Recent Posts

2426

Living Room / Re: Electric shock from USB cable

« Last post by Stoic Joker on January 12, 2013, 09:42 AM »

(b) Telephone lines:[/b] Yes, you need to take care with those. Playing around with modems can give you a healthy respect for the voltages/currents involved. When a ringing signal is being sent...

-IainB (January 12, 2013, 02:30 AM)

All things in IT tending to be a panic... I once found my self running out of hands while under/behind some office cabinetry while tracing out a large ball of (evil elf macramé) wiring and (not thinking) stuck one of the wires in my mouth so I could better address a rather nasty tangle. And damned if the phone didn't decide to pick just then to ring.

That's a 4 sec pause for you to try swearing in, then your eyes light up for 2 sec, repeat...

2427

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 11, 2013, 06:56 AM »

it reminds me to pay attention to what I don't know

-Stoic Joker (January 10, 2013, 09:27 PM)

But there's still a problem here  :  how do you pay attention to what you don't know if you don't know you don't know it  ?

-barney (January 10, 2013, 11:01 PM)

It's been said that to know ones self is the highest form of aggression...and therein the answer lies. We all know things, and sometimes we only know parts of things. But while we can easily cling to the (rocks) parts of the things we know ... We also can and should pay very close to the other parts where we know we're guessing. It also doesn't hurt when doing something one is familiar with to explore a tad further to make sure nothing new has popped up since the last time it was done. i.e. Configuring the native backup software in Server 2012 is done identically to Server 2008 ... Except for one tiny little detail which bit me in the ass just last week. Fortunately I was anticipating surprises, so I now won't have to deal with finding out 6 months later (when shit hits the fan) that the backups will only fire 1 out of 5 times. e.g. While it's a new version of the same thing, I'm only guessing that nothing changed and my previous level of familiarity in still intact (it wasn't).

A former boss was prone to the chastisement, "If you didn't know how to do it, why didn't you ask?"  Well, the folk who received that unanswerable question were folk who thought they did know how to do whatever it was.  They just didn't know how to do it her way.

But they didn't ask a question because they didn't know they didn't know her way of doing it.

-barney (January 10, 2013, 11:01 PM)

That's a people issue, not a technology issue. People in high places that insist that things are done their way ...(instead of to industry standards)... are frequently wrong. I don't tolerate draconian micromanagement, and have walked away from a job more than once because of it. Now granted the term issues with authority does apply (to me). But in the interest of fair play I will let a new boss have their way within reason in the interest of "getting-the-rythm" of a new position as some things can actually be perfectly safe/fine as personal preference...other things cannot.

Conversely I encourage the people that work under me to pick appart my instructions, and point out (discretely...) if they think I am "wrong", or perhaps missing something that could be critical. Because sometimes - forest for the trees - I miss shit too.

2428

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 10, 2013, 09:27 PM »

... pay very close attention to what you don't know.

-Stoic Joker (January 10, 2013, 06:04 PM)

Hm-m-m ... if I don't know it, how do I know to pay attention to it  ?

(And that is a real question.)

-barney (January 10, 2013, 08:41 PM)

Simple really ... Everyone's skill set gets fragment over time as new technologies and platforms come out. Yet there is never enough time to fully research everything. So one tends to fall back on the basics, and what is known well to try and logic out the missing bits. When situations like this arise, and things "just fall into place", there is a tendency to just pat ones self on the back and move on. Don't. Because there is a good chance that you might not actually be as lucky as you think.

Just because something works doesn't mean it's right, it just means it's close. Take the time to pick at the missing bits that you don't know intimately. Because some people understand why DNS and SNTP a crucial to the heath of an active directory domain...and some folks are constantly wondering how MS had the gall to sell the unstable buggy contraption. I run into this (misconfigured domains issue) in the field constantly. And each time it reminds me to pay attention to what I don't know ... Because the last guy didn't ... And that is why his client is (pissed and) now mine.

I guess in a fashion it is just a kinder gentiler way of saying don't get cocky. But it also give one something to do to prevent it.

2429

N.A.N.Y. 2013 / Re: NANY Thoughts from Developers?

« Last post by Stoic Joker on January 10, 2013, 07:23 PM »

Mouser is pondering to take the Last Minute Scramble part out of it, and let it be more of a year long process.

Good idea. Still keep the New Year's deadline, but let people work on, gain feedback, and refine the app all year long.

-kyrathaba (January 10, 2013, 06:39 PM)

That's too much time ... I liked the one that started in July.

2430

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 10, 2013, 06:04 PM »

But with the rampant paranoia around these parts currently, I'm starting to change my tune.  Plus, I find it to be paralyzing on some level, and that is so not me.

-superboyac (January 10, 2013, 05:26 PM)

I hear ya man, I really do.   But the only secret to security I ever came up with was to pay very close attention to what you don't know. Check for all the stuff you can thing of, and watch for things that might have been missed while you're doing it. So far its worked well for me.

2431

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 10, 2013, 03:49 PM »

Man, you guys sure know a lot about this stuff.  Now I feel inadequate  .

-superboyac (January 10, 2013, 08:47 AM)

Don't be. Nobody is an 'expert' on system security these days unless it's their full-time job. There's just too much going on and far too much to know to do it part-time any more. I'm sure I'd be much happier, and sleep better most nights, if I didn't know what relatively little I do know about this topic.

-40hz (January 10, 2013, 12:59 PM)

+1 - I too occasionally yearn for blissful ignorance.

2432

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 10, 2013, 03:47 PM »

^It's the way it gets marketed. It's presented as all "feature" with no risk or responsibility attached. It also hearkens back to a more naive mindset. Much like Microsoft being so blissfully unwilling to acknowledge WAN when they designed their early network software ...

-40hz (January 10, 2013, 12:54 PM)

Wow! a NetBEUI crack?  (Last seen in the XP install CD's Tools folder) ...That's kind of Dark (ages) Humor isn't it?

I get the state of the industry stuff ... I was more looking for what service(s) were the Ricoh's most likely to be exposing to the web. Because in a larger - actually needs a device that size - network there should be an IT staff that had to also be guilty of conjuring up this dangerous configuration.

...and yes I am looking for ideas on where to go poking around at some of the live web carnage ... as it is actually part of my job. (e.g. I made the brass watch the video ... and now they want me to (um...) explore it in depth.)

2433

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 10, 2013, 12:13 PM »

Allowing for Kerboros authentication along with the "dead data" auto-overwrite and HD encryption eliminated most of my concerns. But it does have a full doc server, web interface, and allows FTP so I'm sure you could do something stupid to leave holes open. There's plenty of resources available for a hacker to work with. Plus it has a scan to direct email feature I'm still not happy about. Way too easy to slip a confidential document out of an office with few being any the wiser unless they're religious about checking logs. Just slip it in between a a few regular copy or scan jobs and put it back in the files when you're done. A fax transmission is fairly easy to trace. But dumping something in a temporary email account makes it available for pickup anywhere on the globe.

-40hz (January 09, 2013, 08:19 PM)

Sure all of the Multi Function Printers these days have a Swiss Army Knife load of protocols and possibilities for connecting to internal systems. But why would anyone in they're right mind expose any of these on the external surface of the network (internet - for those not familiar with the other term)? That's just completely insane! And by the sound of the video, the was something they were effecting with/by a default install ... I just can't get my head around it.

2434

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Stoic Joker on January 10, 2013, 06:59 AM »

Silly or sad instead?
 (see attachment in previous post)

-Giampy (January 10, 2013, 06:25 AM)

I'll go with sad (but I am smiling).

2435

Living Room / Re: SEO Say What?!?

« Last post by Stoic Joker on January 10, 2013, 06:55 AM »

Ah..If only I was an Irish roofer..

2436

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 05:54 PM »

are you saying it's not a good idea to enable upnp on residential routers?

-superboyac (January 09, 2013, 05:48 PM)

Dear god man, please add a smiley, sarcasm tag, or something to that.. (you're scaring the hell outta me)

 

2437

Living Room / Re: NASA Considers Putting an Asteroid Into Orbit Around the Moon

« Last post by Stoic Joker on January 09, 2013, 05:50 PM »

Who knows? Assuming we're not alone, there's also the chance we may finally meet somebody really interesting to talk to.

-40hz (January 09, 2013, 02:02 PM)

Hmmm - but would they find us interesting enough to talk too

-Carol Haynes (January 09, 2013, 03:40 PM)

(hell) No ... But if we're lucky they might keep us as pets..

Ah... A dogs life!

2438

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 05:38 PM »

You could probably find some by searching on "hp printer remote exploit".

-Renegade (January 09, 2013, 05:18 PM)

Dude, seriously ... What makes you thing I don't already spend half my typical day doing that search already..?

 

2439

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 05:35 PM »

The concerns with Ricoh over their big networked scanners were a lot more serious since about half my clients use those.

-40hz (January 09, 2013, 02:29 PM)

Yeah, that one had me a bit puzzled actually. What is Ricoh doing...running IPP via DMZ?? Why are these things even on the public surface of the network in the first place? They don't need to be for any reason I can think of. None of the (currently business sheik...) Digital Sending Services require this kind of exposure...so why are they getting it?

Seriously - I seldom deal with Ricoh much (HP/Xerox/Toshiba/Lexmark, yes constantly) - I'm hoping you've actually seen one of these insanity rigs and can tell me how badly they're exposing what.

On a side note: It seems that from what I've seen, about 90% of the companies that have one of those huge assed comercial copiers don't really need anything nearly that big. Does that track with your area also...or do companies tend to run large(r/ish) in your part of the country?

2440

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 02:09 PM »

I went ballistic over ePrint the first time I saw it. I'm constantly warning clients about this sort of thing and the risk it presents.

-40hz (January 09, 2013, 01:47 PM)

I grilled the HP rep (at one of their tech shows) for an hour about that when it first came out. It works via passive polling, so the printer just checks its own Email address via the HP cloud server (which is where your print jobs are actually sent (eek!)). so over all it (ePrint) isn't really that bad.

Now the (personal cloud) WebScan feature the video was picking at - Holy crap! - Who's dumbassed idea was this feature?? Why would anyone need to remotely scan anything?? The document would need to be manually loaded by someone who could just as easily have email the %&$^ thing to you instead of pull-scanning it across town with some silly gadget. That's just daft!

It most likely requires/leverages UPnP which is another insanely dangerous idea that I immediately disable on sight.

P.S. Somebody please tell this dweeb (who works for HP Netherlands) that his was one of the lamest comments ever made by anybody speaking on behalf of HP.

-40hz (January 09, 2013, 01:47 PM)

That's just freakin' shameful ain't it? His car analogy was equally stupid if you really think about it as well.

2441

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 12:22 PM »

Yep... ...That's what I was afraid of.

@Renegade - Any idea where this video originated/how one could find some of the research details for this project?

2442

Living Room / Re: A Gift for the Hackers - Documentary

« Last post by Stoic Joker on January 09, 2013, 07:03 AM »

Don't have time to watch the vid now but...

It talks about accessing printers & scanners remotely from the Internet. It gets pretty scary pretty quickly.

-Renegade (January 08, 2013, 10:03 PM)

I've had concerns about this stuff for a while now... (Should be fun to see how right I was/am.)

2443

Living Room / Re: NASA Considers Putting an Asteroid Into Orbit Around the Moon

« Last post by Stoic Joker on January 09, 2013, 06:59 AM »

In the 70's every was sure we'd have flying cars by now.

-Stoic Joker (January 08, 2013, 11:27 AM)

I remember reading old Popular Mechanics magazines with flying cars, jet packs, and underwater cities. The future then looked a lot better than the future we're looking at now.

-Renegade (January 08, 2013, 08:09 PM)

Then again, look at Popular Mechanics now, and you'll be saying that the Popular Mechanics then looked better than the Popular Mechanics now.

-wraith808 (January 08, 2013, 08:25 PM)

I can't look ... I fear the trauma may be to great to cope with.

2444

Developer's Corner / Re: "NTLM 100% Broken Using Hashes Derived From Captures"

« Last post by Stoic Joker on January 09, 2013, 06:56 AM »

What are the potential risks of enforcing NTLMv2?
All supported versions of the Windows operating system support NTLMv2. Windows NT 4.0 SP6a also supports NTLMv2.

-Microsoft KB2793313

NT Local Machine (NTLM) authentication has nothing to do with your WiFi. It the mechanism used to authenticate Local Machine accounts over the wire. WiFi is just a Layer 1 media connection.

Strange that this is still an issue since forcing NTLMv2 was a recommended configuration for Windows 2000 way back when it was released. It was actually covered in several of the whitepapers then, that (apparently) nobody read.

2445

General Software Discussion / Re: Rumors of Adobe releasing CS2 for free? (true or NOT true)

« Last post by Stoic Joker on January 08, 2013, 06:17 PM »

Persoanlly I think I will stick with CS3 until Windows 9 breaks it!

-Carol Haynes (January 08, 2013, 04:31 PM)

+1 - Me too!

2446

Living Room / Re: NASA Considers Putting an Asteroid Into Orbit Around the Moon

« Last post by Stoic Joker on January 08, 2013, 11:27 AM »

When I was a kid (I was born in '67, so I was 2 when Neil Armstrong walked on the moon), we used to have grand dreams. Science fiction novels were about wondrous galaxy-spanning civilizations, and the limits to what we'd eventually accomplish were dictated only by what we could dream. But somewhere along the way, we ran into a wall. We stopped dreaming grandly. The galactic civilizations were replaced by dystopian cyberpunk stories, in which we're trapped in a cesspool, with a dark future only as long as we can avoid our own self-destruction. I really appreciate what might be a return swing of the pendulum, replaced by big ideas again.

-CWuestefeld (January 08, 2013, 11:01 AM)

+1 - Well said (I was born in 65) ...We got to the moon and then just sat on our ass and started grumbling.

In the 70's every was sure we'd have flying cars by now.

2447

General Software Discussion / Re: Adobe CS2 for free? (NOT SPAM)

« Last post by Stoic Joker on January 07, 2013, 01:45 PM »

Note CS2 isn't compatible (at least officially) with Vista or later.

-Carol Haynes (January 07, 2013, 12:45 PM)

I'm still using Photoshop from CS3 on Win7 x64 so hopefully CS2 will still run ok.

More info via ghacks update3 and slickdeals-

http://slickdeals.ne...mac-digital-download

-cmpm (January 07, 2013, 12:18 PM)

Good info in the comments there regarding above compatibility question.

2448

Living Room / Re: Ham Radio Cheat Sheet – an InfoGraphic

« Last post by Stoic Joker on January 07, 2013, 01:36 PM »

Not to worried about the Ham radio bit, but the phonetic alphabet list could be handy!

Thanks

2449

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Stoic Joker on January 07, 2013, 01:24 PM »

Geeky men, be sincere: when a program is running fine, would you ever abandon your computer???

-Giampy (January 07, 2013, 07:11 AM)

Um... What Computer?

2450

Living Room / Re: Charging for Links to Your Site?

« Last post by Stoic Joker on January 06, 2013, 12:40 PM »

Well if they want to go prancing around the bend, then they should (be forced to) finish the full turn instead of parking at the apex. The newspaper (and/or media in general) should be forced to pay the subject of the article for using the content that they (the subject) actually created by making a spectacle of themselves. Because the news media doesn't actually create content...the subjects of their articles actually create the content by engaging is some form of interesting antics. The news media simply makes written or video taped observation about the story/content that some poor sods fate has actually created.