You’ll definitely get lots of login attempts. I used to have a port 22 ssh, hundreds of attempts per day.
Would be interesting to see what post login behavior was.
You’ll definitely get lots of login attempts. I used to have a port 22 ssh, hundreds of attempts per day.
Would be interesting to see what post login behavior was.
Wanna bet they expose SSH on port 22 to the internet on their “critical” servers? 🤣
Sure, but the author makes it sounds like thats its their standard way of doing things, which is insane.
And if you do have a misconfiguration, the rational thing is to fix that, not dump the entire platform.
If the hypervisor or any of its components are exposed to the Internet
Lemme stop you right there, wtf are you doing exposing that to the internet…
(This is directed at the article writer, not OP)
The malware argument is a bit weak, if your router is vulnerable to something it’ll likely be found and pwnd in a matter of minutes, so turning it off a night won’t really save you. And once a patch is released, it’ll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.
Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre. And as soon as your device is slightly custom, it becomes a less valuable target.
That’s just what CMG claimed to have.
But to be useful for an advertising network, it kinda needs to be installable on everything. And if it failed to suppress the mic LED on a single device, it would be very easily noticed?
Sure, except we are defenceless to the rampant dropbears. /s
Australia is a funny example for gun control. Yanks seem to think we have no guns at all, but the reality is that as long as you are mentally sound and store your guns safely, they aren’t that hard to get.
Any idiot and chatgpt could knock up an overt always listening app in an afternoon. I have no doubt shady apps already can do this. Its not hard or expensive. (Backend storage and audio processing costs are a different kettle of fish, and I think those make this fairly prohibitive as well, but that’s a funding problem, not a technical problem.)
But as soon as they make the claim that it doesn’t trigger the microphone LED on iOS and Android, across all devices, then that’s a “technically hard” problem. That’s multiple zero days across multiple devices. Its just not feasable for an ad tech firm. They would never be able to recoup that investment.
I’m happy to be proven wrong, but so far all the researchers in the world have found nothing.
So I’m attributing near 0% chance that anyone outside of nation states have the later tech (device agnostic covert audio recording).
The capabilities TLAs have costs hundreds of millions of dollars to develop, and once caught, are worthless. TLAs are extremely careful with their toys to avoid them being caught.
This Adtech company is claiming to have something at that level, which they are deploying everywhere. If it existed, it would have been found the day after they announced it, the security researcher industry would be all over it. They are very intelligent people who do understand those devices inside and out, if it existed they would find it. Remember, these are the same researchers who frequently out actual TLA tools.
You can’t prove a negative, so it definitely is a probability thing, but I put the probability at basically 0 that they have what they claim.
The capability they were claiming to have would make a three letter agency very excited. If they truely had the ability to listen to your microphone, transparently without notifying the user, they could sell that tech to every regime that wants to snoop on people, for millions of dollars.
Instead they claim to be using it for Ad-tech, where if it existed, would make it trivial to discover and flag as malware.
Apple and Google would also be very keen to find and squash whatever loophole let’s them record without showing the notification.
Its just an extraordinary claim, which if true would have been exposed/validated by security researchers long ago.
Not disputing the three letter agencies, but there is zero evidence that that ad company ever had the tech or ability. They were/are just full of shit.
This was pretty clear when observing the output of tldrbot. It would just randomly select paragraphs, ignoring surrounding context, and call it a summary.
Yup, I mispoke, but essentially yes, they could be DC, but at a significantly higher voltage than 12v DC.
Some appliances use the AC frequency to timekeep as well, but given almost all appliances have microcontrollers now, that hardly matters anymore.
I would have thought DC motors would have worse longevity, given they have a wear surface due to the split ring commutator? Unless they are talking about ESC DC motors?
All the small stuff is low voltage DC, but just about every appliance requires AC (ovens, dishwashers, kettles, toasters, washing machines, aircon). Running an oven on 12v DC would be insane.
Im willing to believe it exists, but not that its any good. 99% is a crazy accuracy claim.
That is a long video, is the paper published somewhere?
Im willing to accept that you can statistically “watermark” the text, but I’m not convinced that it would be tamper resistant, which is a large part of what makes a watermark useful. If it can’t survive an idiot with a thesaurus, its probably not gonna be terribly useful.
The arstechnica article speculated it was more of a pattern of words thing.
I think it is lies, and doesn’t exist or work anywhere near as good as they claim. Or, its incredibly easy to bypass.
I have a travel router as well, I just prefer to keep the SSIDs different. It is definitely paranoia, but if someone sees your travel router at a hotel, they know your not home, and your home can be found on wigle.net.
Its not that bad to reset the Chromecast, and I do it infrequently, so I’m happy with that.
I take my Chromecast on holiday, you basically have to factory reset it every time to change network. But my recollection is that you’ve always had to do that.
There are two reasons to avoid a union:
If you are well looked after by your company and are treated fairly, there is no need to create a union.
Apple may be in this category?