I built my i7-920 system in February '09. It was my primary PC used for gaming until I built a replacement i7-11700K system in March '21.

As with many people around here, it was updated over the years. I honestly think the only original part left may have been a SATA cable or two. I upgraded from the standard X58 motherboard to the Classified NF200 version using EVGA's StepUp program (so within 90 days of buying it). I eventually replaced the i7 with a hex-core Xeon. I upgraded to bigger and faster RAM, SSDs, and GPUs along the way. I switched from 120mm tower coolers to AIO watercooling. I even upgraded the PSU and changed cases. Since it was built in the aughts, it even got an upgraded DVD-RW and BD-ROM addition.

Essentially nothing remained of what I had originally installed in '09, but I was still using my X58 system in '21. It's actually still sitting across the room, fully functional, even though I don't use it anymore. I mentioned it in several comments shortly after I built it, because a bunch of people were complaining about how Intel was changing sockets every 5 minutes while AMD stuff was perpetually upgradeable. I won't be surprised if I never have another "single PC" last me as long as this one did.

The $30 Xiaomi Dafang is initially limited to their app/cloud, but there's custom firmware that lets you do a lot more. I looked into it a while back, but never got around to actually trying it out personally. https://hackernoon.com/hacking-a-25-iot-camera-to-do-more-than-its-worth-41a8d4dc805c -> https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks

This is the hardware used for Wyze. https://www.wyze.com/

It is on this router if it only does 1.73Mbps. I'm also curious about the 1MB of RAM. (Other pages indicate that it's 1.73Gbps and 1GB of RAM, which is in line with modern routers.) Another correction, it's got 4 gigabit ports total, 3 LAN and 1 WAN. This comes as a huge shock, but it seems the editors can't be bothered to proofread anything.

If you make financial decisions based on old copies of a page, knowing that the current page is unavailable, you deserve whatever you get.

Except sometimes, a page isn't there, but it is, because someone has made a copy of the page while it was still available. Having one-click access to this backup copy can be very handy. In case you didn't RTFA, Mozilla's No More 404s add-on will give Firefox users the choice to see old Internet snapshots saved in the Internet Archive's Wayback Machine. No, just showing an old copy of a page instead of the current one is not a good idea. Giving the user a choice of pulling up an archived copy instead of just an unhelpful error page is a nice thing to do.

If you don't want services automatically crawling your pages, configure your robots.txt appropriately. http://archive.org/about/faqs.php#2, http://lmgtfy.com/?q=prevent%20google%20from%20caching%20my%20site, etc. This feature (which has been around in the form of the Resurrect Pages addon for at least 10 years) simply gives users an easy way to access a backup copy of a page when it isn't found live.

http://wayback.archive.org/web/*/https://myspace.thecthulhu.com/ (The original was slow for me, but did eventually load.)

There's a Magnet link on the page, but the Torrent file itself didn't get archived. I put a copy at http://www.invisibill.net/Myspace.com.rar.torrent.

In the linked forum thread, from robinalden (Comodo Staff):

With LE now being an operational business, we were never going to take the these trademark applications any further. Josh posted a link to the application and as of February 8th it was already in a state where it will lapse.
Josh was wrong when he said we’d “refused to abandon our applications”. We just hadn’t told LE we would leave them to lapse.
We have now communicated this to LE.

If you want a modern car, you're just going to have to accept that right now, they're all full of closed-source, black-box computer stuff. Short of going to work for the manufacturer and signing an NDA, you're never going to be able to get access to the inner workings of these things. The unfortunate truth is that these manufacturers are adding features without incorporating security from the very beginning, in an effort to have more bells and whistles than the other guys. They're getting better about security, but they still have a lot to learn.

The good news is that most of these hacks are at least somewhat mitigated. The Jeep one seems the worst, as it worked over a cellular connection from seemingly anywhere, to get into the infotainment system, and then jump to the car's actual controls from there. Chrysler was able to make some change to their network that (partially?) stopped the attack even if the individual cars were still technically vulnerable. The OnStar hack was a MITM between the mobile app and the OnStar website (due to not verifying the cert); it resulted in being able to do things to the car, but wasn't actually a vulnerability in the car itself. Most of the previous hacks require physically connecting to the OBD2 port in the car. As was stated in related posting, just as with computers, if the bad guy can break into your car and install a dongle, you're pretty much screwed anyway. Just like installing only necessary packages on a server to minimize its attack surface, you can also skip unnecessary vehicle options to reduce the chance of a vuln (though you may have varying levels of success getting a car with exactly what you want and nothing you don't).

We need these hackers to keep pointing out these flaws until the manufacturers fix them (and hopefully completely avoid the same mistake in the future). For now, it's still fairly early in the cycle with lots of learning being done. We need more isolation between the vital control systems and the trivial entertainment junk to completely remove the possibility of something like a USB stick being able to take over your engine, but for the most part these vulns are still rather limited in their application, due to the inherent limitations of actually getting linked up to your car's systems. I'm afraid it might get worse before it gets better, but at least these things seem to be getting addressed by the manufacturers, rather than just covered up.

Thanks, that's a much better article. Knowing that this is a Wi-Fi MITM attack greatly reduces the impact, at least for people like me. I'm sure it's very easy for less knowledgeable folks to stumble onto a rogue AP, but I'm not too worried about that with my own personal setup.

I'm still a bit surprised that just opening the app triggers a login (where OwnStar can steal the credentials). As I said, none of the displayed status information updates automatically; if you're going to log me in, why not at least show me current details in the app?

Kamkar’s shown that if a hacker can plant a cheap, homemade Wi-Fi hotspot device somewhere on the car’s body—such as under a bumper or its chassis—to capture commands sent from the user’s smartphone, the results for vulnerable vehicle owners could range from nasty pranks to privacy breaches to actual theft.

That seems like one of the worst places to do this. Due to the phone-internet link, server processing time, and VZW CDMA OnStar connection, the app is rather pokey. Other than possibly showing a curious person how it works or after locking my keys in the car, I would never bother to use RemoteLink if I was already at the car. You need to be where the phone/app is, which is probably not where the car is - that's the whole point of remote access features.

I agree, the video doesn't really prove anything. It simply looks like he's using the app normally. I could make an identical video with my own Volt. I assume he's actually doing what he claims, but the lack of detail in the video means it isn't actually proof of anything.

The SIM800L seen in his device is a quad-band GSM module. He also has a Raspberry Pi and a RTL8187L wireless NIC in there. It seems like it's a MITM attack between the app and OnStar's servers, but the GSM module makes me think he might be generating cellular packets to send directly to the target vehicle. The app doesn't even automatically refresh the displayed vehicle status info just by opening the app, so it doesn't seem like simply opening the app would trigger an OnStar-to-vehicle cellular connection that he could take advantage of.

I suppose it could be for intercepting the app's traffic over a cellular connection, but it seems like breaking into that data stream would be more complex than hijacking a Wi-Fi connection (though I admittedly don't know too much about data over cellular connections). It looks like all of the iPhones that are in use are on VZW cellular connections (the screenshot of the map is on Wi-Fi).

Maybe it's just to give the OwnStar cellular connection ability to report the target vehicle info to him from anywhere? That seems a bit excessive for a PoC for local testing, but I guess if he's taking it to DefCon, he would want it to work there.

If he is doing something with a direct cellular connection, it's somewhat mitigated by the fact that '14 and older models use VZW CDMA for OnStar service, while '15 and newer models have switched to AT&T. I'm sure it wouldn't be too hard to use a different cellular radio in the OwnStar, but it does make the target vehicles somewhat heterogeneous.

The app/phone doesn't communicate directly with the car. The app communicates with the OnStar service via the Internet (you have the same functionality from their website), which then sends commands to the car via cellular data (previously VZW, switched to ATT for '15 with all the new LTE Wi-Fi hotspot stuff).

That's essentially what these do. They just display your phone's stuff on the screen built into the car.

As others have said, I have a pile of old cell phones. I currently have 6 iPhones of various vintage in my possession. I also have a few other modern-ish cell phones and tablets as cheap gadgets to play with. I'm sure I have older phones around here too (got some Nextels somewhere...), but I'm not sure on quantity or capability. My car has GPS. I also have a neat little GPS-powered digital speedometer HUD that I bought for my motorcycle.

I'm pretty sure I'm still under 15, but somewhere around a dozen. How many of those get regular use? Just one - my current iPhone. Waze on my phone is better than my car's GPS, the motorcycle's windshield is at a bad angle for the HUD, and the other phones/tablets were just cheap toys to try things out on.

How do you suggest getting the old machine's power flowing through the 44-pin connector on the USB adapter?

On desktop drives with separate connectors, it's a great plan. It doesn't really work on a laptop drive with a single combined connector though.