a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by user-inactivated
user-inactivated  ·  2985 days ago  ·  link  ·    ·  parent  ·  post: Internet of Things security is so bad, there’s a search engine for sleeping kids

Back when Internet Cafes were a thing, my favorite had a script that watched all the traffic going over the network, collected images, made collages out of them and projected them on the wall. When people got freaked out the owner would give them a lecture on SSL. Eventually he had a very security conscious clientele.





user-inactivated  ·  2985 days ago  ·  link  ·  

That is both evil and beautiful. At LAN events I run security scans to help people lock their PCs down. I give people a list of files in their drives, and then show then how to disable those types of scans and attacks. We don't do public shaming or anything like that; we feel that the educational impact of a guy going back to his table and telling his friends that we can 'hack" his computer are worth it to us.

caelum19  ·  2983 days ago  ·  link  ·  

Briliant.

How does that work though? Does it only work on PCs with File sharing enabled?--thought that was limited to a public folder though.

user-inactivated  ·  2983 days ago  ·  link  ·  

There are a ton of PEN testing tools, mostly on Linux. Run through the DHCP table at all the devices on your network, pull the MAC addresses. Everything that is a "computer" NIC and not a phone etc gets PEN tested. If that NIC shows up as something that should not be on the LAN network, say a switch, we can locate it to within 6-12 seats and deal with it. NIC MAC Addresses are allocated based on manufacturer and can be cross refrenced and isolated.

One of the fun things is that if you see a PC running bittorrent traffic, you route that traffic to a bit bucket and wait for the 'victim' to come up and say his network is not working. Then we get to politely tell them to stop torrenting shit on our LAN.

The amazing thing is that once people know they are being watched, the behavior gets better. This is also, as an aside, why indiscriminate surveillance is bad and why I am against it. I've been in the position of overseerer, and have to force myself to deal with the impact on my person. If I get a bit power trippy over a LAN, imagine what someone with life and death powers can do and feel.

user-inactivated  ·  2983 days ago  ·  link  ·  

    Indefinite detention as LART? I don't think I've ever seen anyone make that connection.

Yeapers. I'm not a BOFH, honest! We have three days of gaming, and to make things run well, the 2x4's and ball bats come out. You do something that impacts other people's fun and enjoyment that they paid for, we have a chat.

edit to add, in 15 plus years of LAN parties, I can number problem jackasses under 4-5 incidents. One of those was accidental, another was a fellow security IT guy testing to see what he could get away with. The actual real 'bad guys' don't go and stir shit at an event with 300 or more gamers all of whom now have access to your physical gear and person. We've not even had fist fights at any of our events that I am aware of. These guys talk smack online then duke it out in a game or dozen.

user-inactivated  ·  2983 days ago  ·  link  ·  

Indefinite detention as LART? I don't think I've ever seen anyone make that connection.

I think the problem with mass surveillance is more subtle than that though. I think I've recommended Discipline and Punish in threads about surveillance often enough to be tedious, but I think his analysis of the panopticon really is the definitive argument against mass surveillance. If you might be watched at any time you always act as if you are being watched. The effect being the watcher has on the watcher doesn't really matter; the harm is done even if the mechanism exist but no one is using it.

ccc  ·  2985 days ago  ·  link  ·  

Haha, great. There's a convention I go to yearly where a guy brings over a computer lab of Linux machines. For years I was able to telnet from one to the other and issue commands to launch the web browser to whatever site I wanted, trolly images, turn up the volume all the way and play sound files found on the hard drive, etc. I emailed him anonymously about it the first year and it was never fixed for years, until he bought new hardware entirely. I could have captured almost whatever I wanted, lol.