Page 3 of 4 FirstFirst 1 2 3 4 LastLast
Results 51 to 75 of 82
  1. #51
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Quote Originally Posted by stfu&gbtw View Post
    It's unfortunate, but it's not stupid. You'd be astonished to see the list of devices that contain hard coded admin passwords, like nearly every "next gen" firewall that receives definition updates from the manufacturer for services like web/email filtering and atp/ips. Juniper networks had a hard coded password cracked not too long ago. I'm fairly certain that Sophos, Palo Alto, Fortinet, Barracuda, and many many others do the same. There are a variety of methods an update service can use to authenticate to all their client devices in the wild, but they all amount to the same thing.
    Oh fuck, don't tell me that right now.
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  2. #52
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Quote Originally Posted by jono View Post
    How hard is it to give the customer admin capability or at least a second key so that a human has to push a button when it's time to let the device chat with the manufacturer? I see what stfu is saying about everything amounting to a hard coded admin password if the manufacturer has to be able to contact every device in the wild. But unless those devices are being sold to Iran etc. I think the real issue is the assumption that the manufacturer must be able to do so without consent or knowledge of the user. It's either the problem or the solution. If manufacturers are keeping that right and de facto leasing their devices to customers, they ought to be responsible for how their devices are used, including by predictable hacks.
    Then you'd have no automation.
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  3. #53
    Join Date
    Nov 2005
    Posts
    2,838
    Quote Originally Posted by stuckathuntermtn View Post
    Then you'd have no automation.
    You mean less automation?

  4. #54
    Join Date
    Dec 2010
    Posts
    7,610
    Quote Originally Posted by jono View Post
    How hard is it to give the customer admin capability or at least a second key so that a human has to push a button when it's time to let the device chat with the manufacturer? I see what stfu is saying about everything amounting to a hard coded admin password if the manufacturer has to be able to contact every device in the wild. But unless those devices are being sold to Iran etc. I think the real issue is the assumption that the manufacturer must be able to do so without consent or knowledge of the user. It's either the problem or the solution. If manufacturers are keeping that right and de facto leasing their devices to customers, they ought to be responsible for how their devices are used, including by predictable hacks.
    It's got nothing to do with consent... How and when updates are applied is controlled via admin settings. And for major updates, it's not unusual to download the new firmware or whatever and apply it manually.

    But the whole point of those devices is that they're basically selling research/administration as a service. A device's atp/ips settings might get updated a dozen times in a day if circumstances called for it. It would be far too time consuming to try to process all the data supporting the advanced feature set manually. In the next-gen firewall world, failed updates are a real pain point, so lots of designs favor consistently successful updates over more stringent security.

    Every decision in computer system security boils down to exactly the same question: Given that security and functionality exist on opposite ends of the same spectrum, what is the appropriate compromise for this specific use case?
    Quote Originally Posted by Hugh Conway View Post
    Hugh Conway sucks
    Quote Originally Posted by Meadow Skipper View Post
    I guess stfu might be right about steel toed boots
    Quote Originally Posted by pedoherp69 View Post
    I know actual transpeople.
    Quote Originally Posted by rokjoxx View Post
    We is got a good military, maybe cause some kids get to shooting sports early here.

  5. #55
    Join Date
    Dec 2010
    Posts
    7,610
    Quote Originally Posted by stuckathuntermtn View Post
    Oh fuck, don't tell me that right now.
    Meh, I wouldn't lose any sleep over it. What device are you concerned about? Chances are the super secret password is "12345“. That“s the same one Bill Gates uses on his luggage.
    Quote Originally Posted by Hugh Conway View Post
    Hugh Conway sucks
    Quote Originally Posted by Meadow Skipper View Post
    I guess stfu might be right about steel toed boots
    Quote Originally Posted by pedoherp69 View Post
    I know actual transpeople.
    Quote Originally Posted by rokjoxx View Post
    We is got a good military, maybe cause some kids get to shooting sports early here.

  6. #56
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Hahaha.
    SonicWall tz400 wireless that I may have spent up 12 or more hours setting up and smoothing out all the kinks and talking to dudes in India about.
    What a fucking pain in the ass.
    Are Cisco Murakis much better? They're more expensive.
    It's a doctor's office, so no Content Filtering or VPN, but DPI SSL and full ips/gateway security. 2 wireless laptops, 3 wired desktops, and 1 wired printer.
    Shit was just randomly not working.
    Wireless isn't setup to be on the same network as the built in switch by default. Was a pain in the ass to set up. Wireless features are a lot more limited than I thought they'd be. (Won't do 2.4GHz and 5GHz at the same time! Half duplex!). DPI SSL is inexplicably over active on WiFi. Kaspersky Internet Security can be a pain. He went and bought a different version than I put in my quote. Business Security! Business!
    Anyway, that's been my life.
    At least Dell support is alright.
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  7. #57
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Rshea, I wasn't talking about distance, just that even down the street, whatever physical connection or dns I seemed to be on/using was totally different than a client down the street with the same provider. Seems very patchwork.
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  8. #58
    Join Date
    Feb 2006
    Location
    Among Greatness All Around
    Posts
    5,222
    Quote Originally Posted by stuckathuntermtn View Post
    Rshea, I wasn't talking about distance, just that even down the street, whatever physical connection or dns I seemed to be on/using was totally different than a client down the street with the same provider. Seems very patchwork.
    Well you know, I hope, that there is DHCP and if it is turned on, then the DNS servers are automatically assigned by the DHCP server and ultimately the ones picked by that network admin. They could be the recommended servers by the ISP, or servers such as Google DNS, Genuity (Verizon), or some other offering like OpenDNS or even some business networks run their own DNS private servers. If you do not do DHCP, then you can specify the DNS servers in use and they do not have to be your ISP's recommended DNS server.

  9. #59
    Join Date
    May 2007
    Location
    Sandy, Utah
    Posts
    11,261
    Quote Originally Posted by RShea View Post
    Well you know, I hope, that there is DHCP and if it is turned on, then the DNS servers are automatically assigned by the DHCP server and ultimately the ones picked by that network admin. They could be the recommended servers by the ISP, or servers such as Google DNS, Genuity (Verizon), or some other offering like OpenDNS or even some business networks run their own DNS private servers. If you do not do DHCP, then you can specify the DNS servers in use and they do not have to be your ISP's recommended DNS server.
    You can use DHCP and still assign a different DNS server to any individual machine anytime you want. Unless your admin locks down the environment this is just a setting on the network card. I do it when troubleshooting sometimes. 8.8.8.8 or 4.4.4.4 work pretty good usually.
    http://www.firsttracksonline.com

    I wish i could be like SkiFishBum

  10. #60
    Join Date
    Nov 2005
    Posts
    2,838
    Quote Originally Posted by stfu&gbtw View Post
    It's got nothing to do with consent... How and when updates are applied is controlled via admin settings. And for major updates, it's not unusual to download the new firmware or whatever and apply it manually.

    But the whole point of those devices is that they're basically selling research/administration as a service. A device's atp/ips settings might get updated a dozen times in a day if circumstances called for it. It would be far too time consuming to try to process all the data supporting the advanced feature set manually. In the next-gen firewall world, failed updates are a real pain point, so lots of designs favor consistently successful updates over more stringent security.

    Every decision in computer system security boils down to exactly the same question: Given that security and functionality exist on opposite ends of the same spectrum, what is the appropriate compromise for this specific use case?
    I was referring mainly to cameras and DVR's. Where major firmware updates are distinguished from everyday use there is already an opportunity to allow the user to manually approve a change to a "hard coded password" though, right? Consent has a separate downside for some manufacturers, but I agree that's not really about security vs. functionality; obviously end users crack their own devices though, so that's a whole different discussion.

  11. #61
    Join Date
    Nov 2002
    Location
    EWA
    Posts
    14,025
    American vigilante hacker sends Russia a warning



    An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets.

    On Friday night, the Jester gained access to the Russian government ministry's website. And he left a message: Stop attacking Americans.

    "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
    Kindness is a bridge between all people

    Dunkin’ Donuts Worker Dances With Customer Who Has Autism

  12. #62
    DJSapp's Avatar
    DJSapp is online now (╯°□°)╯︵ ┻━┻
    Join Date
    Oct 2003
    Location
    All over NCal
    Posts
    6,224
    Not certain how real this is, but fun to watch

    http://map.norsecorp.com/#/

    And as for less secured internet connected devices, that crap terrifies me. Just to name some common household items that aren't your computer/phone/tablet in a descending level of commonality:

    xbox/playstation/wii
    chromecast/apple tv/roku
    TV/DVD player
    A/V Receiver
    A/C controller
    Garage Door
    Refrigerator & other appliances
    Security camera/system
    Fat fuck bubbas are not erosion.

  13. #63
    Join Date
    Feb 2006
    Location
    Among Greatness All Around
    Posts
    5,222
    And there are stories now coming out that this is a bot written to infect equipment and then use IoT devices for the work of the attack:

    https://threatpost.com/chinese-manuf...n-ddos/121496/

    So be careful of what you expose to the Internet and if it is exposed, make sure you keep up with updates to the equipment on a regular basis...

  14. #64
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Why the fuck is there a web browser a fridge, btw?
    And off topic, but sorta related: why must soda be a touchscreen now?
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  15. #65
    Join Date
    Dec 2010
    Posts
    7,610
    Quote Originally Posted by stuckathuntermtn View Post
    Why the fuck is there a web browser a fridge, btw?
    And off topic, but sorta related: why must soda be a touchscreen now?
    DNRTFA but I'd bet they use the browser framework to deliver the app...
    Quote Originally Posted by Hugh Conway View Post
    Hugh Conway sucks
    Quote Originally Posted by Meadow Skipper View Post
    I guess stfu might be right about steel toed boots
    Quote Originally Posted by pedoherp69 View Post
    I know actual transpeople.
    Quote Originally Posted by rokjoxx View Post
    We is got a good military, maybe cause some kids get to shooting sports early here.

  16. #66
    Join Date
    Jan 2008
    Location
    truckee
    Posts
    10,370
    I still haven't figured out why I need to tell my furnace to turn on when I'm somewhere else. God forbid I should be cold for 15 minutes if I come home while the temperature is programmed to be low.

  17. #67
    Join Date
    Mar 2006
    Location
    Missoula, MT
    Posts
    19,941
    Well, we've had programmable thermostats for a long time without needing Internet access. Coming into a cold house sucks.
    Still don't understand how my fridge would benefit from an internet connection.
    No longer stuck.

    Quote Originally Posted by stuckathuntermtn View Post
    Just an uneducated guess.

  18. #68
    Join Date
    Sep 2009
    Location
    PNW
    Posts
    5,019

    Woah! That is a very ballsy move, holy shit! Slap to the face.

  19. #69
    Join Date
    Feb 2008
    Location
    Donner Summit
    Posts
    680
    Quote Originally Posted by old goat View Post
    I still haven't figured out why I need to tell my furnace to turn on when I'm somewhere else. God forbid I should be cold for 15 minutes if I come home while the temperature is programmed to be low.
    Try radiant heat. 12+ hours to heat my house up from 50 degrees (what I leave it at when I'm away for more than a day) to 68. Awesome once it's warm though. Wifi connected thermostats have helped me avoid a bunch of cold nights (or wasted propane).

  20. #70
    Join Date
    Jun 2006
    Location
    Couloirfornia
    Posts
    8,717
    ^^^ Yeah, been meaning to remind my FIL to install a Nest in their new place in TD. House is at 50 or 55 when there's nobody there. Would be useful to be warmer prior to setting foot in the house.
    Quote Originally Posted by Ernest_Hemingway View Post
    I realize there is not much hope for a bullfighting forum. I understand that most of you would prefer to discuss the ingredients of jacket fabrics than the ingredients of a brave man. I know nothing of the former. But the latter is made of courage, and skill, and grace in the presence of the possibility of death. If someone could make a jacket of those three things it would no doubt be the most popular and prized item in all of your closets.

  21. #71
    Join Date
    Apr 2006
    Location
    SF & the Ho
    Posts
    5,737
    Also handy to turn the heat down remotely when you let knucklehead friends use the cabin and they leave it at 72 and leave.

  22. #72
    Join Date
    May 2007
    Location
    Sandy, Utah
    Posts
    11,261
    Quote Originally Posted by stuckathuntermtn View Post
    Well, we've had programmable thermostats for a long time without needing Internet access. Coming into a cold house sucks.
    Still don't understand how my fridge would benefit from an internet connection.
    Re fridge. Think call home repairs, and in the future potentially creating and sending your grocery list so all you have to do is pick it up at the store. Also maybe easy of use for cooks and their recipes. Necessary? Fuck no, but that's the manufacturer thought process.
    http://www.firsttracksonline.com

    I wish i could be like SkiFishBum

  23. #73
    Join Date
    Feb 2006
    Location
    Among Greatness All Around
    Posts
    5,222
    Quote Originally Posted by stuckathuntermtn View Post
    Well, we've had programmable thermostats for a long time without needing Internet access. Coming into a cold house sucks.
    Still don't understand how my fridge would benefit from an internet connection.
    There is the thinking that the fridge connected to the internet offers a benefit while shopping at the grocery store. Need to know the status of milk, beer or something like that, jump on the web and have a look to see via the camera and web connection.

  24. #74
    Join Date
    Dec 2012
    Location
    I smell poutine!!!
    Posts
    7,811
    We deserve to be hacked and overrun by another country if we get so lazy that we are unable to do such basic functions as making a grocery list. The risk is not worth the reward.
    Real VTers tap trees.

  25. #75
    Join Date
    Dec 2010
    Posts
    7,610
    Quote Originally Posted by riser3 View Post
    We deserve to be hacked and overrun by another country if we get so lazy that we are unable to do such basic functions as making a grocery list. The risk is not worth the reward.
    Yup... We're so overinvested in progress, we're leaving a trail of half baked bullshit problems behind us that will one day align to take the whole thing apart. Most recently, I've been playing with some of these "next gen" firewalls, and it's amazing how many have managed to introduce a bunch of fancy application layer functionality at the minor expense of losing the ability to correctly route network traffic. But the graphics are awesome!
    Quote Originally Posted by Hugh Conway View Post
    Hugh Conway sucks
    Quote Originally Posted by Meadow Skipper View Post
    I guess stfu might be right about steel toed boots
    Quote Originally Posted by pedoherp69 View Post
    I know actual transpeople.
    Quote Originally Posted by rokjoxx View Post
    We is got a good military, maybe cause some kids get to shooting sports early here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •