[funsec] PS3 cracked
http://www.bbc.co.uk/news/technology-12116051 Once again, implementation details. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It is a very sad thing that nowadays there is so little useless information. - Oscar Wilde victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Your Facebook account. Give it to me.
On Tue, Jan 04, 2011 at 03:45:17PM -0800, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > http://www.cbc.ca/technology/story/2011/01/04/calgary-airport-wifi-privacy.html > > If you want to use Wi-fi in Calgary airport, you have to give them access to > your > Facebook info. > > (Actually, it sounds like this is one option, the others being to pay for > hotspot > access.) > > I suspect that this is just Facebook trying to build their attempt at > becoming an > "identity provider": lots of sites now allow you to "log in" with Facebbok > credentials. It's probably turning up in news from Calgary because Canadian > privacy laws say you have to warn people that you are accessing information. > I > suspect it may be happening other places. > > Any Facebbok app, of course, is allowed to access *all* of your Facebook > information. There does seem to be a way to limit access of "remote" apps, > but I > don't know how effective that is. > Yeah, I don't see this going bad at all. EVER. J ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [news] Court: No warrant needed to search cell phone
interesting http://redtape.msnbc.com/2011/01/court-cops-can-search-cell-phone-without-warrant.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Your Facebook account. Give it to me.
On Thu, Jan 6, 2011 at 1:58 AM, der Mouse wrote: >> If you want to use Wi-fi in Calgary airport, you have to give them >> access to your Facebook info. > > And, if you don't Facebook? You just don't get wifi? I know that'd > sure raise _my_ hackles Read the next sentence. > /~\ The ASCII Mouse > \ / Ribbon Campaign > X Against HTML mo...@rodents-montreal.org > / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B -- silky http://dnoondt.wordpress.com/ (Noon Silk) | http://www.mirios.com.au:8081 > "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature." ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [news] Doctors' use of mobile phone apps rising, says study
http://www.pharmatimes.com/Article/11-01-05/Doctors_use_of_mobile_phone_apps_rising_says_study.aspx "In 2010 more than 50% of physicians were using a smartphone or PDA device "on a regular basis for everyday treatment activity", says the firm in its just-published Worldwide Market for Mobile Medical Apps report. In 2004 that figure was just 25%, while in 2008 it was 35%-40%" ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 5, 2011 at 12:15 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > California: *All* data on *all* devices you carry is subject to > warrantless search > > http://bit.ly/ep9OUC+ > > "On Monday, the California Supreme Court ruled that police in that state > can search the contents of an arrested person's cell phone. > > "Citing U.S. Supreme Court precedents, the ruling contends that The loss > of privacy upon arrest extends beyond the arrestee's body to include > 'personal property ... immediately associated with the person of the > arrestee' at the time of arrest." > Actually, it is a reasonable judgment -- and I'm saying that as a libertarian-leaning left-wing liberal. :-) When arrested, law enforcement already has the privilege -- under the law - -- to inspect all personal belongings on the suspect in the normal course of the investigation. Searching a digital device is a natural extension of this privilege. having said that, there is a huge difference in obtaining that data in the course of an arrest, and whether that data should be held if charges are dropped or the suspect is vindicated, etc. I suspect that legal challenges to certain facets of these scenarios will be forthcoming. - - ferg p.s. And there is nothing "common" about California, I assure you. :-) -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNJXIUq1pz9mNUZTMRAsTMAKC90mLm53G4uhWKhOeHnfdwqvB5/QCePpTO t8+/tEmDUXQpMc9NRg6ADoc= =EV3c -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
> When arrested, law enforcement already has the privilege -- under the law > - -- to inspect all personal belongings on the suspect in the normal course > of the investigation. Searching a digital device is a natural extension of > this privilege. Not necessarily. I believe the reason for the privilege is so that the law enforcement people can ensure that the suspect isn't carrying any weapons that might pose an immediate danger to them (i.e. to search for guns in the waistband, without stopping to get a warrant). It seems unlikely to me that anyone's going to have a gun concealed in their iPhone's address book...___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
What if your cell/PDA/smartphone is locked w/a password? Jeff ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Cute 404s
http://mashable.com/2010/09/04/404-error-pages/ My favourite: http://www.orangecoat.com/404 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It was the standard airport-security operation, which meant it appeared to have been designed to hassle law-abiding passengers just enough to reassure them, while at the same time providing virtually no protection against criminals with an IQ higher than celery. - `Big Trouble,' Dave Barry victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] "Zuck" mail?
On Wed, Dec 29, 2010 at 11:38:54PM +, Paul Vixie wrote: > what advice -- useful, pertinent, realistic advice -- can we give to facebook? As other folks have noted here: 1. Do not create an account until/unless confirmation email is acted on. Set a sunset date for that (a week?). Track IP addresses which are trying to create accounts; peer carefully at that subset which keep trying to create accounts whose confirmation email messages are never acted on. Make sure confirmation email messages include a negative as well as a positive option. Again, track IP addresses and scrutinize those which keep trying to create accounts that get NAK'd. 2. Stop harvesting "address books", spamming everyone and everything in them, and forging the [alleged] address of the sender into that spam. 3. Use the Spamhaus DROP list, inbound and outbound, on all network traffic. 4. Pay attention to 5xx SMTP responses and stop banging away constantly at addresses that don't exist any more. 5. Having done the above, notably 1 and 2, lead by example. That is: stand up in front of the community, explain why these things are necessary not just for FB but for all sites, and challenge others to bring their operations up to the same standard. None of this is a panacea of course; there are a still a ton of issues with FB and every other social networking site. But everything above is quite easy for anyone of even modest abilities. Given that FB has essentially unlimited funds, I presume that the employ some people who have way more than that. ---rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Cute 404s
My favorite http error is 418. Sent from my Verizon Wireless BlackBerry -Original Message- From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" Sender: funsec-boun...@linuxbox.org Date: Thu, 6 Jan 2011 13:26:38 To: Reply-To: rmsl...@shaw.ca Subject: [funsec] Cute 404s http://mashable.com/2010/09/04/404-error-pages/ My favourite: http://www.orangecoat.com/404 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It was the standard airport-security operation, which meant it appeared to have been designed to hassle law-abiding passengers just enough to reassure them, while at the same time providing virtually no protection against criminals with an IQ higher than celery. - `Big Trouble,' Dave Barry victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
If you're carrying a briefcase with some papers in it can they read the papers? It's the same thing. LJS -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Thursday, January 06, 2011 2:41 AM To: rmsl...@shaw.ca Cc: funsec@linuxbox.org Subject: Re: [funsec] California opts out of 4th Amendment -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 5, 2011 at 12:15 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > California: *All* data on *all* devices you carry is subject to > warrantless search > > http://bit.ly/ep9OUC+ > > "On Monday, the California Supreme Court ruled that police in that state > can search the contents of an arrested person's cell phone. > > "Citing U.S. Supreme Court precedents, the ruling contends that The loss > of privacy upon arrest extends beyond the arrestee's body to include > 'personal property ... immediately associated with the person of the > arrestee' at the time of arrest." > Actually, it is a reasonable judgment -- and I'm saying that as a libertarian-leaning left-wing liberal. :-) When arrested, law enforcement already has the privilege -- under the law - -- to inspect all personal belongings on the suspect in the normal course of the investigation. Searching a digital device is a natural extension of this privilege. having said that, there is a huge difference in obtaining that data in the course of an arrest, and whether that data should be held if charges are dropped or the suspect is vindicated, etc. I suspect that legal challenges to certain facets of these scenarios will be forthcoming. - - ferg p.s. And there is nothing "common" about California, I assure you. :-) -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNJXIUq1pz9mNUZTMRAsTMAKC90mLm53G4uhWKhOeHnfdwqvB5/QCePpTO t8+/tEmDUXQpMc9NRg6ADoc= =EV3c -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jan 6, 2011 at 12:46 PM, Jeff Kell wrote: > What if your cell/PDA/smartphone is locked w/a password? > LEAs have some nifty tools to get around that. ;-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNJmMnq1pz9mNUZTMRAid7AKCCLJh+LNLiivBfAjCUsBpR5zvq9ACg7lkx TcS9rVr7K8jM96CLcVnNFas= =q6YB -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
> On Thu, Jan 06, 2011 at 09:28:10AM -0500, David M Chess wrote: > > It seems unlikely to me that anyone's going to have a gun concealed in > > their iPhone's address book... Date sent: Fri, 07 Jan 2011 10:34:13 +0900 From: Peter Evans > i bet there is an app for that. Well, I'd much, MUCH rather be shot with virtual bullets. (Although I have seen a gun that is built such that it looks like a cell phone ... :-( == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org For decades, experts have been warning that such as storm, if it were to hit New Orleans, would devastate the city; now it becomes clear that this is exactly what is about to happen. For days, meteorologists are on television warning, dozens of times per hour, that Katrina will, in fact, hit New Orleans with devastating results. Armed with this advance knowledge, government officials at the local, state, and federal levels are in a position to be totally, utterly shocked when Katrina--of all things--devastates New Orleans. - Dave Barry's History of the Millennium So Far victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
The moral of the story is to not carry incriminating evidence when you go and get yourself arrested... ;) On 1/6/11 6:49 PM, Paul Ferguson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, Jan 6, 2011 at 12:46 PM, Jeff Kell wrote: > >> What if your cell/PDA/smartphone is locked w/a password? >> > LEAs have some nifty tools to get around that. ;-) > > - - ferg > > -BEGIN PGP SIGNATURE- > Version: PGP Desktop 9.5.3 (Build 5003) > > wj8DBQFNJmMnq1pz9mNUZTMRAid7AKCCLJh+LNLiivBfAjCUsBpR5zvq9ACg7lkx > TcS9rVr7K8jM96CLcVnNFas= > =q6YB > -END PGP SIGNATURE- > > ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] California opts out of 4th Amendment
On Thu, Jan 6, 2011 at 8:34 PM, Peter Evans wrote: > On Thu, Jan 06, 2011 at 09:28:10AM -0500, David M Chess wrote: >> It seems unlikely to me that anyone's going to have a gun concealed in >> their iPhone's address book... > > i bet there is an app for that. lol... http://www.wired.com/gadgetlab/2010/10/app-for-that/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
