I dunno, I found it easier to move my family to JF.

I made them a bunch of accounts and sent them via signal.

For my mum I logged in as her and configured everything how she would want.

I didnt have to explain to anybody that remote stream needs to be unlimited bandwidth for better performance.

If mum forgets her password I can reset it.

To log her TV in we used quick connect where I had her enter the 6 digit code on the tv.

We used SyncPlay to watch a movie together.

Oh I’ll have to check that out I thought I read something about that method being patched.

Tho I do like just booting a new install and its already activated automatically :P

if you’re in the know, check out vlmcsd on github and “test” windows enterprise with KMS. It can run on everything from a pi, to docker, to openwrt. If you’re really gangster, you can set up SRV records and get auto activation on your lan

The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

Hope that helps explain a bit

Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.

The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.

You don’t just put the cat back in the bag…

In addition to what the other commented said, a lot of sys and net admins really don’t like the idea of every lan device being globally addressable, while there’s ways around it, a standard ipv4 Nat is a safety blanket to a lot of admins… Not that it should be like that, just my observation.

We use gitlab ultimate at my work, I’m the main admin of the instance. Like 2 weeks ago when there was the cvss 10 vuln, gitlab sent us a .patch file to apply to the instance instead of releasing a new minor cause they didn’t wanna make the vuln public yet. I guess that’s coordinated disclosure, but I still found that remarkably jank.

So add your user to the new docker group made on install of that package and you’ll be able to docker without sudo. You may need to relogin or newgrp docker before it works tho

Similar story for me, Ubuntu w/ wobbly windows and desktop cube in Jr High (I was a particularly nerdy kid), arch w/ i3 in HS and college, now I’m a DevSecOps Developer (engineer is a sacred term in Canada)

Learning to do naughty things to the WEP wifi around me is what led me to now doing penetration tests at my org.

Funny how goofing around on a computer as a kid can lead to careers and passions.

I’m a torrenter with the sonarr radar lidarr prowlarr *arr setups.

I’ve dabbled with Usenet and here’s my understanding.

With torrents you’re all sharing something live, if you want ubuntu.iso and I have ubuntu.iso you can get it from me and many others who seed this file. A torrent tracker (or the dht) helps put us in touch so you know where the file is.

With Usenet it’s more like I dead drop this file, zipped and encrypted(?) onto a Usenet news server. All the Usenet providers mirror each other or something like that, so if you’re on a diff provider than me that same file should still be available. Then I tell an indexer, like dognzb or nzbgeek that this file is in fact ubuntu.iso and not garbage data. When you want ubuntu.iso you ask the indexer, indexer gives you a link and you get the file.

Beyond this, I don’t know about how much safer it is, but my immediate guess is that since you’re not seeding there’s less risk.

Now if you’re really snobby like me, you’ll quickly realize that the release groups you’re used to aren’t as well represented. I’ve often landed in situations where episode 7 of 20 is missing on Usenet…

As a snob, I’ve decided private trackers are probably the best place to be to keep my quality expectations satisfied.

Hope this helps.

From what I gather it’s closer to a port knock than magic packets