The OFFICIAL tech stuff thread

Jun 12, 2023

How an Amazon Fire Kids tablet was allegedly used to stalk a security pro

Interesting story in general but the below part was pretty shocking (every key stroke? Really?)

Morrell added, “When I put a request in for all of my data, I would expect to receive 20 or 30 folders of data, 25 gigabytes of data, right? But what I actually got was several thousand folders of data where they give you absolutely everything down to a level where if you’re a software developer, it’s manna from heaven.”

In his case, Morrell found full records going all the way back to 2013. Every single transaction, keystroke, button press, and API function of every Alexa-enabled device was recorded. That also included every word his Echo devices heard, and every film, TV program, Kindle book, purchase, and item he had searched for.

Morrell also found this data included all his photos that were automatically stored in Amazon’s free photo service. Since he deposited bank checks online by snapping photos, those could have also been seen. In addition, his Google contacts were open because he has Alexa on his Android phone. This also meant his phone call and texting data were available. Finally, his email was vulnerable as well because he used an Amazon email account. The attacker could have seen all of that because, Morrell explained, “It copies all your credentials to the cloud, and the tablets were acting as trusted secure devices just like, say, a Yubikey.”

Jun 12, 2023

How an Amazon Fire Kids tablet was allegedly used to stalk a security pro

Interesting story in general but the below part was pretty shocking (every key stroke? Really?)

Morrell added, “When I put a request in for all of my data, I would expect to receive 20 or 30 folders of data, 25 gigabytes of data, right? But what I actually got was several thousand folders of data where they give you absolutely everything down to a level where if you’re a software developer, it’s manna from heaven.”

In his case, Morrell found full records going all the way back to 2013. Every single transaction, keystroke, button press, and API function of every Alexa-enabled device was recorded. That also included every word his Echo devices heard, and every film, TV program, Kindle book, purchase, and item he had searched for.

Morrell also found this data included all his photos that were automatically stored in Amazon’s free photo service. Since he deposited bank checks online by snapping photos, those could have also been seen. In addition, his Google contacts were open because he has Alexa on his Android phone. This also meant his phone call and texting data were available. Finally, his email was vulnerable as well because he used an Amazon email account. The attacker could have seen all of that because, Morrell explained, “It copies all your credentials to the cloud, and the tablets were acting as trusted secure devices just like, say, a Yubikey.”

Kilemall

Amazon makes big brother look pussy.

silky

@Kilemall said in The OFFICIAL tech stuff thread:

Amazon makes big brother look pussy.

Good job they’re (currently) more interested in your wealth than your existence as an agent of free will

Someone’s published a paper explaining a method for hacking secret keys used in door card security readers by measuring the changes in the reader’s power led. The guy in the below does a really good job of explaining how it works.

Power LED Attack - Computerphile

Kilemall

@silky said in The OFFICIAL tech stuff thread:

@Kilemall said in The OFFICIAL tech stuff thread:

Amazon makes big brother look pussy.

Good job they’re (currently) more interested in your wealth than your existence as an agent of free will

If you are doing capitalism or communism all the way, free will is to be expunged. You will be told what to buy and you will do it.

Louis Rossmann / Aug 2, 2023 / 25:14

Purism wants me to DELETE my video exposing their refund scam & delay tactic - answer is NO!

https://youtu.be/wKegmu0V75s

Interesting video for a few of reasons. The email Purism sent Rossman is unbelievable.

Gators1

@Hog They build FREEDOM tech apparently so they believe in FREEDOM! One of those freedoms is the freedom not to send you the shit you ordered, because fuck it. Why do you hate FREEDOM? Also it’s based in San Francisco so it’s full of communists.

Purism (company) - Wikipedia

Gators1

How We Hacked Donald Trump's Twitter Account🎙Darknet Diaries Ep. 87: Guild of the Grumpy Old Hackers

As a contractor/consultant, the large, multinational I work for requires that about half the work I do be done through a shatty RDP server box that’s shared by about 130 other plebes like me. It’s slow as fuck and was running Windows Server 2012. Even Chrome stopped updating some time ago and warned me every day that the OS was unsupported. It was just another sad little reminder every day about how much my employer hated its contractors.

Well, no more! I logged in this morning and they’d upgraded the machine! Welcome to the future, I thought as I watched it start up. Then I discovered they’d upgraded to Windows Server 2019 which came out in 2018 and will be out of support in a few months.

Ffs

Kilemall

Still an improvement and less risk.

@Whoofe said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

As a contractor/consultant, the large, multinational I work for requires that about half the work I do be done through a shatty RDP server box that’s shared by about 130 other plebes like me. It’s slow as fuck and was running Windows Server 2012. Even Chrome stopped updating some time ago and warned me every day that the OS was unsupported. It was just another sad little reminder every day about how much my employer hated its contractors.

Well, no more! I logged in this morning and they’d upgraded the machine! Welcome to the future, I thought as I watched it start up. Then I discovered they’d upgraded to Windows Server 2019 which came out in 2018 and will be out of support in a few months.

Ffs

hey i bet it was on sale!

If I see a watermark saying “This copy of windows is not genuine” I’m not going to be shocked.

Gators1

That’s how it works in the third world, you get all the shit that we don’t want. The onshore people are probably using Windows server 2025. If it makes you feel better, I will send you some Miami Dolphins 2022 Super Bowl Champions tshirts?