Re: Asset Stripping?
Not really. The roads are the electromagnetic spectrum which is shared so it's more like choosing the Megabus over National express.
41 publicly visible posts • joined 9 Mar 2010
So this wasn't at all like the problem reported.
The problem in this case was that there was an NHS.net distribution list with 1.2 million email addresses in it in the first place that anyone in the NHS could send an email to.
Weather Balloons are excempt provided they use standard meterological balloons and the payload has a parachute. In the UK you just need to apply for a permit to launch - which is just to make sure what you are doing is excempt.
The radiosondes are wireless telegraphy act excempt too as long as they radiate less than 10mW. They usually are set to frequencies that are in the 70cm Amateur radio band to increase the number of recievers available for tracking - there is a pretty comphrensive amateur radio network covering most of europe/worldwide that will pick up tracking signals automatically and stick them on a variety of live websutes.
Last time I was in china (using state run dial-up) the reason I couldn't access many websites sites I wanted to wasn't so much down to outbound firewall rules in China, it was inbound access from Chinese registered IP address being blocked on the sites I was trying to access that was the problem. After decades of malicious attacks, western administrators are pretty wary of Chinese registered IP address ranges.
Quite right - NSA GCHQ MI6 and Special Branch are all in the business of asking people (either nicely or not) to hand over ther keys. The millions of dollars/pounds is not spent on impossible amounts of hardware to crack impossible codes but on the intelligence and manpower to finger the right people to give up the keys.
SSL is an easy one since the cert itself tells you exactly who you need to go to to get the key. Once you've got that you just drop it into wireshark and encrypted data turns into decoded payload - I've done this myself on a couple of occasions (whilst fault finding and with the persmission of the cert owner of course)
That already happens in fact it's pretty much inherent:-
Want to communicate with a submarine on the other side of the planet? No problem - use 16Khz and a missile range to rig up your 40 mile long antenna and you'll penetrate even the deepest ocean - trouble is with a usable bandwidth of less than 100 cycles/sec you'll be limited to about 5 words a minutes in morse code.
Want 10Gbps data transfer across the room? No problem - use a carrier freq of 50Ghz and you'll have oodles of spare bandwidth to give you that throughput and a simple gunn diode will easily give you the amount of power needed to progate 10 feet.
It's more like some loon going up to the White House, knocking on the door and asking for a glass of milk and the guy on the door letting him in and directing him to the oval office. The guy sits around waiting for his milk for an hour or so and finally leaves but not before leaving a note on the president's blotter saying how pissed he was.
The guy on the door, in a lame attempt to keep his job, makes out that the idiot looking for the milk he stupidly let in was some kind of rogue navy seal out to kill the president.
What the US DoD described as the most serious case of computer hacking ever perpetrated comprised of this:
Buying a commercial copy of PCAnywhere (used to remote control PC's) and entering a load of IP addresses allocated to NASA and the US DOD until he found a few boxes running PCAnywhere with no usernames and password's entered.
NASA gate the police the serial number of the copy of PC Anywhere that he used who traced the number of his copy of PC anywhere to his local Dixons/Link shop and then traced it to his Barclay card and arrested him.
Worlds greatest hacker??? They wouldn't have been suspicious if he hadn't left notepad files on the PC's desktop saying stuff like "I've found all them files about aliens you know"
In 2002 it was pretty common to use PCAnywhere for remote support, not putting it behind a firewall or even sticking a basic username and password on should have been a sackable offence really. It would have been laughed out of court - that's why the brits never prosecuted him in the first place.
They were doing it on purpose to link MAC addresses (universally unique addresses of home and business wireless routers) to GPS co-ordinated. This is so they can guess where you are in the future by looking up the MAC addresses your mobile device can see and checking these against a world wide database - not a bad idea if your GPS coverage is a bit flacky.
Of course they picked up a lot of garbage as well as the MAC addresses they wanted in the spource data, and someone thinks that there's half a chance that the source data still exists (unlikely) and that someone would be arsed to search through it for anything other than the address data (verging on the paranoid delusional).
PACS, Cerner Milleniom Acute and Rio Community and Mental Health applications to the majority of trusts in London and the South of England and I don't see them going to the wall.
Maybe it's just economies of scale - presumably BT has plenty of high capacity data centres piped in and ready to go.
Last time I worked there, the comms rooms were on the higher floors. There was a tunnel which lead between the two buildings where some of the cabling went, that was in the basement. Oh and the rifle range of course, oh and the olymic size (less 2 inches) swimming pool in the basement, that's all.
The data centre(s) now they were a different matter. Even the locals didn't know where they were or what they did. Same with most data centres I've worked in - well away from any threat of disaster and running in tandem with others just on the off chance. You don't see them on any maps.
Location: 40°20.12' N 5°31.90' W - locator IN70FI60EL - show map - static map
Last position: 2010-10-27 09:58:55 UTC (2h37m ago)
2010-10-27 11:58:55 CEST local time at El Barco de Ávila, Spain [?]
Altitude: 3471 ft
Last telemetry: 2010-09-17 00:01:41 UTC (40d 12h34m ago) – show telemetry
Battery: 95 Percent, Charging/AC: 95 Charge/On/Off, GPS+Sat: 2 Sats/On/Off, A4: 0 N/A, A5: 0 N/A
A/C Charging GPS B4 B5 B6 B7 B8
Device: BigRedBee: BeeLine GPS version 10 (tracker)
Last path: G6UIM-12>APBL10 via qAS,G6UIM-9
Positions stored: 2097
Packet rate: 12 seconds between packets on average during 604 seconds.
This station is transmitting packets at a very high rate, which causes serious congestion in the APRS network. This could be considered an abuse of the network resources.