ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Miscellaneous Tech News

    Scheduled Pinned Locked Moved News
    7.4k Posts 83 Posters 3.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in Miscellaneous Tech News:

      @Dashrender said in Miscellaneous Tech News:

      @scottalanmiller said in Miscellaneous Tech News:

      @DustinB3403 said in Miscellaneous Tech News:

      @Dashrender said in Miscellaneous Tech News:

      @DustinB3403 said in Miscellaneous Tech News:

      @Dashrender said in Miscellaneous Tech News:

      @scottalanmiller said in Miscellaneous Tech News:

      @Dashrender said in Miscellaneous Tech News:

      No one is calling Google's Project Zero hackers/black hats because they give a, what 90 day window to companies to fix their shit before they post about it.

      I call that black hat, absolutely. Because they know that customers are at risk and don't tell them. Maybe it's the right decision, maybe it is not, but that's 90 days of wearing a black hat if I'm a customer and they are holding secret information about how to breach me and they've chosen to tell someone other than me, the customer.

      As a customer, I have more right to be told than anyone and I believe telling vendors before customers should be considered a crime. I don't agree with the "black hat for a while" thing that people have sold.

      So you propose that Google's Project Zero should make a public announcement about every vulnerability they find the moment they find them - there would be no other way Google would know who is using said software.

      Yeah, that seems utterly irresponsible. I mean I get why you think that, but in doing so you've also just released another zero day to the masses of hackers. While it's possible that no one was being hacked by this vulnerability, with your announcement, there is zero chance that someone new won't be hacked by this.

      No, don't announce it to the general public, but to paying customers, yes absolutely disclose the vulnerability and remediation (if the client has to do something).

      How do you propose getting that client list if you are Google's Project Zero, and you found a vul in Bitvice SSH client?

      I would assume there is a list of customers somewhere that would have these contact details that could be used.

      There is not.

      LOL, right - let's see.. Google finds a bug in SolarWinds software - calls them up - uh yeah, hey there, You know that client list you have? yeah.. ummm... I'm going to need you to give that me to me, K? Greeeeat.. Thanks.

      -Lumberg

      All the while not telling them why they want it... LOL

      Right. And Solarwinds is a great example. A company that you absolutely can't trust. Now sure, I'd have to be insane to be a Solarwinds client in the first place. But if I was forced to be for some reason, and Google was in cahoots with them sharing vulnerability information in MY network with a known malicious vendor, I'd be livid and definitely consider criminal charges for Google informing my enemies how to breach my network.

      Just because Google identifies someone as the owner of a commercial product, doesn't give said vendor some special legal right to knowledge of my network.

      Well, I'm here to tell you - they are doing it nearly daily.
      https://en.wikipedia.org/wiki/Project_Zero

      Google has reported to nearly every big tech name some vulnerability they found before it went public.

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        Here is an example that would test Google's goals pretty easily....

        Windows has vulnerabilities. Chinese military swoops in and buys Microsoft. Google finds a back door in Windows. Does Google tell the Chinese military how to get in through a backdoor that they probably didn't know about? Or does Google warn customers that they have a back door?

        There's a clear right choice, and clear wrong choice. Sure, it's an absurdly extreme example. But the edge cases normally shine a light where more frivolous situations make it feel like a grey area.

        Under what condition is a vendor given a special privilege by a hacker where the customer is not given a chance to defend themselves? If anything happens, how is Google not actively participating in a crime?

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in Miscellaneous Tech News:

          @scottalanmiller said in Miscellaneous Tech News:

          @Dashrender said in Miscellaneous Tech News:

          @scottalanmiller said in Miscellaneous Tech News:

          @DustinB3403 said in Miscellaneous Tech News:

          @Dashrender said in Miscellaneous Tech News:

          @DustinB3403 said in Miscellaneous Tech News:

          @Dashrender said in Miscellaneous Tech News:

          @scottalanmiller said in Miscellaneous Tech News:

          @Dashrender said in Miscellaneous Tech News:

          No one is calling Google's Project Zero hackers/black hats because they give a, what 90 day window to companies to fix their shit before they post about it.

          I call that black hat, absolutely. Because they know that customers are at risk and don't tell them. Maybe it's the right decision, maybe it is not, but that's 90 days of wearing a black hat if I'm a customer and they are holding secret information about how to breach me and they've chosen to tell someone other than me, the customer.

          As a customer, I have more right to be told than anyone and I believe telling vendors before customers should be considered a crime. I don't agree with the "black hat for a while" thing that people have sold.

          So you propose that Google's Project Zero should make a public announcement about every vulnerability they find the moment they find them - there would be no other way Google would know who is using said software.

          Yeah, that seems utterly irresponsible. I mean I get why you think that, but in doing so you've also just released another zero day to the masses of hackers. While it's possible that no one was being hacked by this vulnerability, with your announcement, there is zero chance that someone new won't be hacked by this.

          No, don't announce it to the general public, but to paying customers, yes absolutely disclose the vulnerability and remediation (if the client has to do something).

          How do you propose getting that client list if you are Google's Project Zero, and you found a vul in Bitvice SSH client?

          I would assume there is a list of customers somewhere that would have these contact details that could be used.

          There is not.

          LOL, right - let's see.. Google finds a bug in SolarWinds software - calls them up - uh yeah, hey there, You know that client list you have? yeah.. ummm... I'm going to need you to give that me to me, K? Greeeeat.. Thanks.

          -Lumberg

          All the while not telling them why they want it... LOL

          Right. And Solarwinds is a great example. A company that you absolutely can't trust. Now sure, I'd have to be insane to be a Solarwinds client in the first place. But if I was forced to be for some reason, and Google was in cahoots with them sharing vulnerability information in MY network with a known malicious vendor, I'd be livid and definitely consider criminal charges for Google informing my enemies how to breach my network.

          Just because Google identifies someone as the owner of a commercial product, doesn't give said vendor some special legal right to knowledge of my network.

          Well, I'm here to tell you - they are doing it nearly daily.
          https://en.wikipedia.org/wiki/Project_Zero

          Google has reported to nearly every big tech name some vulnerability they found before it went public.

          Of course they do, and one of the reasons I have no trust for Google.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in Miscellaneous Tech News:

            Google has reported to nearly every big tech name some vulnerability they found before it went public.

            Right, because they put big business interests before end user. That's exactly who Google is, in every way.

            Same Google in trouble for firing their ethics people, right?

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said in Miscellaneous Tech News:

              @Dashrender said in Miscellaneous Tech News:

              @scottalanmiller said in Miscellaneous Tech News:

              Bottom line, if Google Project Zero discovers a vulnerability, and chooses to hide it from me, and I get compromised because they were complacent (or whose), I think that there is criminal culpability. If they research the software that I am running, that's fine. If they find a vulnerability, though, telling me makes them innocent, not telling me makes them guilty. If you are going to do security research you have ethical responsibilities and, hopefully, criminal ones as well.

              They have made the choice to do the following - report to vendor, put a 90 day clock on it. Either the vendor makes a public announcement within 90 days or Google does.

              This has been happening for years, and as of yet, I don't believe google's been sued over it.

              No, but it sure seems like they should be. Why do they have such a choice to get to make?

              I assume they did because they considered the greater good. Not saying it's right or wrong.. just that it is.

              scottalanmillerS 2 Replies Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in Miscellaneous Tech News:

                @scottalanmiller said in Miscellaneous Tech News:

                @Dashrender said in Miscellaneous Tech News:

                @scottalanmiller said in Miscellaneous Tech News:

                Bottom line, if Google Project Zero discovers a vulnerability, and chooses to hide it from me, and I get compromised because they were complacent (or whose), I think that there is criminal culpability. If they research the software that I am running, that's fine. If they find a vulnerability, though, telling me makes them innocent, not telling me makes them guilty. If you are going to do security research you have ethical responsibilities and, hopefully, criminal ones as well.

                They have made the choice to do the following - report to vendor, put a 90 day clock on it. Either the vendor makes a public announcement within 90 days or Google does.

                This has been happening for years, and as of yet, I don't believe google's been sued over it.

                No, but it sure seems like they should be. Why do they have such a choice to get to make?

                I assume they did because they considered the greater good. Not saying it's right or wrong.. just that it is.

                "The Greater Good" is generally a term used for "knowingly doing wrong and not bothering to defend it." There's no greater good in doing the wrong thing, it's still wrong. They would just be attempting to redefine "good".

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in Miscellaneous Tech News:

                  they considered the greater good

                  Google and "the greater good" are not good friends. Never have been. Not saying that they are the evil empire. They are more, in the middle. But as big businesses go, they aren't exactly well respected as far as "being good" goes. Not their claim to fame. I believe that their claim to fame is anti-trust and spying.

                  1 Reply Last reply Reply Quote 0
                  • mlnewsM
                    mlnews
                    last edited by

                    Man has two guesses to unlock bitcoin worth $240m

                    We've all been there - brain fog makes us forget our password and after eight frantic attempts, we have just two left.
                    That's the situation for programmer Stefan Thomas but the stakes are higher than most - the forgotten password will let him unlock a hard drive containing $240m (£175m) worth of Bitcoin. His plight, reported in the New York Times, has gone viral. Ex-Facebook security head Alex Stamos has offered to help - for a 10% cut. Bitcoin has surged in value in recent months. One bitcoin is currently worth $34,000. But the cryptocurrency is volatile. And experts are divided about whether it will continue to rise or crash.

                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @mlnews
                      last edited by

                      @mlnews said in Miscellaneous Tech News:

                      Man has two guesses to unlock bitcoin worth $240m

                      We've all been there - brain fog makes us forget our password and after eight frantic attempts, we have just two left.
                      That's the situation for programmer Stefan Thomas but the stakes are higher than most - the forgotten password will let him unlock a hard drive containing $240m (£175m) worth of Bitcoin. His plight, reported in the New York Times, has gone viral. Ex-Facebook security head Alex Stamos has offered to help - for a 10% cut. Bitcoin has surged in value in recent months. One bitcoin is currently worth $34,000. But the cryptocurrency is volatile. And experts are divided about whether it will continue to rise or crash.

                      This is what scares me about cryptocurrencies. Seems like everyone has this happen to them. It's so easy to essentially ransomware yourself.

                      hobbit666H 1 Reply Last reply Reply Quote 1
                      • hobbit666H
                        hobbit666 @scottalanmiller
                        last edited by

                        @scottalanmiller said in Miscellaneous Tech News:

                        @mlnews said in Miscellaneous Tech News:

                        Man has two guesses to unlock bitcoin worth $240m

                        We've all been there - brain fog makes us forget our password and after eight frantic attempts, we have just two left.
                        That's the situation for programmer Stefan Thomas but the stakes are higher than most - the forgotten password will let him unlock a hard drive containing $240m (£175m) worth of Bitcoin. His plight, reported in the New York Times, has gone viral. Ex-Facebook security head Alex Stamos has offered to help - for a 10% cut. Bitcoin has surged in value in recent months. One bitcoin is currently worth $34,000. But the cryptocurrency is volatile. And experts are divided about whether it will continue to rise or crash.

                        This is what scares me about cryptocurrencies. Seems like everyone has this happen to them. It's so easy to essentially ransomware yourself.

                        I did some crypto stuff myself. No idea if i got to a single coin, but no idea what wallet i used or where the password etc are 😞 could have $34,000 somewhere lol 🙂

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @hobbit666
                          last edited by

                          @hobbit666 said in Miscellaneous Tech News:

                          @scottalanmiller said in Miscellaneous Tech News:

                          @mlnews said in Miscellaneous Tech News:

                          Man has two guesses to unlock bitcoin worth $240m

                          We've all been there - brain fog makes us forget our password and after eight frantic attempts, we have just two left.
                          That's the situation for programmer Stefan Thomas but the stakes are higher than most - the forgotten password will let him unlock a hard drive containing $240m (£175m) worth of Bitcoin. His plight, reported in the New York Times, has gone viral. Ex-Facebook security head Alex Stamos has offered to help - for a 10% cut. Bitcoin has surged in value in recent months. One bitcoin is currently worth $34,000. But the cryptocurrency is volatile. And experts are divided about whether it will continue to rise or crash.

                          This is what scares me about cryptocurrencies. Seems like everyone has this happen to them. It's so easy to essentially ransomware yourself.

                          I did some crypto stuff myself. No idea if i got to a single coin, but no idea what wallet i used or where the password etc are 😞 could have $34,000 somewhere lol 🙂

                          Yeah, everyone seems to have that story. From my personal experience, it seems that 90% of cyptocurrencies have been lost. No wonder the value is so high! lol

                          hobbit666H 1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender
                            last edited by

                            Like JB I’ve lost like.5 Bitcoin

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in Miscellaneous Tech News:

                              Like JB I’ve lost like.5 Bitcoin

                              That's a LOT of money!! Holy cow. That's enough to buy a decent used car!

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said in Miscellaneous Tech News:

                                @Dashrender said in Miscellaneous Tech News:

                                Like JB I’ve lost like.5 Bitcoin

                                That's a LOT of money!! Holy cow. That's enough to buy a decent used car!

                                Well it is today, when I lost it 15 years ago it was like 50 cent

                                1 Reply Last reply Reply Quote 1
                                • hobbit666H
                                  hobbit666 @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Miscellaneous Tech News:

                                  Yeah, everyone seems to have that story. From my personal experience, it seems that 90% of cyptocurrencies have been lost. No wonder the value is so high! lol

                                  For me i just lost interest and thought it wouldn't come of anything. Also couldn't afford to run things 24/7

                                  1 Reply Last reply Reply Quote 0
                                  • NashBrydgesN
                                    NashBrydges @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Miscellaneous Tech News:

                                    Bottom line, if Google Project Zero discovers a vulnerability, and chooses to hide it from me, and I get compromised because they were complacent (or whose), I think that there is criminal culpability. If they research the software that I am running, that's fine. If they find a vulnerability, though, telling me makes them innocent, not telling me makes them guilty. If you are going to do security research you have ethical responsibilities and, hopefully, criminal ones as well.

                                    What's the legal statute that you are referencing when making this statement about criminal culpability?

                                    Truly asking.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @NashBrydges
                                      last edited by

                                      @NashBrydges said in Miscellaneous Tech News:

                                      @scottalanmiller said in Miscellaneous Tech News:

                                      Bottom line, if Google Project Zero discovers a vulnerability, and chooses to hide it from me, and I get compromised because they were complacent (or whose), I think that there is criminal culpability. If they research the software that I am running, that's fine. If they find a vulnerability, though, telling me makes them innocent, not telling me makes them guilty. If you are going to do security research you have ethical responsibilities and, hopefully, criminal ones as well.

                                      What's the legal statute that you are referencing when making this statement about criminal culpability?

                                      Truly asking.

                                      Are you asking if there is a law that says being part of a crime makes you culpable? If you find someone's house unlocked, and then you call someone and give them a chance to rob that house and keep it secret from the home owner... if you get caught doing that, you are part of the breaking and entering.

                                      If you hack into someone's system, and then sell or give away that info to a third party allowing them utilize that information, you are part of the crime.

                                      Just like if someone finds your wallet on the ground, takes your credit cards and sells them to a third party. Sure, they aren't the ones actively or physically impersonating you, but they are part of the identity theft.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        Ethical hacking is when you do research or use the hacking to protect those at risk. Criminal hacking is when you use hacking to sell (or give away) the hacking to give someone else (or youself) the chance to breach a system.

                                        I feel like you guys are trying to say that you'd be okay with someone researching your systems, figuring out how to breach them, then selling that information to a third party so that they can't steal your data.

                                        It's like being okay with hiring a hit man because it's not really you pulling the trigger.

                                        1 Reply Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch
                                          last edited by

                                          This Raspberry Pi Monitors Your Power Usage

                                          1 Reply Last reply Reply Quote 2
                                          • mlnewsM
                                            mlnews
                                            last edited by

                                            Google tries to allay Fitbit-deal privacy fears

                                            Google has completed its acquisition of Fitbit and tried to reassure users it will protect their privacy.
                                            The search giant bought the health-tracking company for $2.1bn (£1.5bn) in November 2019 but faced questions from regulators. Following a four-month European Commission investigation, it agreed not to use health and location data from Fitbit devices for advertising. The deal was then approved by authorities in December. In a blog, Google said the acquisition "has always been about devices, not data". "We've been clear since the beginning that we will protect Fitbit users' privacy," it added, promising the commitments given to the commission, which it must keep for 10 years, would be implemented globally.

                                            NashBrydgesN 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 330
                                            • 331
                                            • 332
                                            • 333
                                            • 334
                                            • 372
                                            • 373
                                            • 332 / 373
                                            • First post
                                              Last post