Ive noticed that there is too much spam concerning PS3 on the internet, perhaps Sony itself or a contractor has the mission to pollute search-phrases like "ps3 hack, ps3 custom firmware" and so on. Before these where leaked the first 3 pages on google for anything relating to hacking the ps3, custom brew etc, where links to really sketchy forums with really sketchy downloads - all leading to similar archives of "custom" firmware for 4.10 for example, the size of ~250MiB which was password locked and you where told to fill out a form on several sites to get the password, basically just a huge time waste.
It makes sense, to combat piracy by using spam/scam techniques. That will keep the pirates or would-be pirates out.
ssh doesnt depend on Gnome or KDE, what are you talking about?
These articles are spam. They are collections of snippets from various man pages and other older resources on the internets. If you think theyre useful, go back to the study room, youll not advance your skills by expecting "tutorials" on how to use ssh without kde(!?). Your asking the wrong questions, and will be led down a fruitless path.
The problem isn't SSH itself, but the tutorials out there tend to assume that you're using GNOME or KDE (or, more to the point, their automount systems). If you're not running either one, you're left trying to figure out how to deal with that problem.
Plug in the flash drive, then "tail -n 20 /var/log/syslog" (on most systems, and assumes the system isn't very busy), and look for the notification of the plug-in event with the device node, e.g. /dev/sdb1.
Then, "mount /dev/sdb1 /media/flashdrive", replacing the device node with whatever you see in syslog, and the mount point with the appropriate folder on your filesystem (really, whatever you want it to be -- you can mount something to your home folder if you like). 'mount' should be able to auto-detect the filesystem on the device unless you're running a really old Linux or BSD.
Are you honestly saying you have never discovered something new about a simple tool by reading a tutorial or watching a colleague? If you are fully able to understand the usage and implications of every simple Unix tool based solely on the man page then you are far smarter than not only me but every person I've ever worked with.
ssh is not a simple tool, it just started out as a simple tool. And, it occupies a key role, for better or for worse, as the base layer for secure communications in a unix environment (and beyond).
Combine those two facts, and it's not surprising how many articles there are explaining the ins and outs of ssh.
I've been poring over unix man pages for about 25 years, and we all know their terseness is a delight and a frustration. ("Sharp and newline surround comments." -- takes a minute to parse.) These articles are trying to add words to address the frustration part.
You appear to not understand the concepts you are attempting to participate in a discussion about.
To "trigger" the vulnerability is to deliver your exploit code. This USB stick can be inserted into any Windows 7 system and, voila you have your rootkit on that machine, without any user interaction required. No running of .exe files anywhere. You could put some pictures on the usb drive for the user to look at while his system is compromised. (Rootkitted is that a word? Backdoored is.)
In his demo video, he needs to run a specially crafted program to actually achieve privilege escalation. That's why you need both physical access and a local user account.
Social engineering only gets you both if you can autorun the executable upon insertion of the usb stick.
Oh hey, I had one of those too. I eventually smashed it and threw it out because I tired of plugging it in and having slow down problems.
(I noticed it first when I was working with the jump drive and had the system grind to a halt. Removed the drive and it immediately unfroze. further testing confirmed)
Email is the least secure technology you can pick. For my communications, sharing birthday-pictures and so on, Id like to know that it takes more than to just sniff the somewhere along its path.
Practically speaking, in most cases, whoever is in control of your SMTP server and whoever is in control of the recipients mail server can read the email. (Reading it in between those would usually require deep packet inspection).
Similarly, if you post it on Facebook, people with access to Facebook's databases can see it. The risk seems to be pretty comparable to me, it's just different companies you trust. Certainly sniffing your email off the wire would take a lot more effort than somebody at Facebook reading your posts, and moreover has to be done while the email is in transit.
Email has the option to provide more security through encryption, and is less dependent on a single company.
For communicating anything of importance to my friends, I prefer phone or email, in this way I'm pretty sure that they'll receive it. To Facebook I post chit-chat and interesting tidbits for which I don't care who reads it and who misses it.
As sad and undesirable as it may be, I have a lot more sensitive information than simple birthday pictures in my inbox. Email simply makes sense compared to other options from a usability standpoint, especially when communicating with people who are not technically inclined. It's a risk that many of us still take, even if we know better, because the alternatives are not user friendly or mainstream.
There was a "spotify" or music service thing leaked from facebook js code a while back. So what you are saying facebookers will integrate even more closely with spotify. Listen to music in the browser with friends? Yey.
I post my stuff all over the web, I don't want to repost all that to my own personal site. Posting to all the other big players is great for discovery, grabbing all that content to post to my own site is great for email footers, business cards etc I built http://qiip.me exactly for this, see mine at http://qiip.me/edlea
That's not a pattern I've noticed generally. A lot of the sites I deal with are very specialised with content.
For example, posting a listing to Etsy.com requires some very specific details which are not relevant to other sites. To post an Etsy listing, share the same photos on Flickr, share that content to a blog post would require a lot of data at the central point to spread to all those services.
I think it's easier in the cases I've seen to post to the end services and pull that data back in.
Shared fields are not often more than Title, Images, some Body Text. Then there are hundreds of smaller options from price to tags to materials to photosets to choose from.
The other issue here is that where cross posting is easy, usually the main service already provides it, i.e. posting from Instagram to Flickr. If you include services like http://IFTTT.com then you're pretty covered for this case.
I dont think thats correct. With these keys you can sign whatever you like and have it run on the PS3.