Gadget Victims


Post Top Ad

Post Top Ad

Spitfire Audio released a free Symphonic Orchestra library!

5/12/2020 05:28:00 PM 0

Just as I listed my cheap collection of symphonic libraries, another one got released, that absolutely cannot be ignored (because it's from Spitfire Audio!) : The BBC Symphony Orchestra, Discover edition

It's not exactly their first freebie, but this one gives you a generous sample, yet very portable (200MB), of their famous BBC Symphony Orchestra library. 

Here's what you get with the Discover edition compared with the Core (349$) and Professional editions (749$). 

To get this library for free, all you have to do is browse to their product page, and click on the OR FREE link below the Add to Cart. Where's the catch? You get it free you'll need to fill in a questionnaire of ~40 questions on your musical background, and then ...wait 14 days to receive the download link. 
If you cannot wait, the price to get it immediately is 49€/$/£ 

Read More

My 'cheap' collection of symphonic libraries for Kontakt Player (and some freebies)

5/08/2020 04:16:00 PM 0

When it comes to sound libraries, having instruments that deliver a convincing and satisfying result matters as much for hobbyists than professionals.

I'm part of the first category, so coughing up 500+ bucks for a orchestral library is not reasonable. For anyone willing to go pro, that could be seen as an investment for the future, but that's not my case.

I recently purchased 2 cheap libraries (compared to the pro standards) that, put together, provide a cost-effective mix of articulations and sound quality. They both run on the free Kontakt Player, are reasonably gentle on the CPU and storage, and cost less than 150$ each.

Read More

SONOFF IP Camera: Coolkit GK-200MP2B

3/08/2020 05:06:00 PM 3

Today, there is a decent choice of IP cameras for the Tuya ecosystem (Smartlife) but the Sonoff-compatible range seems currently limited to the GK-200MP2B.

Here's a quick look at it.

Read More

How to get rid of all ads in MIUI 11

3/07/2020 04:34:00 PM 1
Xiaomi MIUI overlay has greatly improved over the recent years and I start to like it.

What I like less is the increased amount of ads that sneaked in every corner of it

Obviously Xiaomi fail their promise to cut down on ads in MIUI 11.

Thankfully there's always a switch hidden in the most remote part of a menu to turn them off.

Read More

Tranya Rimor True Wireless Earbuds

2/10/2020 12:23:00 PM 0

Tranya sells a range of wireless earbuds and the Rimor is one of their latest and best model.

They've been kind enough to send me a pair of these and here's the outcome.

Read More

Cracking open the iPazzPort KP-62 remote

1/22/2020 11:52:00 AM 0

The iPazzPort KP-62 is an RF remote I bought some time ago thinking it could be better than the H1 or even the unmatched TZ-P3.

I never considered publishing a review for it because of its inherent show-killer feature: the useless and continuous beeping when using the keyboard side.

There's a simple DIY solution to it.

Read More

Is your IP Camera (still) vulnerable to XSS?

1/21/2020 11:03:00 AM 0
XSS or Cross Site Scripting is a common vulnerability in software allowing attacker to inject code via the user interface.
Often, an input field just intended to collect a server address or user name will also accept entries of a different nature that will be interpreted by the system.

Low-cost IP Cameras, but also more professional ones, have been exposed to XSS for many years, a good reminder that such network devices should not be directly exposed to the Internet!
Hopefully that vulnerability is now well known and many manufacturers eventually "patched" their devices or reduced the attack surface by removing telnet and ftp altogether.

If your IP camera has a HTTP-based user interface, here's a working example of command injection (for learning purpose). This works great on old generation Veskys and Digoo BB-M2 (the pictures below comes from that model), and does not with the Wanscam models I tested.

First check if the admin interface of your camera as an FTP server settings page like this:

Then instead of FTP Server address, copy this command:
put $(killall telnetd)
That first command killed the running telnet daemon.
The second will now launch the Busybox shell without a user/pass prompt. In the username field, copy this: 
$(telnetd -l /bin/sh)

Click the Set up button to save the entries, and click the "Test" button to send them.
The actual FTP server test will report "Test  ...  Failed" which doesn't matter at all because the commands have been executed.

After that, use any telnet emulator, like Putty, and connect to the camera on port 23

As the owner of the camera, this trick allows you to gain full control on your camera.


More reading:
Read More

Digoo DG-K2: I've seen this face before...

11/11/2019 09:21:00 PM 0
The Digoo DG-K2 is another camera compatible with Smart Life.

This one has a particularly nice design, which also reminds me a bit of a certain character from South Park , but maybe it's just me...

Read More

Post Top Ad

Gearbest Alfawise V8S Max UV Sterilization + Disinfectant Disinfection Wet and Dry Robot Vacuum Cleaner promotion