但說真的,在不提供任何確認動作的狀態下,Google自行下載了新版的Google雲端硬碟,這點個人覺得不是很尊重使用者。除此之外,在「備份與同步」與「雲端硬碟」的切換過程,明明瀏覽器的帳號已經正常登入,但在雲端硬碟的引導登入過程中,卻出現無限循環的登入失敗,實在讓人覺得煩躁。
- 失敗狀況
- 登入方式
有什麼 說什麼
但說真的,在不提供任何確認動作的狀態下,Google自行下載了新版的Google雲端硬碟,這點個人覺得不是很尊重使用者。除此之外,在「備份與同步」與「雲端硬碟」的切換過程,明明瀏覽器的帳號已經正常登入,但在雲端硬碟的引導登入過程中,卻出現無限循環的登入失敗,實在讓人覺得煩躁。
感謝網友割愛,收到一台有趣的二手玩具 GIGABYTE_GB-BACE-3160,雖然是超微型電腦,但麻雀雖小五臟俱全,稍作升級便可拿來做為LAB環境的測試主機。😀
01. 來張正面開箱照,以正常使用狀況來說,已經維持蠻好的外觀。
Title: An access control vulnerability in Hame SD1 Wi-Fi
Vendor of the product(s):HAME
Product:Hame SD1 Wi-Fi Product
Version:V. 20140224154640
Vulnerability information:
A broken access control vulnerability (weak password) in HAME SD1 wifi, Firmware version <=v.20140224154640 allows an attacker to easily perform brute-force attack to access telnet service and obtain system administrator privilege.
According to OWASP IoT TOP 10 2018:
No1. Weak, Guessable, or Hardcoded Passwords Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems.
PoC:
Using NMAP to scan target device, and found telnet service was open (port 23).
Using Hydra to perform a brute-force attack to get login account and password. (weak password)
Logging in via telnet with the above account and password to obtain system administrator privileges.