HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jfrunyon

no profile record

comments

jfrunyon
·5 tahun yang lalu·discuss
Huh? If it's not official software then it's not Google's problem and they don't care. If it is official software then it would still be there post-wipe and therefore it wouldn't be difficult at all to ensure that the issue has been resolved. Of course, that's all moot because wiping the device wouldn't be a step to take in the case of a driver (or other software) issue anyway.
jfrunyon
·5 tahun yang lalu·discuss
I haven't personally worked in one of the big contract places but have close friends who did. I think your impression of these places as being simply "phone repair places" may not match reality, to be quite honest.
jfrunyon
·5 tahun yang lalu·discuss
Gonna reply here since 4 different people decided to say the same thing without actually reading my post.

I never said it wasn't possible. But getting the lynching party out is a bit premature. Just because someone says something on the Internet does not make it true. Bet y'all still think Trump is still gonna magically become president and kill the elite pedophile cannibal cabal, huh?

Never said the processes they have in place were perfect. But being smart enough to exploit a hole in the process, and dumb enough to then make illegal posts on social media with location and all - are kinda at odds with each other.

Until you can show me any evidence that this case is real - which, of course, you can't for the next ~years because the only place that evidence should show up is in court - you can take your "False." and stick it somewhere.
jfrunyon
·5 tahun yang lalu·discuss
Evil has always existed and will always exist. There is nothing we can do to get rid of all evil.

We do punish the evil behavior. And yet this still allegedly occurred. So perhaps the solution is making sure the evil behavior isn't possible in the first place? Just maybe?
jfrunyon
·5 tahun yang lalu·discuss
[citation needed]
jfrunyon
·5 tahun yang lalu·discuss
How is that relevant?

No matter what protocol they are using to communicate, it is quite conceivable that the erase commands are not properly implemented. In fact, as the comment you're replying to pointed out, there have been many devices found historically which do not properly implement erase commands. Since you can't(*) bypass the flash controller and see what's actually in the flash, there is no way to verify whether or not the data has in fact been deleted.

Just encrypt your device. It's so damn simple.

(* Yes of course you can desolder the memory or hook up to it directly and bypass the flash controller that way, like the authors of the paper in GP, but that's far beyond the capabilities of even the average HNian)
jfrunyon
·5 tahun yang lalu·discuss
- Set a password on your phone. I dunno about iPhones but for recent Androids, that will encrypt all files on the phone. Voila. You're done.

- Queue up a wipe remotely which will take place as soon as the phone is turned on.
jfrunyon
·5 tahun yang lalu·discuss
https://support.google.com/accounts/answer/6160491?hl=en

If the phone doesn't turn on you can still queue up a wipe from Find My Device which would've prevented this.

And no, it was clearly not "password enabled".
jfrunyon
·5 tahun yang lalu·discuss
[dubious - discuss]

There's a few things that make this pretty unlikely. Google doesn't triage or repair the phones themselves, they contract it out just like everyone else. And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.

I'm not saying it's false, but I would definitely take it with a grain of salt.

That said, before you send any devices in for repair, you should wipe them to the best of your ability. Also, you should set a secure password (PIN, pattern, etc) - even if you set your device to not lock, you can encrypt/require password on startup, which would prevent the repairperson from seeing the photos much less posting them.
jfrunyon
·5 tahun yang lalu·discuss
Flash storage controllers which do not properly implement secure erase are extremely common and nearly impossible to verify.
jfrunyon
·5 tahun yang lalu·discuss
I don't think too many "peasants" would be able to make $15/month from it, much less any actual gain.
jfrunyon
·5 tahun yang lalu·discuss
> has $5 billion socked away in a tax free Roth IRA

How? You can only contribute a maximum of $7,000/year to all IRAs you own.
jfrunyon
·5 tahun yang lalu·discuss
Why on earth do you think you can't send a packet to the device? How do you think the cloud service communicates with it?!
jfrunyon
·5 tahun yang lalu·discuss
I'm not sure why you think that having a proxy in the middle will protect you.
jfrunyon
·5 tahun yang lalu·discuss
Oh boy, it sure is impossible to exploit something through a proxy in a training diaper!
jfrunyon
·5 tahun yang lalu·discuss
> all IoT devices can be kept offline and limited to your LAN

> Hone Hub (Apple TV or iPad or HomePod) —> WAN
jfrunyon
·5 tahun yang lalu·discuss
> No, it can be commanded from the Internet - big difference.

Big difference from what?

You do realize that the vast majority of remotely exploitable security vulnerabilities are in software which can be commanded from the Internet, right?
jfrunyon
·5 tahun yang lalu·discuss
> The gateway also does not connect to the internet, it is local network only and can be hooked up to the Apple/Google/Amazon systems for internet access.

In other words, it does connect to the internet, it also sits on the LAN to give attackers access to all your other devices, AND it sits on Zigbee to give attackers access to those as well.
jfrunyon
·5 tahun yang lalu·discuss
Implementing wifi/RF with "some relays and transistors" doesn't sound fun.
jfrunyon
·5 tahun yang lalu·discuss
More accurate title: "People whose sleep patterns don't match up with their work shifts don't drive as well"

I don't know why this is surprising. Cognitive function is significantly impaired when you're sleepy.