Manufacturing firearms is not unlawful in the State of New York, nor is it unlawful federally.
As far as I can tell, there is no federal or state law that compels any company to add features like the ones HP has added to their products. I have not spent a large amount of time researching. Just browsed a few articles like this one https://www.itestcash.com/blogs/news/your-guide-to-federal-c....
I'll point out that I didn't mention the law in my first comment. I don't know the history of how this technology came to be so ubiquitous, so I didn't speak to it. However, from the perspective of a consumer, it doesn't really matter if it was due to regulation from the government or a collective decision of manufacturers to regulate themselves before the government intervened. The end result is still that the printer you buy from the local Best Buy will almost certainly block this. That is the precedent I was referencing and the collective loss that has gone unnoticed.
I also don't see the point about manufacturing firearms as particularly convincing. It was a process that used to be more difficult and technology has made that process substantially easier. It's reasonable for a government to think the old process didn't need regulation due to that complexity while the new technology intensifies the problem enough for a government response. New technology prompts new regulation all the time for exactly this reason.
This is legislation. Legislation that grants the government veto-power over what you can create. The entire issue here is law. The fact that you "...didn't mention the law..." in your first comment is stunning.
From the text of the proposed legislation, this blocking technology needs to fail closed. This means that you need a form of permission to start a manufacturing process. It compels each entity involved in the supply chain to add this government kill-switch from slicing software, firmware developers, 3D printer manufactures, etc.
The entire premiss for this? To stop individuals from manufacturing firearms and firearm components WHICH IS A LAWFUL ACTIVITY! Unbelievable that anyone would defend such government overreach.
Your motivations are transparent. You are using regurgitated anti-gun arguments. Arguments that have been thoroughly dismantled by SCOTUS. Many before you have used this logical fallacy that advancements in technology give the government a pass to interfere with individuals and their rights. Even very progressive judges have conceded that the first amendment is certainly not limited to quill and ink, but applies to the Internet. Additionally, the advent of strong cryptography does not give the government a reason to strip people of their 4th and 5th amendment protections.
>The entire premiss for this? To stop individuals from manufacturing firearms and firearm components WHICH IS A LAWFUL ACTIVITY!
Everything is a lawful activity until they make a law outlawing it. You're arguing against the idea of all new laws.
>Your motivations are transparent. You are using regurgitated anti-gun arguments.
I wasn't hiding anything. I think stricter gun regulations would be a net benefit for an American society that is way too obsessed with guns. The voters of New York generally agree with that idea. The last few months have also made it clear that all the years of 2nd Amendment advocates talking about us needing guns to fight tyranny have been lying about their motivations. So if we're demanding transparency, let's also be clear that there is no deeper ideology at play here beyond a love of guns.
I can see both of your viewpoints, here. I wouldn't make the blanket statement that OP is incorrect. The fact that you have only seen this a handful of times in your career is not surprising. This sort of silly bullshit is far less common nowadays. However, as OP has stated, these things were somewhat more common a while back. Mind you, much of this very poorly written software is still being used in dusty corners by large companies. You should keep an open mind when testing and not dismiss these things are outright impossible or else you're going to miss a lot of bugs :P
Some of the most interesting issues seem pathological at first blush. Can you really think of no scenario where there would be an sql injection string as a password? Perhaps some try-hard came along before you and attempted sql injection on the user creation form that resulted not in sql injection, but in the password being set to the literal string that the person used as input.
I realize that in this scenario it is literally designed-in, but I understand the point the author is trying to prove. If a "scanner jokey" gets results that tells him or her there is SQL injection, a competent tester will try to verify what their tool is telling them. If the tester is doing that in this case, they'll find other injection strings not working and (hopefully) start looking under the hood to see what is going on and discover this pathological hard-coded pw and be able to tell the client that. Maybe it's the work of a malicious dev?
I agree that a pentester with a lot of experience will have skills that are honed to find common bug patterns, but it's nice to be able to find these seemingly bizarre issues and have an explanation for the client. It shows you really understood the app and what it's doing.
My opinion: This person used someone else's electronic credentials to perform a task without asking for permission. This person did not have the proper level of access on their own account to perform this action, so they used someone else's (likely the "VP" who they were working with on that project). This would/should get you fired at many places.
Not sure what the down voting is about. Things that lead me to this conclusion: "...and remind you that this is the hacker company. Of course this is all a lie: that's how you get fired." And "It was clear that the person who talked to me had no idea what she was talking about. She quickly confessed as much to me." The author is referring to the HR member who was conducting the investigation. It was probably a technical task that the author of the article performed with someone else's creds or by bypassing some security system (checking in code, deploying code to prod., etc.) which is why the HR member "had no idea what she was talking about [and] quickly confessed to [the author] as much." The HR team was highly interested in finding out "...whether somebody had asked me to do it" and "...if you were not sure of what you were doing, why didn't you ask your manager?" HR wanted to know if the anonymous author had permission to perform the task since the anonymous author's account did not have the appropriate permissions to do so. "If a week prior, I had typed a few different keystrokes, I would never have been in that room."
Also, I forgot this relevant quote: "Yes I did it, and nobody made me. I was working on a special project with a VP at that time, and he had nothing to do with it."
This person used someone else's electronic credentials to perform a task without asking for permission. [...] This would/should get you fired at many places.
You mean that thing that happens all the time at every office?
I have a post-it note on which my boss wrote his password for me, specifically because he was sick of my asking whenever I needed to be granted access to new things. I can't think of a single job I've that involved computers where I wasn't given access to user accounts that were not mine for reasons of expediency in the face of inflexable permissions systems.
>I have a post-it note on which my boss wrote his password for me,
thus it means explicit (and in writing! - good for you :) approval by the boss, and the boss bears primary responsibility here. In case of the original article it is pretty clear that the author didn't bother to get at least even informal approval from the higher-ups (even just mentioning that he is going to perform the task in that specific way in a conversation with that VP would go a long way) - that is a basic skill(or even i'd say "instinct") of covering your own lower behind one has to apply while working at a BigCo, be it Facebook or IBM.
I would imagine at a place the scale of Facebook, where logging and accountability trails are as important as they must be at Facebook, this kind of transgression is categorically different from the one you describe.
I'm not really surprised by this. Starting to smoke and continuing to smoke are bad life choices and indicate a lack of will power and long-term thinking. Yes, cigarettes are incredibly addictive and quitting is hard (I smoked for 6 years when I was a teen and young adult). The same poor life choices and lack of long-term planning also lead to a low-income existence. Not applying yourself in school because you'd rather "have fun now." Not attending college. Not eating healthy foods. Not exercising. Smoking cigarettes. The fact that these things are all related shouldn't be a mystery or revelation. Poor people smoke more because poor people make bad choices in general.
"Why stop? You are going to die anyway. And don't you deserve to die? You are smoking after all. No point in stopping now. Not like your life was ever going to go anywhere."
We are always hiring. Matasano specializes in application security. We break web applications, desktop applications, mobile applications on all platforms, and hardware. We perform network penetration tests and security architecture reviews. Our consultants have a wide range of skills such as firmware, bootloaders, drivers and kernel modules all the way up to web applications using Node and everything in between. We release bleeding edge security research and speak at all major security conferences (BlackHat, ToorCon, ShmooCon, etc.).
We are looking for people who are passionate about information security. No prior consulting experience necessary. We also hire Summer interns each year in New York, Chicago, and Sunnyvale.
Manufacturing firearms is not unlawful in the State of New York, nor is it unlawful federally.
As far as I can tell, there is no federal or state law that compels any company to add features like the ones HP has added to their products. I have not spent a large amount of time researching. Just browsed a few articles like this one https://www.itestcash.com/blogs/news/your-guide-to-federal-c....