select * from mobile_location
where latitude between 38.88778433380732 and 38.891917997746894
and longitude between -77.01269830654866 and -77.00613225870377
and epoch_timestamp between 1609954200 and 1610067600
Returned quite a number of mobile devices accurate to the meter. Was fun to see which phone was in which room or blade of grass of the building. I'm not even American.
?l?d mask with I think 9 characters using default Android OS with updates. Both phones I think were minimum Android 5.0+ because that is when they switched to Scrypt to store password/encryption keys.
My powered on phone was 0day'd by Cellibrite according to internal Law Enforcement emails in disclosure and my powered down phone was not supported at all.
Edit: The cracked phone has been in my possession for a while now and I've only powered it on twice for mere minutes since getting it back if there are any phone experts around that want to investigate.
If you can generate the private key to a 27 character or longer English readable Bitcoin address then you can use the same magical technology you possess to earn far more than $1 billion USD.
Sure someone could randomly guess it but not likely. You don't need to have or know a private key to generate a valid checksum bitcoin address that can be sent to.
What I wrote about is forfeiture which doesn't include criminal penalties. Most of the American (which I am not) federal press releases I read about have a maximum $250,000 fine per count.
>The Sherman Act offense charged carries a statutory maximum penalty of 10 years in prison and a $1 million fine for individuals. The maximum fine may be increased to twice the gain derived from the crime or twice the loss suffered by victims if either amount is greater than $1 million. The false statements offense charged carries a statutory maximum penalty of 5 years imprisonment and a $250,000 fine. The obstruction of justice offense charged carries a statutory maximum penalty of 20 years imprisonment and a $250,000 fine.
These fines are on top of the forfeiture so if the person in this article earned $1 million gross, $100k net they would have to repay on a guilty finding $1 million + say $500k in fines = $1.5m when they only "earned" $100k.
> Also forfeiture doesn't account for the fact that you may have paid capital gains tax. I feel like they really shafted me on that one.
As someone also charged but not convicted, I learned hypothetically you also don't get to account for expenses if you lose. Meaning you could run a $10 billion gross revenue drug empire, it costs $9.9 billion to run so you walk away with $100m and you still have to pay $10 billion in forfeiture.
There's a lot they can do, but then it makes it impossible to search your inbox for old emails by subject, from, to etc fields.
You can reduce what an adversary sees by not including anything useful in the subject line and the only thing you can't protect is who you're speaking to and when.
I'm assuming the computer is "locked" but online, and no users consent to logging in to run anything. Will any of these methods still work if Firewire drivers are disabled?
>If you can get a dump of the computer active memory you can ultimately get the decryption keys on consumer hardware
What methods are available to get a memory dump if Firewire is disabled? Feds couldn't break my encryption after ~1.5 years but my devices were all off when they showed up. Ironically the one device they did get into was a cell phone powered on but it had little evidentiary value and in one funny way was partly exculpatory.
Take it further. If you witness a car from Tesla or any other publicly traded corp spontaneously combust on the side of the road and you know it will result in massive recalls before the general public and then short the stock, is that insider trading too?
That requires some sort of malware (or similar) installed on the device/software creating the transactions which has access to the private key to leak it via some predetermined way and is different from what I thought you were saying that a pre-signed transaction could directly send funds to an unwanted address without you knowing by inspecting the signed transaction itself before broadcasting it.
Regardless, whatever job you have where what you've said is a legitimate threat model sounds like the most interesting job in the space.
/r/kidneystones
sad face noises