In a tweet by @todayininfosec we were all reminded of this day in 1999 when @Dildog and the cDc crew presented Back Orifice 2000 (BO2K) to a delighted crowd at Defcon 7. It was quite a show complete with music, projectors, lights, lasers, and even a Speak-n-Spell. It was a lot of fun, and i was elated to be there. i replied early with my memories, but then i remembered that i had found some photos while cleaning. . .so i posted them. These were film prints from an instamatic (as was the style at the time), so they didn’t come out great! they do offer a tiny keyhole through which we may peer into the past. i am glad it is bringing joy. Then @defcon (the official conference account) retweeted. *blush*
The amazing people behind Folding@home have set their sights on COVID-19. Their efforts are to better understand how the SARS-CoV-2 virus that causes COVID-19 can be targeted with small molecule and antibody therapeutics. Got any computers that aren’t doing anything? join up.
The Mac client needs work to support GPUs, but my stats are rising!
I got out to vote a little later than i hoped and encountered a longer line than i have ever before (at least from voting). Only 55 minutes, nothing like some lines i have heard about. I got to play with the new electronic voting system. “It’s not connected to the internet” was the response that i received when inquiring into the device security. I have high confidence of the paper trail on these units, but I imagine that these machines do some sort of tabulation. Unless we actually count the paper ballets, it is those tabulations that we are expected to trust. These tabulation are trivial to manipulate if the devices are tampered with. “Don’t worry, it’s offline” dissuades none of these fears. Here are some pictures i took. Not pictured are the 2 broken units that were taped off at my precinct. Also, i was told that they should not have allowed me to take these pictures. i don’t know if that is true, but they did not seem to mind at the time. (i wasn’t wearing that shirt at the time)
This particular ancient server has stood as the glue holding several ancient record keeping systems together. Today marks the last day that it was operating. I supported this computer for almost it’s entire lifespan. This Dell ran consistently for over 10 years with very little trouble. Now your watch is over.
I have been retiring or upgrading unsupported systems all year. it’s to know that all the critical systems are up to date. Let this be yet another warning if you are running Windows XP, Vista, 7, or 2008 Server (or anything earlier), you should upgrade immediately if you are online in any capacity. Same goes for macs older then 10.13 (High Sierra). Seriously, don’t let it become a problem.
With this last message Rex clearly considers the matter closed. I am offered no explanation or path to resolution. The only explanation is that they need to explain nothing. I am often referred to their terms of service.
The most baffling part is that i am left wondering how this is “for the security of all our users”? i mean, They allow for strangers to create new accounts all the time. i have already created an alternate Google Play account to buy the very software that started this mess. (This time, i have severed these devices ability to communicate with google. Good luck killing the apps now. mahahahaha!)
It seems Google has been tripping all over themselves lately. This latest demonstration of their own massive incompetence is just one more nail in their coffin. They provided zero protection, only huge annoyance to someone who was once a vocal advocate of their products and services. Goodbye Google.
I have been struggling with a Google Play suspension. For some reason, google policy is not to discuss suspensions. period. Not even to resolve them. I have been battling with email and phone support for days, but this last communique was just too good not to share. In this recording, the Google Play support agent admits nothing can be done and suggests i wait a year for the problem to resolve itself. (edited to remove personal details and to shorten length)
Google doesn’t think my account has been hacked or that I have lost control. They seem to genuinely believe that i am not authorized to pay with this “instrument” and that my intentions is fraud. This all started with a neglected Google Play account. So neglected that i never replaced the credit card on file and the one there had been reported lost in 2013. I logged into the account to buy a $4 app for some android cameras i was playing with. I purchased the app without error or incident 2 days ago. . .
I use the app with the cameras problem free for 2 days. In the end, one camera was a little glitchy, so i decided to restore it to factory settings and set it up new. This is when it all went very bad. When i logged into the store i couldn’t find the purchased app in my account and it wouldn’t let me buy it again. It was giving me strange errors about lack of internet or an error code: OR-IEH-01. It was at this point that i noticed the email about payment information being needed. I never received any emails about the purchase being canceled (apparently it was). This is when i decided to call customer service. The support agent interrupted me repeatedly, imparted the same explanation over and over, all the while asking me to submit a credit card statement from 2013. The incompetence was staggering. I did some reading about reports of a massive Google outage today. The agent insisted that i had added the lost card to the account the day of the purchase, the same day that i received the request for additional documents. This claim is ridiculous at every point, but not as ridiculous as google expecting me to have the same credit card number forever. Did the outage contribute to the problem? i don’t know, but across Google’s ecosystem there has been failure today. I even tried to create a new google play account with all new info. It did not work, something is broken. I jumped though the first set of rings and submitted my current credit card and state ID card. The rejection came swift. 23 hours under their 24 hour ETA came this email. . .
I feel at this point i need to provide some context. Was this a new account? was it active? I have used my google account almost daily since 2009. In fact, i used their own google pay service for years until they changed their policy to require delivery of digital content thought their platform only. I charged clients weekly, and google deposited that into my bank account. For years without a single charge back. I used many of their experimental products. I even used Google+ and i still don’t know how i am going to replace fusion tables.
What now? now i gather the remaining documents and try again? what are our options with gatekeepers like these? I’m still locked out of the play store and my google login is behaving erratically. (gmail delays on both incoming and outgoing)
I have used MinuteKEY in the past to easily bypass DO NOT COPY keys. Today’s errand was more about a quick solution then a security bypass. I was just copying normal keys today. Here is what i learned. With MinuteKEY, you could only make batch copies of the same key. In fact, the MinuteKEY kiosk locked your key into the machine until all the copying is done. There were zero protections against DO NOT COPY keys. They do however print keys right there in a variety of styles and colors.