[url]https://www.thesun.co.uk/news/4873155/cops-raid-german-blokes-house-after-his-alexa-music-device-held-a-party-on-its-own-while-he-was-out/[/url] [quote]"While I was relaxed and enjoying a beer, Alexa managed on her own, without command and without me using my mobile phone, to switch on at full volume and have her own party in my apartment"

"She decided to have it at a very inconvenient time, between 1.50am and 3am. My neighbours called the police."[/quote]Amazon claims the system was working flawlessly.[quote]"Although the Alexa cloud service worked flawlessly, Amazon has offered the customer to cover the cost for the incident."[/quote]If it was so flawless then why does it cause so much trouble? Oh, right, I see, it was [i]programmed[/i] to cause all that trouble, and the programming worked flawlessly, got it. :tu:

[QUOTE=retina;497678][url]https://www.thesun.co.uk/news/4873155/cops-raid-german-blokes-house-after-his-alexa-music-device-held-a-party-on-its-own-while-he-was-out/[/url] Amazon claims the system was working flawlessly.If it was so flawless then why does it cause so much trouble? Oh, right, I see, it was [i]programmed[/i] to cause all that trouble, and the programming worked flawlessly, got it. :tu:[/QUOTE]
Hmm. the story is from last November, According to Amazon,[quote]Working directly with the customer, we have identified the reason for the incident. Echo was remotely activated and the volume increased through the customer's third party mobile music-streaming app.[/quote]
This is yet another confirmation of the ancient wisdom about all things computer: If you're going to be out for any length of time, [b][i]pull the plug![/i][/b] And if it's battery-powered, disconnect the battery.

[QUOTE=Dr Sardonicus;497704]Hmm. the story is from last November, According to Amazon,
This is yet another confirmation of the ancient wisdom about all things computer: If you're going to be out for any length of time, [b][i]pull the plug![/i][/b] And if it's battery-powered, disconnect the battery.[/QUOTE]

W.r.to the German dude, I say if you're dumb/vain/lazy enough to invite the modern big-data-corp digital Stasi into your home, you deserve to pay the consequences. This being in Germany, I'm sure most victims of the actual Stasi would be gobsmacked at the notion of people happily inviting the modern spymasters to install their Orwell-on-steriods surveillance in their homes, 'for the convenience'.

Trusting some random random third party "security" company to take control of you access is definitely a fabulous idea. We should all do it. Nothing could possibly go wrong.

[url]https://mobile.twitter.com/YaleSecurity/status/1050048180161789952[/url] [quote]What on earth is happening here. Can’t remotely unlock the house for my Children. UPDATES URGENTLY needed please.[/quote]Yes indeed. Not trusting your children with a key, and instead trusting a company that only cares about profit, is a good way to raise them to be independent and show how much you care about them. Good job :tu: [quote]Can’t log in app is not having any of it deleted and reinstalled nothing called you waited 15 minutes in your call system telling me how a Yale alarm is the best then you just hang up 🤬 messaged on twitter no response just what I wanted after spending an hour trying to get home [/quote]That is a great way to spend an hour. Fighting the latest and greatest technology just to enter your own home is always fun. Especially when someone else has control and you can't get to talk with them.

But it's all okay because this is just one of those shitty small upstarts that only has 3 employees, right? Nope, it's Yale.

[QUOTE=retina;498116]Not trusting your children with a key, and instead trusting a company that only cares about profit, is a good way to raise them to be independent and show how much you care about them. Good job :tu:[/QUOTE]Absolutely! They're teaching their kids to be self-reliant!

Kids are supposed to be tech-savvy, so they should be able to hack their way around any software glitches, right? Or, to break in, and be ready to explain themselves to the cops.

Besides -- when they grow up, they're going to have to deal with companies that only care about profit. Might as well get them started, right?

Weak SSH...
 

Hey all. Just in case you aren't aware, [URL="https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/"]this is happening[/URL].

It amuses my sorry little ass a little bit when people try to "brute force" against my SSH servers. They quickly "fail-to-ban" (and get reported to the community), and they don't have a chance to get in.

Somewhat tiring, though.

For those not as paranoid as I, a potentially useful attack position.

[QUOTE=chalsall;498689]It amuses my sorry little ass a little bit when people try to "brute force" against my SSH servers. They quickly "fail-to-ban" (and get reported to the community), and they don't have a chance to get in.[/QUOTE]Given enough time and a diverse set of minions, I think that your system might be breached by brute force. 10,000 different random IP's, each hitting you only once every 120 minutes (and spread out over that time) might avoid the wrath of your ban tool. Also, rather than deploy them all, send 100 at a few faster clips until banned, repeat with 100 more at various other longer periods, repeat until no bans. The release the hordes.

But, I am not a comp security person. So I might be blowing smoke. I just like to try to figure ways around things (like airport security) for my own amusement.
You might find Smokey Yunick an interesting person to read about. His exploits to get around/abuse the rules are legendary. (Like the 2" diameter fuel line.)

[QUOTE=Uncwilly;498697]Given enough time and a diverse set of minions, I think that your system might be breached by brute force.[/QUOTE]

Unlikely. For reasons I won't go into for security reasons....

[QUOTE=chalsall;498689]It amuses my sorry little ass a little bit when people try to "brute force" against my SSH servers.[/QUOTE]

I've been getting that sort of crap for years. To the best of my knowledge no-one ever gets through so I've no idea what the intended payload may be.

A quick look shows 113432 "Disconnecting authenticating user" lines in the syslog on this particular machine. Representative samples include

[FONT="Courier New"][SIZE="2"]Oct 20 00:04:06 anubis.home.brnikat.com sshd[3924]: Disconnecting authenticating user operator 211.202.2.19 port 55200: Too many authentication failures [preauth]
Oct 22 17:24:04 anubis.home.brnikat.com sshd[3924]: Disconnecting authenticating user ftp 193.201.224.241 port 24789: Change of username or service not allowed: (ftp,ssh-connection) -> (manager,ssh-connection) [preauth][/SIZE][/FONT]

Every minute for three months, GM secretly gathered data on 90,000 drivers' radio-listening habits..
 

Every minute for three months, GM secretly gathered data on 90,000 drivers' radio-listening habits and locations

[url]https://boingboing.net/2018/10/23/dont-touch-that-dial.html[/url]

[quote]... GM seems poised to create a market in data gathered by your car, which can listen to you, follow you, take pictures of you and your surroundings, and even gather data on which passengers are in the car at different times by tracking Bluetooth beacons from mobile devices.[/quote][quote]"We sampled (the behavior) every minute just because we could,"[/quote]It's not a car, it's really a computer with wheels, connected to the Internet.

Totally bonkers IMO. Lettings some external thrid party control, and disable, your stuff.

[url]https://arstechnica.com/gadgets/2018/12/logitech-firmware-update-breaks-locally-controlled-harmony-hub-systems/[/url] [quote]Logitech began pushing out firmware update 4.15.206 last week, its release notes stating that it addresses security and bug fixes. Users immediately flocked to Logitech's community forms to complain once they realized the systems they built up to control their smart home devices essentially became unresponsive. Users with Homeseer and Home Assistant APIs have reported parts of their systems broken, preventing them from controlling things like smart TVs, sound systems, and more using the Harmony Hub and its remote.[/quote]Paraphrasing Logitech's response: We don't like people using [i]our[/i] stuff in ways we don't allow, so FU we're enforcing our will on the things we control.

---------------------------------------------------------------------------------------------------------------------------------------

Here is another great example of making you well aware that you are not the person in control of the stuff you thought you owned.

[url]https://pbs.twimg.com/media/CMnbc-mWEAAhtGQ.jpg[/url]

Hilarious actually, as long as you don't own one of those things.

In case you can't view the image, it is a screen shot from a phone app that says: "Confirm Your In-App purchase. Do you want to buy the ability to set your thermostat above 25° C for $4.99? <Cancel> <Buy>"