Gregory's Serveralso I hope they wiped these hard drives
|
106 comments
 when you see a gaylord stacked high with NUCs and half of them still have USB fans attached, you know these were all just yanked off a shelf.    I have now stuck the hard drive in my imaging box it turns out it was in service as of June. and this one has log errors about the sensors in the bathroom and bedroom. this was used. fuck.  is the company still in business because this is a material breach type situation HEY FUN FACT: this was used as part of an Alexa/google home type thing! this is the "cloud" half, as in the part sitting in a warehouse somewhere. where it is still stored. and I now have eleven thousand wave files  @foone the people behind this need to be barred from operating a business ever again. I know this shit happens all the time with liquidated assets but it's fucking unacceptable.    @glyph oh, most likely. @glyph @foone sadly, no. at most it's *maybe* a GDPR violation depending on the content of the WAV files, but likely not, and I'm guessing that's going to be impossible to prosecute anyway because the assets are almost certainly a result of an insolvency liquidation. I see this shit all the damn time and right now there's very little recourse for those affected. god the logs are full of errors about assorted video streams failing. now I don't think there's any video stored on this device, but keep in mind: the fools that made this thing fill up with WAV files? they also designed the video streaming part. Where are those videos stored, and how safe are they? or maybe the fools who dumped all the NUCs from their entire "AI remote healthcare" in the recycling without yanking any drives are just somehow REALLY GOOD at knowing how to secure their s3 buckets. jesus christ this isn't the only time THIS MONTH I've found an IoT device and checked the filesystem contents and it's got their private git repos on it okay so the good news is that they don't just have S3 keys laying around in plain text. oh hey! this thing authenticates to some of their servers (which are still up, even if the company might not be (this is unknown at the moment)) over SSH! using keys kept in the same home-rolled vault thing! so I can SSH into their servers now! oh god this thing sends email from gmail please tell me they didn't embed the google login into this device tempted to drive past their HQ with a megaphone "I'VE GOT YOUR MODELS, YOU AI HACKS!" they sure did! I have a video of someone picking something up from outside a door.  @foone Better act fast, 'tis the season for Spirit Halloween to start inhabiting old husks  @foone   @foone If there was a bounty for this kind of shit, you'd never have to work again. my god. @elfi yeah. the problem is I'd have to become a security researcher and I'm reasonably sure I'd rather die   @foone@digipres.club Based on what you've described so far I'd be surprised if you *don't* find their keys.     @foone Uhm. This sounds like you can finance the rest of your life with a class action law suit.   @foone oh great @foone "HEY ALEXA!!! BUY MORE SHIT FROM THAT PLACE!!" "Buying more shit from that place." @foone and people are giving all access for convenience. I have Alexa, & a security camera. My camera constantly wants access to Alexa. Why? Um, no. 🙄 My camera constantly wants me to join some cloud service where all the videos live forever. The SD card’s plenty, thanks. Stop trying to make me go cloud service. I know there are tons of people using the cloud service just to make the prompts go away. 20 years ago we wouldn’t even talk about pot in front of our TVs!   |
but given the state of them when they arrived at ewaste?
no they did not