Apple, Android, IETF, Launch New Network Around The World.
This network tracks items specifically built on this protocol
Wrong. It tracks all Bluetooth devices, but provides more functionality if the protocol is used by owned device + tracking device.
you’ll already know where the user is since you own the fucking network.
Strange comment, who owns what network that is valid here in this context? This network works across Apple and Android Bluetooth Low Energy, no one owns that network.
Because the “worldwide tracking network” that already works is called the cellular network
Wrong. Although you obviously get all sorts of data to use from LTE/CDMA/etc from a phone, you need to catch it in between a tower handoff which records the movement speed and it's not accurate. Really only accurate if you use three towers, high power, in close range of the device, but that is Nation State level phreaking. BLE will be able to use every device in the vicinity and would be trackable down to inches, just like the AirTag and what these devices are meant for.
I suggest
Comical
I can appreciate your re-iterating of the fundamentals of extremely easy to understand tech, but instead of basic thinking, you just repeating the already presented text which anyone can read hopefully, I presented a case for how it could be used that meets all technical specifications and is therefore possible. Likely even, given big tech track record.
This pheneomena of using tech "not as in the manual" is common. In fact, the Apache web server team was not sure it would work and the Internet adopted a series of HTTP patches as a whole unlike they intended.
don’t have any network capability themselves
That is just wrong and I can't understand how you came to that conclusion. I also invite you to think of it as a network, because it is using Bluetooth in a network?
Thank you for adding this, erm, maybe a bit "insider" info, as I always wondered how easy and reliable it was to map MAC to Manufacturer on mobile devices. Given what you say, the IETF tracking database could technically contain, or used as metadta, for another system to identify all device models.
Yeah, and what is that MAC generation scheme Apple/Android uses from a Security standpoint, what conditions make it regenerate and how often? How easy is it to map a "new" random MAC against a Model again when it re-enters the network and fingerprints itself again.
Lots to think about it.
So proud of you NetBSD, this is why I sponsor you, slam dunk for the future. I'm working on a NetBSD hardening script and Rice as we speak, great OS with some fantastically valuable niche applications and I think, a new broad approach I'm cooking up, a University Edition. I did hardening for all the other BSD, I saved the best for last!
[EDIT 5/16/2024 15:04 GMT -7] NetBSD got Odin lang support yesterday. That totally seals the NetBSD deal for me if I can come up with something cool for my workstation with Odin.
If you would like to vote on whether, or by what year, AI will be in the Linux Kernel on Infosec.space:
Best breadcrumb from article:
I wanted to understand: what kind of human spends their days exploiting our dumbest impulses for traffic and profit? Who the hell are these [SEO/Google] people making money off of everyone else’s misery?
Now that you mention that, I say if securing your own 1-chance-only->dead life that is only for you gets you on a list, better double time it. But in reality, there is no one who is not already on a list. Same thing as body armor being illegal or as I've experienced, "suspicious". Suspicious to protect oneself like others do? Hah!
I feel bad for you OP, I get this a lot and I'm totally gonna go there because I feel your pain and your article was fantastic! I read almost every word ;p
This phenomena stems from an aversion to high-confidence people who make highly logical arguments from low self-confidence people who basically make themselves feel unworthy/inadequate when justly critiqued/busted. It makes sense for them to feel that way too, I empathize. It's hard to overcome the vapid rewarding and inflation in school. They should feel cheated and insolent at this whole situation.
I'll be honest in front of the internet; people (in majority mind you, say 70-80% of Americans, I'm American) do not read every word of the article with full attention because of ever present and prevelant distractions, attention deficit, and motivation. They skip sentences or even paragraphs of things they are expecting they already know, apply bias before the conclusion, do not suspend their own perspective to understand yours for only a brief time, and come from a skeptical position no matter if they agreed with it or not!
In general, people also want to feel they have some valid perspective "truth" (as it's all relative to them...) of their own to add and they want to be validated and acknowledged for it, as in school.
Guess what though, Corporations, Schools, Market Analysis, Novelists, PR people, Video Game Makers, Communications Managers and Small and Medium Business already know this! They even take a much more, ehh, progressive? approach about it, let's say. That is, to really not let them speak/feedback, at all. Nearly all comment sections are gone from websites, comment boxes are gone from retail shops, customer service is a bot, technical writers make videos now to go over what they just wrote, Newspapers write for 4th graders, etc., etc.
Nothing you said is even remotely condescending and nothing you said was out of order. Don't defend yourself in these situations because it's just encouragement for them to do it again. Don't take it personally yourself, that is just the state of things.
Improvise, Adapt, Re-engineer, Re-deploy, Overcome, repeat until done.
Ah, much better. MITRE CWSS + CWARF is comprehensive, yet insular and as is MITRE, Military/NATSEC Focused. I do not see any flaws in my reasoning, but words as communication. I do concede that maybe my saying an alternative to CVSS is not really the best wording as I see such things in very broad terms, but I get the perspective now. As in, the common singular, Gov/Corp system does not fit, I need an alternative model that does. In contrast to I need another exactly scoped system that does it differently alternative.
To evidence this I can point to that fact that I even advocated that CVSS-BTE v4.0 should be NVD baseline, but I didn't make this very clear that I'm expanding the CVSS as an alternative use, different in applicability, essential in nature, and somewhat built upon CVSS and OWASP with a different, very important objective.
Not replacment which I never intended.. I'll change the article to reflect those views, well done.
Help me understand your glancing criticisms that I'm taking with a grain of salt.
- You didn't mention the central premise that is flawed, what do you think it is?
- I'm not confused about vulnerability and threat, what specifically did read to you give you that impression?
You mention that CVSS, which I hold Certification in, is for scoring single threats which I said so many times that is why I made such a system, to depart from CVSS singular, that is inadequate in being singular and common. Glance again?
Compare what with attack? Also, if you mean Lockheed Martin Cyber Kill Chain, that has nothing to do with scoring, that is the methology OF the attack and defense of it, not the attack itself, is a defensive strategy includng reconaissance and nothing to do with scoring.
You know what else was also super sophisticated, chained, and confident enough in it's APT to not be persistent across reboots? DOUBLEPULSAR.
Skill is certainly one evaluation parameter and Fin7, JokerStash, Carbanak fit that bill but that is not their MO. Target, motive, opportunity -> Embassy Employees/Diplomats -> Nation-State or Intergovernmental Group (like 5/9/14 eyes) as eval combined with skill rating, @95% confidence.
I recently invented a "People First" Cybersecurity Vulnerability Scoring method and I called it CITE, Civilian Internet Threat Evaluation with many benefits over CVSS. In it, I prioritize "exploit chains" as the primary threat going forward. Low and behold, this new exploit, although iOS, possibly one of the most sophisticated attacks ever using one of the longest exploit chains ever! Proof positive!
Depending on how you define it; I define the Kaspersky diagram has 8 steps. In my system, I define steps that advance the exploit discretely as stages, so I would evaluated Triangulation to be a 4 stage exploit chain. I should tally this attack to see how it scores and make a CITE-REP(ort).
You can read about it if interested. An intersting modeling problem for me was does stages always equate to complexity? Number of exploits in the chain make it easier or harder to intrusion detect given that it was designed as a chain, maybe to prevent just that? How are stages, complexity, chains and remediation evaluted inversely?
Looks like things at Grasp have changed dramatically and it's offline with a promise to open source the code? Did you try a symbol search while logged in, and selecting "code" or "packages" in the results filter?
https://github.com/search?q=symbol%3Atnt_select&type=code
The comments are full of drivel, but I'll pick this one to respond to as you sound educated and able to re-formulate concepts but lack open-mindedness and novel application of concepts. Plus, your response is full of institutional verbiage, first level thinking, which sounds great to the uneducated and low IQ posters, but doesn't even pass the first test so it easy to disassemble.
1 + 1 = 2 isn't an axiom, it's math, equality, and true. This is exactly what the perspective point I was trying to make! Truth itself cannot be axiomatic! This is so self-evident it is hard to comprehend how your education can lead you to one of the largest fundamental misunderstands in Science, but I guess that is not surprising. I mean, your post is a testament to misunderstanding reality, an reference to be studied in the future of post-Idiocracy. It in fact provides a broader understanding of post comments, Lemmy, and social media in general.
My definition as I understood it before looking it up is an axiom is a logical statement true on it's face that serves as foundation for another step. Let us look at the some definitions for Axiom.
Tutors An axiom is a basic statement assumed to be true and requiring no proof of its truthfulness. It is a fundamental underpinning for a set of logical statements. Not everything counts as an axiom. It must be simple, make a useful statement about an undefined term, evidently true with a minimum of thought, and contribute to an axiomatic system (not be a random construct).
Mathigon One interesting question is where to start from. How do you prove the first theorem, if you don’t know anything yet? Unfortunately you can’t prove something using nothing. You need at least a few building blocks to start with, and these are called Axioms.
Wikipedia An axiom, postulate, or assumption is a statement that is taken to be true, to serve as a premise or starting point for further reasoning and arguments. The word comes from the Ancient Greek word ἀξίωμα (axíōma), meaning 'that which is thought worthy or fit' or 'that which commends itself as evident'.[1][2]
Wolfram An axiom is a proposition regarded as self-evidently true without proof. The word "axiom" is a slightly archaic synonym for postulate. Compare conjecture or hypothesis, both of which connote apparently true but not self-evident statements.
You may use first level thinking about Propositions so to avoid more non-sense here is an another explainer.
Let me hammer it home again, the principle of my argument, to give you repeated attempts to understand and forego your ego 1 + 1 = 2 cannot be a proposition, an axiom, and proof, a logical statement that evaluates to true, it is already true and by definitions above it is:
- Defined
- Does not serve to prove a logical statement
- Does not serve as further reasoning.
Saying 1 + 1 = 2 serves as foundation for further deductive reasoning is like saying my car accelerates because of motion or momentum which is generic, imprecise, not a proof, and worthless. Movement is already motion. Your car accelerates because of a gas engine. Again, please think deeply about this, no shallow thoughts. What I'm trying to do is go beyond and surpass common knowledge, to push the envelope further than before using the scientific method to challenge old constructs. I'm free to be shown wrong or corrected, but no one has even come close! What we are really talking about here is addition!
I would challenge any Mathematician anywhere and I meant to. 1 + 1 = 2 is what is, a truth, true, fundamental building block of all things and requires no reasoning. If a toddler picks up another stick, it knows it has two whether it can convey that thought-form in a way we understand it or not. Saying 1 + 1 = 2 is Axiomatic is like saying Oxygen is an axiom or axiomatic. To further build the periodic table. No, Oxygen just is, a fundamental piece of reality which is also true! Maybe someone will understand in the future.
My aim was to put this comment up for posterity as wasting more time here is fruitless so don't take it personally really, I just used your most educated and almost right post as an example of how that if intellectual debate is to be sought, it certainly isn't on Lemmy which is I would say mediocre at best, and in fact, one is surely to get misinformed, ugly responses.
I will use all the debate that went on in my head in trying to combat this circus into a proper Academia.edu Paper. Really, my whole point was the second part of my post where I thought it was quite clear the logical conclusion to which would be that programming lanaguages need to be re-engineered! No one even put that together that I saw!
I skipped all the mean comments.
I would say in programmer terms that would be a less strict evaluation of Science. Science strives for Truth through experimentation and peer proofing, but it's purpose is the seeking of truth. So purpose and now state. I would also say if "the state of Science" is least wrong, then we would be no where as advanced as we are. The Scientific Method is about proving the most right.
Science has uncovered an incredible amount of truths and we use those truths everywhere around us, Chemistry is a good example. If the rules of chemistry weren't true and correct, then the formulas would fail.
The terms belief and true seem to be self-evident and I'm trying to frame this to spur brainstorming about why they aren't congrous. Belief usually goes along with Religion, as in, there is small/little proof, but one may chose to believe it or not. Where true I could say is impervious to belief. It exists whether you believe in it or not.
Stated another way, 1 + 1 = 2 is true. Is there anything there to believe or not believe? I'm breaking that down into just 1.
Oh look, trolling that conflates my post with conspiracy theory where none is present. Convienent in building a false narrative and reputation harm.
Burying my post in misinformed, spiteful, authoritative comments and votes. This is such a well-formed and intelligent unique thought-form and most importantly, not News. I was hoping for enlightened responses, even disagreeable ones. That way a productive discussion could be had!
Inside the British Army's secret information warfare machine They are soldiers, but the 77th Brigade edit videos, record podcasts and write viral posts. Welcome to the age of information warfare
etc, etc.
Since no mysticism was used, but logical proofs and pseudocode, then meandering to 0 (funny double meaning there), I'm gonna go with you misunderstanding it completely.
I've been doing everything in computers for 25+ years and have worked in SCI Government NOCs, including the network stack for every OS. Your text is so wierd, I think maybe you didn't watch the IETF video did you? The networking isn't between AirTags, where did you get that? So wierd The phones use Bluetooth Networking to connect to Bluetooth tracking devices.
So, when the phone senses a tracker and tries to get it's status, whom it's tracking, etc, via the new protocol, you are saying it doesn't use Bluetooth networking? And that if it does, it stays on the phone and does't proliferate to other devices using Network Protocols?
I'm sorry, but please watch the whole presentation.
So in this Verge article where it says Apple and Android have integrated it into the "Find My Devices" networks for both platforms, it is somehow not using a network?
If I were you, I would not start social media posts with your job experience if you didn't read or watch any instructional material before you post, just to value your own career.
I mean, that's why I posted it, to hack the technicals details, take nothing for granted, and not assume anything.