I waddled onto the beach and stole found a computer to use.

🍁⚕️ 💽

Note: I’m moderating a handful of communities in more of a caretaker role. If you want to take one on, send me a message and I’ll share more info :)

  • 182 Posts
  • 577 Comments
Joined 3 years ago
Cake day: June 5th, 2023
  • Otter@lemmy.catoTechnology@lemmy.worldPwnd Blaster: Hacking your PC using your speaker without ever touching itEnglish
    29·
    1 day ago

    The way BLE (Bluetooth Low Energy) works is that each device has various registers (called GATT characteristics) that, if you’re connected to the device, you can write to, read, subscribe to notifications for, and so on. What’s important to note is that to connect to a device, you don’t need to (necessarily) pair with it. You can often just connect with a device and immediately start reading and writing data to characteristics. Pairing establishes encryption, but a connection can be made without it.

    To my surprise, upon reading the characteristic 9e9daaeb-3a10-4fe8-b69f-7397aff77886, I was greeted with the full version string. This means anyone can just connect to any Katana V2X over Bluetooth and start sending CTP commands to it, reading information, changing settings, etc.

    I thought of the implications for a bit. The speaker has a microphone. An attacker could, theoretically, upload a custom firmware that effectively turns the speaker into a covert monitoring device, listening in on conversations and forwarding them to a receiver over Bluetooth.

    What was more interesting to me was the fact that the speaker is, in a standard setup, connected to a PC over USB. It’s by all means a trusted USB device.

    What if we wrote custom firmware that forced the speaker into acting as a keyboard, sending keystrokes for opening up the terminal and executing arbitrary commands? We would turn the speaker into a Rubber Ducky, but remotely, without ever having to plug anything into either the speaker or the PC.

  • Otter@lemmy.catoWorld News@quokk.auPakistan inaugurates mosque in Japan. Tokyo says it's 'illegal'
    7·
    2 days ago

    Looked up the source, and yep

    https://mediabiasfactcheck.com/ndtv/

    A questionable source exhibits one or more of the following: extreme bias, consistent promotion of propaganda/conspiracies, poor or no sourcing to credible information, a complete lack of transparency, and/or is fake news. Fake News is the deliberate attempt to publish hoaxes and/or disinformation for profit or influence (Learn More). Sources listed in the Questionable Category may be very untrustworthy and should be fact-checked on a per-article basis. Please note sources on this list are not considered fake news unless specifically written in the reasoning section for that source. See all Questionable sources.

    New Delhi Television Limited (NDTV) presents world affairs from an Indian perspective, providing National News formerly critical of Right-wing populist current PM Narendra Modi. According to an article published by the NY Times, NDTV was raided by the Central Bureau of Investigation (CBI), searching the residences of the NDTV’s co-founders Dr. Prannoy Roy and Mr. Nariman. They have since moved to a Pro-Modi perspective after an ownership change.

    In December 2022, the Adani Group, led by billionaire Gautam Adani, acquired a majority stake in NDTV. The acquisition began in August 2022 when the Adani Group announced plans to acquire RRPR Holding, which owned 29.18% of NDTV. Subsequently, the Adani Group increased its stake through an open offer and by purchasing additional shares from the founders, culminating in a total shareholding exceeding 64.71%. Revenue is derived from advertisements.

  • Otter@lemmy.caMtoCanada@lemmy.caThe Globe and Mail just fuelled residential school denialism thanks to absolute bozos on its editorial board
    5·
    2 days ago

    For those who may not have clicked on the link

    There are several instances of remains that have been found through excavations at former residential school sites. A site near Regina, Sask. found evidence of roughly 600 graves using ground-penetrating radar. A fragment of a child’s jawbone was found at a site in Saskatchewan. Ground-penetrating radar found evidence of 215 unmarked graves at a site in BC. Child-sized skeletal human remains have been accidentally excavated over several years at a site in Alberta, buried without caskets. The remains of a child under five were found at a former school near Edmonton. Three unmarked grave sites were found at a site in Manitoba. A further 158 potential gravesites were found in British Columbia.

    It’s cruel and completely false to suggest that the claims of human remains have been “disproven.” That’s simply not the case, and it’s revisionist history to suggest otherwise.

  • Otter@lemmy.catoTechnology@lemmy.worldDuckDuckGo installs are up 30% as users reject being ‘force-fed’ Google’s AI SearchEnglish
    7·
    9 days ago

    That’s a bit of a stretch?

    People who pay for Kagi likely tried the trial and found the results to be far enough better than google/microslop that they are willing to pay for the ongoing service. Or they want to support a business model that isn’t based around the advertising industry, so that someday Kagi can realistically compete with the incumbents. I don’t need to search for things often enough to justify the cost, but I know people who use it for work and consider it to be worth the cost.

    Meanwhile people who bought NFTs thought that they could sell a copy of a digital image for lots of money.

Moderates