A security researcher has published a vulnerability and proof-of-concept
exploits in Google’s Internet of Things security cameras, marketed as
Nest Dropcam, Nest Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor;
these vulnerabilities were disclosed to Google last fall, but
Google/Nest have not patched them despite the gravity of the
vulnerability and the long months since the disclosure.
Researcher Jason Boyle discovered that sending long wifi network names
or passwords to cameras over their Bluetooth interfaces (which cannot be
disabled) will cause them to reboot. It would be trivial for a home
intruder to reboot all the cameras in a home before breaking in.
More seriously, a camera that is passed a malformed wifi network name
can be made to disconnect from its home wifi for 60-90 seconds; this
time can be extended by feeding it a stream of malformed wifi names.
Dropbox has published a set of guidelines for how companies can
“encourage, support, and celebrate independent open security research”
– and they’re actually pretty great, a set of reasonable commitments to
take bug reports seriously and interact respectfully with researchers.
That’s very important, because laws like section 1201 of the Digital
Millennium Copyright Act and the Computer Fraud and Abuse Act impose
potential criminal and civil liability on security researchers who
investigate and disclose bugs without manufacturer approval. This is bad
news, because companies have a long history
of suppressing bug reports, deceptively minimizing their impact, and
allowing defects to linger while they are being actively exploited by
bad guys, who get to extend the lives of their attack approaches because
the public isn’t made aware that the approaches even exist.
Dropbox’s position, however reasonable in many of its aspects, is
woefully deficient, because the company reserves the right to invoke
DMCA 1201 and/or CFAA and other tools that give companies the power to
choose who can say true things abour mistakes they’ve made.
This is not normal. Before DRM in embedded software and cloud connectivity, became routine there were no
restrictions on who could utter true words about defects in a product.
The Copyright Office has weighed in to say that they don’t think that
using the DMCA in this way is legitimate (but they are unable to change
the rules, because their statutory authority does not extend to
permitting security researchers to release proof-of-concept code).
Dropbox starts from the admirable position of lamenting the fact that
companies have arrogated to themselves the power to silence
whistleblowers who report dangerous product defects – but the actual
terms they propose say that the problem isn’t silencing whistleblowers,
it’s unfairly silencing whistleblowers. By reserving the right
to sue security researchers for telling the truth in inconvenient ways,
Dropbox is treating the power to censor as a feature, not a bug – and
differing from the companies they decry for bullying only in the
particulars of when the power to censor should be invoked, not whether
that power is legitimate in the first place.
I think Dropbox’s heart is in the right place here and I hope they’ll
take this criticism onboard by way of a friendly amendment. Neither DMCA
1201 or CFAA were crafted to give companies a say in who can warn the
public about mistakes they made. It is never legitimate to use them this
way. A best-of-breed vulnerability disclosure program should
demonstrate good faith by covenanting never to invoke these laws to punish security disclosures – not even when a security researcher ignores your guidelines.
Update: Sauron is not afraid of hobbits. He was unaware that hobbits existed up until very recently. he literally did not have time to be afraid of them, they went from a 0 to 100 threat level in twenty seconds. There he was, minding his own business worrying about the usual Elves and Men when suddenly these kids are on his lawn and now he’s dead, like just;
What did— who–
did I just get one-shotted by an infant how is this occurring
Honestly I have to love this whole thought process that the Fellowship must have cultivated in Sauron, like…
“These children have found the Ring! But they’re taking it to the elves, of course. I will simply have to catch them on the way.”
“Well, the elves are still not to be trifled with, it seems. It looks as though they have a group of intrepid heroes, how cute! Wait, who’s leading them? Aw, hell.”
“OKAY! Olorin’s out of the way, and now I can finally kill them all and reclaim the- OH DAMMIT, IT’S IN LOTHLORIEN.”
“Well, okay. They’ve taken it onward. Curunir says one of the halflings is still carrying the ring, so he’s going to capture them and we’ll see how this develops. Thankfully Olorin’s still out of the picture and their little group just shattered into pieces, so that’s one less thing to worry about.”
“Aaaaaand Curunir shat the bed. Excellent. Trees, who would have thought? Okay, so we’re back to plan A: conquer Gondor, because if the Ring’s going to be anywhere, it’ll be there.”
“Wait, who’s on the– Isildur’s WHAT? Ohhhh. Ohohoho. Oh now everything makes sense. Isildur’s Heir is back, and he’s here being all prideful again. That’s fine. Really. I’ll just crush him and his kingdom, and then nobody can stop me!”
“WHAT? FUCKING WHAT? THEY SENT HIM BACK? Ugh, alright, alright, I’m cool, I’m fine. He’s still got that stupid wizard costume on, and I’m still stronger than he ever was. It’s not like he can come toe to toe with me, even if he does have an army behind him. This’ll be fine.”
“They’re… actually marching on the Black Gate? Sweet lord, I didn’t think they’d actually do it! This is perfect, everyone’s right here! Olorin, the human princeling, most of the remaining fighting forces of Men, all I have to do is kill them now and– Wait. Someone just put on the Ring. Someone just– That’s a halfling. They’re inside the mouNTAIN OH GOD NAZGUL GO GO G–”
…aaaaaand curtain.
you can laugh but that is literally what happened
This is the single best brief summary I have ever seen of the entire point of the Lord of the Rings trilogy.
This came up on my facebook feed and I am so excited to see how generation Xers and Baby Boomers will find a way to use this to shit on millenials anyways
nice okay we’re off to a good start
oh boy do i have something to tell you about millennials, working, and debt that’s gonna absolutely blow your socks off
banksy’s family found this article
Why old people so mad.
It’s funny because millennials can pretty much multitask like it’s second nature simply because it’s necessary to keep up with society, while baby boomers whine about reading subtitles and can’t seem to program anything more complicated than a VCR.
But sure, ok, the kids are lazy and have entitlement complexes
Older Generations: -Make comics about kids not knowing how books work-
Millenials: -Read more books than anyone else-
Older Generations: …no we changed our minds reading a lot is lazy and entitled now
I had a professor, way older, talk at a great length about how his generation is more well read than Millenials. When it was brought up that our generation reads more, he literally came out of nowhere with “Well, that’s not the point. See, my generation was better informed. You kids don’t know what it is to actually sit down and read for information. This generation is the least informed of any previous generation! Other generations sat and read, listened to the radio for information. There’s access, but are any of you *actually* informed? No. If I wanted to know what happened in Finland to make it a country, I would go to the library, speak to another human being, and check out books to read on the subject. We were happy to do it.”
A girl a few seats behind me goes, “Bullshit. If I want to know that, I can Google that in a few seconds depending on my signal. I can youtube or Netflix a documentary on Finnish History. I can listen to podcasts made by Scandinavian historians. I can use Duolingo to get a better than basic understanding of the language, and use Amazon same-day to get a book in my hand by my last class of the day, delivered to the class. I can order Finnish food on my ubereats app, find a language partner chat app to video with people in Helsinki, use Google Earth to visit, patronise interactive museums, and stream the most popular films from the country *right now*. If I so desire I can take an opensource course from a highly accredited university about the same subject and apply to study abroad with a trusted program with the click of a button. I can use Tinder to find me someone there to get some with, I can buy plane tickets and find a top rated hotel for a good price with great reviews and stream their local radio stations with an app. I can buy train tickets, bus tickets and rent a car. We aren’t less informed. We just don’t learn things we don’t give a shit about or need just to say we did all smug about it. Stop sneering at us for the access your generation dreamed of giving us actually happening just because your old ass doesn’t know how to use it.”
Our party was looking for some missing children when we came upon a Ogre living under a bridge who would only answer riddles. So I thought for a while and asked:
“What causes parents to recoil in fear, and causes young children to disappear?”
The DM thought for a while, and the Ogre answered:
Every once in a great while, I will tell somebody “You know, nasty little fellows such as yourself always get their comeuppance.”
…And then I’ll be sad, because they have no idea what I’m talking about.
I only gamble with my life, never my money.
The Mummy fandom on Tumblr is hella strong
What up mummy fandom I didn’t know existed! Loved this movie. Need to watch it again.
I quote “You’re on the wrong side of the river” constantly.
I’m going to grad school soon to be a librarian and I can’t wait to get drunk and quote all of Evy’s lines.
I’m an archaeology student and I recently re-watched this and the instant they made it clear that it was set in the 1920s I was completely cool with everything about it because archaeology in the 1920s was mostly drinking and blowing things up.
archaeology in the 1920s was mostly drinking and blowing things up
story time: i taught my little cousin her first longer word when she was very young. i taught her to say “tax benefits”. and to this day my aunt still doesn’t know where she got it from, but it was a hilarious sight to see a little toddler waddling around the house, wearing a big diaper, all the while yelling “TAX BENEFITS!!!!”
My parents did this with me and “nuclear disarmament”.
I taught my little brother to say “micro-surgical vasectomy reversal” (saw it on a billboard) on a road trip, and he didn’t stop saying it for literal years.
My parents taught me to chant “Get your laws off our bodies!” for a pro-choice rally when I was like four and I went to preschool and taught all the other kids the chant and led them on a mini-parade around the playground and the teachers were like ?????????? ?????????? ????????????
whenever my brother threw a tantrum as a baby my parents would chant “live free or die” until he calmed down it was fuckin weird
when i was a kid whenever we got stuck in traffic my dad would say “what the fuck?!?” in a very comic voice and i would repeat it and then he would say it with a slightly different inflection and i would repeat that too and so forth and so basically my poor mother would be stuck in standstill traffic listening to her husband and 4 yr old daughter swearing at each other without end
i’m a preschool teacher and we like to joke around using radical vocabulary with the children, the other day i overheard one kid say ‘this is my truck’ and the other one said ‘no, this truck belongs to the collective’; they all say it now
whenever anyone picks up my daughter or she goes upstairs, she announces “I ASCEND” it’s the best thing
As a child I would pick out a word in the dictionary every week (from like age three to 5) and learn the word. The only one that really stuck was pandemonium so when things got crazy I’d run around screaming it.
