Ads, Networking, Robots, SSRF, Lock Picking

  • One site advertisers heavily using Google Ads. But funniest thing is that when you click the ad, the final destination fails to load. That's really smart way to waste your money.
  • Daily networking fun. We've had some networking issues lately. But the problems only last dozens of seconds and go away. Also when the problem is on, it's not total loss of traffic. It's high packet loss. And does look like overload, but strangely there's packet loss or not. But the latency doesn't go up. This has happened several times over last two weeks. Annoying intermittent serious packet loss. This hasn't been happening for too long. There's big renovation going in the building? Could some seriously heavy electronic equipment like drills, saws, cutters, etc cause networking issues via RF or electricity network? RF shouldn't probably be a problem, with cat5e cables. Also networking equipment should have quite good power sources, which should well resist disturbance from network. Devices are also behind UPS but that's on-line UPS so, it really doesn't help with this kind of potential fluctuations. After long period of measuring and testing, we probably have located the issue to main routers port #3. When that port is being used, serious packet loss occurs 'every now and then'. But not constantly. I guess we'll never get final conclusion. But now it seems likely. Traffic has been rerouted using port #4 and now everything seems to be working well. At least so far. I've also switched the floor switches port connected to the main router. But so far based on light testing using port #3 it seems that it's the root cause for these issues. Or not. Network problems can be really time consuming to troubleshoot properly. Maybe it's the main router which is failing? Yet some other networks on it are not failing. Much more testing is required. Maybe there's something on the network, which causes the issue, in certain situations. Next test is just to unplug all equipment and leave testers on the main ports and see, if the problem persists or not. Another interesting observation is that, if there's really low load on the network, there aren't any problems. This could mean that there might be duplex issue somewhere. I've seen those earlier. And usually when you do basic testing, everything works well. But when you put some load on network, everything dies. Yet in this case, everything should be 1000/Full. But maybe something has been auto detected incorrectly and is causing these problems. Sometimes these tasks just require so much effort and even then the end result is obscure. After doing all that, things might or might not work.
  • I personally wonder why robots need to be human like. Wouldn't environment designed for robots, be best for robots? It allows major space rearrangement. Because you don't need to waste space for humans. But similar issue is being seen with some weapons systems. They use weapons designed for humans, and attach those. And don't use especially purpose designed weapon system. But this is something which seems to be changing too. So if you got vehicle with remote operated gun station, it might not anymore have WWII machine gun or AK-47 mount. It might have purpose designed turret with suitable weapon.
  • Server Side Request Forgery (SSRF) - Targeting HTTP's Hidden Attack-Surface - Great examples, how way too complex and flexible code causes serious security issues. Yet these techniques rarely work, or require extensive probing and testing or internal knowledge of the systems.
  • Read another long article about lock picking and how insecure most of locks are. If picking takes too much time, then you can trivially resort with brute force methods, like drilling or using bolt cutters / crowbar. Fact is that locks are for honest people. If you really want to get something, locks aren't going to be a problem. Especially if there's no automated active response to the events. Like alarm system. Most of locks are so bad, you don't need even brute force approach. Because locks can be picked in reasonable time without any damage or signs of picking.
  • Something not so different? Smart Gun Security - Oh yeah. Falls into same category with rest of "Internet of sh1t" and "smart" (hahaha), devices.

2018-10-14