once again, the spurious connection between an IP address and an individual.
An IP does NOT indicate a single person, nor necessarily even a single computer. Without the MAC address and a witness to tie an individual to the computer with the NIC that uses the MAC address there is no proof."
As has been pointed out before, this is not a civil case, it is a criminal investigation. The police will more than likely seize hardware to gather evidence of DoS attack tools. They also have good old fashioned policework. Seems pretty likely that a teenager caught with LOIC on the PC in their room and IP address logged is going to confess under interrogation.
These criminal cases cannot be proven based on IP addresses in logs, and I'm sure the police know that. However, I don't suppose they'll have any trouble gathering additional evidence.
I appologise for whining, but technical details seem to be very thin on the ground here, and I'm rather confused about a few points...
"Distributed denial of service attacks are currently being used against the websites of Sarah Palin, Mastercard and other perceived enemies of Wikileaks and Julian Assange"
Is this at all relevant?
The investigation by PCeU found the DDoS attack was made using a malicious program called "Phenom Booter".
If it was launched using off-the-shelf software, surely this make it a single-homed DoS attack, not a DDoS?
"Police found the malware being offered for sale on a web forum for Call of Duty players to allow them to attack other players of the game and thereby improve their own scores."
Is this illegal?
Police tracked the server to the UK and finally via its IP number to Greater Manchester.
What server?!
"I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff."
Do you have a source for this? I was under the impression that recovering usable data from a zero-written hard disk was an urban myth, and that even with the best equipment, there was only a 50% bit recovery rate (which would be useless). I'd be very interested to see evidence to the contrary though!
This story is probably familiar to every small development firm in the world. A medium size company licences your product, then sells it to a bigger company, promising shiny new features at an impossible price and expects it to work. You are expected to make it work on an impossible deadline.
Lives are rarely at risk. Rarely.