HawthorneVillager.com

Hawthorne Village (Milton) Discussion Board
It is currently Thu Mar 28, 2024 4:20 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 33 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Thu Mar 29, 2018 10:44 pm 
Offline
User avatar

Joined: Fri Dec 10, 2010 7:19 pm
Posts: 2331
Hodor wrote:
B&T402 wrote:
Drone dicks you mean, couldn't agree more.

Anytime this much discretion and consideration is required, there's dicks. OP's kid excluded I suppose.


Haha some kid (or adult, whatever) messing around with a remote controlled toy loses control of it and you’ll step up and be a hero with old lucille. Mmmmm hmmm....

Hey a fan of The Walking Dead. :D

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 29, 2018 10:50 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:42 pm
Posts: 1474
Hodor wrote:
B&T402 wrote:
Drone dicks you mean, couldn't agree more.

Anytime this much discretion and consideration is required, there's dicks. OP's kid excluded I suppose.


Haha some kid (or adult, whatever) messing around with a remote controlled toy loses control of it and you’ll step up and be a hero with old lucille. Mmmmm hmmm....

Image

I'm glad you and I agree on this point, I could use some backup here.

_________________
This one thing probably never goes away
I think this one thing is always supposed to stay
This one thing doesn't have to go away


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 30, 2018 5:34 am 
Offline
User avatar

Joined: Sun Jun 01, 2008 10:14 am
Posts: 4834
Location: Milton
There is risk when looking for your "fly away" drone that when / if you find it that you are also handed a bill to remove the dent from someone's car hood, roof, or trunk.

There is also risk when looking for your "fly-away" drone that it has landed on someone's roof who now has every right to insist a roofer retrieve it at your cost.

Best place to fly a drone is on a weekend at a school yard or in a park.

_________________
For Home Inspection services call Andy Shaw at Halton Home Inspection Service. 905 876 4761


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 30, 2018 5:58 am 
Offline
User avatar

Joined: Fri Mar 11, 2005 9:29 pm
Posts: 267
Location: HV North Phase 2, Pilgrim 'B'
Halton Home Inspector wrote:
There is risk when looking for your "fly away" drone that when / if you find it that you are also handed a bill to remove the dent from someone's car hood, roof, or trunk.

There is also risk when looking for your "fly-away" drone that it has landed on someone's roof who now has every right to insist a roofer retrieve it at your cost.

Best place to fly a drone is on a weekend at a school yard or in a park.



Agreed 100%, lesson learned and my son now knows.

_________________
J


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 30, 2018 6:31 pm 
Offline

Joined: Fri Feb 06, 2015 3:08 pm
Posts: 316
B&T402 wrote:
[I'm glad you and I agree on this point, I could use some backup here.


Well just making the thing vanish seems obvious,leave no evidence

I assume toy spy camera drones use a SD memory card
to record images rather then a live video feed?


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 30, 2018 7:27 pm 
Offline
User avatar

Joined: Fri Mar 11, 2005 9:29 pm
Posts: 267
Location: HV North Phase 2, Pilgrim 'B'
So the real question is what does B&T402 have to hide?

By the way, this drone in the original post has no camera capabilities.

_________________
J


Top
 Profile  
Reply with quote  
PostPosted: Sat Mar 31, 2018 8:03 am 
Offline
User avatar

Joined: Tue May 05, 2015 10:02 pm
Posts: 993
Milton Dutch Day wrote:
I assume toy spy camera drones use a SD memory card
to record images rather then a live video feed?

Live video feed exist but is pretty expensive, you can even livestream right to YouTube etc

_________________
There is no reasoning with Tru-Anon people, it really is cult-like


Top
 Profile  
Reply with quote  
PostPosted: Sat Mar 31, 2018 9:11 am 
Offline
User avatar

Joined: Sun Jun 01, 2008 10:14 am
Posts: 4834
Location: Milton
For those who hate drones they can always buy a drone with an excipio drone netting system to take down the hated drones :wink: :D

https://www.youtube.com/watch?v=LgWlm5zrY4w

_________________
For Home Inspection services call Andy Shaw at Halton Home Inspection Service. 905 876 4761


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 05, 2018 11:37 am 
Offline
User avatar

Joined: Tue May 05, 2015 10:02 pm
Posts: 993
Mr.Peppermint wrote:
Milton Dutch Day wrote:
I assume toy spy camera drones use a SD memory card
to record images rather then a live video feed?

Live video feed exist but is pretty expensive, you can even livestream right to YouTube etc

Oh fun

Apparently one of the bigger names in drone technology actually left the keys out in the open lol
So all your private stuff could already be on the dark web now
http://www.digitalmunition.com/WhyIWalkedFrom3k.pdf

_________________
There is no reasoning with Tru-Anon people, it really is cult-like


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 10:18 am 
Offline
User avatar

Joined: Tue Jun 05, 2012 7:03 pm
Posts: 181
Mr.Peppermint wrote:
Mr.Peppermint wrote:
Milton Dutch Day wrote:
I assume toy spy camera drones use a SD memory card
to record images rather then a live video feed?

Live video feed exist but is pretty expensive, you can even livestream right to YouTube etc

Oh fun

Apparently one of the bigger names in drone technology actually left the keys out in the open lol
So all your private stuff could already be on the dark web now
http://www.digitalmunition.com/WhyIWalkedFrom3k.pdf


The article you linked discusses security holes found within the DJI GO4 app. It affected GO4 users (I.E. DJI Drone operators) who entered third-party login info into the app. I'm not sure what you mean by "all your private stuff could already be on the dark web" --You mean the 'private' youtube videos a user has posted on Youtube? Nothing is truly private once it gets uploaded into a cloud; this should be common knowledge by now.

FYI; for anyone concerned about their privacy and "spy" drones (I.E. drones with a stabilized HD camera) please become familiar with the actual regulations:

http://www.tc.gc.ca/eng/civilaviation/opssvs/flying-drone-safely-legally.html

In this specific concern/context, no operator is allowed to fly within 30m (lateral distance) of your property (without permission). The heavier drones (with higher quality cameras) are even more restricted (75m lateral). Ignoring these regulations opens the operator to some steep penalties. An no, none of the customer drones that I'm aware of come equipped with an optical zoom.

These regulations exclude the toy variety (under 250g). However if a toy-drone comes equipped with a camera, it's there mostly for novelty - the quality is quite poor and the shaky footage is generally unusable.

Lastly, "Shooting down" any aircraft (RC or not), regardless whether its encroaching your property or not, is prohibited and opens you up to liability even if only attempted (but failed).

My recommendation would be to either follow the drone back to its landing and talk with the operator or simply report it referencing the regulations provided.

Post edit: some clarifications.


Last edited by spirytus on Sat Apr 07, 2018 11:36 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 11:29 am 
Offline
User avatar

Joined: Mon Oct 18, 2010 8:22 am
Posts: 3430
Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.

DJI also exposed customers' personal information – from flight logs to copies of government ID cards – to the internet from misconfigured AWS S3 buckets.

By leaking the wildcard SSL cert private key, which covers *.dji.com, DJI gave miscreants the information needed to create spoof instances of the manufacturer's website with a correct HTTPS certificate, and silently redirect victims to the malicious forgeries and downloads via standard man-in-the-middle attacks. Hackers could also use the key to decrypt and tamper with intercepted network traffic to and from its web servers.

It's rather embarrassing. DJI is one of the world’s largest small and medium-sized aerial drone manufacturers.

The private SSL key was found sitting in a public DJI-owned GitHub repo by Kevin Finisterre, a researcher who focuses on DJI products. AWS account credentials and firmware AES encryption keys were also exposed on GitHub, we're told, along with people's highly sensitive personal information in poorly configured public-facing AWS S3 buckets, which he summarized as a “full infrastructure compromise.” DJI has since marked the affected HTTPS certificate as revoked, and acquired a new one in September.

“I had seen unencrypted flight logs, passports, drivers licenses, and identification cards,” Finisterre said, adding: “It should be noted that newer logs and PII [personally identifiable information] seemed to be encrypted with a static OpenSSL password, so theoretically some of the data was at least loosely protected from prying eyes.”

Earlier this year the US Army issued a blanket ban on the use of DJI products by its personnel. It gave no reason for doing so, other than unspecified “cyber vulnerabilities,” and was rapidly followed in doing so by the Australian military. Several British police forces also use DJI drones for operations, in place of helicopters.

Security researcher Scott Helme added: “The basic problem is that with access to the key, an attacker can use DJI's certificate.” He also highlighted the fact that the now-revoked certificate was issued for *.dji.com, covering all DJI subdomains – including security.dji.com, which is where their Security Reporting Centre can be found.

Helme added that, in his view, the canceled certificate could be used to decrypt intercepted web traffic to and from DJI’s website until its expiry date of 10.00 UTC on 5 June 2018. Helme has previously blogged that there are flaws in how common web browsers handle cert revocation via the Online Certificate Status Protocol, allowing recalled certs to still be trusted by browsers. He added: “If someone is in a position to use the certificate they are also in a position to stop the revocation check happening, so the browser would accept the certificate despite it being revoked.”


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 11:50 am 
Offline
User avatar

Joined: Tue Jun 05, 2012 7:03 pm
Posts: 181
shawnrk1 wrote:
Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.

DJI also exposed customers' personal information – from flight logs to copies of government ID cards – to the internet from misconfigured AWS S3 buckets.

By leaking the wildcard SSL cert private key, which covers *.dji.com, DJI gave miscreants the information needed to create spoof instances of the manufacturer's website with a correct HTTPS certificate, and silently redirect victims to the malicious forgeries and downloads via standard man-in-the-middle attacks. Hackers could also use the key to decrypt and tamper with intercepted network traffic to and from its web servers.

It's rather embarrassing. DJI is one of the world’s largest small and medium-sized aerial drone manufacturers.

The private SSL key was found sitting in a public DJI-owned GitHub repo by Kevin Finisterre, a researcher who focuses on DJI products. AWS account credentials and firmware AES encryption keys were also exposed on GitHub, we're told, along with people's highly sensitive personal information in poorly configured public-facing AWS S3 buckets, which he summarized as a “full infrastructure compromise.” DJI has since marked the affected HTTPS certificate as revoked, and acquired a new one in September.

“I had seen unencrypted flight logs, passports, drivers licenses, and identification cards,” Finisterre said, adding: “It should be noted that newer logs and PII [personally identifiable information] seemed to be encrypted with a static OpenSSL password, so theoretically some of the data was at least loosely protected from prying eyes.”

Earlier this year the US Army issued a blanket ban on the use of DJI products by its personnel. It gave no reason for doing so, other than unspecified “cyber vulnerabilities,” and was rapidly followed in doing so by the Australian military. Several British police forces also use DJI drones for operations, in place of helicopters.

Security researcher Scott Helme added: “The basic problem is that with access to the key, an attacker can use DJI's certificate.” He also highlighted the fact that the now-revoked certificate was issued for *.dji.com, covering all DJI subdomains – including security.dji.com, which is where their Security Reporting Centre can be found.

Helme added that, in his view, the canceled certificate could be used to decrypt intercepted web traffic to and from DJI’s website until its expiry date of 10.00 UTC on 5 June 2018. Helme has previously blogged that there are flaws in how common web browsers handle cert revocation via the Online Certificate Status Protocol, allowing recalled certs to still be trusted by browsers. He added: “If someone is in a position to use the certificate they are also in a position to stop the revocation check happening, so the browser would accept the certificate despite it being revoked.”


The technical details of the DJI security hole is really beyond the scope of this thread. Peppermint's post read like the unwitting public's privacy was direct/indirectly affected - it wasn't. This only
affected DJI customers.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 4:08 pm 
Offline

Joined: Fri Feb 06, 2015 3:08 pm
Posts: 316
So if this ( lets say) 150 gram
object that's hovering 10(?) stories over my head
shuts down,does it return to earth ( and my head) like
a 150 gram rock
or are they designed to glide down more gently?


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 7:11 pm 
Offline
User avatar

Joined: Tue May 05, 2015 10:02 pm
Posts: 993
spirytus wrote:
The technical details of the DJI security hole is really beyond the scope of this thread. Peppermint's post read like the unwitting public's privacy was direct/indirectly affected - it wasn't. This only
affected DJI customers.

Really? I thought my original post was quite clear

Ok so the general public's privacy is uneffected
Only those who purchased a DJI product have had all their personal info compromised (DJI easily makes up more than half the drone users in the world so yeah still a pretty large pool of effected users imo)

But I think you are trying to backtrack since it should be OBVIOUS to anyone that if you never had business dealings with a company it would not be possible to leak your details
(eg Bell had a security breach of 1.6 million customers; obviously not every cell phone user in Canada is effected, just those who are using Bell for their cell phones)

_________________
There is no reasoning with Tru-Anon people, it really is cult-like


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 07, 2018 7:17 pm 
Offline
User avatar

Joined: Tue May 05, 2015 10:02 pm
Posts: 993
Milton Dutch Day wrote:
So if this ( lets say) 150 gram
object that's hovering 10(?) stories over my head
shuts down,does it return to earth ( and my head) like
a 150 gram rock
or are they designed to glide down more gently?

Most real drones will initiate self landing when battery gets too low or loses signal etc

But even in your example, 10 story freefall for a 150g object is quite severe, even with wind resistance

_________________
There is no reasoning with Tru-Anon people, it really is cult-like


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 33 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.013s | 13 Queries | GZIP : Off ]