How many of those cable providers have a stake in Hulu, CBS All Access, etc already? This will further drive more consumers into the online streaming only services, which will get you fewer channels, and fewer choice in how to consume content. At least Star Trek: Discovery got released on DVD/Bluray now.

Here's the thing: In the United States, cable companies are regulated federally. The cable box they rent out to you is *federally mandated* to use the same crypto card (cable card) that other devices like TiVos and some TVs have built in.

Basically right now you can pay $160/month for phone+cable TV+internet and get an asston of TV channels, maybe 5% of which you watch religiously, and maybe an additional 20% that you watch infrequently. You benefit from this _some_ because the cable companies are merely distributors of premium content (e.g. HBO, Showtime, etc) and "extended digital basic" content (e.g. Discovery, History, Cartoon Network, ABC Family); and up until Netflix was streaming more content than shipping discs around everyone was clamoring for Cable TV a-la-carte.

The reality is, we've got it now with CBS All Access, NetFlix, Hulu Originals, YouTube Originals, but ... the negotiation power of having 2.1M subscribers as a distribution company is lost, and consumers will (or already are) paying more for content a-la-carte.

I did some research on Phison based USB flash drives a couple years ago, and finally came back to the research a couple months ago. These controllers are dirt cheap, so they're prolific and in all kinds of flash drives. Brand name doens't really mean anything, nor do USB product ID and vendor IDs matter. The only way you can tell what kind of flash controller is on the inside of your USB flash drive is by either sending a vendor specific SCSI CDB at them, or ripping them apart and actually looking at the chip.

Anyway: details of the vuln - The phison 2251 (and similar) based drives have a way to split (think partitioning) the flash drive into separate regions, and then optionally lock access with a password. They let you choose the percentage of the split, so you could have a 2G "public" volume and a 2g "private" volume on a 4G stick, with the "private" volume requiring a password to make it visible to your OS.

But that password -- it's only used for visibility of the "private" volume. You can either re-position the split mark, or entirely disable the public/private split and make the drive one big volume again. It's not a configuration lock, it's a volume visibility lock. Stupid, stupid, stupid.

I really don't see how that is relevant, do you expect me to quote a scientific study that shows MTTP (mean time to pr0n)? "decent size" was very obviously a generalization.

If you work computer security for any company of decent size, you're gonna discover someone surfing porn. Most times we give folks the benefit of a doubt the 1st time in case it's some porn ad something on an otherwise "okay" site (gray, but not really a policy violation), but once a pattern of porn surfing is discovered, it usually results in someone getting written up, potentially ending with them losing their job.

Don't do this at work. You're not on your personal computer, it could be a shared computer (ewwww), and it's not your network. There's always someone watching to the benefit of the company, not you. It makes for an awful work environment for the people in the office, and can bring in malware. There's a joke I heard, of people clicking on the Yes/Accept/Install buttons ... "do I have porn yet?" [click] "do I have porn yet?" [click]. Lots of malware comes down in the form of a "video codec" or plugin you need to watch the media. It's just awful.

I'm pretty sure Valve has gameplay-related analytics for their games, e.g. "What part of the map did the player die in the most often" to show poor level design in play-testing, not sure if it made it into the release game or not. That's one kind of analytics that I'm fully in support of. None of this "you have IDA pro running, you can't play video games" crap.

Here's an article: https://www.pentadact.com/2007...

I'll just give you the details here:

From my browser's console, I see google's server throws 400 Bad Request, when the browser hits hxxps:/ /www. google. com/_ /AndroidPartnerUncertifiedRegistrationUi/mutate

Heavy redaction below, so that hopefully nobody can abuse this to mess with my google account.

Query string params:
at AN????????????????????????YM:15?????????03
f.req ["af.maf",[["af.add",14?????94,[{"14?????94":["MyAndroidDeviceIDHere"]}]]]]

Post params:
_reqid 15???60
ds.extension 14?????94
f.sid -12???????????????28
hl en
rt c

Every time I've tried using the whitelisting link, I get an error message that pops up, and disappears at the bottom of the webpage: "Uh oh, something went wrong. Please try again later."

Since it's been difficut to track down how to get your android device ID, here's how over ADB:

$ adb shell settings get secure android_id
214d54464e505921

The sequence of hex digits above is your android device ID.

In the US, there's a swath of radio band that is reserved. First for the US government (e.g. military), then for licensed amateur radio operators. I think there's a tertiary option where if $user only uses less than some-small-number-of-miliwatts. But the higher precedence one trumps the lower ones.

If this is going to be on ham radio frequencies, hams are going to essentially be able to cite FCC regs and say "shut that shit off" due to interference. Hams are GOOD at triangulating interferance, and if they discover it's coming from *all around them* they're going to speak up *quick*.

Remember, Hams are folks who have spent their own money to get radio gear, and then use that radio gear to provide emergency communications in the event of a disaster. On 9/11 I took my handset to the local hospital in case land line phones and cell phones went down. Fortunately I wasn't needed, but ... you do not want to fuck with free emergency communications.

Want to know when somebody finds a XSS vuln in your timesheet app? Give 'em a starbucks gift card. Or a $20 pre-paid gift debit card they can use anywhere.

Sure, employees will try to game the system at first, and you'll find loopholes in your "rules" of the game. But the end result is net positive:

1) Your employees are *paid* and *happy* to notify the company of vulnerabilities, and
2) You. Fucking. Fix. Vulnerabilities.

Seriously, it's a net win for both the company and the employees. Just do it.

SQRL, ShieldsUp and SpinRite are all crap. When I first heard about SQRL I knew it wasn't thought through completely, like how ShieldsUp! permits joe-random-employee at $office to cause GRC.com to portscan the ever loving shit out of your corporate firewall. I've blocked the scanner from GRC.com at multiple offices.

And no, SpinRite doesn't do jack.

Source: e-mail exchange with him, based on my shmoocon presentation on hacking USB flash drives.

In short: I said there's no way you can have open source firmware for a proprietary undocumented ASIC, that has to keep track with new developments in flash memory every 3 months.

He want on to ask if there was a way to buy a USB flash drive that wasn't field-reprogrammable, or to "convince a company to make USBs [sic] that way". I'm not aware of any, and it's impossible as-is to A) ask a vendor "What chips are you using?" and B) have the vendor use the same controller/flash chips on the same device.

Dude wouldn't listen, and I gave up trying to educate him.

Actually, a lot of them aren't paying customers. Well, they do pay, but with fraudulent credit cards, so the ISPs a lot of times are out a wad of cash.