Readit News(Not for nefarious purposes, but just in case I can’t find my keys.)
The question I've always had is how enforceable is that really? Obviously the whole point of Apple making macOS freely available is to run it on Apple hardware. They don't give it out for free to run on other hardware but can they really do anything about that other than require you to enter a serial number to download an image? If they really cared, they would just do something like hashing the serial number and current date and time against a secret key (maybe inside a read-only portion of the TPM) and only Apple would be able to verify that the hardware is legit. You would need to somehow expose the TPM to the hypervisor to be able to generate hashes for macOS to verify it's license. Clearly this is not a huge problem for Apple because they would already be doing this if it was an issue.
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacti...
By relying on the default keepalive limit, NGINX prevents this type of attack. Creating additional connections to circumvent this limit exposes bad actors via standard layer 4 monitoring and alerting tools.
However, if NGINX is configured with a keepalive that is substantially higher than the default and recommended setting, the attack may deplete system resources.
The dispensers have constant real-time communication to the forecourt controller and the attendant inside. What are they showing when this "hack" happens? Are the attackers taking the RS485 line down (which would show the pump offline immediately inside) and forcing the pump to manually dispense?
I'd kill to see some more actual information than this. I am not aware of a single pump on the market with Bluetooth right now but I do remember some IR-based remotes for some old Wayne pumps.
Interesting nonetheless.