• 11 Posts
  • 83 Comments
Joined 1 year ago
Cake day: June 5th, 2023
  • ironsoap@lemmy.onetoTechnology@lemmy.worldHacking Millions of Modems (and Investigating Who Hacked My Modem)English
    25·
    24 days ago

    If this request worked, it meant that I could use an “encryptedValue” parameter in the API that didn’t have to have a matching account ID.

    I sent the request and saw the exact same HTTP response as above! This confirmed that we didn’t need any extra parameters, we could just query any hardware device arbitrarily by just knowing the MAC address (something that we could retrieve by querying a customer by name, fetching their account UUID, then fetching all of their connected devices via their UUID). We now had essentially a full kill chain.

    I formed the following HTTP request to update my own device MAC addresses SSID as a proof of concept to update my own hardware:

    Did it work? It had only given me a blank 200 OK response. I tried re-sending the HTTP request, but the request timed out. My network was offline. The update request must’ve reset my device.

    About 5 minutes later, my network rebooted. The SSID name had been updated to “Curry”. I could write and read from anyone’s device using this exploit.

    This demonstrated that the API calls to update the device configuration worked. This meant that an attacker could’ve accessed this API to overwrite configuration settings, access the router, and execute commands on the device. At this point, we had a similar set of permissions as the ISP tech support and could’ve used this access to exploit any of the millions of Cox devices that were accessible through these APIs.

    Blows me a away that an unauthenticated API with sensitive controls and data was publicly facing. Corporations these days want all your data but wonder why some customers are worry about how it is protected, it let alone if it’s being sold. Why should I allow you to control my hardware when you can’t protect yourself.

  • ironsoap@lemmy.onetoAsklemmy@lemmy.mlDoes Trump being found guilty actually matter?English
    1·
    28 days ago

    Trying to find independent analysis that I read, but can’t find it. This will likely have the most impact on swing voters in the 7 states, which are the most important voters in the US. Everyone else is much more likely to have already made their mind up. And remember about 50-66% of the registered voters in the US actually vote even in a presidential year, although the electoral college complicates the proportional representation of those voters.

    From Washington post article

    With 158 days until Election Day, he is fighting for a plurality of 30 million voters in seven battleground states — a far cry from the tens of thousands of Iowa party activists he courted a year ago. His advisers have long feared that a felony conviction could hurt Trump with independent voters, particularly skeptical suburban women. In places such as the Atlanta suburbs, those voters cost him the 2020 election.

  • ironsoap@lemmy.onetoLinux@lemmy.mlLinux is now an option for safety-minded software-defined vehicle developersEnglish
    3·
    2 months ago

    While I agree with the sentiment, I have accepted that the simple way to make “things” work now is to leverage the cheap computing that is ubiquitous. That headunit is likely now built on a SoC or some embedded OS and is easier and cheaper because of it.

    Functionally we need regulations and safeguards in place that maintain the accountability for making the choice to use and build an OS as a life safety device that also serves Bluetooth audio. If the cost of supporting it, or failing to properly develop it, then perhaps the choice to make it dumb will become more adopted. Other economic forces are more likely to play out, but it’s a possibility that we can reinforce by what we buy and signal.

  • ironsoap@lemmy.onetoWorld News@lemmy.worldPopulation tipping point could arrive by 2030: global fertility will drop below replacement level years earlier than expected.English
    16·
    3 months ago

    Two point one: That’s how many children everyone able to give birth must have to keep the human population from beginning to fall. Demographers have long expected the world will dip below this magic number—known as the replacement level—in the coming decades. A new study published last month in The Lancet, however, puts the tipping point startlingly near: as soon as 2030.

    It’s no surprise that fertility is dropping in many countries, which demographers attribute to factors such as higher education levels among people who give birth, rising incomes, and expanded access to contraceptives. The United States is at 1.6 instead of the requisite 2.1, for example, and China and Taiwan are hovering at about 1.2 and one, respectively. But other predictions have estimated more time before the human population reaches the critical juncture. The United Nations Population Division, in a 2022 report, put this tipping point at 2056, and earlier this year, the Wittgenstein Centre for Demography and Global Human Capital, a multidisciplinary research organization dedicated to studying population dynamics, forecasted 2040.

    Christopher Murray, co-author of the new study and director of the University of Washington’s Institute for Health Metrics and Evaluation (IHME), suspects his study’s forecast is conservative. “With each passing year … it’s becoming clearer that fertility is dropping faster than we expect,” he says. Because the 2030 figure is already a hastening of IHME’s previous estimate of 2034, “I would not be surprised at all if things unfold at an even faster rate,” he says.

    SIGN UP FOR THE SCIENCEADVISER NEWSLETTER The latest news, commentary, and research, free to your inbox daily A drop below replacement fertility does not mean global population will immediately fall. It will likely take about 30 additional years, or roughly how long it takes for a new generation to start to reproduce, for the global death rate to exceed the birth rate. Even then, because countries’ fertility may vary dramatically, global fertility rate is a “very abstract concept that doesn’t mean much,” says Patrick Gerland, chief of the Population Estimates and Projection Section of the U.N. Population Division. But he says the trend points to a world increasingly split between low-fertility countries, in which a diminishing number of young people support a burgeoning population of seniors; and high-fertility countries, largely poorer sub-Saharan African nations, where continued population growth could hamper development.

    Estimating when the world will reach the turning point is challenging. The new model from IHME is based on how many children each population “cohort”—people born in a specific year—will give birth to over their lifetime. It captures changes such as a move to childbirth later in life. But full cohort fertility data are thus far only available for generations of people older than 50, and so the IHME model builds projections within itself to try to capture trends as they are unfolding.

    A steady decline Global fertility has been dropping for several decades. Low-income countries in sub-Saharan Africa and high-income countries such as the United States and Japan are expected to dip below the level needed to sustain the human population in the coming decades. But a new model says the global fertility rate could drop below the replacement level as soon as 2030.

    D. AN-PHAM/SCIENCE In contrast, the U.N. and Wittgenstein models are based on each country’s total fertility rate, or the sum of age-specific fertility rates, typically for those between the ages of 15 and 49, which is considered reproductive age. As a result, temporary fluctuations in childbearing behaviors—say, people decades ago delaying giving birth to children so they could advance in their education and careers—can throw off their projections, and they can miss longer term changes in childbearing behaviors. These models may have been prone to undercounting fertility in the past, then finding a temporary rebound in fertility rate, and therefore predicting a longer time frame for world population decline.

    ADVERTISEMENT This is one reason that Wittgenstein is considering moving to a cohort model, says Anne Goujon, director of the Population and Just Societies Program at the International Institute for Applied Systems Analysis, one of the three institutions that form the Wittgenstein Centre.

    Other factors also contribute to the differences between the projections, including how the IHME model accounts for four variables that impact fertility, including access to contraceptives and higher education among those who give birth. (The other two models generally do not, although Wittgenstein considers education.)

    Regardless of when the turning point comes, “growing disparity in fertility levels could contribute to widening of [other] disparities,” says Alex Ezeh, a global health professor at Drexel University, who was not involved in the Lancet study. For middle- to high-income, low-fertility countries, falling below replacement level could mean labor shortages and pressure on health care systems, nationalized health insurance, and social security programs. Meanwhile, low-income countries that still have high fertility are at heightened risk of falling further behind on the world’s economic stage, Ezeh says. “They will not be able to make the necessary investments to improve health, well-being, and education” with too few resources to support a booming population.

    Although some experts, including Goujon, think there isn’t yet reason for alarm, others call for urgency. “This is going to be a very big challenge for much of the world,” Murray says. “There’s a tendency to dismiss this as sort of like, yeah, we’ll worry about it in the future. But I think it’s becoming more of an issue that has to be tackled sooner rather than later.”