It checks to see if the /mnt/ubi_boot/mfg_test/enable file exists, and if
so, it fires up a telnet service (among other things). However, the
mfg_test directory doesn't exist at all on the production system [...] But
with the SSID command injection vulnerability, we can easily create it. The
commands to create the file are too long to fit into the restricted
32-character SSID input field, so we'll echo them piecemeal into a shell
script and then execute that script [...]
Rooted with nothing but the remote control it came with.
on jailbreaking the Netgear NTV300 "NeoTV"
The industry standard is most Social Security numbers are not encrypted. A
lot of banks don't encrypt. It's very complicated. It's very
cumbersome. There's a lot of numbers involved with it.
-- South Carolina governor Nikki Haley
If you're going to allow users to download all of their data with one command, you might want to double- and triple-check that command. Otherwise it's going to become an attack vector for identity theft and other malfeasance.
on "data portability" risks
I have X'd out any information that you could use to change my reservation. But it's all there, PNR, seat assignment, flight number, name, [etc.] But what is interesting is the bolded three on the end. This is the TSA Pre-Check information. The number means the number of beeps. 1 beep no Pre-Check, 3 beeps yes Pre-Check. On this trip as you can see I am eligible for Pre-Check. Also this information is not encrypted in any way.
shows how to change a boarding pass for less TSA screening
This iommu encrypts addresses on the device bus to avoid [divulging] information
to hackers equipped with bus analyzers. Following 3DES, addresses are encrypted
multiple times. A XOR cypher is employed for efficiency.
-- Avi Kivity
(thanks to Michael S. Tsirkin.)
to post comments)