Tag Archives: been

For Sale – GTX 1080 EVGA FE – £325

Was watercooled, stock cooler has now been replaced. Also replaced with new thermal pads and Thermal Grizzly paste.

Excellent condition £345 inc RMSD

Price and currency: £345
Delivery: Delivery cost is included within my country
Payment method: BT/PPG/Cash
Location: Chorley
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – KFA HOF 1070 8GB Graphics card

KFA HOF 1070 8GB

Fully boxed with all accessories. Never been mined on

Can be collected from stoke on trent. Price includes postage

Price and currency: £230
Delivery: Delivery cost is included within my country
Payment method: bank transfer
Location: stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Nvidia Cards (1070’s / 1060 / 1050 ti’s)

Morning all,

I’ve been lucky enough to have some miners on premises with free electricity. Unfortunately, this opportunity is coming to an end in the coming month. My better half won’t allow them in the house
As such I will be starting to sell off my mining rigs.

REMAINING:

For Sale:
1* Inno3D GTX 1060 3GB £125
1* Gigabyte GTX 1050 Ti OC Low Profile 4GB £90 (this does not have an IO shield)
1* Palit PCI-E GTX1050TI StormX £100

Postage @ £4 /item. Will combine postage on multiple

These have been run in a thermally controlled environment and have regularly air dusted.

Warranty Update:
MSI Nvidia GeForce GTX 1070 AERO Purchased 9/5/18
Asus Turbo NVIDIA GTX1070 Purchased 1/8/17
Asus Turbo NVIDIA GTX1070 Purchased 21/7/17
Inno3D GTX 1060 3GB Was purchased from here. Can’t find original thread thus unsure on warranty
Gigabyte GTX 1050 Ti OC Low Profile 4GB Purchased 3/7/17
Palit PCI-E GTX1050TI StormX 4 GB Purchased 8/5/18

Price and currency: 250
Delivery: Delivery cost is not included
Payment method: BACS / Cash / Paypal
LocatioChesterfieldeld
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Microsoft patches Windows ALPC flaw exploited in the wild

A Windows ALPC vulnerability that has been exploited in the wild for two weeks was finally patched by Microsoft as part of the September 2018 Patch Tuesday release.

The Windows Advanced Local Procedure Call (ALPC) flaw was disclosed with proof-of-concept exploit code on Aug. 27, 2018, by Twitter user SandboxEscaper. The vulnerability affects the Windows Task Scheduler and can allow an attacker to obtain elevated system privileges.

Microsoft noted the issue would require an attacker to log on to the target system. The vendor labeled the Windows ALPC flaw (CVE-2018-8440) as “important,” but not “critical,” in its Patch Tuesday advisory, despite the vulnerability being actively exploited in the wild.

On Sept. 5, Matthieu Faou, malware researcher for ESET, based in Bratislava, Slovakia, first reported seeing a group called PowerPool exploiting the Windows ALPC vulnerability in the wild over the previous week. Faou noted the group did not reuse the proof of concept released by SandboxEscaper and instead modified it slightly.

Allan Liska, threat intelligence analyst at Recorded Future in Somerville, Mass., said this meant PowerPool added the exploit to their arsenal of tools within 48 hours of the exploit being published on Twitter. But it is still unclear how widespread the attacks have been.

“The challenge is that PowerPool is a relatively new group, and they don’t have a large footprint in terms of exploitation — at least as far as we can tell. So, there isn’t a good way to gauge the extent of the damage,” Liska said via email. “As far as Microsoft’s decision, even though the vulnerability was being exploited in the wild, because it is not a remote access vulnerability, nor a critical one, Microsoft probably made the correct decision not releasing an out-of-band patch.”

Although Microsoft chose not to release an out-of-band patch for the Windows ALPC flaw, a third-party patch from micropatching vendor 0patch was released on Aug. 30. Mitja Kolsek, co-founder of 0patch, noted in a blog post that the patch they released was “functionally identical” to the patch released by Microsoft.

Chris Goettl, director of security product management at Ivanti, based in South Jordan, Utah, said consistency is key with update cycles to help plan maintenance. But “on the flip side, security researchers and threat actors do not have set schedules.”

“An exploit can be developed and be released at any time and cannot be planned for. If a researcher finds a threat and the threat is considerable, there should be some urgency put around getting a resolution in place,” Goettl said via email. “In this case, it seems it should have been reasonable to keep this update in the normal update cycle. If it would have been remotely exploitable without authentication and in a protocol like SMB — think Eternal family of exploits — or something of a similar more dire nature, it would have warranted an out-of-band release.”

For Sale – HTPC Fanless

KingDel computer for sale. Very versatile fanless machine. Been used as a Roon server for the past few months. Windows 10 installed.

Intel i5-4200U Dual Core, Turbo Boost 2.6Ghz 3M Cache

8GB RAM, 128GB SSD, WiFi, 4*USB 3.0, VGA, 1080P HDMI

3280*2000, Intel HD4400 Graphics, 1000M LAN, Metal Case

Excellent condition,awesome PC

  • Type:Mini PC
  • Processor Model:Core I5-4200U
  • Memory Capacity:≥ 8GB
  • Model Number:NC240

  • Processor Main Frequency:
  • Processor Brand:Intel
  • 1.6Ghz
  • Graphics Card Type:Integrated Card
  • Brand Name:kingdel
  • Feature :Type:Mini Desktop
  • Fanless+Metal Case
  • CPU Feature:Turbo Boost 2.6Ghz
  • Graphics:integrated intel HD Graphics 4400
  • Resolution max.:3280*2000
  • LAN:10M/100M/1000M LAN
  • Product Size:197*197*29mm
  • Case Material:Brushed Aluminum Alloy Case
  • is_customized:Yes
  • WIFI:For Free
  • USB Ports:4*USB 3.02*USB 2.0

Price and currency: £140
Delivery: Delivery cost is included within my country
Payment method: PP or BT
Location: Selby N Yorks
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – HTPC Fanless

KingDel computer for sale. Very versatile fanless machine. Been used as a Roon server for the past few months. Windows 10 installed.

Intel i5-4200U Dual Core, Turbo Boost 2.6Ghz 3M Cache

8GB RAM, 128GB SSD, WiFi, 4*USB 3.0, VGA, 1080P HDMI

3280*2000, Intel HD4400 Graphics, 1000M LAN, Metal Case

Excellent condition,awesome PC

  • Type:Mini PC
  • Processor Model:Core I5-4200U
  • Memory Capacity:≥ 8GB
  • Model Number:NC240

  • Processor Main Frequency:
  • Processor Brand:Intel
  • 1.6Ghz
  • Graphics Card Type:Integrated Card
  • Brand Name:kingdel
  • Feature :Type:Mini Desktop
  • Fanless+Metal Case
  • CPU Feature:Turbo Boost 2.6Ghz
  • Graphics:integrated intel HD Graphics 4400
  • Resolution max.:3280*2000
  • LAN:10M/100M/1000M LAN
  • Product Size:197*197*29mm
  • Case Material:Brushed Aluminum Alloy Case
  • is_customized:Yes
  • WIFI:For Free
  • USB Ports:4*USB 3.02*USB 2.0

Price and currency: £140
Delivery: Delivery cost is included within my country
Payment method: PP or BT
Location: Selby N Yorks
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Nvidia Cards (1070’s / 1060 / 1050 ti’s)

Morning all,

I’ve been lucky enough to have some miners on premises with free electricity. Unfortunately, this opportunity is coming to an end in the coming month. My better half won’t allow them in the house
As such I will be starting to sell off my mining rigs.

REMAINING:

For Sale:
1* Inno3D GTX 1060 3GB £125
1* Gigabyte GTX 1050 Ti OC Low Profile 4GB £90 (this does not have an IO shield)
1* Palit PCI-E GTX1050TI StormX £100

Postage @ £4 /item. Will combine postage on multiple

These have been run in a thermally controlled environment and have regularly air dusted.

Warranty Update:
MSI Nvidia GeForce GTX 1070 AERO Purchased 9/5/18
Asus Turbo NVIDIA GTX1070 Purchased 1/8/17
Asus Turbo NVIDIA GTX1070 Purchased 21/7/17
Inno3D GTX 1060 3GB Was purchased from here. Can’t find original thread thus unsure on warranty
Gigabyte GTX 1050 Ti OC Low Profile 4GB Purchased 3/7/17
Palit PCI-E GTX1050TI StormX 4 GB Purchased 8/5/18

Price and currency: 250
Delivery: Delivery cost is not included
Payment method: BACS / Cash / Paypal
LocatioChesterfieldeld
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – HTPC Fanless

KingDel computer for sale. Very versatile fanless machine. Been used as a Roon server for the past few months. Windows 10 installed.

Intel i5-4200U Dual Core, Turbo Boost 2.6Ghz 3M Cache

8GB RAM, 128GB SSD, WiFi, 4*USB 3.0, VGA, 1080P HDMI

3280*2000, Intel HD4400 Graphics, 1000M LAN, Metal Case

Excellent condition,awesome PC

  • Type:Mini PC
  • Processor Model:Core I5-4200U
  • Memory Capacity:≥ 8GB
  • Model Number:NC240

  • Processor Main Frequency:
  • Processor Brand:Intel
  • 1.6Ghz
  • Graphics Card Type:Integrated Card
  • Brand Name:kingdel
  • Feature :Type:Mini Desktop
  • Fanless+Metal Case
  • CPU Feature:Turbo Boost 2.6Ghz
  • Graphics:integrated intel HD Graphics 4400
  • Resolution max.:3280*2000
  • LAN:10M/100M/1000M LAN
  • Product Size:197*197*29mm
  • Case Material:Brushed Aluminum Alloy Case
  • is_customized:Yes
  • WIFI:For Free
  • USB Ports:4*USB 3.02*USB 2.0

Price and currency: £140
Delivery: Delivery cost is included within my country
Payment method: PP or BT
Location: Selby N Yorks
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – NUC 5i5RYH – I5, 16gb ram, 64gb SSD

Selling my Intel NUC 5i5RYH. Been used for general light browsing and movies. Will come with 16gb sodimm ram already installed and a 64gb sandisk ssd. Drive will be fully formatted so NO OS WILL BE INSTALLED.

Unit itself is in good condition with no visible cosmetic marks on the sides – the lid has swirl marks from cleaning but thats it.

I might have the original box but please assume a suitable box will be used for sending if I cant find the original.

systemInfo.png

IMG_20180902_113232.jpg

Price and currency: 250
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer
Location: Birmingham
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Robot social engineering works because people personify robots

Brittany “Straithe” Postnikoff is a graduate researcher at the University of Waterloo in Ontario who has been researching robot social engineering — the intersection of human-robot interaction and security and privacy — for the past four years.

Postnikoff has found human-robot interaction (HRI) to be surprisingly close to human-human interaction in many cases, which piqued her interest into the security and privacy concerns that could arise if robots were used in social engineering attacks. Her research has included using cameras on robots to spy on people, getting victims to give personal information and even using a robot to change people’s opinions.

Although her research is still in early days, Postnikoff has found striking results, not the least of which is how little security is built in to consumer robots on the market today.

How did you begin studying robot social engineering? Did you start on the social engineering side or on the robotics side?
 
Brittany ‘Straithe’ Postnikoff: I guess I started on the social engineering side, but I didn’t understand that at the time. For background, I collect post-secondary pieces of paper. I have college diplomas in both business administration and business information technology. And in both of those programs, I acquired people management skills, which I learned were useful in social engineering attacks when I attended DEF CON for the first time.
 
As for robot social engineering, I casually began studying this topic shortly after I started university to get my computer science degree. I had joined a very small robotics team, and within my first three months of university, the team flew to China for a competition.

During this competition, the robots and the humans on the team wore matching blue jerseys and toques that looked like Jayne’s from ‘Firefly.’ You can look up ‘Jennifer the Skiing Robot’ to see what we looked like.

So many people stopped my teammate and I during the competition to take photos with us and our robots. We noticed this wasn’t happening to the other teams. What was really interesting to me was that people cheered for us and our robots even if we were their competition.

I wondered why. Why are people cheering for our robot instead of theirs? Why are we getting all this extra attention? It’s then I started to see opportunities to blend my marketing and human resources knowledge with robots, security and privacy.

Luckily, my undergraduate university was also host to a human-robot interaction lab. I joined the lab the next semester and learned about concepts like robot use of authority, body positioning and gesturing from my senior researchers that are the foundation of the robot social engineering research that I now pursue full time.

Are there any major differences between what people would normally think of as social engineering and robot social engineering?
 
Postnikoff: Well, the biggest and clearest difference is that the attack is performed by a robot instead of a human. Otherwise, the base attacks are generally quite close to human-performed attacks.

Like a human, robots can make use of authority to convince people to do things; they can make use of empathy to convince someone to take particular actions and so on. What is important for a robot social engineering attack is that the robot has a body and it’s able to interact with humans on a social level.

The interesting thing about the embodiment of a robot is that people will believe each physical robot is its own individual entity, especially if the robot is known to act autonomously. It doesn’t normally occur to people that a typically autonomous robot acting erratically might have been taken over by a third party.
 
In researching your work, it appears that the human empathy toward the robot is a big part of the attack. Is that right?
 
Postnikoff: Yes, just like with some human-performed social engineering attacks, robots that are able to interact on a social level with humans can make use of a victim’s empathetic side in order to perform some attacks. For example, a malicious entity could infect a robot with ransomware and only restore the robot once the ransom has been paid.

If it’s a robot that someone is extremely attached to, in need of, or if they have put a lot of work into personalizing the robot and training it, this could be a particularly devastating attack.

What is next in your robot social engineering research?
 
Postnikoff: Next in my research is performing more attacks in both controlled environments and in the wild in order to collect some stats on how effective it really is. I think it’s important to determine how widespread this issue could become. Hopefully, I’ll be able to post those results publicly in a couple months.
 
How does artificial intelligence factor into your research into robot social engineering?
 
Postnikoff: Artificial intelligence is very important, but tangential to the research that I’m currently pursuing. In HRI, we often use the ‘Wizard of Oz’ technique, which involves a person sitting behind a curtain — or in a different room — and controlling the robot while another person is in the same room as the robot and interacting with it. The people interacting with the robot often can’t tell that the robot is being controlled and will assume that the robot is acting on its own. For this reason, I don’t spend time researching AI, because we can fake it effectively enough for our purposes at this time.

Many other experts are working on AI, and my time is better spent focusing on how the physical embodiment of robots and the actions of robots can impact the people they interact with.
 
How many robots do you have right now?
 
Postnikoff: Right now, I have direct access to about 30 robots, but I only have five different models of robots. Thankfully, I have a lot of friends and contacts who are in other universities and companies that are willing to let me play with their robots and complete tests and experiments once in a while.

Sometimes, I help them set up their own experiments to try with the robots, and they let me know what happened as a result. Or, I provide them with the background information and resources they need for their own research. Additionally, people will send me robots to perform experiments on if I promise to do security assessments on them.

To me, these are all win-win scenarios.
 
Are they all consumer robots?

 
Postnikoff: For the most part, yes. I try and work though all the different types of robots — consumer, industrial, medical and so on. But, unfortunately, many of the medical and industrial robots are quite pricey and are harder to get access to. This leaves me to experiment primarily with consumer robots.

Consumer robots are also more likely to be widespread, which does offer some benefits considering the research that I do — especially when I can show what sorts of things I can do inside somebody’s home. Saying that, much of my research also applies to what can happen inside companies that make use of robots — banks and malls — when they don’t understand what can be done with a social robot if it’s not adequately secured.
 
How have you found the security to be in the robots you use?
 
Postnikoff: Not great. A number of the robots I deal with really do need a lot of help. And that’s one reason why I’m trying to bring awareness of this topic to the security and privacy community, especially before robots become more widespread.

What’s interesting here is that the topic of robot security overlaps heavily with IoT security, and most of what is being done in that field to make devices more secure also applies to robots.
 
With the robots that you use where you’re controlling them, is it generally difficult to get control access?
 
Postnikoff: It depends on the robot, but many are surprisingly easy to gain control over. There were some first-year computer science students at my university that I was mentoring, and after a bit of instruction and background, they were able to get into the robots, even though they had no experience doing this sort of thing just hours before.

A number of the robots I looked at have had default credentials, sent usernames and passwords in plaintext, transmitted unencrypted video streams and so on. These are a lot of the same problems that plague many of the other devices that people in this industry see.
 
What kinds of robot social engineering attacks have you run?

Postnikoff: One of my favorite attacks is putting snacks on top of the Roomba-like robot as a way to get access into a locked space.

First, I research who might be in the space, then write that person’s name on a nameplate and put it on the robot, along with the robot’s nametag and the snacks. I use an app to drive the robot to the door, and I get it to run into the door a few times. People hear the robot’s knock, answer the door and might let it in. Meanwhile, I’m able to use the app to look through the robot’s camera and hear through its microphones to absorb what is happening in the space.

There is a paper out by [Serena] Booth et al. called ‘Piggybacking Robots‘ that does a great job of describing a similar attack that inspired me to try this. So, if you ever try one of those food delivery robots that are in D.C. or the Silicon Valley area, you might not want to let them into your house if you don’t have to. You never know who might be piggybacking on the robot’s camera or video feed.
 
Do you have to be within Bluetooth range to be able to control the robots, or can they be controlled over the internet?
 
Postnikoff: Some yes; others no. A lot of the robots that I’m personally dealing with have remote-access capabilities. That is actually a common feature that companies selling consumer robots like to boast about. They might say that if you want to check if your front door is locked, you can hop into the robot, point it at your door and use the robot’s camera to check if the door is locked. That might be great for you, but this same capability is also pretty great for an attacker if they can get remote access.
 
Is there anything else people should know about robot social engineering research?
 
Postnikoff: Robot social engineering attacks are starting to happen in the wild. I have had a number of groups approach me with incidents involving their social robots that could easily be classified as robot social engineering attacks. If we start focusing on this issue now, we can prevent greater issues in the future.