Tom Uren and grugq did a podcast on this recently in Risky Business News [0]
I think the main point was that these attacks are physical, don't scale very well, and are untargeted because they depend on luck, so an adversary probably would use more efficient techniques. Unless of course these USB charging points happen to magically cluster around important secret carrying government buildings or other points of interest.
Charging stations are ubiquitous in China, widely used, and they're internet connected - to facilitate payment. Every mall, hotel, and many other businesses have these placed strategically (in front of restrooms, in the gym, etc.)
Not quite a physical attack anymore if you pwn these remotely.
Granted if the situation in the US is still the same as Europe's rather than China's, it's a nonissue. Last I checked few people there ever used these.
Artist Ostap Gordon just released a Russian yard in the winter in Unreal Engine 5.1 with high-quality assets created with Megascans and Blender, fully dynamic lighting with Lumen and Nanite for all objects. Check out this ultra realistic walk recorded with a RTX 4090 in a 4K monitor.
Yep the FreeStyle Libre 2 is great. I bought one a few weeks ago to satisfy my curiosity. I'm a non-diabetic. It was around EUR 70 including shipping and lasted exactly 2 weeks. Sensor insertion was easy, quick and painless. 1-minute resolution with 8 hour memory between swipes. Curiosity satisfied!
I bought a Libre 3 a couple weeks ago—I’m not diabetic, but there is some early Alzheimer’s in the family that might be related to diabetes.
…so far, I’m finding it wildly inaccurate. It shows trends well enough, but blood glucose is anywhere from 0-40 mg/dL off from a finger prick test depending on the day. I couldn’t imagine relying on this thing as a diabetic.
I was primarily struck by the awesomeness of this whole autonomous glucose regulation thing. My last meal is usually around 18:30 in the evening and during the night glucose would fluctuate around 4.5 mmol/l between 4.0 and 5.0 in 1 hour periods, like a crappy PID controller that needs a firmware update. Other nights it would be flat instead of fluctuating, but unfortunately two weeks were too short for a controlled experiment, meal repeats and figuring out what caused the difference.
Some nights it would show a couple of hypo's where glucose would drop to 3.5, quickly to be countered by an increase. I didn't notice a thing.
Additionally every morning before my alarm went off, I could see my glucose increasing, most likely preparing for wakeup, all by itself. Amazing!
It gave me a new-found respect for these otherwise invisible processes happening in this fleshy vessel on autopilot with closed cockpit doors. I only got to peek through a small window during 2 weeks.
Now imagine having that entire responsibility yourself, having to do it all manually. That's what we type 1 diabetics do every day!
The nighttime fluctuations could be legit changes in glucose level, but could also be weird sensor issues. The sensor will often give low readings when lying on it in your sleep. These are referred to as 'compression lows'.
The morning glucose spike you noticed is called the 'dawn phenomenon'. I inject a little insulin every morning to counteract it.
For me, I found that sleep quality was correlated with my blood sugar levels dipping too low during sleep (which I was able to address by eating fewer low quality carbs during the day).
In general you'll be able to basically see in real time the glycemic impact of all the foods you eat. Which would probably be helpful to a lot of people - you can find all the info online, but having the physical real time stats in front of you makes a difference.
But mostly its what you'd expect. High carb, fast digesting meal -> blood sugar spikes, then drops in accordance with you feeling tired afterwards. Eat keto -> blood sugar is mostly stable.
I think they might have been able to get one because they're in Europe, while in the US it requires a prescription. But you can just find a doctor who will prescribe one for you. (You will still have to pay out of pocket regardless).
Could be wrong on the above but that's been my understanding/experience.
Playboy: How do you react to those critics who deride the form of documentary crime writing employed in In Cold Blood as inferior to the novel?
Capote: What can I say, except that I think they’re ignorant? If they can’t comprehend that journalism is really the most avant-garde form of writing existent today, then their heads are in the sand. These critics seem unable to realize, or accept, that creative fiction writing has gone as far as it can experimentally. It reached its peak in the Twenties and hasn’t budged since. Of course, we have writers like William Burroughs, whose brand of verbal surface trivia is amusing and occasionally fascinating, but there’s no base for moving forward in that area—whereas journalism is actually the last great unexplored literary frontier.
…
Playboy: The gulf between someone of your background and two such brutal criminals would seem impossible to bridge. But you’ve said, “Hickock and Smith became very, very good friends of mine—perhaps the closest friends I’ve ever had in my life.” How did you establish rapport with them?
Capote: I treated them as men, not as murderers. To most people, a man loses his humanity the minute they learn he’s a murderer; they could be talking with him one moment and then the next someone would whisper, “Do you know he killed five people?” and from that moment on, the man would become unreal to them, an uncomfortable abstraction. But I find it relatively easy to establish rapport with murderers; in the past few years, I’ve interviewed more than 30 of them in all parts of the country. Before I began In Cold Blood, I knew nothing about crime and wasn’t interested in it; but once the book was under way, I began interviewing murderers—or homicidal minds, as I call them—in order to have a basis of comparison for Smith and Hickock; and I met many more recently while doing a television documentary on capital punishment. The second we begin talking, I find that they are ordinary men with extraordinary problems, set apart only by their ability to kill; in some it’s a total lack of conscience, in others a passionate destructive drive. But I have found a certain pattern. One common denominator, for example, is their fetish for tattoos. I have seldom met a murderer who wasn’t tattooed. Of course, the reason is rather clear; most murderers are extremely weak men who are sexually undecided and quite frequently impotent. Thus the tattoo, with all its obvious masculine symbolism. Another common denominator is that murderers almost always laugh when they’re discussing their crimes. I’ve met few killers who didn’t start laughing when I finally managed to force them to discuss the murder—which isn’t easy. When Perry Smith started to tell me about the murder of the Clutter family, for example, he said, “I know this isn’t funny, but I can’t help laughing about it.” Just a while ago, I interviewed a 21-year-old boy named Bassett in the San Quentin death house who is extremely intelligent. He’s a slight, thin boy, with a delicate face and figure, a college student, and he writes poetry and short stories. He murdered his mother and father when he was 18; he’d been planning to do it since he was 10 years old. And when he started telling me about how he killed his parents, he began laughing and cracking little jokes, just as though he was telling me the most humorous story. They’re mostly like that; they’ll tell you how they cut someone’s throat and it’s as if they were watching a clown slip on a banana peel.
…
Playboy: You don’t agree, then, with the adage that it’s better for a dozen guilty men to go free than for one innocent man to be unjustly convicted?
Capote: It’s a charming sentiment, but more apropos in the halcyon days of yore, when our cities had not yet been turned into jungles and a citizen could still stroll the streets in safety. I’m afraid that today, for the very self-protection of our society, it’s better that one innocent man be punished than that a dozen guilty men go free. It’s unfortunate, but that’s the harsh reality we face.
Are there any perfectionists around here that have experience with Acceptance and Commitment Therapy (ACT)? It sounds like perfectionism-induced procrastination: it's better to give up than to play because playing may mean losing, and the chance of losing is unacceptable.
Near the end of “Understanding Michael Porter”, there is a Q&A with him that touches on this subject:
Q: “How do you do a five forces analysis if you’re an entrepreneur starting a new business in a completely new market space? Is strategy even relevant when there’s no existing industry or when conditions are still so fluid that there is no discernible industry structure and no direct competitors?”
Porter: “Strategy is relevant for any organization at any point in its trajectory. How to develop and sustain a competitive advantage is the core question that every organization has to answer if it’s to be successful and to prosper. In emerging industries there’s a lot of experimentation. What will the product ultimately look like? What will the distribution system look like? Will the product or service scope produce a stand-alone industry, or will this new idea become part of a larger or existing industry? There’s more uncertainty about the shape of things, but the five forces exercise is fundamentally the same with one big exception: instead of analyzing what already exists, you’re forecasting. And you probably know quite a lot about all of the five forces but one. You know the customers you’re targeting. Are they likely to be price sensitive? You know who your suppliers are or who they are likely to be. How powerful will they become? You know the substitutes and can identify the likely entry barriers. What you don’t have yet are actual rivals. That’s where you need to think through who those might be. Will the rivals most likely come from adjacent industries? Or from companies that already exist in other countries? Or will the likely rivals be new start-ups? How would each of these rivals be likely to compete? So even when you’re inventing new market market space, you probably already know more about the five forces than you realize. Doing such analysis is important because if you’re creating something that’s truly valuable, don’t kid yourself that no one will follow you. There is no such thing as a market where competition is irrelevant, as nice as that might sound. The idea that innovation allows you to ignore competition is a fairy tale. So you have to have a hypothesis for how the industry might take shape once there is an industry. Early on, there are many paths the evolution can take, many choices you can make that will have an important impact on how attractive the industry will become. Decisions you and others make over time will begin to lock in the basic economics, making industry structure less fluid. So it’s crucial to see different paths for how the industry might evolve, and to ask the basic questions about the five forces, so that you can make choices that will put the industry on the best possible path.“
“When the Brain computer virus appeared in 1986 it caused a media sensation but not an outrage. People were genuinely fascinated be the novel concept of a computer virus.”
- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.
- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].
- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.
> They responded by asserting the contract couldn't be exploitative b/c top lawyers in the industry wrote it and b/c other devs have signed it. The fact that they still easily sign devs on this is a poor reflection on the industry, not a vote in favour of the practice.
A long time ago, we had an expensive lawyer at a prestigious law firm draft a contract for a vital deal we were trying to close. We were in our early twenties and were very impressed by all the risks this contract transferred to the other party or mitigated in our favor. The other party reacted by asking if we had some junior draft the contract because it was so one-sided. They said: "If you want people to sign a contract, this is not the way to go." They proceeded to explain that our dog-eat-dog approach is not a promising start to a business relationship. They went bankrupt a year later.
Is the message supposed to be that these types of contracts are universally good, or just in this case?
Presumably the financials of the would-be signing party should be considered.
A party with good or bad financial standing could take equal issue with such a contract, and the one in bad standing definitely should be willing to give up more.
There's a bunch of videos (some better than others), that's why i didn't link to one or another.
The goal of this exercise is to control your emotions and behavior. Easier said than done. I can see how the author above had a problem being logical about the situation. I still have those issues myself even knowing what needs to be done, things just happen. Tough skills and even tougher for a "natural born assertive".
I just delved into this. Fascinating stuff. I think in part it's not that I'm naturally assertive but that I'm the opposite. I can't put myself in the mindset of the attacker. So I'm looking for a technical fix, a way around. I also thought clearly, if I pay, they'll just ask for more. Because how can you possibly expect someone doing something like that to keep their word? So to me it's a bit like the boundary described in that video where giving the hostage-taker a car is just not a viable option.
Tangentially related to technical fixes: There was an incident recently where my brother had his phone simjacked, and the attackers changed his google password. He recovered access by email but they kept changing the password as quickly as he did. Both parties were still logged in. I called his phone number, someone picked up and then hung up. So I got on Skype on a couple different machines and basically DOSd the phone with calls from random skype numbers nonstop. After about 15 minutes of this they either turned off the phone or the 4G. It bought enough breathing room to change the 2FA on the account and lock down his bank accounts that used gmail as his verification address. If they'd been smart or fast enough to change both the recovery email and the SMS 2FA it would have been game over.
[0] https://risky.biz/BTN46/