patcheudor's comments

>any solution which relies on "doing the right thing" (ethics) but does not have any rules, laws or other repercussion for abusing it...

Doing the right thing can vary by culture, perspective, and situation. What is right or wrong to us may be entirely different to someone who's family is starving as just one example. Given the world-wide nature of the Internet, as a species, it is unlikely we are going to be able to agree on a single set of rules or punishments within our life-time.

In addition to the health concerns, ozone attacks unprotected polymers causing them to quickly break-down and release additional toxins into the air. I run an ESD ionizer at my well ventilated re-work / soldering station and have had plastic storage bins on the bench crumble at the touch from the ozone exposure.

The CFAA only applies to protected computers and intrusion into those computers. Watching network traffic or modifying network traffic in a MitM possition, without using found credentials doesn't seem to rise to the level of a computer intrusion. Of course, it's unlikely a protected computer is going to be connecting to a public WiFi AP in the first place..

https://en.wikipedia.org/wiki/Protected_computer

In the US, what law makes it illegal to MitM network traffic using a WiFi evil twin or other technique? I'm genuinely curious because I was under the impression there are generally no such statutes and that the only thing that would be illegal is if the MitM used found credentials.

or trace back prior fraud. Criminals are using data deletion requests / demands to cover their fraud so they can continue. I don't think as written, this legislation is going to hold up under the onslaught of criminal abuse.

Yup. Keep it out of the app store. I ran into BlueMail awhile back when assisting a non-profit. A number of the staff members were using it so I figured I'd take a look. It wasn't long before I found it was exposing email service authentication credentials in clear-text network communication and was sending those credentials to their own servers. I advised everyone to stop running it and banned the BlueMail agent from connecting to our mail service. I reported the vulnerabilities and never heard back. I never followed up because the app was subsequently removed, which I hope I played some small part.

>good jobs

This specifically. I think that for a lot of tech workers the valley is a great security blanket. They know if their current gig falls through there will be another one waiting just around the corner. No need to uproot and move. It's actually sort of strange on the surface. There are a lot of engineers in the valley who move around to various companies fairly frequently which looks on paper like they don't have a lot of stability, but in reality the sheer number of available jobs is providing that stability, even if their longevity of employment with any one company does not.

For D-Link this is the normal, normal and has been for years. Check out VU#924307 which they never fixed. It could be triggered either by an attacker or just in the normal course of using the router:

https://www.kb.cert.org/vuls/id/924307/

In the first video from the article, the Tesla would be found to be at fault in most jurisdictions as the driver backing out was well into the backing out maneuver before the Tesla even rounded the corner. The Tesla without question did not have the right away at that point.

"Sadly… or not so sadly… the world has moved to HTTPS and to stronger protocols than what lowly Pocket Explorer supports. Thus, most of the web is entirely inaccessible on the device."

This is what proxies are for. Assuming it supports proxies. It would of course be wholly untrustworthy as it's likely vulnerable to a whole host of functional middling exploits.

The primary risk is to the GitHub account holder.

First, it's not hard to imagine that someone might try to get their account banned for a GitHub terms of service violation keeping in mind that GitHub holds the account owner accountable for content in their repository. This is true even if that content is from other account holders they've given access to their repository. In this case, anonymous access is intentionally being provided which could of course go very, very, very wrong.

"You agree that you will not under any circumstances upload, post, host, or transmit any content that:

is unlawful or promotes unlawful activities; is or contains sexually obscene content; is libelous, defamatory, or fraudulent; is discriminatory or abusive toward any individual or group; gratuitously depicts or glorifies violence, including violent images; contains or installs any active malware or exploits, or uses our platform for exploit delivery (such as part of a command and control system); or infringes on any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other rights."

https://help.github.com/en/articles/github-terms-of-service

Understanding what the tool does, GitHub might be forgiving on the ToS violation front. The problem is with the second scenario: law enforcement. It's very likely that in a lot of jurisdictions, law enforcement, prosecutors, etc., wouldn't initially understand what's going on here and even if it can be explained to their satisfaction, I think very few of us would like to spend a night (or more) in jail while attempting to explain.

Neon sign transformers are routinely the cause of such interference as well:

https://www.schneier.com/blog/archives/2016/08/unintentional...

Interesting their waste would be collected and put into fields given the serious health risks involved.

https://www.medicalnewstoday.com/releases/61646.php

Placed in front it would catch particles coming off the motor like lubricant, bits of metal from bearings and carbon particles from the brushes if it's not a brushless motor.

Add in a micropayment scheme with a cat friendly interface and profit!

>What would he pressurize your lines with? An air compressor? He'd have to dig up the lines or disconnect them first and gas from the line would likely escape in quantities large enough to discourage such tricks.

On the gas meter on my house anyway, the underground pipe mates at a valve. It doesn't seem hard or particularly dangerous to shut that valve off, disconnect the meter, connect whatever, then open the valve again.

What I still don't understand is why the pressure regulators and over pressure valves on the house gas meters didn't kick in? Were the homes involved so old that the meter protections failed or weren't there in the first place? It seems that ultimately you've got to have failsafes at the homes themselves. Without such failsafes, what would stop a bad actor from purposely over pressurizing a residential branch?

>Even if someone were able to obtain an unauthorized copy, a decent CD-ROM drive, sans burning capabilities, still cost in the neighborhood of $600.

I was part of the early CD-ROM days with a Yamaha CD-ROM burner in 1994. It was well over $3000. It wasn't until 1995 that HP introduced a writer for under $1000 at $995. Worse, the early burners didn't have any cache, so to support the Yamaha, I was using a high-end dual-processor Pentium system that was in the neighborhood of $16,000 and I still got plenty of buffer under-runs! On top of all this, the first writeable CD's I purchased were in the $30/each range.

>An electronic scanning system could easily be vulnerable to many of the same issues that are presented here.

While in school in the 80's I learned that the standardized tests the school were administering didn't mean anything. They had no barring on my ability to graduate or go to college so I stopped caring about them. This opened up the freedom to do things like fill out multiple bubbles per line and otherwise get creative. About a month after filling out a test like this I got called into the office along with my parents. I was a pretty well known hacker at the time, running a couple local BBS's and whatnot. The state superintendent of schools was in the meeting and demanded to know what I did to their test scanning system. It turns out that I most likely caused a buffer overflow as line after line of multiple answers on the bubble sheet caused the system to crash. It took them weeks to figure out it was my test and in the mean time deadlines were being missed, etc.

This makes sense for enterprise uses where an organization wants to keep private key material off a server, but don't want to spend the money for a enterprise security key manager.