Messenger App

[nixnerd]

Well, a while back, researchers were able to crack 4096 bit encryption by listening to the sounds of the CPU with a microphone.

Not that the NSA would ever need to do this because they paid RSA $10 Million to use intentionally flawed mathematics in their encryption algorithm… that became an industry standard.

This completely proves @traq’s earlier point.

[__]

Is it really that difficult? I see it sort of like when you close a browser and your sessions are cleared

Have you ever actually checked whether your browser sessions are cleared (whether the cookies are discarded) when you “close” the browser in Android/iOS? Most times, when you tap “close,” the browser process is merely sent to the background to wait until you “open” it again. As far as the browser knows, it is still open.

This is actually really good for memory management, task-switching and general (perceived) performance on mobile devices, but it breaks the long-standing concept that closing the browser will “log you out.”

I don’t know if this specific behavior still exists, but it was a really confusing problem a year or two back.

Well, a while back, researchers were able to crack 4096 bit encryption by listening to the sounds of the CPU with a microphone.

Did you know that there exist laser “microphones” that can listen through soundproof rooms (even through a vacuum) by bouncing the beam off of a hard object (e.g., window glass) and measuring the observed vibrations?

[__]

Ok, speaking of that and on a lighter note… here is another “tech expert”:
“Who is this 4chan person?”

Lol, also I love the distinction between “the cloud” and an “online backup.”

NTM the implication that “pa$$word” is a secure alternative to “password”.

[nixnerd]

Did you know that there exist laser “microphones” that can listen through soundproof rooms…

I do now! I remember thinking it was crazy to hear that the NSA was intercepting laptops and PCs on their way to stores/end users and embedding devices that could send data via radio waves… whether or not the PC was connected to the internet or even on for that matter.

This is appropriate because if all else fails, they can always go the Stasi route. (will also post in joke thread):

and so is this:

[nixnerd]

I would also like to say one more thing:

Metal Gear Solid came out in 1998. It explored the possibility of DARPA implanting nano-machines into humans to create super soldiers, like Solid Snake. They could heal faster and avoid common soldier issues like PTSD. What an absurd concept right?

Check out this article I found today:

http://www.extremetech.com/extreme/188908-darpas-tiny-implants-will-hook-directly-into-your-nervous-system-treat-diseases-and-depression-without-medication

So weird.

[chrisburton]

I think my post was flagged and I don’t remember what exactly I wrote.

[nixnerd]

Nooooo! I had one disappear today too. But it looks like the mods have lives… so we’ll have to wait.

[chrisburton]

@Joe_Temp

Ok. I remember one part. It seems that one article about the pacemaker was a hypothetical 0day exploit in which how to go about handling companies who refuse to patch them. Or am I wrong?

[nixnerd]

No, for that article, you are not wrong. But… the author makes it pretty clear that they were obvious. Now, on the refusal to patch… I’m pretty sure I read a follow up to that, written by a different author, that mentions that. I need to find it. Could have just been a comment on Hacker News that stuck out to me, but I’m pretty sure I remember reading an article.

However, the fact remains… security holes were pretty clear and obvious to an outsider. Dev team had to know for an extended period of time. How could they not?

This is the advantage of open source that @traq was talking about. Even if it’s a paper thin, shred of an advantage… at least its something.

I just don’t think people understand how insecure our entire world is. If I had to compare it to anything, I would liken it to everyone’s house being made of paper.

[__]

Given the specifics of his “hypothetical,” the urgency of his question, and the fact that this wouldn’t be the first such exploit found, I really don’t believe it is hypothetical. He’s just phrasing it in the abstract as a legal precaution.

[nixnerd]

Right. And the specifics of THIS case aren’t even really the issue. The larger issue is privacy in general and how to handle exploit discovery. Google does one thing right in that they pay a bounty to people who find exploits in Chrome. No questions asked. However… most companies are going to ask a lot of questions if you tell them about a hole and probably sue your ass off.

[chrisburton]

Google does one thing right in that they pay a bounty to people who find exploits in Chrome.

Many companies do this (FB, Twitter, Yahoo, etc): https://hackerone.com. I think open source not only helps us for security purposes but also transparency.

[nixnerd]

I need to revisit this for a second:

I’ve got some really crazy anecdotal evidence that to me at least, totally proves that Google DOES access my microphone and camera on a fairly regular basis.

On NUMEROUS occasions… more than five, I’ve been having a conversation with my phone in my pocket. I don’t have it out, I’m not looking at it, just talking to a real person with the phone in my pocket. We’ll be talking about something like a movie or a product or a restaurant. Then, I’ll take out my phone to browse news or whatever. Then… right there in the sidebar is a Google ad for what I was just talking about. That was on Android.

With an iPhone it was even more pronounced. I’d be talking about something SUPER specific. Like, a certain store inside a certain mall. Let’s say… The Levi’s Store inside Cherry Creek Mall. I would search from the old iOS search bar and tap the letter ‘L’ because I wanted to look up Leone, France. Literally the first result would be “Levi’s Store Cherry Creek Mall.”

All of this was creepy as hell. And back when I had my very first Android, sometimes late at night my phone would just do its own thing. I’d set it on the table and it would scroll, tap on apps, all kinds of stuff. It was almost like someone was remotely controlling the phone. I never saw any tap typing though. That would have been REALLY creepy.

I’m fully aware that all of these separate and distinct incidents could have been complete coincidence. I understand that this is anecdotal evidence and you don’t have to believe me. I understand I can’t prove causation. But… to me it seems a little shady.

[nixnerd]

Many companies do this (FB, Twitter, Yahoo, etc): https://hackerone.com. I think open source not only helps us for security purposes but also transparency.

Many do. Not enough. Many will also try to label you a ‘hacker’ and accuse you of trying to exploit their system. Based on many current laws, depending on how much you probe to find an exploit… you’ve already broken the law, just by trying to do someone a solid. What a shame.

[__]

I just don’t think people understand how insecure our entire world is.

Everything is on the internet.

In many, many cases, things like security cameras, alarm controllers, home/business NAS servers, HVAC/other industrial machines, stadiums/public buildings, traffic signals, power plants, are all wide open to anyone who decides to visit.

“These are traffic lights. At intersections. You can telnet into them and put them in ‘test mode.’ And the instructions say ‘warning, don’t do this, you might kill people.'”

Yeah. All at a public IP address with no login.

[Author]

Posts