Skip to content

Former GM Executive: BYD cars are good in terms of design, features, price, quality. If we let BYD into the U.S. market, it could end up destroying american manufacturers

Technology
301 156 2
  • A Forensic Examination of GIS Arta

    Technology technology
    1
    1
    6 Stimmen
    1 Beiträge
    9 Aufrufe
    Niemand hat geantwortet
  • Trump social media site brought down by Iran hackers

    Technology technology
    174
    1k Stimmen
    174 Beiträge
    668 Aufrufe
    B
    That's the spirit
  • 0 Stimmen
    1 Beiträge
    9 Aufrufe
    Niemand hat geantwortet
  • 76 Stimmen
    12 Beiträge
    49 Aufrufe
    A
    Let's not? I think we've had enough robots with AI for now. Thank you.
  • Pocket shutting down

    Technology technology
    2
    2 Stimmen
    2 Beiträge
    19 Aufrufe
    B
    Can anyone recommend a good alternative? I still use it to bookmark most wanted sites.
  • 30 Stimmen
    6 Beiträge
    31 Aufrufe
    S
    The thing about compelling lies is not that they are new, just that they are easier to expand. The most common effect of compelling lies is their ability to get well-intentioned people to support malign causes and give their money to fraudsters. So, expect that to expand, kind of like it already has been. The big question for me is what the response will be. Will we make lying illegal? Will we become a world of ever more paranoid isolationists, returning to clans, families, households, as the largest social group you can trust? Will most people even have the intelligence to see what is happenning and respond? Or will most people be turned into info-puppets, controlled into behaviours by manipulation of their information diet to an unprecedented degree? I don't know.
  • 7 Stimmen
    9 Beiträge
    43 Aufrufe
    V
    Ah yeah, that doesn't look like my cup of tea.
  • 1 Stimmen
    8 Beiträge
    37 Aufrufe
    L
    I think the principle could be applied to scan outside of the machine. It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack. There's no reason it can't make requests to 10.10.10.1:{port} as well. Of course you'd need to guess the netmask of the network address range first, but this isn't that hard. In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range. If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers. From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on. I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.