Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - littleman

Pages: [1] 2 3 ... 23

Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.

In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.

Video demonstrations of the technique

Marketplaces / List of nefarious practices on Amazon
« on: December 06, 2019, 08:56:25 PM »
From Here; a comment on an article about Chinese sellers are manipulating Amazon


    Fake reviews - compensating/reimbursing real customers for leaving a positive review,making fake orders and leaving positive reviews through zombie Amazon accounts, selling fake reviews to others

    Zombie accounts - fake review companies (almost always in China) open hundreds or thousands of fake Amazon accounts known as "zombie accounts", they then emulate "real" customer browsing behavior so as not to arouse Amazon’s suspicions

    Counterfeit products and listing hijacking - no barrier to entry for Chinese sellers to sell counterfeit products on your listing, Amazon does not actively audit items to determine if they are genuine or not, malicious sellers can print a fake UPC bar code, apply it to counterfeits, and Amazon will deem it genuine

    Sabotaging competitors’ product listings - any seller can potentially edit a listing, cause consumer confusion, and destroy your sales

    Variation abuse - any seller may potentially add a variation to an existing product, since all variations in a listing share the same reviews, sellers add completely different products to existing listings to mimic high review counts, Amazon shuts down active listings frequently so sellers target discontinued listings instead

    Stealing internal Amazon data - mid to senior-ranking employees within Amazon China have direct access to Amazon’s internal network that allows them to access private information related to all sellers, corrupt Amazon employees steal and sell competitor business reports on the black market

Not mentioned, other common strats:

    Merged listings - sellers open support cases to merge inactive/discontinued product listings contain high amounts of positive reviews with their unrelated product listings, acquiring high review counts for brand new products

    False IP claims - sellers file false IP claims on product listings to shut down your listing, causing loss of sales while Amazon forces you to submit appeal documentation

    Product listing sabotage - article failed to cover sellers who will change your product listing to have your listing shut down for policy violations, this may include changing your product images to porn or changing your product category to adult products

    Manufacturer disloyalty - Chinese manufacturers will turn around and either resell your private label products to other private label brands on Amazon or sell your products under their own brand on Amazon

    Burner accounts - sellers buy old Amazon seller accounts, old accounts have daily bank deposits (as opposed to bi-weekly) and do not hold payments, some sellers use these as burner accounts to mass sell counterfeit goods and deposit funds immediately before they are caught and banned

    Multiple accounts - Chinese sellers are known to have multiple accounts and brands at any given time, allowing them to still sell on Amazon after suspensions and bans

    Trademark abuse - some competitors will register your brand name as their trademarks, forcing Amazon to shut down your listings for trademark infringement, forcing you to rebrand entirely and start over


    Don't use Google search
    Don't use the Chrome browser
    Don't use AMP on your own sites
    Why are so many sites slow in the first place?
    Treat the cause: Third-party requests slow down the web
    How to make your sites faster than AMP without using AMP

Hardware & Technology / Python libraries caught stealing SSH and GPG keys
« on: December 05, 2019, 07:01:17 PM »
Any Python people here?



The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team.

While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.


    The right to be informed as to what data will be collected, and how it will be used
    The right to opt out of data collection or sharing
    The right to be told if a website has data on you, and what that data is
    The right to be forgotten; to have all data related to you deleted upon request
    The right to be informed if ownership of your data changes hands
    The right to be informed of any data breaches including your information in a timely manner
    The right to download all data in a standardized format to port to another platform

This is a pretty radical departure from what we have right now.

Web Development / Sneaky JaguarPC
« on: October 10, 2019, 08:15:51 PM »
We've been hosting with them since 2010.  In that time we've had three 36-month billing cycles at $178 each cycle.  This last one, without any notification they decided to invoice for $358 for 36 months.  I was kinda pissed when I talked to them.  They brought it down to $196.02, which is a more reasonable increase.

We were having issues with reliability, but overall I can't complain about hosting over the last few years.  Still, that type of sneaky sh## pisses me off.  I guess they just did this to all their long term clients and a curtain percent will just pay without noticing.

Water Cooler / Saying that just bug you?
« on: September 25, 2019, 12:19:38 AM »
A big one for me it is "living my best life".  It is narcissistic, indulgent, and deflects (sometimes warranted) criticisms.  Also, the phrase is often used to promote being the object of envy, which is an ongoing peeve of mine.


California Governor Gavin Newsom signed into law last week financial protections for consumer investments in rooftop solar energy. The law, AB 1208 authored by Assemblymember Phil Ting (D-San Francisco), extends a prohibition on cities and counties taxing the energy generated by rooftop solar panels for use by homeowners and businesses.

Civil liberties groups are warning of a major threat to online freedoms and First Amendment rights if a leaked draft of a Trump administration edict—dubbed by critics as a "Censor the Internet" executive order that would give powerful federal agencies far-reaching powers to pick and choose which kind of Internet material is and is not acceptable—is allowed to go into effect.

Marketplaces / What Prime Day(s) looked like to one small seller
« on: August 01, 2019, 06:30:33 AM »
I'm posting a graph so you could see the relative difference Prim Day (actually two days) had on my order volume.  As you could see there was a small upswing the day before, then a sharp drop in sales after Prime Day ends and then a rebound.   I had no special promotions going, just the usual low volume PPC and nothing on sale.

Hardware & Technology / Webrecorder
« on: July 23, 2019, 09:26:43 PM »


What are Web Archives?

A web archive is a record of web resources. It may include HTML and images, scripts, stylesheets, as well as video, audio and other elements that web pages and web apps are made of, all in one file.

What makes Webrecorder different?

What most differentiates Webrecorder is its focus on "dynamic web content." The web once delivered documents, like HTML pages. Today, it delivers complex software customized for every user, like individualized social media feeds. Other existing digital preservation solutions were built for that earlier time and cannot adequately cope with what the web has become. Webrecorder, by contrast, focuses on all that dynamic content, such as embedded video and complex javascript, addressing our present and future.

Pages: [1] 2 3 ... 23