Messenger App

[chrisburton]

Many do. Not enough. Many will also try to label you a ‘hacker’ and accuse you of trying to exploit their system. Based on many current laws, depending on how much you probe to find an exploit… you’ve already broken the law, just by trying to do someone a solid. What a shame.

Agreed but to be fair, some hackers actually use the exploit in the wrong way to teach companies a lesson about security.

[nixnerd]

In many, many cases, things like security cameras, alarm controllers…

I used to mess around with this about 7 years ago. You could basically just Google model numbers for like Motorola cameras and browse through them. In MANY cases, you could actually control them with NO LOGIN, NO TELNET, NO SSH, nothing. It was a GUI feature for the end user but guess what? They never locked it down. So anyone who cares to find it can control it. I specifically remember watching a few traffic cams and woodshop (weird right) and being able to pan and zoom.

What most people don’t realize is video baby monitors are the SAME WAY. I know two people who have their kid’s video monitor connected to the internet, so they can go next door and sip cocktails while “keeping an eye” on their kids. They think I’m paranoid for telling them to lock it down. It’s quite clear they don’t understand anything.

Edit: This is how the ENTIRE internet used to function just over a decade ago. NOTHING was locked down. Not even major news sites! Adrian Lamo WAS NOT a hacker and never broke the law. Dude should have gotten off.

[nixnerd]

Agreed but to be fair, some hackers actually use the exploit in the wrong way to teach companies a lesson about security.

Yes, that is true. Or try to extort them.

[chrisburton]

@traq Wow. Awesome video.

[__]

Watch the one about airplanes.

[chrisburton]

Will do. I saw the one on botnets and the Russians.

[chrisburton]

Just to bring this thread to life again and since some of you have mentioned using a VPN, I read last night about the NSA having a tool (XKEYSCORE) where a VPN doesn’t protect you.

What is surprising is that the slides seem to suggest that VPNs and encrypted links may not be secure. “Show me all PGP usage in Iran” and “Show me all VPN startups in country X, and give me the data so I can decrypt and discover users” seem to be functions available to analysts using XKS. This isn’t a direct admission they’ve broken ciphers such as AES-256 and 3DES, but it would seem that they’ve found some exploitable weaknesses.

This leads us to another important question: Can the NSA eavesdrop on HTTPS traffic? In recent years, many web services have moved to HTTPS as standard (such as Gmail), and in theory the encryption should keep your data safe from prying eyes. As of 2012, though, despite the widespread adoption of HTTPS, XKS still seems to be working as intended. Has the NSA cracked HTTPS? Has the NSA somehow obtained the root SSL certificates from the likes of Symantec and Comodo, so that it can perform man-in-the-middle (MITM) attacks on any website that uses HTTPS?

If HTTPS, PGP, and VPNs have been compromised, and if the NSA really has its insidious tentacles hooked into fiber-optic cables, microwave links, and foreign satellite links, there is almost no way of using the internet or any other communications network without the American and other Western governments snooping on you.

Link: http://www.extremetech.com/extreme/162739-xkeyscore-the-nsa-program-that-collects-nearly-everything-that-you-do-on-the-internet

[nixnerd]

I read last night about the NSA having a tool (XKEYSCORE) where a VPN doesn’t protect you.

Yeah… from the NSA, you’re right. Might help with your ISP though. XKEYSCORE became pretty infamous during the height of the Edward Snowden fervor. People have now moved their attention to brewing war all over the globe and largely don’t care.

One more attack our soil and people will willingly give up more freedom than they already have in the name of ‘safety’.

I was going to say this earlier, but I read if all else fails… the NSA can just clamp monitoring/decrypting devices to the OUTSIDE of huge fiber optic lines that run either in the ground or deep in the ocean.

The Fourth Amendment has already been effectively nullified.

[chrisburton]

I was going to say this earlier, but I read if all else fails… the NSA can just clamp monitoring/decrypting devices to the OUTSIDE of huge fiber optic lines that run either in the ground or deep in the ocean.

They’ve already done that, apparently. That’s initially how they breached Yahoo! and Google.

[nixnerd]

This is how I feel about all this:

They call it “The Ultimate Double Facepalm”… I call it “The Bullwinkle”

[chrisburton]

And look: https://www.yahoo.com/tech/russian-hackers-release-5-million-gmail-usernames-and-97147084299.html

[nixnerd]

I don’t mean to sound paranoid… and I hope I don’t come off that way. But… all of this sort of makes me want to unplug.

[chrisburton]

I don’t mean to sound paranoid… and I hope I don’t come off that way. But… all of this sort of makes me want to unplug.

Those feelings seem appropriate to me. I feel the same way but, to be blunt, we’re fucked regardless. There’s nothing we can do. The NSA still tracks data from other countries.

[nixnerd]

I know… so hopeless. The real challenge is to get people to actually care and… they don’t. Plain and simple. We do. We are in the minority. Most people have the mindset of “Well, I have nothing to hide so I don’t care.”

I’ll drop this remix of a classic here. It’s as appropriate as ever:

First they came for the Whistleblowers, and I did not speak out—
Because I was not a Whistleblower.

Then they came for the Boing Boing Readers, and I did not speak out—
Because I was not a Boing Boing Reader.

Then they came for the Linux Users, and I did not speak out—
Because I was not a Linux User.

Then they came for people who mocked the NSA, and I did not speak out—
Because I was not mocking the NSA.

Then they came for the Jews (they always eventually come for the Jews even when Jews think they are mainstream), and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.

[chrisburton]

Incredible!

[Author]

Posts