cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - October 2nd

Level 17

Back from Austin and THWACKcamp filming. Can you believe the event is only two weeks away? I'm excited for what we have in store for you this year. It's a lot of work to pull TC together, but the finished product always makes me smile. Wearing the bee suit helps, too.

As always, here are some links I found interesting this week. Enjoy!

15,000 private webcams left open to snooping, no password required

The manufacturers of these devices should be held accountable. Until actions are taken against the makers, we will continue to have incidents like this.

Microsoft: Customers are entitled to know about federal data requests

Great moment for Microsoft here, stepping forward as an advocate for customer privacy rights.

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

A silly marketing stunt, and I have no idea why they would do this except the idea that there's no such thing as bad publicity. But I think they're hurting their reputation with stunts like this one.

Doordash Discloses Massive Data Breach That Affected 4.9 Million People

Interesting that new users are not affected. Makes me think perhaps the hackers got hold of an older database, maybe a backup.

The simplest explanation of machine learning you’ll ever read

Next time you're in a meeting and someone brings the machine learning hype, just ask yourself, "Do we need a label maker?"

IBM will soon launch a 53-qubit quantum computer

I'm excited for the possibilities brought about by quantum computing, and cautiously optimistic this won't result in Skynet.

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Great summary of the security issue faced by online banking.

If you ever get the chance to have a beef rib at Terry Black's in Austin, you will not be disappoint:

beef_rib.jpg

33 Comments
Level 12

"Cautiously optimistic." Could we explore that more. Which will have the greater impact (scares you more because of the possibilities,) Quantum Computing or Artificial General Intelligence?

MVP
MVP

Granted the manufacturers are partially to blame for the webcam issue, but the people that utilize them need to take part of the blame as well.  I understand they are more into convenience  and not wanting to remember another password.  I would call the negligence on their part since they have the ability to do the right thing and change password and security settings.

Level 14

Thanks for the links.

Level 13

Dude.  I can almost smell the ribs.  That looks awesome.

As always, thanks for a bunch of interesting links.

Perhaps even worse than 15,000 web cams without security on them is the video control security console a friend recently purchased from Ali Baba to manage/monitor/control the many video cameras inside and outside his home.  They monitor doors, bedrooms, valuables, garages, property lines and points of access.  He thought it would be a nice idea to be able to view them all from an app anywhere he found network connectivity.

He's a security specialist, and before he set up the remote access he connected the device to his video cameras and set it up in a DMZ inside his home firewall.  And immediately saw the device's IP address trying to contact external addresses.  He left it locked down without access until he had some time to dig into them.  It turns out they are all addresses inside China, all at known exploitation / hacking sites.

He spoofed one of their addresses inside the DMZ and watched his brand new / sealed in the box video controller sending images of his children, doors, property, etc. out to what the box thought was its master site in China.  Snapshots and real time videos of the inside of his bedroom & home & garage were streaming to strangers in China--or so the video controller thought.

He was disappointed in Ali Baba and the product/vendor.  It would be one thing if the device were hacked after he got it connected to the Internet.  It's quite another to buy something and receive it new in a sealed box and open it to find it's already pre-configured to send his private data to strangers in China.

If Microsoft can protect our data from Big Brother (including from exploitation/sale by Microsoft itself), I'm happier.  I doubt they can/will do this, but the story was encouraging.

Part of knowing that changes need to be made in government is seeing the kind of data being gathered/requested.  If one doesn't know bad things are happening one cannot work towards change.

Crown Sterling is coming off like the Beer manufacturer that states THEIR beer has no bad ingredient X, leaving the viewer to assume some/many/all other beer makers DO have that bad ingredient in their beer.

Anheuser-Busch is sued by MillerCoors for corn syrup claim during Super Bowl commercial - The Washin...

I'd never heard of Door Dash, and the article didn't seem to tell what it was.  I Googled it and found it's a food delivery service.  Meh.  Yes, bad security is bad.  But getting food delivered isn't part of my day/week/month/year.

The odd part is that we hear about many giant data thefts and don't see media reports of the millions of users with their millions of incidents of theft/abuse.  It's as if it's not happening.  It might be time to start telling the stories about ID theft and financial or intellectual property theft that results from those big data ID "incidents".

Sadly, that simple definition / example of Machine Learning is ridiculously dull and boring.  When the results of that thing are fast and powerful, one would think the defining of it would be impressive.

A 53-qubit computer?  Yes, fast/impressive.  News?  Maybe not.  We regularly see/hear new milestone in computing achieved.  Keeping those milestones in perspective requires great examples of what those improvements mean.

When someone says that the computer in my pocket phone has more processing power than what NASA used to put men on the moon, that makes an impression.  I'm less impressed when IBM announces a new environment or consortium for their product.

But tell me or show me how it can lower the price of oil by 98%, clean the oceans, or how it has already developed preventions and the cures for AIDS and 75% of all cancers and you'll have impressed me by upping the ante several orders of magnitude!

I understand why the article on passwords is of interest.  I also don't understand why people won't take more interest in security, other than the usual excuses (it's too inconvenient).

I recall captures of people in airports punching in credit card numbers into wall phones, while behind them people were seemingly video taping their family members saying goodbye to each other, while in actually the cameras were zooming in on the phone's touch tone keypad so the videographer could discover/steal the hapless phone users' credit card numbers.

We're pretty trusting--because that's nicer.  Folks with other agendas (taking our things from us) are just one thing we have to be aware of, and guard against.  That's not too inconvenient when a person considers losing their bank account contents or their reputation.

Level 12

I don't blame the webcam makers. If you've ever had to support the general public then you know that people don't want to be bothered to configure devices, they just want plug and play. And you can't have plug and play with security.

Is there a solution? I don't know. I've known of people to return devices because they expect PnP and can't be bothered with setup. You can't force these consumers to set items up and manufacturers don't want to force configuration because consumers don't want to bother.

MVP
MVP

"machine learning is just a thing-labeler" tickled me

Level 12

good stuff, but I do have to remember not to look at your post early in the morning. Now I can't stop thinking about that beef rib!

Level 13

That makes me hungry...... 

Level 13

Great link on the machine learning thing - one of the better non-technical explanations I've seen.  Way too many people think it's black magic and can do anything.

Level 12

Me too!

Level 14

As someone who works in the banking industry, passwords and MFA are necessary for obvious reasons. The only problem is that most consumers WANT security except when it come the THEIR accounts.

Oh the joy!

MVP
MVP

Nice article.

Level 16

pastedImage_0.png

Security cameras aren't much help if the thieves can watch to see if you aren't home.

MVP
MVP

If you ever get the chance to have a beef rib at Terry Black's in Austin, you will not be disappoint:

Level 14

Unprotects cameras was one of the first "Google Hacks" I discovered when getting my degree.  I am not surprised to see they are still available to the general public.

Level 12

thanks for the article

Level 13

thanks for the articles

MVP
MVP

15,000 private webcams left open to snooping, no password required - this is seriously bad

MVP
MVP

Microsoft: Customers are entitled to know about federal data requests - Hmm

MVP
MVP

IBM will soon launch a 53-qubit quantum computer - Hoohoo

MVP
MVP

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago - Hmm

MVP
MVP

Doordash Discloses Massive Data Breach That Affected 4.9 Million People - Grr

MVP
MVP

Haven't used doordash...yet.  Looks like it have have been a good choice.

MVP
MVP

arbitrary password lengths and character limitations for any account is senseless.

I figure that many entities taylor things to the lowest common denominator in order to keep it simple and convenient for the masses.

Sad thing is that makes it easier for the bad actor to wreak their damage.

MVP
MVP

The simplest explanation of machine learning you’ll ever read -

MVP
MVP

Banks, Arbitrary Password Restrictions and Why They Don't Matter - Nice read

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.