> They think most devices talk back to the satellites somehow.
To be honest, I don't think most people realize GPS is coming from satellites in the first place. Most people simply don't think about how/why at all when using things.
GPS and almost all other GNSS is indeed downlink-only. However, Starlink and other LEO internet providers could offer a two-way GNSS service if they added precision clocks in their satellites.
We would love to see Europe develop a military spine for once, I’m excited to see how long it takes before they come crawling back under the wing of the US.
Also, who wants to make deals with someone who can't be trusted to follow through. What's the point? Would you sign a 10 year deal with someone who keeps ripping it up and changing their mind every 3 weeks? What's the point?
The only recourse for what problem? Aren't there other plausible creative ways to apply pressure and get it fixed, with less risk to the people unwittingly at mercy of this vendor's negligence?
Or are you speaking of the transactional convention, in which people can break into systems, and then are entitled to publicity for that, so long as they give the vendor advance notice?
The whole responsible disclosure convention seems an imperfect compromise, among various imperfect actors. On occasion, individuals might decide that other options are more appropriate to the specific situation, and to Perfect Tommy it.
I strongly disagree. You’re literally putting people’s lives and possessions at risk who have no knowledge of this. There are many alternative methods, from getting the government involved to giving a a very long lead time to the vendor before you disclose this, to sitting on it and never disclosing.
The information is already sitting on Google for anyone to find, vendor doesn't give a shit.
Best to get it out there, at least if you're stuck in one of these buildings you can log in and change the admin password yourself till your building management does something about it.
Software vendor and building manager are putting people's lives at risk.
Can't software coders ever take responsibility? And this is on the programmer who implemented this, too. You just not let your product manager do this, ever. It's 2025 already.
And this is a security product, wtf? Residents should be suing individual programmers here. OWASP was created 24 years ago. Default credentials is like number 1 on their IoT app security list. Only a moron would not defend against this. If your manager requires this, you just send him:
There’s zero evidence of either of it, just because they got an A record with a .gov at the DNS doesn’t mean this tiny site had any connection back to larger data, and based on my own analysis of how hard every furry hacker on the planet is hitting this, if there was, it would be leaked to the moon already and not speculated on.
Important to clarify that USDS (DOGE) does not have access to any military systems or intelligence systems. They only have the current access due to the historic process of the USDS.
They certainly have access to classified intelligence-related information, since they published it (regarding NRO), whether or not they have access to intelligence systems.
