ugh. I picked up a shitty NUC from ewaste and it had a label on it for an AI company.
ahh, another startup that burnt out trying to build some silly AI project on crap hardware. I wonder what they did? I check their URL:
ahh. healthcare. great, great.
Conversation
Notices
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 06:41:59 JST 
Foone🏳️⚧️
- clacke likes this.
-
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 10:58:22 JST 
Fish of Rage
@foone this is basically everything that uses S3 I've ever worked on, every single thing that didn't pull a short term key from an EC2 instance. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:23 JST
Foone🏳️⚧️
okay so the good news is that they don't just have S3 keys laying around in plain text.
the other good news is that they have a secrets manager
the bad news is that they rolled their own secrets manager
the extra bad news is that I have the source for said secrets manager
and the extra extra bad news is that it has to decrypt those keys without external input, meaning I have all the parts here to pull out their s3 keysHaelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:24 JST
Foone🏳️⚧️
and now I can email the lead developer.
or just commit to their git repo, I guess.
clacke likes this.clacke repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:25 JST
Foone🏳️⚧️
jesus christ this isn't the only time THIS MONTH I've found an IoT device and checked the filesystem contents and it's got their private git repos on it
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:26 JST
Foone🏳️⚧️
assuming their S3 keys aren't just saved in this harddrive somewhere
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:27 JST
Foone🏳️⚧️
or maybe the fools who dumped all the NUCs from their entire "AI remote healthcare" in the recycling without yanking any drives are just somehow REALLY GOOD at knowing how to secure their s3 buckets.
clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:28 JST
Foone🏳️⚧️
god the logs are full of errors about assorted video streams failing.
so this thing was connecting to something which had cameras. like, I can tell which room of the house failed.now I don't think there's any video stored on this device, but keep in mind: the fools that made this thing fill up with WAV files? they also designed the video streaming part. Where are those videos stored, and how safe are they?
Haelwenn /элвэн/ :triskell: and clacke like this.clacke repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:29 JST
Foone🏳️⚧️
HEY FUN FACT: this was used as part of an Alexa/google home type thing! this is the "cloud" half, as in the part sitting in a warehouse somewhere.
It turns out every time the customer asked for something from the smart assistant, the WAV file was sent to the cloud boxwhere it is still stored. and I now have eleven thousand wave files
clacke likes this.clacke repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:30 JST
Foone🏳️⚧️
when you see a gaylord stacked high with NUCs and half of them still have USB fans attached, you know these were all just yanked off a shelf.
no one wiped these.Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:30 JST
Foone🏳️⚧️
I have now stuck the hard drive in my imaging box
it turns out it was in service as of June.
and this one has log errors about the sensors in the bathroom and bedroom. this was used. fuck.
clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:31 JST
Foone🏳️⚧️
but given the state of them when they arrived at ewaste?
no they did not
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 10:58:32 JST
Foone🏳️⚧️
also I hope they wiped these hard drives
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 12:08:09 JST
Foone🏳️⚧️
wait. did they seriously stuff videos into their redis database?
iced depresso and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 12:08:10 JST
Foone🏳️⚧️
tempted to drive past their HQ with a megaphone "I'VE GOT YOUR MODELS, YOU AI HACKS!"
clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 12:08:11 JST
Foone🏳️⚧️
oh god this thing sends email from gmail
please tell me they didn't embed the google login into this device
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 12:08:13 JST
Foone🏳️⚧️
oh hey!
this thing authenticates to some of their servers (which are still up, even if the company might not be (this is unknown at the moment)) over SSH! using keys kept in the same home-rolled vault thing!
so I can SSH into their servers now!
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:53:31 JST
Foone🏳️⚧️
they sure did! I have a video of someone picking something up from outside a door.
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:53:40 JST
Foone🏳️⚧️
okay found their S3 creds. they hardcoded them in a Jenkinsfile.
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:53:58 JST
Foone🏳️⚧️
and in case anyone is getting deja-vu:
This is a completely different company than the other one I found like 3 weeks ago:
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:53:59 JST
Foone🏳️⚧️
not a good sign to see a bash case statement for environment, and prod sets the server to FOOBAR.EGG
and test sets the server to... FOOBAR.EGGclacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:53:59 JST
Foone🏳️⚧️
anyway I'm gonna be near their HQ on thursday. Maybe I'll stop by and ask if they're still in business, and if they are, do they know where their NUCs are?
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Tuesday, 20-Aug-2024 21:54:12 JST
Foone🏳️⚧️
I'm really not the right person to work in computer security research, but it'd be nice to have a sort of consulting job with a local one where I can just point them at some really broken shit and they investigate it and maybe give me a commission
Haelwenn /элвэн/ :triskell: and clacke like this. -
Embed this notice
Viss (viss@mastodon.social)'s status on Tuesday, 20-Aug-2024 21:54:49 JST 
Viss
@gsuberland @foone my brain just fell out
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Tuesday, 20-Aug-2024 21:54:51 JST 
Graham Sutherland / Polynomial
@Viss @foone this is more of a thing than you might expect. I've seen a few high-volume realtime media distribution backends that use Redis as a rolling video stream cache.
I'm particularly unsurprised to see it here because there are published tools for realtime ML media analytics using redis:
clacke likes this. -
Embed this notice
Viss (viss@mastodon.social)'s status on Tuesday, 20-Aug-2024 21:54:52 JST
Viss
@foone ffffffffffucking what? they stuffed entire videos INTO REDIS?
-
Embed this notice
JacobRPG+ 🫘 (jaykass@mastodon.online)'s status on Tuesday, 20-Aug-2024 21:54:58 JST 
JacobRPG+ 🫘
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
JacobRPG+ 🫘 (jaykass@mastodon.online)'s status on Tuesday, 20-Aug-2024 21:55:00 JST
JacobRPG+ 🫘
@foone TIL what a gaylord is
-
Embed this notice
clacke (clacke@libranet.de)'s status on Tuesday, 20-Aug-2024 21:55:00 JST 
clacke
@jaykass @foone I hadn't heard it either. I guess it's these shelves?
-
Embed this notice
pettter (pettter@mastodon.acc.umu.se)'s status on Tuesday, 20-Aug-2024 23:26:53 JST 
pettter
@foone Incredible
-
Embed this notice
Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Wednesday, 21-Aug-2024 03:00:20 JST
Graham Sutherland / Polynomial
@foone the people behind this need to be barred from operating a business ever again. I know this shit happens all the time with liquidated assets but it's fucking unacceptable.
clacke likes this. -
Embed this notice
Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Wednesday, 21-Aug-2024 03:00:43 JST
Graham Sutherland / Polynomial
@Viss @foone there is some method in the madness. if you've got a lot of transient video data, and you need access to a rolling window of it (either for buffering/stability purposes or for realtime analytics), storing it to disk ends up costing a fortune because you'll end up running headlong into DWPD limits on drives and having to swap them out constantly. but with RAM there's no such wear. for a few hundred concurrent clients you can do it on a single consumer desktop PC worth of RAM.
clacke likes this. -
Embed this notice
clacke (clacke@libranet.de)'s status on Wednesday, 21-Aug-2024 03:00:58 JST
clacke
@jaykass @foone ah, ok -
Embed this notice
Ozzelot :anarchy: :linux: (ozzelot@mstdn.social)'s status on Wednesday, 21-Aug-2024 03:04:21 JST 
Ozzelot :anarchy: :linux:
@foone keys through obscurity
clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:12 JST
Foone🏳️⚧️
@lp0_on_fire I'll have you know if anyone is a gaylord full of computers, it is ME
clacke likes this. -
Embed this notice
lp0 on fire :unverified: (lp0_on_fire@social.linux.pizza)'s status on Thursday, 22-Aug-2024 17:15:13 JST 
lp0 on fire :unverified:
@foone, yes: we all wondered why that person was full of NUCs and whether he appreciates being insulted like that.
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:14 JST
Foone🏳️⚧️
BTW I want to make something clear:
remember how I said there was a gaylord full of NUCs?
yeah. I took one. of like, a hundred.clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:15 JST
Foone🏳️⚧️
Why the fuck is this on hacker news? ugh. I'm gonna need to run my own mastodon instance, aren't I?
If you found this on hacker news, you owe me 5$:
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:16 JST
Foone🏳️⚧️
because this keeps happening
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:22 JST
Foone🏳️⚧️
I haven't exploited their git repos.
I haven't misused their leaked AWS credentials
I haven't gone to the media to try and expose this company.but I took only one of NUCs. The same content is on all the rest of them, I assume
clacke likes this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 22-Aug-2024 17:15:28 JST
Foone🏳️⚧️
@overflow they're okay, haven't pissed me off yet
clacke likes this. -
Embed this notice
overflow (overflow@shitposter.world)'s status on Thursday, 22-Aug-2024 17:15:29 JST 
overflow
@foone found on lobster.rs what do I owe you clacke likes this. -
Embed this notice
PhilipKing (philipking@mastodon.social)'s status on Thursday, 22-Aug-2024 17:15:35 JST 
PhilipKing
@foone In British English , the word gaylord is derogatory slang (making fun of a member of the LGBT community) and would be considered offensive. (I had to look up what it also means in Canada/US). It’s true that we are divided by a common language.
-
Embed this notice
clacke (clacke@libranet.de)'s status on Thursday, 22-Aug-2024 17:15:35 JST
clacke
@PhilipKing @foone Apart from a slur, it is also both a surname and a given name in the US and Canada as well as in the UK, although it is less common in this year than it was a century ago, for obvious bigoted reasons. -
Embed this notice
Ryan Finnie (foo@fosstodon.org)'s status on Thursday, 22-Aug-2024 17:15:36 JST 
Ryan Finnie
@foone I would totally get AI care from a site with the domain ahh.healthcare.great.
clacke likes this.
All GNU social JP content and data are available under the