Slashdot Mirror
All We Want Is Whatever's On Your Machine
kubla2000 writes: "A breathless story about how the best defense against [fill in the blank: piracy, virii, hacking] is a good offense at CNet. What struck me most though is that in the midst of the rant from Timothy Mullen (no stranger to hacking the hack as this story from computerworld magazine shows, was a throw-away line justifying the RIAA and MPAA's appeal to Congress to make it legal to do this! It seems the bandwagons have started rolling. Who's next to jump on?"
the best defense against [fill in the blank: piracy, virii, hacking] defending AGAINST privacy? :P
If they should be able to run code at our computers, they increase the security risk, since viruses may exploit these programs.
We'll NEVER buy another cd/dvd/tape, so long as the recording/"entertainmeNT" "industry" is attempting to use MY lamo/corrupt gov't. to try to "do things" to MY PC/network. That's NEVER.
Who wants to get together and build a worm that does nothing but fix known security problems? We can make it grab all it's data from a chat-room, or web page, so it can stay small, but call upon a large database of known exploits, download them to the machine, and execute them...
Perhaps self modifying? To take advantage of newer exploits as they are found, so it can continue spreading itself? (Again data taken from IRC or Web URL) Perhaps just several variants of the worm...
What fun we could have!
policy to me.
This can't be a good thing: just think of
the court cases, and the added burden on the legal system.
Imagine a scenario like this:
Company A, B, and C are infected with viruses.
Company A tells Company B to "santize your systems, and stop infecting us, !". Company B has santizied it's system, and tells Company A to "go pound salt".
Company A, unknowingly infected by Company C but still blaming Company B shuts down Company B's system. Company B is not happy.
Company B manages to bring it's system back up, and shuts down Company A in retribution.
Lawsuits ensue. The courts, which could be ruling on citizen's issues instead, (like, say, overruling the DCMA), become backed up with corporate bickering. The citizens lose. Ugly situation.
And that's not touching on any of the questionable ethics of government sponsored vigilantism. I'll
leave that flamewar to others -- I imagine things will get quite toasty.
Time to burn some karma...
Is it me, or is this story's headline totally incoherant? I re-read it twice and still only have a vague clue of what the links are going to be about. He couldn't even take some time to proofread or even close his parenthesis.
I thought it was fairly well balanced actually. Outlined the problems of "hacking back" in language that everyone can understand...
Prior to that, you acquired a time machine, I believe...
Considered harmful.
I really hope this catches on. Then all you have to do is send some virified email to your target before you hack it. "Sorry 'bout the thousands of dollars worth of downtime I caused you, but your network was spreading Nimda." It's a great idea, really it is.
Ph-nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
What he says on the issue is: What he seems to be advocating is decriminalization of defending your computer against an active attack. I tend to agree. It's like saying it isn't theft to take a crowbar away from someone who is using it to jimmy your front door.
The author has blurred all sorts of lines, viruses and worms, copyright and attack, defense of ones computer and defense of ones IP.
I'd be interested to hear Mullen's comments on the story.
-Peter
First they attempt to litigate, but they don't get the 100 percent returns they want. Then they try and remove our rights through precedent. After they get tired of precedent they buy off some disney lawmakers. They make it illegal to even teach people how to circumvent technological countermeasures to remove our fair use.
Then through precedent, they make it illegal to link to pages which teach others how to circumvent technological countermeasures which remove our fair use.
They have found the best route to getting their way. Disney politicians who can be bought, as they were bought by enron.
We have got to change the american political structure. We must mandate 100% disclosure of personal monies and campaign contributions of all politically elected officials.
In the meantime, perhaps autohack-backs on DoS need to start getting spread around.
Who cares if you take down huge portions of the net, at least you'll get back at the RIAA for putting people like Britney Spears out there.
Wouldn't any DOS-attack against an alleged "offender" also hit the bandwidth/resources of all the innocent systems along the way? I'm not sure how this wouldn't create lots of collateral damage for people who aren't involved.
We've already seen something akin to this, at least on a small scale.
:P
Working as a telephone tech support person for a non-tech sector company, Klez was particularly annoying as we would get angry telephone calls from our own corporate executives about how our server based antivirus program wasn't working, as they were getting angry emails from people at other companies telling them to stop sending them the Klez virus.
All because the damn thing sent false header information and someone outside both companies had been infected, people would continue to blame the wrong parties when their own antivirus program would point them at the wrong culprit, despite all the media stories explaining the damn thing in clear detail.
We had a number of execs refuse to believe us when we told them their machine was clean, as "obviously" we were wrong according to the people at the other company. Even had one high up try to install her own antivirus program because she didn't trust ours and ended up trashing her computer.
I just loved the whole telephone support deal during the peak Klez season.
Too bad everything you describe above was invented in the 90's, not the 80's. What a pitiful troll. BTW, Linux 1.0 and FreeBSD 1.0 both came out at just about the same time.
If these stupid laws were passed, what would stop government agencies from just randomly entering your house to search for just about anything they thought you might have in there?
Nothing would displease me more than waking up at 4am to discuss with a fireman who has a key to my frontdoor, the dangers of not having a smoke alarm.
Seems more and more, you're guilty until you've been proved innocent.
RIAA or MPAA come a knockin on my machine with the 'l33t0 toolz' they have, i'm perfectly within my rights to retaliate... afterall I dont live in the US of A.
Be you Admins? nay, we are but lusers!
Ninja. Lots of them.
Everything will be taken away from you.
Who is "Emily Litella"? I'm too lazy to look.
You are wrong! there are multiple other sources in the medical field (such as most of my text books) that would contend otherwise.
In real life, if you're suspected of holding illegal copies of something your premises can be raided (with a warrant) and the items confiscated. If you're suspected of carrying a harmful virus that can easily be spread (i.e. your a public risk) then you can be quarantined. They can't treat you with out consent but they can still keep you away from the public.
(you can just tell when your about to be modded down, yet you still cant help posting)
This comment does not represent the views or opinions of the user.
Seems to me that the RIAA and other such groups should think twice before declaring the start of this new arms race.
It's like doctors questioning the overprescription of antibiotics -- the more agressive their weapons become, the more clever we will become in working around them. Increased use of antibiotics and other agressive medicine is creating superbugs. The same is true online:
As the internet becomes more dangerous for p2p networks, only the stronger networks will survive.
Gilda Radner
pb Reply or e-mail; don't vaguely moderate.
It's not its, it's it's.
If this article were advocating that people could go on "white-hat" vigilante attacks against people they didn't like, everyone would point out how ridiculous that would be. Well this is really pretty similar, because if you say that it is legal to crack computers causing problems to other computers, then you have all kinds of ways of weasling out of trouble for cracking. Script kiddies would be delighted!
As usual, this just sidesteps the more important issue which is that of secure software. If Microsoft tied up he bugs in Outlook and finally realised/admitted that secure by default is more important than snazzy and integrated by default, we wouldn't have half these problems. And if the software industry in general were really made to be more careful about its security, we could sit back and relax *a little*.
This sort of idea does little to prevent malicious scripts, and does a lot of encourage vigilantism, which is exactly the sort of nonsense that just makes things worse, and opens the legal doors to companies cracking into your computer to check if you've written about their products (y'never know lol).
I'm no UNIX head (I just got Mac OSX a while back), and I recently remember reading about the RIAA wanting to sabotage our computers if they're running XNap, LimeWire, Kaaza, Morpheus [insert your favorite file sharing program here]. Would it be theoretically possible with UNIX/Linux/Mac OS X to take whatever DOS attacks the RIAA initiates, and somehow pipe them through right back at their own machines (using different port numbers, etc...)? I don't think it would be difficult to set up a port scanning program to detect "what was going on" and send DOS attack back right at them. They'd bring their own systems down very quickly that way if it works.
"Well, his computer pinged me a few times, so I used a buffer overflow to gain access to his machine, and formatted his harddrive."
As you can see, there are two issues that are left unresolved: what defines an illegal attack, and what defines an appropriate "counter attack".
As for this falling under a self-defense part of the law, I would suggest looking at the goal of self-defense: stopping an attack against you. Self defense does not mean kill someone, does not mean detain someone, or anything else. Although it is possible that those could be necessary in an act of self defense, in most cases they are not.
With all this in mind, take a look at how you can stop the attack on you. The best way would be with a firewall or patching the problem. From there on, you should report the problem to the authorities (ala "real life"), probably being the machine's isp, and possibly the police/fbi.
Vigilanties are not protected by the law, and their best hope is to convince a jury/judge that they were doing the "right thing". Unfortunately, most of them aren't qualified to make that decision :]
If hacking is illegal, only criminals will hack.
To protect ourselves, we need to make justified hacking legal!
God knows the world doesn't have enough hackers.
Now, seriously... if it's possible to do something nasty, like spreading a virus or disabling a remote system, someone will do it - regardless of what the law says. This is true of all laws, whether we like it or not. There are two important differences in the 'digital' world:
- The Internet is such a hopelessly confused tangle of metaphors that often we have trouble telling exactly how our normal ideas apply.
- The Internet is not like the physical world, and often our ideas don't apply.
Now, the point here is that while laws can help protect the Internet, the actual solution - perhaps the only solution - is for our machines to protect themselves. No - that's the wrong metaphor. There's no reason a computer needs to start running a bit of malicious code just because of a bunch of bytes it happens to read through the network. Our computers can only be hurt by others if they themselves allow it.
Not to clean the mess I make in my computer room.
Leave all those papers where they are,
Don't touch anything, I like my computer room this way.
Now, I should go to my rep. and told him not to touch my computer. If it is full of virus, leave it like that. I like it the way it is. Thanks.
I'd rather be sailing...
Language was created by those with the vazeptitude to invent new words. ;)
If you don't have anything nice to say, shut up you stupid prick.
Is it me, or is every time a post begins by mentioning karma, the actual content is some uninspired drivel supposedly making insightful criticism of some perceived Slashdot sacred cow?
What is it? Some reverse psycology tactic? Pre-positioning onself for the role of martyr? In any case, it screams "lack of conviction."
State your argument and let it stand on its own merrits... or lack thereof.
Basically, even if you take away the factor of 'trade offs' (of security/privacy vs freedom) and personal freedom in general, the fact is that history has proven that such tactics in the end not only fail to accomplish their goal, but the cost to achieve this failure only adds more injury. What finally adds insult is the fact that the vast majority of time, the problems actually become WORSE, whether from direct or indirect results.
Now the part that pisses me off is people's response to this little historical lesson. Many refuse to actually heed the lesson but only bastardize aspects of it to fit their self centered needs. This is much akin (in many ways) to the situation where a child will justify (instead of reason) with very hand selected 'facts' as arguments simply to get some nintendo game, cd, bike, etc. Any sort of logical analysis and use of reason is only mimicked and faked. When people like this never grow out of this but age chronologically they continue to use such 'thinking' to justify positions in things like politics and lifestyle choices.
Well, either way... even if self labled 'heroes of the people' that are in reality only petty whoring thieves choose to use this fact as an excuse I suppose there is nothing to be done about it. The fact remains, regardless of how the short sighted, greedy, and manipulative sheep refuse to acknowledge that their actions cause more problems form them and others down the road (as if they EVER trully think of anyone else), the problem requires education not FUD or their reactive responsive FUD.
Language was created by those with the vazeptitude to invent new words.
No, the aliens gave it to us!
Pixels keep you awake!
It's not it's not its, its it's, it's it's not its, it's it's.
If you're going to be a grammer Nazi Nazi, at least get it right right.
Oh God, I'm confusing myself myself. Easy to do, I know...
"It's (as in a contraction of 'it is') not its (reference to mistake in post), it's (Again, this is a contraction, its is the possessive) it's (using the contraction again to reference the word that should replace the word used incorrectly).
If you're (contraction of You Are) going to be a whiny little bitch, give me your phone number so I can call you up when I want a blow job.
I have a few questions about this article perhaps someone can share some insight.
.mp3 file on one of these peer-to-peer networks that is not really a mp3 file, but a program that removes lets say (insert favorite media player here) and deletes all of your mpeg files, divx files and mp3 files. Is that detructive or not?
1. The bill, proposed by Congressman Howard Berman, D-Calif., would protect copyright holders from liability if they place destructive decoy digital files into peer-to-peer networks to penalize users.
Mullen said his hack-back idea is different because it is designed to improve the security of cyberspace and would not harm any computer systems.
Now, First off, putting destructive material on any computer is harming it. Am I mistaken here? I mean lets say I decided to put out a bogus
2. To counter this, Mullen has come up with a way for machines that have been attacked--but not infected--to trace the worm back to the attacking machine and prevent it from spreading the worm to other computers.
Using his technique, the computer that launches an attack is paralyzed and requires an administrator to restart it, but it stays online and is not otherwise harmed, said Mullen, who is a columnist for SecurityFocus.com.
Ok so if the computer that was doing that attacking is now being attacked.. Doesn't that count as a DoS attack? Furthermore, He says it stays online but needs to be restarted... If it stays online, why does it need to be restarted?
3. Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School, said she felt Mullen's idea may be protected under a self-defense provision.
"This is a type of defense of property," she said. "There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses."
Ok so now lets say this happens... (Names have been changed of person(s) to protect thier identities.)
Bob, is out driving his car and stops at a red light. Frank pulls up next to bob in his car at the same red light. Frank gets out of his car and smashes Bob's window... Does that give Bob the right to smash Frank's window, or slash his tires or pour sugar in his gas tank? I don't think so, Last time I checked I could be sued for doing so...
It seems to me that this is kind of like this situation. Burglar breaks into house, He gets bit by a nice big dog that is "protecting" his territory. The owners of the house and dog, are now being sued because the thief was attacked by the dog. The dog in return, because the thief won his case, is now being put down. How fair is this?
This post was generated by a Team of Elite Monkeys for br0ken2o0o (569914).
OK, so how do I know that the worm my server was infected by didn't include a trojan?
;-)
Silly me... if I cared about things like that, I wouldn't leave my server infected, would I.
How about if it just shut down insecure machines or publically shamed the owner?
Xix.
"Everything is adjustable, provided you have the right tools"
This made no sense whatsoever. The only coherent point I read was reply about how hackers break in and then patch the system. Whats so bad about that? Lets look at facts Pat.
o -- Lazy System Administrator is paid $75,000 dollars a year to secure a server.
o -- Over worked and under paid factory worker is paid about $15,000 dollars a year and spends his leisure time chating on IRC and hacking unsecure systems.
o -- The later, takes time and helps the aforementioned secure his system. While he spends some quality time at the fairway play 18 holes of golf.
I don't see no problem. I concur that they need to switch jobs.
Back to you Pat.
In other news.. Scientists have unravaled the mysteries of how chocolate pudding will prevent cavaties and reduce heart disease.....
Surely, you mean "ninjii", don't you?
You see? You see? Your stupid minds! Stupid! Stupid!
I've been cranking on this idea for a while and it may be possible to thwart the RIAA. Some really smart encryption heads/programmers could tweak the current file sharing protocols to switch port numbers, route the data to dead end/non-existent IP addresses using some complicated algoerithm. Yeah, it might take a little longer to get your file (MP3, let's be honest), but the DOS attacks wouldn't be able to go through since your IP address would "flicker" in and out of existence. From the perspective of the network, there would be periodic and unpredictable breaks in the network. A LimeWire-type P2P would be pretty cool, switching port numbers, and periodically breaking connection (for a finite amount of time, then reconnecting). With everyone's computer running this program, the network would be a virtual Christmas Tree of flickering IP addresses and port numbers. It would even be cool if a series of virtual or decoy IP address existed, making life very complicated for the RIAA DOS attacks. Gah-ah-lly, my imagine runs wild, I just wish I had the programming knowledge to make his work. It sounds so fun. Of course, this assumes that the stupod law passes through Congress. Is Joe Smith transferring files illegally or not? I'm sure some Ivy-League Geek will figure this out. The RIAA doesn't have a chance.
Using his technique, the computer that launches an attack is paralyzed and requires an administrator to restart it, but it stays online and is not otherwise harmed, said Mullen, who is a columnist for SecurityFocus.com
Requires an administrator to restart it? Do they mean it basically crashes and has to be rebooted? How does that do anything to solve the virus? Sure it temporarily disables it, but if it's a 9x/ME box there is no "administrator" and if it's NT/2K/XP there may be many people with admin rights. Furthermore, your average grandmother-using-aol-on-her-emachine would have no idea what to do, or that she has a virus, or what a virus is. Temporarily disabling machines doesn't do anything to solve virus problems. The only thing that will solve virus problems is educated computer users, and that is unlikely to happen anytime soon.
In Windows XP, it's called the Automatic Update "feature".
all of the email i've been getting starting on friday. it started with delivery failure messages to people i hadnt sent email to. then i started getting email from virus scanning programs telling me i'm sending the klez virus to people. it's odd because i use pine to view/send email on linux. the email is also being sent by an account i only use to recieve email. i just dont want to get blacklisted or something because of a security flaw that occurs on windows systems.
-- john
It's spelled grammar. At least get that right.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
If Microsoft tied up he bugs in Outlook and finally realised/admitted that secure by default is more important than snazzy and integrated by default
/. You people don't take notice of anything that Microsoft make less than 5 years old. That's why you still think Windows 98 is Microsoft's pinnacle of stability.
You mean like Outlook 2K2 in the Office XP suite that keeps its security settings on a setting thats tighter than a fish's asshole by default? That's right. It now assumes every email is out to get you.
Oh wait, my mistake. This is
This is all despite the fact that many (but not all) of the Outlook "viruses" required the user to actually OPEN the emails. Get over it already.
there goes my karma...oh well
I've only had one full beer, usually it takes a 6 pack or more for me to have to read the headline/intro muiltable times.
LinuxWorx
Spelling errors are intentional as are gramatical error
If they should be able to run code at our computers, they increase the security risk, since viruses may exploit these programs.
That's why this will only encourage more defiance of copyrights - because the chances of any one of us having our security breached is much less if we all insist and expect each other to not support them. I think copyrights are old-world, and the sooner we get rid of them, the better.
It's important to remember WHY vigilante actions are generally illegal:
I can only think of one set of circumstances in which our culture and law condone vigilante justice: self defense of a human being against bodily harm.
It is important to remember that computer crime is almost universally property crime. With rare exceptions there is absolutely no danger to the person of a human being posed by computer cracking, and thus no reasonable basis for authorizing vigilante justice.
actually in computer speak, it is also acceptable to refer to viruses are virii
It's been noted before, but... What's the point of attacking back? A lot of finger-pointing will ensue and "trace backs" will occur... But does anyone remember the when the WANK worm hit NASA? C.H. Chassot is right. You can't put a finger on the originator as being the perp; oftentimes, they may have been hacked, cleaned up, and used as a launch point when the real perps were out of the thick of it. Just like the US had a hard time, and "traced" the WANK worm back to a server in France, in the end it's not always going to be black-and-white. If you don't know about WANK, I'd suggest reading a nice tale that documents it quite nicely.
Never attribute to Hanlon that which can be adequately attributed to Heinlein.
me fail english?
>> it is also acceptable to refer to viruses AS virii
If what we want to do is stop viruses and worms and the like, there's a simple thing we could do that would eliminate over 99% of them.
Just ban all Microsoft systems from the Internet.
The remaining handful of viruses and worms wouldn't be enough of a problem to get the media's attention. We'd want a mop-up operation to stop them, of course. But that would be a minor technical project that the media wouldn't find interesting.
We should have done this five years ago, when it was becoming clear that Microsoft had no intention of fixing the security holes they were building into their systems, and their customers were too clueless to demand fixes.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
It is illegal to attack a machine that is attacking you. It's illegal to release a worm/virus into the wild. However, its NOT illegal to participate in its distribution simply because you're too inept to keep your machines patched. Those who are indirectly causing all the damage will suffer no liabilities as a result. And perhaps punishing them isn't the answer.
However, look at it from the worm's perspective. It seeks only to invade and to reproduce. It doesn't care about legalities or consequences. It will do what its designed to do, and will do so indefinitely until its means of propagation has been eliminated. The vulnerable machines are out there. They will always be out there. And as long as they're out there, there will be breeding grounds for worms.
We need to meet halfway on this one. If we can't attack the machines that are already attacking us, we should at the very least be able to stop the problem. In fact, it makes sense to stop the problem before it even starts. If someone is running an unpatched system, they're going to be the participants in a worm redistribution program eventually. If it has to happen, let it be a benign worm that hits it. Invade the machine, fix all known holes, then propagate to a set range of addresses, then die. No more worms for that host, and in a matter of hours, that exploit will have been completely removed from the world, or at least as well as the worms could find it.
Perhaps at least with XP's automatic updates, these patches might be implemented on a regular basis. However, what about all the people that don't allow themselves to use the automatic update features? There are plenty of pirates and security wary but otherwise legitimate users who won't use the automatic update features. Those machines are just as vulnerable. IF the user isn't willing to patch them, then let someone legitimately be allowed to do so. Or at least look the other way when it happens.
-Restil
Play with my webcams and lights here
Consider. Anything you write is protected by copyright automatically.
Let's suppose you write an email. While it shouldn't be necessary, perhaps you might include an explicit restriction in the body of the email, or at the bottom like lawyers often do: "This material is copyright by the sender and may not be reproduced in whole or in part by any means, including but not limited to reproducing on paper via a printer, forwarding to any other mailbox, storing on punch cards, paper tape, magnetic tape, optical media, or any other machine-readable form of reproduction. If you wish to reproduce this item, licenses are available from the sender for a nominal fee."
Let's suppose you sent your email to the RIAA. They are entitled to exactly one copy, which will end up in the mailbox of the receptionist. This will pose a dilemma, which will probably be solved by violating your copyright.
You might find it necessary to take steps to protect your intellectual property.
I wrote a script on my server web server (that constently gets hit over and over by nimda... about 300 times a day it seems) to use the vonrobility against them.
It uses nimda vonrobility to hit them back and gives them hundreds of popup messages thruout their system, telling them to apply the patch and get some type of security (then the scripts delete themselves).It also applys an "at" command to launch a vbs file on their system to remisystem nd them to get a patch.Just anough to anoy them.
It work seems to work. I impliment this because I work at a very small ISP here in town hosting dsl lines. Our lines are always getting eatten up by nimda, even still. This way it saves on our bandwidth for everyone else to use. The funny thing is that it works. Traffic used by nimda on the network has gone down dramaticly because of it. We applied the program to all the gateways (since they are all linux boxxes). Just added Apache with my scirpt to fish out as many people as possible.
I love it. We get calls from customers yelling and screaming that they didn't have nimda and we prove it to them by emailing them the log file. Some are even thankful. Zac Bowling
No.
So according to your theory, Apache is unreliable and insecure because an exploit is found and therefore because of the installed base it will be vunerable for a very long time.
And I can send you an ELF binary with a virus attached to it and say "I am Anna Kournikova, I'm naked, and I sent you this document to have your advice, so please log in as root so you can see it properly"
Whats your point?
Did they change the original article online? 'Cause I don't see anything like that in the news.com article now.
Digital Cillennium Mopyright act?
A breathless story about how the best defense against [fill in the blank: piracy, virii, hacking] is a good offense at CNet.
Yes! CNet is the root of all these evils for publishing stuff like this! A good offence at CNet would surely be in the best intrest of the public.
I doubt, therefore I may be.
You can find the contributions at OpenSecrets.
You will discover that your favorite politicians are not only 4 sale, but that you can buy them for fire-sale prices.
Tech Public Policy stuff
since this is a continuation on an earlier topic post...
I will likewise continue my reply.
Bring it.
Just like FBI is stinging pedophiles by spamming them with advetisements of FBI-hosted kiddyporn sites, MPAA and RIAA could strike at those showing interest in illegal MP3 warez who surf to their MP3-sting sites.
Gentlemen
I'm e-mailing you today in my capacity of New Yorkers for Fair Use and as President of NYLXS, the New York GNU Linux Scene
Guy's, you have a Congressman down there who is co-sponsering the Bill to allow the MPAA and the RIAA to hack into our computers and steal our files.
I'm starting a letter writing campaign up here in NY to local representitives on the House Judiciary Committee, but your guy is the CHAIR.
How about some political Action Guys. We can come down and help if you think it would be worth while.
I'm sending a copy of our announcement today and my personal letter. Let's get to work or tomorrow there might not be any Free Software to protect!
Ruben
______
NY Fair Use
Your next Political Action has come upon us.
In this article: http://news.com.com/2100-1023-946316.html , there is a misrepresentation of the basic facts of the Berman Bill. The Berman Bill would approve the theft of our computers by authorizing Breaking and
Entering of our computers in our homes if copyrighted material is discovered on our computers. The bill gives Police Powers to the RIAA and the MPAA, but here is being discussed as if it somehow is a computer security issue with viruses.
This is misinformation on the part of the RIAA.
Everyone is to right Congressman Weiner, who is on the same Sub-Committee as Berman, and inist for assurances to vote and lobby against this bill which authorizes Breaking and Entering without a warrent by the Copyright Monopoly Holders.
Also write your local representitive and Senator Schummer and Senator Clinton.
Send a Copy to the NY FairUse list, and send 5 copies to someone in your address book asking them to also write. Send these letters by Fax to Weiners Office. Let's see if we can get a real chain reaction working.
Ruben
_______
Dear Congressman Weiner
Congressman Berman of California's 26th District is proposing a Bill which would steal the private property of every computer owner in America. The bill, designed to prevent peer to peer sharing of files, would give the Movie and the Music Industry police powers are normally assigned only to the state. It assigns them to these private industries by allowing them to invade our homes and enter into our computer systems without a wararnt, to remove our files, or to prevent our lawful use of these files. In theory this would help protect protect copyright monopolies. But a Copyright Monopoly doesn't give a business the right to perform breaking and entering.
This amounts to theft and an invassion of personal property. Some in the press are representing this bill as some form of virus or security bill. The Bill has nothing to do with computer security at all accept that it will create less security for everyone who owns a computer.
I'm asking you to ask that this bill does not leave the Subcommittee on Courts, the Internet, and Intellectual Property even though Mr Cobble, the Chairman, is a Co-Spounsorer. We need you vocally object to the intrussion that this bill asks for on the public, and question it's constitutionality.
My vote depends on your action on this matter. This kind of legistlation is something to expect our of the Peoples Repulic of China, not a free Society like the US. If we can't protect our private property from invassion of people like
the RIAA and the MPAA, then how are we different from a Communist Dictatorship?
This bill is asking for the legalization of Breaking and Entering be a bunch of GOONS.
Ruben Safir
President of NYLXS and Co-Founder of New Yorkers for Fair Use
http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com
I found it funny that when I wrote quite a long email letter to Bill Berman about his bill and he or his office wrote back saying 'thanks, but I won't respond to anyone not in my district'. I cannot conceive as to how this can be anything but a violation of the 4th amendment. The Government's hackers can violate your machine and not let you know (which is worse than having the police search your house with a warrant), and if they cause any damage to anything, you must file a complaint and be given permission to take them to court. Of course, since you don't know the government was in your computer in the first place since they didn't tell you, it's hard to know if a file corruption is the result of a hack or a piece of ill-written code or whatnot. And even if you can prove that it was the government, and they caused damage, you can only sue if they did more than 250$ worth of damage. Hollywood now dictates policy on your right to privacy. Anyone in Berman's district, please send him a nasty letter for me.
"We must still have chaos within in order to be able to give birth to a dancing star." --Friedrich Nietzsche
after fleecing J. Public, & the artists it was commissioned to serve, the recording/entertainmeNT industry now sets about power&controll phreaking itself OUT of its targeted 'market', with the help of "our" lamo/corrupt "gov't.", whois buy this, & other similar actions, alienating itself further from its already discouraged constituancy.
how appropriate. we'll not buy ANY media product from ANY publisher whois seeking to "do things" to our PCs/networks.
just vote with your wallet. megasloth.con will only take a few minutes to get the "message".
If someone punches me in the nose, I can kick him in the nuts. And if he's a better, wiser person for it, so much the better. Now that doesn't mean I can incinerate him with one of my thermonuclear weapons, kill the whole town, beat him to death, or even go all ninja on him until I get that "so sweet I want to crap my pants" feeling.
AFAIK I get to beat on him till he quits, unless I want to skip right past go, and land my ass in a place where "getting doubles" has nothing to do with dice.
--Jimmy has fancy plans; and pants to match.
Oh yeah, I'm sure there a not bugs in the newest version of Outlook at all.
Yes, I have Outlook 2k. It's an annoying POS. It's got bugs. The bugs I've found aren't security flaws, but it definately has bugs.
The damn progam won't let me change it's settings to view all emails as plain text. That means every time there is a bug in the MS HTML rendering, I could get hosed. That's totally goddammed insecure. That's not tight security at all. What planet are you from? Does MS pay you to troll for them or do you just not have a clue?
Life is too short to proofread.
Ninjuses
Bad editing leads to abrupt transitions. Here we go from "Striking back against a computer that is attacking you" with a worm to this:
Whah? Then we back off and contrast that approach (placing "destructive decoy digital files into peer-to-peer networks to penalize users") with the hack-back the story was really written around.
It's almost like the editor wanted to nod in the direction of the latest legislative "anti-hacker" move, whether or not it really had anything to do with his story. That's all. No "bandwagon." Just bad editing. Given the state of /.'s stories, we should relate.
"Fundamentalism" isn't about divine morality. It's about human authority.
Did this strike anyone else as funny? Since when does the Department of Defense care about "collateral damage"?
ok , so it gets made legal in the US , does that mean that it then becomes legal to 'disable' machines in say.... China as well, how do you determine the machines physical location (machine location not IP address) and which countries law is actually applies.
perl -MIO::Socket -e 'IO::Socket::INET-new(PeerAddr="some.windoze.box:1
Going down this road will be too dangerous and expensive. The liability for hacking/crashing the wrong computer (or in some cases even the right computer) are to high. Take hospitals for example. Some systems are running medical applications that are critical for patient care (monitoring, diagnostic, etc...). If these systems were to be shut down, that would be very bad. If the hospital network they are attached to is attacked (yes, doctors reading their email are just as gullible as anyone else) it could also affect these patient critical systems.
Hell, even hacking these systems to verify they are the source of the problem, be it mp3 trading or virus propagation could be illegal. New HIPAA regulations (Health Insurance Portability and Accountability Act) will make unauthorized access to any patient records/information a crime.
There are to many variables and unknowns for this to be enacted. Hopefully the old men on the hill will realize this as well. If not it will surely be ammended after someone f*cks with the wrong system.
"What do you mean I'm in trouble for hacking? The email containing the virus said it came from the pentagon! It was self defense, I swear!"
The really silly thing about "virii" is that the worst is so obviously a product of stupidity: you can almost imagine people thinking, "Gee, I sorta remember this word 'radii', so I guess the plural of 'virus' is 'virii'!" In a similar spirit I've seen "compi" (plural of "compass"), "serii" (plural of "series"), and "stati" (plural of "status".)
Moral: if you don't know Latin, leave off pretending that you do. "Viruses" is a fine English word.
hyacinthus.
I am. Fair is fair, and using honeypots, fake .MP3 file ("Chirpers"), and bogus file servers are legit. In fact, these "new" techniques will be used to slow down piracy and catch people who are doing things that have been against the law for at least 100 years in this country.
"Hi, I'm from Al Quaeda records, and I'm here to hack your computer!"
Enough said.
Board THIS up!
Or... wait, wouldn't he need the time machine from the future, so really he acquired it *after* he got the 486?
*gzzt! Poing*
GMFTatsujin
If "computer speak" is also rooted in Latin, then it is either viruses or viri. Who knows where the second 'i' in virii came from. People just pulled that out of the air.
"The defense of freedom requires the advance of freedom" - George W Bush
Actually, considering that the Japanese language has no sense of a plural word, ninja would be correct for describing 1 ninja or 1000000000 ninja.
A lot of the discussion is about the allowabilty of defending your machine by hacking an attacker. But what M. actually talks about is attacking another _victim_ to minimize your own losses. Just because you know how to do it. Robert Nozick once asked if it was moral to use a ray gun to vaporize an innocent victem who had been thrown at you at 10m/s squared. Sortof. Damn, I love that idea. Well, this is more like having innocent victims thrown at your front lawn and vaporizing them to protect the imported roses. Because you have a ray gun. -jon
I guess your comment makes sense when a crime is over and authorities can step in on time to prevent additional crimes. This is pretty unlikely on Internet. For Code Red, the worm will keep trying to attack hosts in my organization whereas by automatically patching every attacking node I can put a stop to it. For DOS attack in progress, I am still suffering from a "crime". And if someone just stole my credit card list, well if I can hack into that machine and delete it, it's much better than wait until it is posted on an IRC channel.
Also remember that if there is no danger to life from hacking, it also applies to my counter-attack, as long as I limit myself to stopping the crime in progress rather than doing format c:. If I am wrong I can just say sorry and your machine will be left with little damage.
all bunch of stupid shits, stop the kingdom of nerdom, there is new revolution in town
"Indeed, the ideal for a well-functioning democratic state is like the ideal for a gentleman's well-cut suit- it is not
I also live in Colorado, and as I recall the "make my day" law it does NOT give us the right to use lethal force to protect our property.
That said, the law does provide an affirmative defense if you kill anyone in your house - the state must prove that we shot them even though we knew they posed no personal threat to us or others; we do not have to prove that we perceived a credible threat before we can claim "self-defense."
In practice, this is an impossible burden in most cases (excluding cases where one resident kills another), so it's a de facto acceptance of lethal force to protect property... but it's not absolute. You certainly wouldn't want to make this statement to the cops who first show up on the scene and want to know why you have a dead guy in your living room, next to a displaced TV.
(IANAL, etc., but I am a gunowner so I follow this material.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I can understand the desire to defend against worms, but there are other methods. Check out this worm detection system that the Institute for Security Technology Studies is working on:
http://www.ists.dartmouth.edu/IRIA/projects/dibs/
Buzx
Adventavit Asinus Pulcher et Fortissimus
No, grammer is spelled grammar. It's spelled it. Actually grammer isn't even a word so it naturally has no spelling. I had it right, but I had grammar wrong. I mean I had spelling wrong. The grammar was right but it was spelled wrong. I mean grammar was spelled wrong. Grammar was spelled grammer I mean, which was incorrect. Not that I intend to say that incorrect is spelled grammer, but rather that the spelling of grammar, which was grammer, is incorrect. There's no way out of this, is there?
Maybe if I say something like 'time to burn some karma' I won't get modded down for this worthless drivel.
It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person.
Great. I guess we might as well get rid of the Department of Defense, if they're not going to bother to take any active measures. I guess that whole Afghanistan thing with the "unavoidable civilian casualties" was just a figment of our imagination.
Software sucks. Open Source sucks less.
Grammer is indeed a word; it's a town in Indiana, and the spelling of the word shall be Grammer. That seemed out of context and was not capitalized, however, so I took the liberty of assuming that you had actually meant grammar.
There's no way out of this, is there?
I think when we both run out of karma it'll be finished.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
It's not as effective as attacking their machine in response, but it's completely legal.
"Before enlightenment: sharpen claws, catch mice. After enlightenment: sharpen claws, catch mice."
Ever heard of Allison Transmittion? They make automatic transmittions for use in semis and other heavy duty uses. Infact they are considered one of the best transmittion makers out there. Many fleet operators won't buy a truck unless it has an Allison transmittion.
E.g.: I have a computer at work that runs win2k that I have yet to install SP2 on because SP2 is known to have issues with Novell (and we run a novell/AD network). We're trying to migrate away from novell, but as long as it's in use, I can't just break it for the sake of a "more secure" computer.
FreeBSD for the impatient.
There was an article here (Slashback?) a while ago where some site (advocacy.org?) accused people doing an HTTP HEAD of breaking into their site or otherwise violating their terms of service. Possibly a troll, but...
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
Dead conversation, but I HAVE my C-64 still in my house...
Lots of ASM went through that keyboard... B-)