17 October 2024

CONSUMER HEALTH WARNING: Cancer warning (deliberately?) omitted by JB Hi-Fi?



You know the story?

Profits before health, we’ll deal with the litigation IF it ever arises, (lol - at the litigants) where we’ll even gaslight them if we must.

We’ll even scam the consumer on an extended warranty, while we're at it!

SO, here’s the deal.

A watch sold by JB Hi-Fi, namely the NOTHING brand’s CMF Watch Pro 2 carries a couple of serious health warnings.

On the back of the original box, the warning states:

“CANCER AND REPRODUCTIVE HARM-”

Source: TechSpurt

The watch also does not have WiFi or celluar connectivity, only Bluetooth and GPS.

Well, you can’t argue that you weren’t told, right?

After it’s too late and you bought the product, or you missed that warning?

BUT on cigarette packaging the cancer warning is conspicuous, right?



Why?

Because of liability, so you can't sue the corporations of billions of dollars in profits producing addictive poison, laced with chemicals that give you cancer?

Well, no health warning from JB Hi-Fi on the product they’re selling, but they’ll try so scam you extra for warranty that you already are privy to under Australian consumer law.




That’s life in the colony called Australia.

16 October 2024

Hackers Get Keys to Any Kia With Just A License Plate

A flaw in Kia's dealer system allowed attackers to take control of any Kia using just a license plate number. 



  • A flaw in Kia's dealer system allowed for attackers to remotely unlock and start any Kia using just the car's license plate
  • The vulnerability was patched by Kia in about two months
  • It's yet another wake-up call for automotive security in the connected car sector

Kia isn't having a great couple of years in vehicle security. From the Kia Boys making the world realize there were 5 million vehicles without immobilizers on the market to new pocket-size GameBoy-style devices, it's never been easier to be a thief targeting Korean cars.

But wait, there's more.

A new proof of concept released this week—simply called Kiatool—is probably the most powerful attack against any Kia we've seen yet. And, frankly, this one is probably the scariest, too. Thankfully, it's already been patched, but I want you to hear about it anyway because it tells an extremely important story about the future of automotive cybersecurity.

Meet Sam Curry. He's one of my favorite security researchers who focuses on the automotive sector. And he has a special knack for breaking into cars. Not by brute-forcing a window with a hammer, of course, but by using some carefully crafted keystrokes to achieve the same effect. Today's victim was "pretty much any Kia vehicle made after 2013."

His latest attack takes advantage of Kia Connect. For those unfamiliar, that's the connected service that pairs a vehicle with the internet so an owner can conveniently unlock their car or turn on the heat when it's cold outside. With a bit of studying, Curry was able to figure out how to hack into virtually every single connected Kia sold in the United States over the last decade—and only took about 30 seconds.

Have a look at a demo of the tool in the video below:


You've Gotta Be Kia'dding me

Let's dig into what's going on here. What is being exploited, and how was it found?Ultimately, the attack boiled down to a flaw in Kia's Application Programming Interface. An API is essentially an intermediary which allows two applications to talk to one another without exposing certain functions of one app to another. It's how your car can display your Spotify playlists or pull in traffic data to overlay on its maps.

Curry, as curious as ever, wanted to know how Kia's app talked to its cars. In short, it assigns an authenticated user a session token (think of it like a virtual permission slip that's only valid for a short amount of time) that permits them to send commands to Kia's servers, which then pushes the action down to the car in real life. How could Curry get one of these permission slips and keep it long enough to perform an attack on the vehicle?


That's when Curry figured out he could take advantage of the method that dealers use to assign new cars to owners using Kia's KDealer platform. Curry used a flaw found in the KDealer API which allowed him to impersonate a dealership looking to register a customer's car.

Next, Curry was able to use a third-party API to pull the victim's car's Vehicle Identification Number (VIN) using a license plate, similar to getting a quote for your used car and entering your plate number instead of the VIN. The VIN could be coupled to the forged dealer request and voilĂ . Instant remote access to virtually any of Kia's nearly 20 models produced over the last decade.

You're Exposed


There's a couple of issues here. First is the glaring threat to the vehicle itself. I mean, let's cut right to the chase—you can unlock and start the car with just the license plate. That... really bad. Like a relay attack on steroids. And it could all done without the owner ever noticing a thing (except for an eventual missing car or belongings).

Even scarier is the privacy issue at play. The exploit allows the attacker to fetch information about the owner's name, phone number, email address, the location of the vehicle, and, in some cars, even allows the vehicle's cameras to be accessed remotely.

In theory, this would allow for an attack chain that lets a driver pull up to a car at the grocery store to get the plate, silently add a burner email account to the owner's Kia account, find its location later on, then check the cameras to make sure nobody is around when they want to snatch it. Or, worse, use it to target the owner. Scary stuff.

The Hole Is Plugged

The good news is that Kia has already fixed the problem and that the automaker had confirmed that it hasn't been used maliciously in the wild. Phew.

Like any good security researcher, Curry ethically disclosed this flaw to the automaker when he discovered it back in June. Kia's developers patched the flaw about two months later in mid-August, and Curry gave it another month before he disclosed the findings publicly yesterday.

"There are tactical and more strategic steps that automotive companies need to take," Tim Erlin, Security Strategist at security firm Wallarm, told InsideEVs in an email. "They absolutely need to fix the vulnerabilities that have been discovered, and they need to put in place testing to ensure that these kinds of vulnerabilities are found before they can be exploited. Rigorous testing and a good bug bounty program can help.

"Longer term, manufacturers should include threat modeling into their development process to reduce the possibility of these types of issues in the future," he added. "Having their development teams 'think like an attacker' as part of the process will help identify risky architectures earlier in the manufacturing process."

The real lesson here isn't that about Kia's flaw, as impressive as it was, but is about connected cars in general. It's a reminder that when something is addressable on the internet, a flaw can translate into real-world consequences quite easily.

We, as a society, have become a bit numb to cybersecurity-related events. You hear about ransomware frequently, about leaked social security numbers. It's becoming mundane. But give an attacker a virtual coat hanger to pop your car's door lock using their cell phone and things become a bit more... tangible. And that's scary.

Source:InsideEVs

13 October 2024

How the government SCREWED Aussies - " The country is f**ked"

'Australia is a lucky country, run mainly by second-rate people who share its luck.'

The first part of the quote from the book by Donald Horne from the mid 1960's, is what that mainstream media tells the serfs, but they DELIBRATELY neglect to follow up with the full sentence, which factually condemns the people in control.

Some 60 years later Matt Barrie, states a more realistic and accurate description.

Australia ‘should be the richest country in the world’ but instead is ‘f**ked’.

The colony's (deliberately) incompetent 'leaders' are plunging the population into a totalitarian state 'upgrading' it from an (oligarchical) authoritarian one, but that's another topic for another day.

Freelancer chief executive Matt Barrie who appeared on the Equity Mates podcast last week for a wide-ranging discussion covering the housing market, mass immigration, energy policy and cost-of-living, has given an accurate and brutally honest description of the state of Australia, period.

Australia's housing market is a huge Ponzi scheme instigated and supported by the 'Australian Government' (LLC, ™, ®, ©, etc etc) designed to deliberately screw the Australian population.

The 'problem' there is the people are quite satisfied with this, as their silence is acquiescence!

See full 52 minute interview:


08 October 2024

Does the welfare state help the poor?


Does the welfare state help the poor? This surprisingly simple question often generates more heat than light. By the welfare state, I mean transfer programs aimed at helping the poor through the direct redistribution of income. (This excludes general economic policy, antitrust, the volunteer military, and many other policies that affect the well-being of the poor.)

Defenders of the welfare state often assume that the poor benefit from it, while critics suggest that the losses outweigh the gains. The most notable of such criticisms is Charles Murray’s Losing Ground, which suggests that the welfare state has failed to achieve its stated ends.

Read more within the following pdf:


04 October 2024

The Great Aussie Motorist Fuel Rip-off!


Briefly, 

Australian motorists have been getting ripped off by their government and the petrochemical industry for decades, where realistically nothing has been done about it and nothing ever will be.

All that will ever flow out of the government's mouths is lies.

There's ALWAYS an excuse, as in a war here or there.

Why not lay the blame on cow's flatulence or that there is not enough sunshine on the solar farms?

The reality is that the government being a 'stakeholder', profits from high fuel prices therefore it is not in the best interest for so called 'authorities' like the ACCC (Australian Competition & Consumer Commission) or ministers to intervene.

The fuel price shown above is from Melbourne a couple of weeks ago where it went up 45 cents or 27% in one day from approx. $1.65 per litre with zero 'real' reason for it.

It seems that motorists are quite pleased with that price hike, as their silence is acquiescence.

No mass 'protest' about this?

Obviously life is too good in the (penal) colony.

01 October 2024

Government corruption, false info by telco’s to upgrade your smartphone re: 3G shutdown

The Australian Government (™) is colluding with Australian telecommunications corporations to provide false information for mobile phone users to upgrade their smartphones as their old ones will not be able to be used after the #G network shuts down on Monday the 28th of October 2024.

MANY Australians have been deceived by the government and provided with false information by telcos to update their phones, in reality ripping off customers when not necessary.

An inquiry MUST be held where as a result the telcos are to be fined a significant amount, but since ASIC is corrupt to the core AND in collusion with the government that will most likely never happen.

Telcos know EXACTLY what device is connected to their mobile towers.

This data can then be supplied to government agencies in order for the bureaucrats to know how many users will be effected by the 3G shutdown.

Australian ‘consumers’ have (deliberately) not been informed fully of the consequences of the 3G shutdown, mandated by the government.

The 3G shutdown has greatly benefitted ‘stakeholders’ such as the AMTA (Australian Mobile Telecommunications Association) and profiteering from Australia’s tier 1 providers, i.e. Telstra Vodafone and Optus.

Australian ‘consumers’ also have been conned by the telcos to update their phone when in reality they did not have to.



Also this message from a telco states that the user must do a software update in order to use the phone, an action which may prompt fear into some non-technically minder people.



YET, another message regarding the same phone, states that no action needs to be taken.

Others have not been so lucky where they received a phone call in order to deceive the user, allegedly from their network provider stating that the smartphone they are using, will not be supported after the 3G shutdown date, even though it was purchased a year earlier from an ‘authorised’ Australian telco shop, so they have to purchase or upgrade their current plan with a new phone.

The corrupt Australian ‘authorities’ in action.

See also video by Hugh Jeffreys of the title:


Australia To Block Internationally Purchased 4G/5G Phones As Part of 3G Shutdown - Starting 1st Nov


EXPOSED! Government LIES on Misinformation and Disinformation Bill 2024


The authoritarian state called Australia is in full swing into 'Commie' (Communist) mode.

For those who are not ware of what Authoritarianism is, the description below may offer an explanation.


Australians and the world is deceived that we live in a democracy in this colonial outpost.

The goal of this 'Misinformation and Disinformation' law is not to stop advertising corporations oops 'social media' platforms from providing false information to their users, or even the 'public', but rather to stop people/general population/serfs/plebs from exercising their 'freedom of speech' a fundamental right in a 'democracy'.

In Australia, and other nations within the the FiveEyes global surveillance network, every person has a file on them, where their entire digital history is stored forever, and this information can (and is) accessed without any warrants in place.

In any event, the government has been caught out with this Bill, where there is no business case for it nor did the people require it.

But will there be any consequences?

Of course not!

Enjoy your journey to a totalitarian state.

See:

https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Environment_and_Communications/MisandDisinfobill

and

https://citizensparty.org.au/media-releases/say-no-albaneses-orwellian-disapproved-information-censorship-bill


25 September 2024

Queenslanders lost the right to 'free speech', who's next?

As time goes on the dictators of this colony criminalise the action of the serfs.

What was considered before as a 'normal' action, with the introduction of new laws is now considered criminal.

VLAD (Vicious Lawless Association Disestablishment Act 2013) law came into circulation unlawfully, and there is nothing anyone can do about it, as the fascist dictators will not allow that to happen.

The colony is a 'Nanny State' subservient and a member of the FiveEyes global surveillance network.

While the corporations within the FiveEyes, e.g. Google, Meta, Microsoft, Amazon et al, have free reign the 'users' that the corporation make billions from are subject to all sorts of restrictions, where an attack on free speech is the main goal.

Why?

Because too many people now have the ability to expose government and corporate corruption posting it on 'social' media, beyond the controlling narratives of governments and mainstream media.

In Queensland, the authorities removed the Legislative Council, or upper house unlawfully, by the introduction of the Constitution Amendment Act 1921 which took effect on the 23rd of March 1922.

So for over 100 years now, the legal process has no 'checks and balances' taking place, even though a referendum was taken and the people said no to the removal of the Legislative Council.

So are Queensland's laws, after 1922 put into circulation 'lawfully' as opposed to 'legally'?

The government went against the will of the people, and what did the people do about it? Nothing!

Therefore Queenland's government not a fascist dictatorship?

Queensland has a history of passing 'dodgy' law at times like 2am or on public holidays, when the plebs are busy with events design to keep them occupied.



See the 'sneaky' Respect at Work and Other Matters Amendment Bill 2024, within the link:

https://www.legislation.qld.gov.au/view/html/bill.first/bill-2024-024


See also video on this topic:


The Police State of Australia in all its glory!

22 September 2024

Australia’s Internet speed rank has not improved since 2023


Australia is referred to by many, especially in the mainstream, as a "lucky country" but that’s only a half truth, and that half truth is not entirely accurate, where the rest is deliberately left out.

The term ‘lucky country’ came from a book by Donald Horne, describing Australia in the 1960s, where there is a problem with this.


Australia is not a ‘country’ but first and foremost still a colony, as described in the Commonwealth of Australia Constitution Act.

Australia the self governing colony

See also:

Australia The Concealed Colony the book the federal police removed from bookshelves


The second part of the so called saying is deliberately left out, as it’s not a complement to those who run this colony.

In its entirety, the description reads:

'Australia is a lucky country, run mainly by second-rate people who share its luck.'

where this shows in the results, across the board.

MANY people believe that Australia is a democracy, but the reality is quite different, where it can be easily seen as a totalitarian state, oligarchical corporatocracy or a fascist state that would make Mussolini proud.

Corruption is rife in in all aspects of the three tiers of government, that being the parliament, judiciary and executive and federal and state levels.

Australia could have had a higher fixed broadband rank than 76 which has not moved since January 2023, but 'money for mates' work, corrupt business deals where ‘over-budget’ is the excuse, has cost Australian taxpayers / internet users dearly.

Will the corruption subside? 

Most definitely not, as there are too many ‘dishonourable’ people in positions of power, where the general population does not want to do anything about it, as their silence is acquiescence. 

That’s life in the colony.

See also:

Australia’s internet speed plummeting

Australia's Internet speed ranking falls yet again!


17 September 2024

Leaked documents show 'advertisers' ARE listening to you!

IF 'advertisers' are listening, then who else is?


Realistically 'we' the people live in a global surveillance state, allegedly to 'keep us safe' or so they may tell us, where government transparency is non existent.
 

Cox Media Group Brags It Spies On Users With Device Microphones To Sell Targeted Ads, But It’s Not Clear They Actually Can 

For years, the cable industry has dreamed of a future where they could use your cable box to actively track your every behavior using cameras and microphones and then monetize the data. At one point way back in 2009, Comcast made it clear they were even interested in using embedded microphones and cameras to monitor the number of people in living rooms and listen in on conversations.

Last December, internal documents obtained by 404 Media indicated that cable giant Cox Communications claimed to have finally achieved this longstanding vision: it was now able to monitor consumers via microphones embedded in phones, smart TVs, and cable boxes, leverage the audio data, then exploit it to target those users with tailored advertising.

At the time, the Cox Media Group (CMG) website openly bragged about the technology, crowing about how such surveillance was perfectly legal (though, even under our pathetic existing privacy and wiretap laws, it very likely isn’t). Shortly after the 404 Media story appeared, Cox deleted the website in question and issued a statement denying they were doing anything out of the ordinary:

CMG businesses do not listen to any conversations or have access to anything beyond a third-party aggregated, anonymized and fully encrypted data set that can be used for ad placement. We regret any confusion and we are committed to ensuring our marketing is clear and transparent.

Eight months later and 404 Media has obtained another pitch deck being used by Cox, crowing about its ability to listen in on consumers in order to sell them targeted ads under the company’s “Active Listening” program. This pitch deck advertises the company’s partnerships with Google, Amazon, Microsoft. Google says it removed CMG from its Partners Program after an “investigation” prompted by 404 Media.

It’s not clear Cox is truly capable of doing what it claims or if it’s overstating its abilities just to woo ad partners. But the marketing deck is pretty clear:

“The power of voice (and our devices’ microphones),” the slide deck starts. “Smart devices capture real-time intent data by listening to our conversations. Advertisers can pair this voice-data with behavioral data to target in-market consumers. We use AI to collect this data from 470+ sources to improve campaign deployment, targeting and performance.”

If real, it likely includes the myriad “smart” television sets that increasingly have little to no real consumer privacy standards. It may also include everything from smart phones and cable boxes to the myriad other household “smart” devices with embedded mics, from home security hubs to your smart refrigerator.

Cox’s original, since deleted website crowing about its “active listening” tech even went so far as to compare its own technology to a black mirror episode:

What would it mean for your business if you could target potential clients who are actively discussing their need for your services in their day-to-day conversations? No, it’s not a Black Mirror episode—it’s Voice Data, and CMG has the capabilities to use it to your business advantage.

Since the U.S. is too corrupt to pass a meaningful modern internet-era privacy law or regulate data brokers, it remains a sort of wild west when it comes to consumer surveillance and monetization. Companies routinely justify the behavior by insisting the data is “anonymized”; a meaningless, gibberish word used to pretend these kinds of ad surveillance systems are legal, private, and secure.

Because corporate lobbying has increasingly boxed in privacy regulation at the FCC and FTC, the folks supposedly tasked with investing potential privacy abuses lack the staff, resources, and authority to police the problem at the massive scale it’s happening. And that’s before recent Supreme Court rulings further stripped away the independence and authority of U.S. regulators.

The U.S. government, keen to bypass warrants by buying consumer data from data brokers themselves, has repeatedly made it clear that making money is more important than consumer trust and public safety. As a result we have countless companies monitoring your every fart, and non-transparently selling it to any number of noxious individuals who can use it to cause active harm (see: Wyden’s revelations on abortion clinic visitor data).

See documents:



Source: techdirt, 404media, cmg