Slashdot Mirror

It is a fraud. http://pastebin.com/hhU8Q9di

Except the march hack claims to be from a university: http://pastebin.com/hhU8Q9di

Because the list is from a different hack, not PSN. This scriptkiddie just copy-pasted a credentials list from march. Here: http://pastebin.com/hhU8Q9di

Linky: http://pastebin.com/HUjZPaF3

This list: http://pastebin.com/hhU8Q9di

And it can be confirmed too. This is the same credentials list: http://pastebin.com/hhU8Q9di
Note the date on that pastebin...

There was no hack. This is the same credentials list, posted in march: http://pastebin.com/hhU8Q9di

This is the first I have posted this. Nice try. Where are you on this spectrum?

21 July 2012

Censored Slashdot Post

http://pastebin.com/awkG002M

Censored slashdot post

By: a guest on Jul 21st, 2012

Hi fellow slashdot readers-

Many slashdot readers have complained over the past few years that the Slashdot
moderation system is broken. Now I think I know why. I've been a Slashdot
participant since the 1990s, and used to have a low-numbered account. I don't
like censorship. A lot. I was surprised and offended when I discovered active
censorship happening right on slashdot. Read on for details.

A few days ago I tried to post an interesting story to Slashdot called
"The Gentleperson's
Guide To Forum Spies". The article was written by an ex-COINTELPRO spy,
and describes in explicit detail how agents control and manipulate Internet
forums. So, I tried to post this story and discovered that each time I posted
it some Slashdot editor would quickly (within 3 minutes) delete the story
before it came to the atention of other editors or readers. Someone on the
Slashdot editorial board does NOT want Slashdot readership to learn the
techniques used to control an internet forum. Note that these techniques
only work so long as the readership remains IGNORANT of how they work. A
little forensic investigation by someone with DB access will even show
which editor(s) repeatedly deleted this story on 18 July 2012. Honest
editors are smart enough to figure out what to about COINTELPRO infiltrator
editors. Given that I have a natural dislike of censorship, I'm trying a
different tactic to expose my fellow Slashdot readers to this censored content.

Here's a challenge to my fellow geeks: Try to post the above story,

I agree with you in spirit (and am also bitter about the mess), though for practical reasons, I just copy and paste a certain 'flavour' of that DOCTYPE header on a lot of my pages to get things to appear the same in all the browsers. I don't know what the heck it means, and care even less, but here it is anyway (see the top bit, and ignore the rest, I didn't make this paste, just found it from looking using google (it is the same as mine, but Slashdot doesn't allow pasting of weird characters etc.):

http://pastebin.com/vkKDZPjJ

I too, loaded Ubuntu on my Dell Vostro 3560 machine, but Dell refuses to reimburse my Windows licence. So yeah, you can already put Ubuntu on it, if you pay the Microsoft tax first that is.

"Oh, and nVidia forgot to tell you that shop.nvidia.com has also been compromised. nVidia minimizing the affect that the hack will have on its stock price? SHORT SELL, SHORT SELL."

I'll hang on to my stock, I have several thousand dollars tied up in it, but don't see why I should be worried. NVIDIA's web store doesn't seem like a major source of revenue.

"Think for yourself, and question authority." -- http://pastebin.com/G21ytATD

Was there much thought put into the rant? I had difficulty trying to figure out what cause I am supposed to join. Maybe corporations are bad in general? I do know a few hackers who are really serious marxists (and will defend their position rationally and effectively). But this particular hacker rant isn't of the same calibre that I am used to.

http://pastebin.com/G21ytATD

The only flaw is that some times it can be hard to find a spesific topic even with knowing a few keywords.

Totally agree. But I fixed this by mapping a Google "I'm feeling lucky" search to a Chrome bookmark keyword. Now I just type "w search-terms" and it nearly always teleports me to the right wikipedia page. Like so:

http://pastebin.com/QX8t1fwS

(Posted to Pastebin because I can't get the Slashdot message composer to print this correctly.)

I hear the people saying that, but what would you do to make the page load either one or the other jQuery, but not both?

You would do this.

Having done web development for many years, believe me, I'm very familiar with all variety of IE-handling hacks. At the moment I can't think of a way to conditionally load jQuery 2.0 if and only if not using legacy IE, and load jQuery 1.9 if and only if using non-legacy IE or non-IE, using IE conditional comments.

Having learned about IE conditional comments a couple minutes ago, I can tell you're not very good at web development.

The Gentleman's Guide To Forum Spies (spooks, feds, etc.)
http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

I had just recently read this. Interesting.

http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

Sections Overview:

1. COINTELPRO Techniques for dilution, misdirection and control of a internet forum
2. Twenty-Five Rules of Disinformation
3. Eight Traits of the Disinformationalist
4. How to Spot a Spy (Cointelpro Agent)
5. Seventeen Techniques for Truth Suppression

The Gentleman's Guide To Forum Spies (spooks, feds, etc.)
http://cryptome.org/2012/07/gent-forum-spies.htm
http://pastebin.com/irj4Fyd5

I noticed this same oddity a few days ago while investigating a wave of spam that was hitting the inboxes of our corporate email users. We use SpamAssassin at our network edge with fairly aggressive rules and a Bayes database, so the fact that people were receiving 5-10 spam messages a piece into their inbox was very unusual.

The amazing thing that everyone seems to be missing, including the so called security experts, is that all the spam messages have correct DKIM signatures!

Unless the spammers compromised Yahoo's current DKIM private signing key (unlikely) or cracked a 1024-bit RSA private key in less than the lifetime of a Yahoo DKIM key (highly unlikely), then this is absolute proof that the mail is authorized and transmitted by Yahoo. It eliminates all argument about whether or not the headers are forged. The entire purpose of DKIM is to provide a cryptographically secure method of verifying the validity of the headers in an email message.

This fact strongly supports the theory of the Microsoft engineer.

The only realistic alternative is that Yahoo is facing a very serious breach of highly sensitive servers on their network (again, unlikely).

Of course, the proof is in the pudding, so here are the actual headers of a sample spam message. I redacted certain hostnames and removed some headers that were added by our internal email servers to protect the anonymity of our organization.

I invite anyone who claims otherwise to install a permanently on webcam in their bedroom so we can get some nice videos of their pet sheep.

You scoff, but people do it. Have a look at some of them, it can get kinda creepy.

The reason for this is that windows locks files when they're in use,

This is categorically untrue. The OS does no such thing. You can delete files in use. What you say has some merit but to explain the practical observations of being unable to delete files in use and reasoning behind such perceived behavior would require several pages of text and a lesson in backwards compat.

I just hacked a sample out for you that does just that in under 2 minutes. http://pastebin.com/vDUc0Pts
The key here is the FILE_SHARE_DELETE flag, without it, the processes locks the file.

I'm just a random Tor exit node, up one day, down the next, replaced by another random exit node.

Use the Tor Browser Bundle:
- https://www.torproject.org/

Read the Tor OPSEC article:
- http://cryptome.org/0005/tor-opsec.htm
- https://www.schneier.com/blog/archives/2012/01/tor_opsec.html

"HUGE Security Resource" - enjoy a smart selection of Security
Blogs and other security related information
- http://pastebin.com/Cm2ZHuz3

I found your paper. Pastebin Mirror.

http://pastebin.com/M7ZwwVCA

Think the Tor button will save you? Check this email out and let me know how safe you feel using Tor now that the FBI has all of the source code as well as the complete cooperation of a now-former member of Anonymous.

You seem to mostly know what you are talking about, but this is just FUD. Tor works and is open-source. That e-mail references the source to a modified version of TorButton that apparently had a trojan that ran anon's LOIC DDOS tool. It has nothing to do with the security of Tor or TorButton.

Of course, Tor is vulnerable to attack by simply having one party control most of the exit nodes. The US government almost certainly runs multiple Tor exit nodes, but probably not enough to control the entire network.

VOIP security is pretty much non-existent, and the need for a constant low-latency stream of data between the two parties makes it very difficult to secure. Just encrypting the traffic does pretty much nothing because if the encrypted traffic uses a variable bit rate codec, the words can be recovered just from the changes in the bit rate.

Tor is compromised. See for yourself.

One of the basic principles of SIGINT is that knowing whether, when, and for how long individuals or groups of people are communicating with each other is valuable, even without knowing the contents of the communications. Therefore tracing packets is useful even if you do not know their contents. Think the Tor button will save you? Check this email out and let me know how safe you feel using Tor now that the FBI has all of the source code as well as the complete cooperation of a now-former member of Anonymous.

The FBI and other elements of the U.S. Government have the capability of intercepting a wide range of communications with superior technological capabilities. Roaming VOIP, you say? Check out this article, which is from way back in 2006, and my other comment in this thread and let me know whether you think the Bureau or other agencies have solved the roaming VOIP problem by now.

Yes there are hooks in the system for intercepting cellular data. It's called make secret agreements with Telcos that are authorized under classified annexes to federal laws.

The technology is being put to nefarious ends all the time, like spying on U.S. citizens who have committed no crimes. Regrettably, I can't go into details. You would not believe the full scope of their capabilities or my experiences with them if I told you.

The speech by Hillary Clinton took place on Wednesday, May 23rd at a Gala event at the Special Operations Command in Tampa, FL. Her speech was transcribed by the State Department (as all of her speeches are), and the transcription is hosted at the State Department's website.

I've re-hosted the original article by Karen DeYoung and Ellen Nakashima of the Washington Post.

I can't say i'm surprised The Washington Post completely misinterpreted a government official's speech, but the conclusions these writers jumped to, and i fell for, certainly carry more brevity than the conclusions found in your everyday newspaper article.

This is why i usually prefer CSPAN. But i will certainly look a bit more into detail about each article i find interesting before i post it here.

Sorry about that, folks.

Now it's turning into a hacker war...

http://www.cyberwarnews.info/2012/05/23/a-message-for-ugnazi-from-underground-crew-gearsec/

http://pastebin.com/KrRG81e4

Just wait till someone stumbles onto the many webpages hosting hundreds of Trendnet CCTV IP addresses.

http://pastebin.com/sSs79RTd

Hey look at that, I even made it easy for you...

Nope. I heard circumcision may even cause premature ejaculation, as you have less "feedback", meaning less control... also, circumcision increases attrition in sex, making it less pleasant for women as well, even painful. I even read some testimonials from females (not sure how legit these are) who wondered how any woman could tolerate living with a cut man.

Firefox security bug (proxy-bypass) in current TBBs

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

Type âoeabout:configâ (without the quotes) into the Firefox URL bar. Press Enter.
Type âoewebsocketâ (again, without the quotes) into the search bar that appears below "about:config".
Double-click on âoenetwork.websocket.enabledâ. That line should now show âoefalseâ in the âValueâ(TM) column.

See Tor bug 5741 for more details.
(https://bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

- http://pastebin.com/xajsbiyh

#
Anonymous comments:
#
On May 2nd, 2012 Anonymous said:

Oh dear :(

Does anyone know if IP addresses leaked to Twitter when (through NoScript) I enabled javascript for that site?

If yes, I may be in trouble.
#
On May 2nd, 2012 Anonymous said:

@anon, AFAIK Twitter does not use web sockets, so even if you enabled Javascript on Twitter it should not be an issue. I could be wrong or there could be other issues.
#
On May 2nd, 2012 Anonymous said:

Theoretically, an exit node can embed a websocket into your traffic stream if you are using HTTP.
#
On May 2nd, 2012 Anonymous said:

As long as you weren't doing anything illegal in the United States you should be fine. Tor has never been about hiding illegal activity. And since Twitter is in the US and doesn't respond to foreign court orders⦠wellâ¦
#
On May 2nd, 2012 Anonymous said:

Ah right, maybe Anonymous "Oh dear" is a fucking communist, or even a dirty whistle blower like Maning! Brave, law abide citizens haven't got anything, that must be hidden, so maybe you want to forbid TOR, Mr. McCarthy?
#
On May 2nd, 2012 Anonymous said:

Oh great, so all my Pastebins are belong to the Feds?
#

THE DRAMA CONTINUES...

TBB proxy bypass: Some DNS requests not going through Tor
Ticket #5741 (closed defect: fixed)
https://trac.torproject.org/projects/tor/ticket/5741

"This is not the first time some rarely triggered bug in Firefox causes Tor to be bypassed, and certainly will not be the last one. Since these bugs have a very high security impact I propose they are guarded against. How about running Firefox inside some kind of firewall that drops all network packets not going to Tor?"
#
Comments:
#
by mikeperry

Good catch Robert. Disabling about:config pref network.websocket.enabled prevents it from happening for me... I'm now grepping through the Firefox WebSocket code looking for the issue..

#
by mikeperry

This is fixed and pushed to all TBB branches. I fixed it by blocking all DNS requests while socks_remote_dns is enabled, so we don't end up with this showing up in new components in the future.

Interested folks can review the patch here: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch
#
Additional Reference:

[tor-talk] Firefox security bug (proxy-bypass

Firefox security bug (proxy-bypass) in current TBBs

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

Type âoeabout:configâ (without the quotes) into the Firefox URL bar. Press Enter.
Type âoewebsocketâ (again, without the quotes) into the search bar that appears below "about:config".
Double-click on âoenetwork.websocket.enabledâ. That line should now show âoefalseâ in the âValueâ(TM) column.

See Tor bug 5741 for more details.
(https://bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

- http://pastebin.com/xajsbiyh

#
Anonymous comments:
#
On May 2nd, 2012 Anonymous said:

Oh dear :(

Does anyone know if IP addresses leaked to Twitter when (through NoScript) I enabled javascript for that site?

If yes, I may be in trouble.
#
On May 2nd, 2012 Anonymous said:

@anon, AFAIK Twitter does not use web sockets, so even if you enabled Javascript on Twitter it should not be an issue. I could be wrong or there could be other issues.
#
On May 2nd, 2012 Anonymous said:

Theoretically, an exit node can embed a websocket into your traffic stream if you are using HTTP.
#
On May 2nd, 2012 Anonymous said:

As long as you weren't doing anything illegal in the United States you should be fine. Tor has never been about hiding illegal activity. And since Twitter is in the US and doesn't respond to foreign court orders⦠wellâ¦
#
On May 2nd, 2012 Anonymous said:

Ah right, maybe Anonymous "Oh dear" is a fucking communist, or even a dirty whistle blower like Maning! Brave, law abide citizens haven't got anything, that must be hidden, so maybe you want to forbid TOR, Mr. McCarthy?
#
On May 2nd, 2012 Anonymous said:

Oh great, so all my Pastebins are belong to the Feds?
#

THE DRAMA CONTINUES...

TBB proxy bypass: Some DNS requests not going through Tor
Ticket #5741 (closed defect: fixed)
https://trac.torproject.org/projects/tor/ticket/5741

"This is not the first time some rarely triggered bug in Firefox causes Tor to be bypassed, and certainly will not be the last one. Since these bugs have a very high security impact I propose they are guarded against. How about running Firefox inside some kind of firewall that drops all network packets not going to Tor?"
#
Comments:
#
by mikeperry

Good catch Robert. Disabling about:config pref network.websocket.enabled prevents it from happening for me... I'm now grepping through the Firefox WebSocket code looking for the issue..

#
by mikeperry

This is fixed and pushed to all TBB branches. I fixed it by blocking all DNS requests while socks_remote_dns is enabled, so we don't end up with this showing up in new components in the future.

Interested folks can review the patch here: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch
#
Additional Reference:

[tor-talk] Firefox security bug (proxy-bypass

Although not quite as easy as just firing up tcpdump (If it was - this would have been 'exploited' a long time ago)

http://pastebin.com/rBu4jDm8

Not sure if the version of skype client is relevant (Maybe you just need to enable debug mode)

You could replace looking at the logfile with sniffing packets if they are in plain text (Which they probably shouldn't be)

I haven't tried this.

Here you go, I put the article on PasteBin since it's CC-BY-NC-licensed. =)

http://pastebin.com/mptMrYit

Here's a cleaned up text version on pastebin from the XML
http://pastebin.com/DjFNWweK

I have had pretty good success (and some random failures) with this design. Alas I can not find a reference to it online, and more than likely the name I have for it is incorrect. I found the design when I was a younger child, the design was in a book of paper plane designs.

The design is fairly simple though:

1. Start folding a traditional paper plane: http://en.wikipedia.org/wiki/Paper_plane using the example image on the wikipedia page, before performing the middle/centre step in the image, insert an additional step.
2. The additional step is:Fold the tip down so that it touches the tail of the plane at the centre line, then fold it back up again so that an additional crease is made about 2cm from the one made just before.
3. Continue with the instructions on the wikipedia page.

The result will be a traditional dart with a tiered nose, which will fly a bit more stabler than a traditional dart. You may need to gently tweak the trailing edge of the wings to create a bit more upward direction (lift is probably the wrong word). You can also play with the positioning of the creases made in the additional step to adjust the balance, which will probably achieve the same results as the wing tweaking.

The following SVG should give you a hint: http://pastebin.com/PnsaGPzK

You misunderstand. I'm not saying that the government wants free porn. I'm saying that as soon as the cameras are there, your love life is only a quick hack away from people who do.

Indeed. There are webcams all over the net that people have put in their houses as "more effective" baby monitors and such.

And they are wide open to the internet.

Are you bored?

http://pastebin.com/fDkTWZGX

Trendnet cameras. Wide open to the world. And so is your life.

--
BMO

This was fun, because I got pretty much the same thing down to 56 bytes in x86 assembly some 15 years ago. I remember the best entry in the competition I wrote it for being around 48 bytes or so; I missed at least one trick for setting the graphics segment more efficiently, and also something related to either collision handling or keyboard input, don't remember which.
In any case, this is possibly the right version of the code. Should compile with NASM, and is even playable in Dosbox with arrow keys if you turn the emulation speed as low as it can go.

âoebut do you know how to check and is there any point checking when we already know NSA/KGB, etc etc have the globe encircled with satellites?â

try lining your windows with tinfoil and check it after a few months. Youâ(TM)ll discover straight LINES and DOTS (tiny peep holes). This is with the tinfoil on the inside of the windowsâ(TM) surface, in-house/apartment. What causes this?

I believe most, if not all consumer computers and devices are, if not monitored, swept and mirrored by big bro using satellite technology.

One anonymous poster to pastebin, claiming to be representitive of Mossad, fired a shot across the bow of Anonymous and other hackers by saying, paraphrased, âoeAll of your hard drives are mirrored in (locations A,B,C as I forget which countries were mentioned) certain places on Earth anyway.

I find this to be true, Iâ(TM)ve used Microsoftâ(TM)s SysInternals programs to monitor processes and discovered my drives being swept, a chat program running I never installed and could find no trace of, files where they had the most interest were mp3 and graphics files, but they scraped the whole drive, and an iso creator/mirroring utility was running.

You only make it easier for them if you willingly install video streaming programs (VLC) with command line counterparts, music programs with command line counterparts, Office programs, which I noticed PDF files were being made in the background, and all of this activity was happening when I was monitoring a computer isolated from any wired/wireless/LAN network(s).

Google: Subversion Hack archive for a glimpse into this mysterious activity

Itâ(TM)s all about the waves.

*****

âoeWell, if this is true or not, I cannot tell, because I use GNU/Linux,â

The same is true for *nix, you just have to have the right monitoring tools and know what to look for inside binaries which are easily messed with by injecting malware into them and tools used by âoeTHEMâ to obscure the code injected into the ELF binaries so as to avoid being picked up as malware.

One simple command you can use to check for modifications to your files:

sudo find /usr/bin -mtime -60

That will search /usr/bin for files modified within 60 minutes, adjust the command as needed for other directories and time frames.

ALWAYS generate sha256sums or better (NOT MD5 or SHA1) of your initial install and the LiveCD and store them on a READ ONLY media like a once writable CDROM. The free utility known as âoemd5deepâ offers more than md5 checksum generation and unlike the simple tools like sha256sum, sha1sum, etc., md5deepâ(TM)s options offer RECURSIVE and directory stripping options, perfect for backup on CDROMs.

Hereâ(TM)s one example out of many mysterious *nix trojans floating about:

- Linux/Bckdr-RKC
â"- http://caffeinesecurity.blogspot.com/2012/02/linuxbckdr-rkc-still-undetected.html

âoeFor those who arenâ(TM)t familiar with this trojan, an anonymous internet user has taken the time to put together a Pastebin post highlighting my research on this trojanâ: http://pastebin.com/DwtX9dMd

More questions without answers:

- Malware for Windows, *nux (and MacOSX?) which HIDES in FIRMWARE on routers, PCI and AGP cards and devices (including CD burners), system BIOS, MBRs, ethernet (nic) cards most if not all surviving hard drive wipes/formats and preloaded again and updated âoethrough-the-airâ mysteriously or when youâ(TM)ve plugged into the net.

- Ethernet cards using packet radio modules/protocols

- Linux distributions including LiveCDs including more modules than they need to run, especially for LiveCD purposes, including build essentials, dpkg-dev, ISDN drivers/modules (sometimes in multiple places, as binary f

âoebut do you know how to check and is there any point checking when we already know NSA/KGB, etc etc have the globe encircled with satellites?â

try lining your windows with tinfoil and check it after a few months. Youâ(TM)ll discover straight LINES and DOTS (tiny peep holes). This is with the tinfoil on the inside of the windowsâ(TM) surface, in-house/apartment. What causes this?

I believe most, if not all consumer computers and devices are, if not monitored, swept and mirrored by big bro using satellite technology.

One anonymous poster to pastebin, claiming to be representitive of Mossad, fired a shot across the bow of Anonymous and other hackers by saying, paraphrased, âoeAll of your hard drives are mirrored in (locations A,B,C as I forget which countries were mentioned) certain places on Earth anyway.

I find this to be true, Iâ(TM)ve used Microsoftâ(TM)s SysInternals programs to monitor processes and discovered my drives being swept, a chat program running I never installed and could find no trace of, files where they had the most interest were mp3 and graphics files, but they scraped the whole drive, and an iso creator/mirroring utility was running.

You only make it easier for them if you willingly install video streaming programs (VLC) with command line counterparts, music programs with command line counterparts, Office programs, which I noticed PDF files were being made in the background, and all of this activity was happening when I was monitoring a computer isolated from any wired/wireless/LAN network(s).

Google: Subversion Hack archive for a glimpse into this mysterious activity

Itâ(TM)s all about the waves.
==
âoeWell, if this is true or not, I cannot tell, because I use GNU/Linux,â

The same is true for *nix, you just have to have the right monitoring tools and know what to look for inside binaries which are easily messed with by injecting malware into them and tools used by âoeTHEMâ to obscure the code injected into the ELF binaries so as to avoid being picked up as malware.

One simple command you can use to check for modifications to your files:

sudo find /usr/bin -mtime -60

That will search /usr/bin for files modified within 60 minutes, adjust the command as needed for other directories and time frames.

ALWAYS generate sha256sums or better (NOT MD5 or SHA1) of your initial install and the LiveCD and store them on a READ ONLY media like a once writable CDROM. The free utility known as âoemd5deepâ offers more than md5 checksum generation and unlike the simple tools like sha256sum, sha1sum, etc., md5deepâ(TM)s options offer RECURSIVE and directory stripping options, perfect for backup on CDROMs.

Hereâ(TM)s one example out of many mysterious *nix trojans floating about:

- Linux/Bckdr-RKC
â"- http://caffeinesecurity.blogspot.com/2012/02/linuxbckdr-rkc-still-undetected.html

âoeFor those who arenâ(TM)t familiar with this trojan, an anonymous internet user has taken the time to put together a Pastebin post highlighting my research on this trojanâ: http://pastebin.com/DwtX9dMd

More questions without answers:

- Malware for Windows, *nux (and MacOSX?) which HIDES in FIRMWARE on routers, PCI and AGP cards and devices (including CD burners), system BIOS, MBRs, ethernet (nic) cards most if not all surviving hard drive wipes/formats and preloaded again and updated âoethrough-the-airâ mysteriously or when youâ(TM)ve plugged into the net.

- Ethernet cards using packet radio modules/protocols

- Linux distributions including LiveCDs including more modules than they need to run, especially for LiveCD purposes, including build essentials, dpkg-dev, ISDN drivers/modules (sometimes in multiple places, as binary files and

HUGE Security Resource - version 5000 - 03/06/12
- http://pastebin.com/2VyxkWrc

Previously featured on the front page of Cryptome.org.

Welp, that looks horrible. Here's a pastebin of my original post: http://pastebin.com/uuj5Awpv

http://pastebin.com/48XkG9sq

nice payload :P

but not very useful for exploiting the bug. lol.

http://pastebin.com/nSp1Qxpi

HUGE Security Resource - version 5000 - 03/06/12
- http://pastebin.com/i7c3SJYN

Previously featured on the front page of Cryptome.org.