I came across this because we ordered two demo units for a development project. Both devices were new out of the box and infected the PC the moment you opened the camera on your PC. Pretty scary to think that these cameras are in tons of US Police Departments. These cameras were actually recommended to us by several Chiefs of Police we were working in various parts of the country.
The last line of the article reads:
"Kim Brooks' fiction has appeared in Five Chapters, Glimmer Train, One Story, Epoch, and other journals. A graduate of the Iowa Writers' Workshop, she teaches writing and is at work on a novel. You can follow her on Twitter @KA_Brooks."
There is no reason any site should shut down like this, if it is in fact a very valuable resource. The owner could/should just move the site to a tor hidden service. At very least offer up a dump of the data so someone else could run with it.
BofA and Wells Fargo suffer from account number enumeration.
Wells Fargo has 10-11 digit (depending on if it's WF or previously Wachovia) account numbers. One portion defines the bank branch where the account was opened, another portion defines the account type, and the last digit is a check digit. You can guess at an account number by attempting a deposit (in person or online).
There's also the fact that BofA and Wells Fargo have account numbers displayed in cleartext on pieces of paper that are handed to strangers.
I'm not arguing the merits of Coinbase's security, but traditional banks don't fare well either. Coinbase can improve. Traditional banks are limited by standards that they can't change.
I haven't personally seen the system, or tested it, but I'm pretty sure if I tried to enumerate all Bank Of America account numbers I'd get shut down pretty quick.
Two months ago I was able to enumerate all accounts from a local bank (Paraguay), they used document number and numeric passwords for login. They were showing different error messages when you tried to login with a nonexistent ID.
So I started generating random numbers between common document number ranges (1000000-4000000).
Our public health system has a web app that lets you check your enrollment status by entering an document #, and there are no CAPTCHAs! So the attack was like this: generate a random document number, send a request to the public health app and get the target's info (name, date of enrollment and other info).
The most interesting thing was that I tried to login into all accounts by using the birth date of the target as a password (the bank's password policy: just numbers, a min. of 6 numbers...). Around 40% of the clients were vulnerable.
Yes, probably.
I have communicated the public health app problem (actually they just need to put a CAPTCHA) many times but it seems that nobody cares. About the bank, I was working as a data science consultant at that time, so it was easy for me to knock the door of the security department and tell them about my attack.
"All materials submitted in connection with this Contest will not be returned. By participating, you agree to be bound by these Rules including all eligibility requirements. Participants acknowledge and agree that all entry materials submitted in connection with this competition are submitted on a non-confidential basis and may be used by Coinbase, its agents, subsidiaries, and related companies, for advertising and promotional purposes. Coinbase reserves all rights, including the right to edit, publish, use, adapt, and modify proper names, likenesses, and photographs for advertising and promotional purposes in all media (including, but not limited to, the internet) without additional compensation, expect where prohibited by law." -http://bithackathon.com/terms.html
This seems like a pretty brilliant way to get tons of apps for only 18k
I like the part where they say they reserve the right to edit and modify names, likenesses and photographs. Basically they could take your product and say that their internal team made it if they wanted to.
This is one of my favorite exercises. I started out in a similar situation where it was necessary to get an .net app to act differently. The feeling of accomplishment was completely different than regular development. Now reverse engineering is a hobby I am very passionate about.
It's also incredibly insightful as a developer to see how crappy code can exist in very expensive software.
knucklebusters (card imprinting machines) are not required or even recommended by processors. The tide had turned on imprinting in the majority of industries.
I feel the Windows+X menu is a disaster. It is the worse UI for a menu ever. Is it a traditional start menu? a context menu? It feels really out of place with the entire Windows 8 UI. You want a shortcut to the Control Panel? Device Manager? Event Viewer? Let's just throw it on the start/context menu! The whole Windows+X menu seems like it was added by an engineer and was completely overlooked by the design team.
I learned to love this full-screen menu, once I set up one of extra buttons on my mouse to "win" key and learned to use scroll-wheel to navigate the menu. it is fast, fluid and I do not have to focus on reading program names. became 2nd nature to me
As an admin, I don't find the menu useful. Especially when I hop on various Server 2012 servers that have a slightly different version of the menu than my 8.1 VM.
To me, win+r is all that is needed. If I can't remember the name of an msc winkey + start typing still works ok.
The fact that the metro start screen exists on the server OS is deplorable.
