Share good ideas and conversation.   Login, Join Us, or Take a Tour!
comment by goobster
goobster  ·  429 days ago  ·  link  ·    ·  parent  ·  post: Inside a low budget consumer hardware espionage implant

Aw man. Shit like this just makes me itch.

This is obviously a shitty, low-budget effort, with all the RF interference, and stupid architecture fails in the software.

If someone with even the smallest amount of skill decided to build one of these for nefarious intent, we would all be massively screwed.

How often do you check your HDMI/USB/USB-C cable for a GODDAMN MICROPHONE CIRCUIT?!?

Or if it is broadcasting your location to ... anyone.


Ow. My head hurts.

Devac  ·  429 days ago  ·  link  ·  

I get your point, but it's not like those things are new. The thing and phreaking section on textfiles are already scary enough, and most of that stuff can be built on a tiny budget.

Part of me stopped caring at this point. There's only so much you can do about security without turning into a nut worthy of an interview on the Coast to Coast AM. ;)

goobster  ·  428 days ago  ·  link  ·  

I have a weird cognitive dissonance around these security/hacker things.

On one hand, I love that an individual has looked at a system, grokked it, and then built an exploit to make the system do something it wasn't supposed/designed to do. That's just great hacking, analysis, deductive reasoning, and problem solving. It's intellectually satisfying.

On the other hand, it makes me itchy because I know many hackers, and some of them are really unpleasant individuals with impure motives. Sure, they claim to be white hat, but they do get a real purient endorphin rush from getting in and seeing what people are doing, without their knowledge. That squicks me out. Makes my skin crawl.

Back in the day, I was a System Administrator for UNIX and Mac-based mailservers.

At any time I could log into a user's account and see all their email. We never really talked about this capability, but when someone accidentally sent a 5Mb file over a 1200 baud modem, you had to go into the mail queue, find the email jamming up the system, and delete it. Or if someone typed bad characters into an email address and hosed the sendmail system, you'd have to go in and delete the mail to free the system up to process other queued messages.

I even got into an executive's email account, and redirected an email to a new address, when he mis-addressed the original email to the wrong person.

People were grateful of the SysAdmin's ability to get in there, and fix these problems. But they never really thought beyond that, and realized, "Hey... hang on... if he can get in there and read THAT email... then he must be able to read my OTHER email!"

Employees would leave the company, and I'd have to scan through all their email to make sure they weren't doing anything shitty. I'd see everything they sent, received, replied to, deleted... all of it. Because I had to. Did he send those circuit board plans to anyone outside the company before he left? Oh look. He WAS having sex with the woman in accounting. Delete. Forget I ever saw that.

So in the end, yeah, this stuff isn't new. And it is no longer solely the domain of SysAdmin's with principles and integrity. Now it rests in anybody's hands, really.

And a lot of people suck.

So... yeah.

kleinbl00  ·  429 days ago  ·  link  ·  

Mad props for whipping out Art Bell an ocean away.

Devac  ·  429 days ago  ·  link  ·  

Thanks. I learned about it from the Exposing Pseudo-Astronomy Podcast. Half of his material can be traced back to some Coast to Coast AM guest.

Don't be fooled by 'podcast' in the name. It's one guy from NASA reading from a pre-made script. You can get full transcripts of almost all non-guest/interview episodes, and there are maybe 12 of those out of 166. I'm adding it more as a clarification than a recommendation.