I've never heard of itch.io before but from what I can tell:
- Itch.io is a platform where people unaffiliated with itch.io can create pages and sell video games
- An itch.io user created a game that used Funko's brand without authorization
- Itch.io (correctly) removed that page when they were made aware of that by their registrar and server host, then responded to both letting them know they'd taken care of it
- The server host (Linode) said that was great and closed the issue. The registrar (iwantmyname) did not respond, then a few days later yanked the domain.
This is exactly the sort of thing the DMCA exists for (assuming itch.io is located in the United States) and it's exactly why the safe harbor provisions exist.
It's like if someone posted a copyright-infringing picture to Facebook and Facebook's registrar responded by taking down the entirety of facebook.com.
So no, this is not on itch.io's shoulders, this is on iwantmyname's (for disabling itch.io's domain even after being made aware of the circumstances) and Brand Shield (for not submitting a complaint to itch.io first and waiting to see if they'd take down the infringing user's content before escalating to itch.io's ISP and server host).
Itch Corp might be in the USA - but their registrar is in New Zealand. That seems like a poor strategic choice for both customer service reasons and legal compatibility reasons.
It turns out that (modulo some details) it's possible to trick a Windows computer connected to a network you control into opening a browser that points to a URL of your choosing. That's because NCSI initiates probes using plain HTTP rather than HTTPS, so the usual injection attacks can be carried out without the user having to take any action of their own.
(The directory OP linked to appears to be a payload they just added to the repo that fingerprints users who are presumably on the receiving end of such an attack; the actual code to carry out the attack in the first place is outside of that directory.)
---
The interesting part about that is that that's more or less what captive portals are supposed to do. One imagines that where this gets interesting is when one couples it with one of those attacks where you convince someone's computer to disconnect from a public WiFi hotspot and connect to your computer instead; then you can force a page to pop up without them realizing you're not the owner of the WiFi hotspot.
I wonder how easy it would be to carry out a phishing attack via such a mechanism? Force a captive portal prompt to launch on an unsuspecting user and have it render UI that looks like Windows and tells them they need to re-enter their Microsoft account credentials or credit card number or something.
It is worth noting that you do not need to have "control" of the access point in question for this tool to work.
The only thing you need are credentials of the network if it is not an Open Access Point. If you have the credentials you then pop those into airtun-ng and now you'll have a NIC you can sniff on and inject to the network in question at the Monitor Mode level.
No arp-spoofing, DNS poisoning, etc, just straight up good old fashioned Layer 2 hacking and there is nothing the Access Point can do to stop you sans an IDS/IPS.
So yes, you could absolutely do what you described and deauth and hope they join your network, but no need in most cases.
As well the real beauty is that NCSI probing happens every single time the the computer connects to wifi, if edgeDressing catches the probe sequence and wins the race that computer's browser is opening. Broadbrush deauthing and poof, now you have a whole bunch of computers all opening up random pages. Not good.
> Force a captive portal prompt to launch on an unsuspecting user and have it render UI that looks like Windows and tells them they need to re-enter their Microsoft account credentials
Loss of keys. If you expect the vehicle to be used by multiple different shifts then a lost key removes a vehicle from service unless you can reprogram it. Some cars let you program new fobs up to a limit then you need a dealership unlock to continue doing that.
Easier is just to key all the fleet vehicles with the same standard non chipped key. Then any key operates any vehicle which removes a ton of operational friction. When I drove cab we also just used fleet keys, but only because we bought old police interceptors, which also meant, our cab keys could open and drive police cars. Which is why police fleet cars sometimes have an extra interlock button or switch in them which disables the shifter so it can't be taken out of park. Similar to the switches in this post.
Vehicles assigned to a single officer may be different and will likely use the fob but the shift vehicles in a lot of jurisdictions just use fleet keys even today.
It's hard to build it, but some countries (like mine) have universal government-issued IDs, called identity cards. You get your ID card when you turn 14 (voting starts at 18), based on your birth certificate, or when you become a legal citizen through immigration. This ID card includes a photograph, and has to be changed every ~10 years (slightly more often at first, slightly less often as you age). Whenever the government wants to confirm your identity, you present this card, including elections. On election day, if your ID card is lost/stolen, you can get one at any police station within the same day (if both your ID card and your birth certificate are also lost, however, that is going to take far more time to get back and get a new ID, and you will not be able to vote - which is a problem, but it affects very few people, fortunately).
This whole system is easy to maintain if you've had it in place. However, it's very hard to emit ID cards for a whole population that hasn't had one before. I'm not suggesting this is an easy fix for the USA, even beyond the cultural issues that would arise if trying to do a federal ID for every citizen like this.
Are we talking about "Voter ID"? If so, isn't that being constantly derailed by the democrats? Just like all the issues with illegals and the border wall, which they don't seem to want to fix and make it impossible.
> Just like all the issues with illegals and the border wall, which they don't seem to want to fix and make it impossible.
How do you reconcile that with:
Senate Republicans block border security bill as they campaign on border chaos ( May 24, 2024 )
Nearly every GOP senator, along with six Democrats, voted to filibuster a bipartisan bill designed to crack down on migration and reduce border crossings.
The vote caps a peculiar sequence of events after Senate Republican leaders insisted on a border security agreement last year and signed off on a compromise bill before they knifed it. Democrats, wary of their political vulnerability when it comes to migration, had acceded to a variety of GOP demands to raise the bar for asylum-seekers and tighten border controls.
~ multiple US news outlets.
FWiW I'm not American, and it seems pretty clear that US Republicans vastly overhype the risks associated with the southern border, campaign hard on fear mongering, and tank any efforts by the Democrats to address those problems.
Politically it's a common conservative tactic having been used in Australia, the UK, and elsewhere.
What's curious is how people seem to fall for this and just accept what they're fed w/out looking into details.
That's the bill that would have facilitated illegal immigration, not stopped it. It sounds decent at first, providing a mechanism to lock down the border, but the "average of 4000 encounters" are 4000 who apply for asylum with a hearing at some future date and are released into the country in the meantime.
You really should read the bill. Our bills are never single subject and always have completely unrelated items in them. The title is also arbitrary marketing speak that is no indication of what the bill is intended to do.
Even more so we should use AI and probe the actual contents of these bills seeing as they're all-encompassing. This is like a giant PR that includes changes to 23% of your system, touching everything from every level including config files.
I'll bet money that none of the changes are grouped into any sort of easy-to-digest format with cross-referencing and other mechanisms to make it easy for people to introspect it.
As you are not an American, let me educate on what that bill did.
Much like the "Inflation Reduction Act" which was a clean energy bill that had nothing to do with inflation, the bill did the exact opposite of what it claimed.
- It funded billions of dollars for the NGOs which were aiding illegal immigration
- It normalized and allowed historically high illegal levels of immigration (10x normal)
- It removed the standard process for adjudicating asylum by judges and made it part of the federal ICE
- Required the US to fund lawyers for all people who were charged with illegal immigration (12 million in the last 4 years)
- It gave $60 billion to Ukraine, 3x more than border security [1]
- It gave $14 billion to Israel, $10B to Gaza, $2B for conflicts in the Red Sea, $4B to Taiwan
During this period where 12 million (3.4% of US population) people have crossed the border for residency illegally, many of which have been flown in by the US federal government, the federal government has sued Texas repeatedly while they are trying to build a border wall. They have flown in percentages of whole populations to US swing states to try to build voters. And illegal immigrants count in the census which determines US electoral votes.
The reason the GOP voted against it is because it was a wishlist for the Democratic party. There is nothing more complicated about it than that. If the GOP was such fear mongers, as you say, they'd vote for a bill that ameliorated their concerns.
Not even 3 or 4 months ago, I would have expected the responses to this message to all be 'yassss queen slay', despite the glaring fact that the 'bi-partison' bill just enshrined the current democrat-party policy into law, while ensuring it could only be challenged in a court they control.
I am happy to see that the entirety of responses are effectively 'lol, actually read the law it is a disaster'.
My heart grew 1 size today.
"What's curious is how people seem to fall for this and just accept what they're fed w/out looking into details."
Pot, meet Kettle.
Apple has (to a first approximation) a royalty-free license to ARM IP by virtue of the fact that they co-founded ARM - so yes, Qualcomm is most likely paying ARM more than Apple is.
Just to clarify for those that don't know ARMs history, Acorn were building computers and designing CPUs before they spun out the CPU design portion.
Apple did not help them design the CPU/Architecture, that was a decade of design and manufacturing already, they VC'ed the independence of the CPU. The staffing and knowledge came from Acorn.
Oh, I was just wanting to clarify the "Apple co-founded".
They had the Newton project, found ARM did a better job than the other options, but there were a few missing pieces. They funded the spun out project so they could throw ARM a few new requirements for the CPU design.
As a "cofounder" of ARM, they didn't contribute technical experience and the architecture did already exist.
I've never heard of itch.io before but from what I can tell:
- Itch.io is a platform where people unaffiliated with itch.io can create pages and sell video games
- An itch.io user created a game that used Funko's brand without authorization
- Itch.io (correctly) removed that page when they were made aware of that by their registrar and server host, then responded to both letting them know they'd taken care of it
- The server host (Linode) said that was great and closed the issue. The registrar (iwantmyname) did not respond, then a few days later yanked the domain.
This is exactly the sort of thing the DMCA exists for (assuming itch.io is located in the United States) and it's exactly why the safe harbor provisions exist.
It's like if someone posted a copyright-infringing picture to Facebook and Facebook's registrar responded by taking down the entirety of facebook.com.
So no, this is not on itch.io's shoulders, this is on iwantmyname's (for disabling itch.io's domain even after being made aware of the circumstances) and Brand Shield (for not submitting a complaint to itch.io first and waiting to see if they'd take down the infringing user's content before escalating to itch.io's ISP and server host).