You're strawmaning. I did not speak about making things secret. I also suggest you check this article out https://en.wikipedia.org/wiki/Free_Speech_Flag so you understand the difference between censorship and secrecy.
I'd assume many systems would store SS numbers without spaces or dashes in the backend so that rendering is up to the client. Which means you're looking for 9 digit strings. For example, full zip codes (xxxxx-xxxx) are also 9 digit strings.
I've posted elsewhere in this thread about this. There's really no reason to expect SSNs as strings for internal use. 32bit integers readily represent the same, as the max SSN is just a 9-digit number. I've seen at least one client store SSNs as INTs in a database and handle left-padding to 9 characters and interposing hyphens in display code.
Any 9-digit integers are immediately suspect under this reasonable storage choice.
So? Trying to break into a system can be the only way to know it's reasonably secure. This is like saying locksmiths are bad. Preventing this makes systems _less_ secure, defeating the point of trying to ensure privacy.
It doesn't even appear to be an official GitHub page (Hack with GitHub - location: Bangalore, India, email: hackwithgithub@gmail.com). Just because someone creates an "X-with-Github" repository, it doesn't GitHub are actively encouraging X.
>All extracted information is bundled as a ZIP file, without applying any protection like a
password. The ZIP file is then sent via an HTTP POST request to
http://192.168.43.1:8080/. This shows that not only no transport security (e.g. https://) is
in place, but also that an internal IP address is used.
Unless they're expecting a MITM from the police network (or wherever they use this app) why is no https a problem?
>BXAQ uses the default icon for Android apps, which means there is no attempt at being
covert or discreet about it.
...or maybe they didn't put an icon because it's optional and unnecessary for what essentially is an internal app.
I mean really they are not trying to be unbiased or anything about the analysis.
MITM? You don't need to MITM something that isn't even encrypted... anyone with a modicum of technical ability can use WireShark to grab these files if they're transmitted over public Wi-Fi. And probably cellular connections, too.
Exactly, sit outside the police station/wherever just nearby spin up wireshark in monitor mode and you have a stream of personal info on the owners of those scanned phones
But they aren't transmitted over public wifi. They are transmitted inside of some kind of private network, given that they are transmitted to a server in the 192.168/24 range
You can have servers with an IP in that range available on public WiFi, no problem at all. If the network is not public, whoever installs the app still needs to connect to it, so you can intercept any credentials they enter, or even run Wireshark on the device.
Someone could theoretically use a modified version of Android to capture the police wifi login even after they forget the network, and then use that to connect and log all captures in the future.
Yes, in Poland alone there has been ~one death every year.
2001 Opatów, 2003 Walichnowy, 2007 Kielce(knifed), 2007 Łódź(coma), 2011 Poddębice, 2011 Kraków, 2018 Prokocim(arm cut off with machete, body massacred with baseball bats, axes and hammers). Thos eI could find with a quick google.
Example clip from one https://www.youtube.com/watch?v=jKXOsC3ms7k train was emergency stopped in the middle of nowhere, other team was already waiting after being transported by shuttle buses. You can search "Ustawka" on YT for more.
so you think this lack of hygiene or whatever has tripled in the last ten years or what? this betrays a total lack of consideration. sexual market dynamics are shifting rapidly.
i don't call my girlfriend my customer, it's a completely appropriate metaphor when speaking about culture-level aggregate effects. you should reflect on why all of your responses in this thread boil down to attacks on a perceived outgroup instead of engagement with ideas.
This reminds me of a story I read once of a guy who bought a 1000€ GPU from Amazon and got a 100€ GPU instead, obviously from a return. When he got to return it to get his 1000€ back, he was told that he had sent the wrong GPU, that it had been destroyed by them (like you would shred a sheet of paper) and asking for the right card to be sent to them.
Something similar happened to me when I was a teenager. I bought a 3dfx Voodoo card from Best Buy the day it came out and when I got home, it had a parallel printer port card in the box. After several arguments with managers went nowhere and I finally got a hold of the regional manager and got a replacement.
I thought the money I saved for so many months was lost. But alas, I was finally playing Quake deathmatch in glorious 3D after some heartache.
When I was a kid I had a family member who would perform these "swappy swaps" that you were the victim of.
He would go out and buy a new card, gently open the wrapper so that it could be melted back on with a heat gun, remove the card, replace it with something of similar weight, and reseal the package with a heat gun.
One time I ruined the wrapper on him and he had to take the item to Blockbuster. He made up some BS about it being a birthday gift that the wrong child opened and he needed to use the cellophane machine. It didn't work, and Best Buy wouldn't accept his return. That was one of the last times I saw him use that trick.
I also saw him sign up for a store credit card using someone else's social security information. His plan was to get approved, buy a TV, and then shred the card. Luckily for whoever SSN that was; their credit got denied on the application and he was unable to steal a TV.
Sorry to hear your Best Buy horror story, or to think that I saw that stuff go down. On the bright side my family member no longer engages in those types of transactions and mostly flies straight these days.
