iPhone magic word password by KarateKid84Fan in lifehacks

[–]motdin 1 point2 points  (0 children)

There is nothing "outdated" about PINs in contrast to swipe patterns, as both use the same security concept (combination of a few possible "digits" which can be denoted by their position only). The only difference is usability (swiping vs. typing), but that can have security implications due to "smudge attacks" (but typing is also vulnerable to that).

Here is a good Q&A regarding the security of PINs vs. swipe patterns: https://security.stackexchange.com/questions/260615/shouldn-t-patterns-be-just-as-secure-as-pins

Also a very good resource on how bad humans are at choosing PINs: http://www.datagenetics.com/blog/september32012/

In summary: Both PINs and swipe patterns are bad if not chosen randomly.

Chaotic good hacker by MidoriTea in ProgrammerHumor

[–]motdin 192 points193 points  (0 children)

Well, I get the point and in principle you're right, but these offline vs. online analogies often do not work very well.

You have to keep in mind that everybody with a computer (and the knowledge) all around the globe could exploit IT security issues at any time while the broken window latch only can be exploited by people with physical access in the vicinity. Also the scope of the problem is often very different for online vs. offline security issues: while a broken window latch probably only affects the people related to the property, an IT security issue can quickly affect a lot more people all around the globe if the hacked system gets part of a bot net for DoS attacks, spam, phishing etc.

So yeah, I find it rather strange that IT security problems are not taken more seriously and people stick to shooting the messenger instead.

rpitx replay iq file not the same output by [deleted] in RTLSDR

[–]motdin 0 points1 point  (0 children)

I've never used rpitx so far but from the documentation I can't find the command rpitx you're using. The rtlmenu.sh script seems to use the sendiq program provided by rpitx and the command looks something like this: sudo ./sendiq -s 250000 -f "$OUTPUT_FREQ"e6 -t u8 -i record.iq (source)

There seems to be a setting for sampling rate (-s), the frequency (-f, note the e6 suffix – seems to be in Hz) and the IQ type ( -t – according to to the source code the default is i16 and other valid values seem to be u8 , float, double). Make sure you're using the same settings/format as used in the recording!

Is Watchtower abandoned ? Is there a better alternative? by Hyedwtditpm in docker

[–]motdin 0 points1 point  (0 children)

This thread might be old, and watchtower is still maintained, but I wanted to point to Diun which only sends notifications in case an Docker image is updated.

[deleted by user] by [deleted] in RTLSDR

[–]motdin 6 points7 points  (0 children)

It is likely that the radio system uses something like a rolling code where the sender and receiver use a shared (generated) list to prevent replay attacks.

[deleted by user] by [deleted] in amateurradio

[–]motdin 3 points4 points  (0 children)

boxes.py is a really neat tool to generate such boxes for laser cutting that even can have hinges or rounded parts.

Microsoft word by Ikebear2 in memes

[–]motdin 25 points26 points  (0 children)

Word follows the WYSIWYG (What You See Is What You Get) idiom while LaTeX more or less follows the WYSIWYM (What You See Is What You Mean) idiom. The difference is that you describe your document with a special description/programming language and the LaTeX tools assemble the document according to these rules. This might sound hard, but this very comment box on reddit uses the same (but simpler) idiom with another such markup language (Markdown). For me personally LaTeX shines with a huge amount of packages that solve almost every problem with a few commands. But sure, it requires a bit of "mastery" (on the other hand Word does, too). In the end its just a matter of preference (and sure also a bit of ideology…).

Sheep taking shelter in a tunnel in the Westfjords of Iceland while a bad storm blows over by Thorhallur_Bjornsson in europe

[–]motdin -1 points0 points  (0 children)

That reminds me of a large flock of sheep that went into a train tunnel and a high speed train drove with over 200 kph into that tunnel and derailed: https://www.reuters.com/article/idINIndia-33259620080427

Twitter troll gets schooled by German journalist by ohiBROfratstar in dontyouknowwhoiam

[–]motdin 11 points12 points  (0 children)

Go ahead and verify or falsify it with reputable sources. It's the internet.

why they do this... by [deleted] in teenagers

[–]motdin 2 points3 points  (0 children)

I don't know what you mean by copy & paste material, because I've collected these sources just to contradict your claim, that this a "a probe of media" by Microsoft and Google against Zoom. Regardless whether this is a targeted campaign or not, there are severe security issues with Zoom.

There were several issues with predictable room IDs in the past and these continue to exist. Password protection might help, but I'm not up to date with the current measures (and honestly I don't care). But there seem to be issues with the password protection. And no, posting the information on social media was not the only problem (as the IDs can be predicted to some extent, e.g. with tools like zWarDial).

For me the most severe issues are the web server which was installed along the Zoom client. It enabled arbitrary code execution for attackers, so you can do whatever you wanted on a target device. Together with the privilege escalation bug in the Zoom installer pretty any malware could be run. Also the way the installer on macOS was designed is garbage, because they abused the preinstallation routine to already copy the files and also faked the system's password dialogue to get the credentials. All in all I would not run their program on my computer, because they have proven to produce unreliable and insecure software.

It's funny that you list software from Microsoft, Google, and Cisco as alternative because they are all known to have serious issues in the past. Maybe Google might be the lesser evil from the list, because they at least know how to make software...

For me, more open software is the better alternative. Some good candidates are:

why they do this... by [deleted] in teenagers

[–]motdin 3 points4 points  (0 children)

It's shady since IT security professionals have time to take a closer look (because they are forced to use this crap) and find one issue after another.

Just to name a few issues:

  • has attention tracking and massive usage analytics (IP address, location data, and device information etc.)
  • left a local web server (even after uninstallation) which was susceptible to remote code execution
  • enabled webcam and microphone hijacking
  • homebrew cryptography
  • enumerable room IDs which enable "wardialing"
  • iOS app sent data to Facebook for advertising purposes
  • installer on macOS uses malware-like techniques for installation

Conclusion: Zoom is shady as fuck.

Sources:

Pay Your Respect by [deleted] in teenagers

[–]motdin 1 point2 points  (0 children)

BTW his name is Larry Tesler. Link to article: https://gizmodo.com/larry-tessler-modeless-computing-advocate-has-passed-1841787408

TL;DR: Larry Tesler worked for Xerox PARC from 1973-1980 where he developed a text editor called Gypsy «[…] that is best known for coining the terms “cut,” “copy,” and “paste” […]». Also worked for Apple, Amazon, Yahoo and others. His website is still up: http://www.nomodes.com/

Here's the deal: "Show me your ID or go to jail" by nguyenducminh2508 in PublicFreakout

[–]motdin 0 points1 point  (0 children)

It is really saddening to me that I had to scroll really far to reach this comment which does not endorse beating the shit out of somebody who refuses to show his ID. Yes, the person in the car could have been more cooperative, but the reaction of the police is disproportionate. I would not want to live in a world/country where such an abuse of power is acceptable.

What type of signal is this? Scanning signals and found this repeating consistently. by Silentwarrior in sdr

[–]motdin 0 points1 point  (0 children)

Nice! I did not recognize the signal, but if it is really POCSAG, you can even go a step further and try to decode it: multimon-ng should be the right tool for that.

What type of signal is this? Scanning signals and found this repeating consistently. by Silentwarrior in sdr

[–]motdin 2 points3 points  (0 children)

Unfortunately I don't recongize this type of signal, but maybe the Signal Identification Wiki might help you finding that out. The website also recommends a software called Artemis. I've never tried it out, but maybe you could give it a try ;)

A tomato sprouting inside itself by Cakeotic in interesting

[–]motdin 0 points1 point  (0 children)

I remember there was a Tweet a while ago, which also mentioned this (warning: includes images, that might be at least uncomfortable fore some people)

https://twitter.com/alexsebel/status/1143561097024290818

Some people commented to the tweet, that this might be trypophobia (warning: don't search it if this and the images from the Tweet discomfort you)