Slashdot Mirror
Life-Ruining Browser Hijackers
LehiNephi writes "If you're not diligent enough at whacking malware on your computer, you could end up in jail, whether or not you actually did something wrong. Hijacked browsers can not only annoy you with a never-ending string of pop-ups, they leave a less-than-virtuous browser history behind on your computer. This guy claims that some piece of malware hijacked his home page, opened an unstoppable chain of pop-ups, and filled his cache with porn. He now has to register as a sex offender, even though he denies that he did anything his computer says he did. Makes me glad for built in pop-up blocking in Mozilla."
The Browser made me do it!!!
I would think the justice department would be able to see if all the images in the cache were dated from that one single event or if they were spread over time. If he's telling the truth, it should be easy to prove.
A very convenient excuse.
He was probably looking at porn in the first place. Not that I think that condones him being a register sex offender. But that was probably what started his sexual onslaught. (A lot of the porn sites love browser tricks, just one more reason for the avid geek to use Mozilla.)
used by many a "real" sex offender.
"Honest, it was a trojan your honour"
Was the guys cache filled with child porn or something?
How does looking at porn make you a sex offender? If it's illegal then arrest me right now.
While I respect this guys rights and wouldn't presume to accuse him of anything, I certainly cannot defend him without reading the court transcripts. ANYONE who was caught in the act of downloading kiddie porn would claim their PC was "hi-jacked" so I don't think this is a defense of any kind, in and of itself. I don't think the feds are technically literate, but I also don't think they're fools. I have a hard time believing they charged someone with downloading kiddie-porn when all that really happened was he saw some pop-ups, like you and I (unfortunately) see a million times a day. Something else took place here.
But now the Transponder gang (ABetterInternet) are making .xpis to install their shit in Firefox/Mozilla.
And yes, CoolWebSearch is a goddamned pain to get rid of. New variants are immune to Merijn's CWShredder; they require specialized tools (pv.exe, TheKillBox) to remove, and some even require booting to a command line (nearly impossible in XP/2000).
One guy at my office accidentally got some CWS variants on his machine, and the IT department - myself included - went through the router logs (school district, have to keep the logs, state law here) to see where he got it. This resulted in his getting fired (free pr0n site, and yes, he was logged in as himself).
In short, these little bastards really _can_ ruin your life and your machine.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
I seriously doubt that anything would be convicted as a sex offender just by a hisory of websites that his browser had been pointed to in the past. There has to be more to this than what we know.
I may be expecting too much here, but it seems logical to me that even the most clueless luser might suspect that something was amiss if a flood of porn started popping up out of nowhere and at least ask a literate friend what's up. Like the first poster, I'm a little suspicious that this type of problem could go unnoticed for very long.
"My wife and I separated for a time because she thought I was looking at porno"
Something must be really fscked with your marriage if this is the case - the computer is not at fault here.
After all, how often do you see pop-ups with child porn on 'em? I certainly know I never do, even when I'm forced to use IE
The dude in question claims that he bought the computer on eBay, which is a whole other ball of wax. If you buy a used computer, and can prove you did so, are you legally responsible for what might have been on it when you bought it?
I totally have no idea what the right answer to that would be.
I love Mozilla Firefox, love it. The AdBlock plugin and a custom host file keep me free of almost all ads, flash banners, and otherwise annoying Internet ads.
However, we like to preach about just switch and all your problems go away. For the most part that holds true, a switch to Linux, or even just Mozilla infinitely improves the quality of the computer.
However, most of the spyware comes as a result of user initiated stupidity or ignorance.
Now I understand stupid default choices by Microsoft and browser cause most of these problems, but if Linux does become a major player on the desktop (god willing) I think we will see more crappy scumware. Linux isn't a magic pill, just a better designed OS. It isn't idiot proof.
Right now I'm going to keep on recommending Firefox and keep getting signatures to get my school to, but in the future, I hope at least most of these problems will go away with the switch to linux (but I doubt it).
Where you don't need to do anything damaging or hurtful to commit a crime, just have the wrong information on your computer.
Yay for removal of civil liberties. Oh did the sites any of the images came from get sued? Of course not, it's not their fault they're publishing illegal material (if it even is illegal).
Because we all know looking at pictures is bad. I mean people always do bad things they see in pictures, right? I just can't wait until they finish the thought listening machine so we won't even need pictures for evidence. It'll just be "Hey you! You had bad thoughts about that person, you're obviously going to act on them, get in jail!" Or "Hey you, you thought about doing drugs! We can't have people using untaxed substances to enjoy themselves without hurting others, get in jail so you can learn to become a good consumer of only the harmful products our society approves of and generates money from at the expense of public health!" or "Hey you! You thought the person in charge of this country might be wrong! That's obviously not allowed, come here so we can kill you!"
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
Spybot Search & Destroy (best and most up-to-date IMHO)
AdAware (the original big one, not as up-to-date as Spybot S&D, but it still catches stuff Spybot doesn't)
HijackThis (for the really nasty stuff that the others don't get, though this can mess up your computer if it isn't used properly)
SpywareBlaster (it isn't as good as the others mentioned, but it still couldn't hurt)
What if this signature were clever?
Heh, last time I visited my parents my mom complained about all the porno pop-ups. I was like *holy shit* when she showed me what was going on.
:>)
:>)
Ran ad aware and she had about 280 spyware/crapware programs on her PC (goddam elf blowling program
After we ran that and Search and Destroy, installed Mozilla and ZoneAlarm her system runs much better.
I can see a shred of thruth in this guy's story, but all my porno is placed on my system on purpose (and no, no kiddie stuff
-mb
The root of the problem is that your systems are not correctly configured. You should not give administrator/root access unless they're a systems administrator, and they know to use it only to do administrative stuff. NEVER run a web browser as an administrator.
I made a script that will fix a lot of the symptoms, and part of the problem, for windows machines. It will not fix the user issue though.
http://www.jordanmills.com/prunev3.vbs
funny munging
Not only will Mozilla (and Firefox)'s built-in popup blocking help you. They also do not support ActiveX scripting. You have to get a plugin for it, and even once you have the plugin installed the controlls are tighter.
Who's the moron that thought it'd be cool to embed executable code in a web page anyway? Well, he's not as big of a moron as the guy who let it execute ANY code.
Bugs are just features that have been fixed.
This reminds me of the saying "Nobody ever got fired for choosing Windows".
"No, but it did get someone registered as a sex offender."
Malike Bamiyi wanted my assistance.
what's the best way to get rid of this crap?
And for the love of all that is holy, tell everybody you know to stop using IE. If you're the tech support guy for your friends and family, have them start using firefox. Because sooner or later, if you don't, they'll get CWS and you'll be at their house helping them for a LONG time.
a Mac. Nobody knows that I am a perverted sex offender!
Whoops, should have posted anonymous...
eleven plus two / twelve plus one
For example, here's an absolute rule:
If there is no intent, there should be no crime.
And here's some common sense: while you can deduce intent from physical evidence and documented actions, it's the evidence and actions of the suspect that make the crime, not the idea. What your rule demands is that we prosecute thought crimes, and only thought crimes.
The man probably didn't want to open up the string of popups,
That's a good guess, but how accurate is it? How trustworthy is it? How sure can you be that the man did not want to open all these pop-ups (either for their own sake, or as an acceptable side effect of some other intentional act)? Shouldn't you be looking at the actual physical evidence and documented activity, in order to determine what crime has been committed, and by whom? Basing your investigation on a wild-ass guess about the ideas in the head of the suspect doesn't seem very much like common sense to me.
therefor is not responsible for this.
Once again, absolute rules screw common sense.
Any sufficiently well-organized community is indistinguishable from Government.
Animal porn popup causes guy to lose his job and ruins his life. Farmsluts
"We can't solve problems by using the same kind of thinking we used when we created them."
Malware is here to stay. I clean it of the computers of friends and family constantly. You can't hide behind Mozilla -or anything for the matter. You can use Ad-Aware or the like, and that's about it. I gave up on trying to make others understand what 'safe browsing' habits are. Malware no longer requires you to click 'ok' to something. It just hijacks your system on page load. I myself had a Java based trojan install an ftp daemon in my system folder with an INI file that had accounts named 'xdcc-warez' etc.. I am very secure, but I wouldn't have known about this intruder unless my firewall would have reported the ftp daemon opening the port.
I have tried many types of virus protection and I refuse to run them. Symantec 2004 'Pro' or 'Corporate' is EXTREMELY intrusive. With *ALL* the auto search and protection off, it still runs many services that take over 15mb of ram! McAffee and everything else is about the same. I am all about performance, I will not have adware and virus protection software scanning every file written to my HD, every word doc I open, email I send, or page i visit; that's ridiculous; not to mention with all those things of, the services are still there for some reason. Also, I don't need a HUGE GUI interface with animated gifs and crap.
Spyware is here to stay, get some somewhat non-intrusive software to protect your family and friends, and as for yourself, I guess just check your firewall, and/or have it alert you when a weird program or service wants access.
I received this link earlier today as spam... It took all the touble out of trying to find free porn on the net - thanks browser hijackers, whoever you are!
evil link to hijack your browser and force fee you porn - windows users click link at your own risk
Being labeled as a "sex offender" will ruin your life forever in America. Once your labeled, I don't think there is anyway of getting rid of this title. I call it a title because it's exactly that. Try getting a job with a future employer. Try finding a place to live. Try anything. Once you're labeled, the stigma ostracizes you from the rest of society. It's enough to make you flee from the country, or commit suicide.
I guess what I'm getting at is this. If your going to be labeled as a "sex offender". The government better damn well have compelling evidence to label you as one. And I don't think having porn on your computer counts. Sex is natural and part of human nature. It's only when it becomes "offensive" to others around you that's at question.
Life is not for the lazy.
If there is no intent, there should be no crime.
Without telepathy, how can anyone really prove intent? All you fancy lawyer types can spew all legal code you want. It still boils down to "what was in his head". The best way to find that out would be to feed him a litre of vodka, I suppose.
What?
Ok, here's what prolly happened:
- Dude with his drive in two partitions downloads a bunch of pr0n and stores it on
/dev/hda2 (or Windoze equivalent) - Porn-viewing dude decides to sell his computer on eBay.
- Realizes that he can't very well sell it to someone when it's got child pr0n on it or he'll be goin' to jail
- Nukes
/dev/hda2 partition and thinks "ok, it's gone now. I'm in the clear". - Sells it to "Jack"
- Jack gets his computer analyzed by the cops.
- Jack gets fucked by the system.
Can I be a reporter now?"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Use OS X
No documented virii, worms, spyware, or trojans to date. Yes, there was a trojan proof of concept. No, it has not infected anyone.
The next pasture is always greener
Out of interest, when I rebuild my home server recently, I installed a fresh Windows XP (with SP1(!)), but nothing else. Then pointed my browser at www.netants.com (that site would probably deserve a good whacking) and sat back and watched the show.
Within five minutes, there was porn everywhere. The browser homepage (which also downloaded new tasty bits of spyware whenever the browser was launched), the favorites (it would take a determined smut-lover months to accumulate a list of porn sites that long!), the browser history, lots of links on the desktop, porn quick-bars, search bars, the start menu, and every other piece of mal-, spy-, ad- and crapware under the sun.
The scary thing is, I did not click on any buttons, links or otherwise. The website simply exploited IE flaws to install all this crap.
I then ran ad-aware and spybot search and destroy and the amount of shit that had been installed in about five minutes was absolutely staggering! After that, I continued using the machine for a few minutes, but could not shake the feeling that there was still a fair amount of *ware left on the box. I had to repartition, reformat and take a shower to feel clean again.
So it would be all too easy for Joe User, who does not quite grasp the concept of IT security in general and the necessity to upgrade in particular, to stumble upon a site like that and catch all that junk. After witnessing this, I will certainly be migrating my parents and other relatives to Linux/Mozilla as soon as I can.
I have now prepared an old laptop that I can restore quickly by re-ghosting with a virgin XP install. Every time I need to impress the importance of updating, configuring your system properly and generally staying away from MS software, I take the laptop along, open abovementioned site and ask people to clean up the machine. Normally they give up in disgust after firing up IE for the first time. Might be an idea to do that in court, too.
I asked for a refund - and got my monkey back.
I had something like this happen to me, but fortunately I wasn't arrested or fired: One day a while back I decided to clean up my Windoze computer a bit and logged into the default account, which I hadn't logged into in a long, long time -- typically I log into my own account. There were a few shortcuts on the desktop that I hadn't remembered puting there, so I double clicked on one of them and it took me to a kiddie porn site. I was not amused. The other shortcuts were also to kiddie porn sites.
I called up my ex-girlfriend, since she was the only other person who had ever used this computer, and I started ranting at her about how could she have been so cruel as to play that kind of practical joke on me. She clearly had no idea, however, what I was talking about.
So, it must have been some sort of virus, worm, trojan horse, or web-based vandalism that put those links there. Thank goodness I found them before letting a guest use the default account!
|>oug
Never existed?
So who do you think launched all those tons of chemical agents on Iran in the Iran-Iraq war? Who gassed the Kurds with nerve agents? Who? Was it Haiti making secret bombing runs over the Middle East to dump chemical weapons on villages and battlefields in the 1980s in your fantasy world?
That Iraq had weapons of mass destruction -- that the weapons did exist -- is as incontrovertable a fact as the use of chemical weapons in World War I. The only question is if Iraq hid them or destroyed them before the Second Gulf War.
And either way, Hussein deliberately acted in such a way that the only conclusion anybody on the outside reached -- and that included the UN, France, Germany, Canada, and Russia -- was that he had retained them. Everybody thought Iraq had them; the only controversy was over the method of getting rid of them.
And now we've got uninformed or lying partisan idiots like you making claims like Iraq -- which killed more people with nerve gas than any other state since Nazi Germany -- was invaded "to get rid of weapons that never existed."
Fuck you.
London
Tuesday, 21st June 2004
Today, 23-old Welsh Web designer, Nomis Rollav, of Llandudno, North Wales confessed today for making the 'sextoy' computer virus and releasing it to the net. As one may have heared, 'sextoy' virus installs illegal pornograph and banned music content onto people's hard drives before spreading. The virus itself is quite clever, it tries to simulate a frustrated adult male anywhere between 3 and 5AM, it starts at one of 10 common sex portals and slowly browses, in a random sort of manner to other portals. It downloads to the unsuspecting user's computer videos of child pornography and even sodomy.
Where most viruses do minimal damage, or at the very most wipe someone's hard drive; the 'sextoy' virus is far worse. It has lead to a string of divorces across the bible belt of the United States. It has also led to widespread firing of employees in several fortune 500 corporations which have a zero tollerance for pornography. At the peak of the virus's life, it had prompted the jailing of innocent US victims by John Ashcroft and the US Justice Department.
When asked if he was repentant, Nomis replied: "Well, I'd do two things differently if I had a chance. First, I'd find some way to piggy back on other people's habits, for example, if they go to Fredricks or Victoria Secret regularly, I'd make sure to mix the vits to child porn sites with visits to their normal viewing habits. Second, I'd build an IM client support so that the virus can attempt to corner policemen disguized as underage females. Third, I'd make the virus a bit more self limiting; this one was far too successful."
Legal scholors across the globe are wondering how to make viewing illegal pornography enforcable. The recent push-back on legislation happened when US Senator Orrin Hatch's own computer became infected causing him to be picked up, accidently by the "p0rn police". The very next day Senator Hatch introduced legislation making it a terrorist act, and punshable by death, to make viruses which spread pornography. The legislation also makes those with assets of more than one million dollars immune to the anti-porn laws. Senator Hatch was not available for comment.
Its pretty stupid that we've got to the stage where simple web scripting can have so much control over your browser/computer. It seems that javascript for example was designed with no regard to security, or more likely badly implemented by the likes of Microsoft. The plain and simple fact is your browser should stop bad scripts and/or ask you if you want to allow something, its certainly not rocket science to implement that people come on - were talking "if script wants to open/close a window or go somewhere, ask user first" thats about 3 lines of code that should have been implemented back in IE 3, why wasn't it?
To a certain extent its now appearing, IE will tell you "This website wants to close a window, do you want to allow it?" too little too late. Most other browsers have built-in pop-up blocking but even they took their time. Its basic security-101 that if you're dealing with a script that can be run by anyone you restrict what it can do. Same thing goes for Microsoft Outlook VB scripting. If people implementing these things weren't idiots we would have actually gone through the 90's with out annoying pop-ups and Outlook worms!!!! can you believe that??!? Microsoft is pretty much single-handedly responsible for opening these holes and for nearly a decade no-one has pointed fingers!!! Can i even add any more exclamation points or question marks?!?!?!?! Ok so its not just MS but mostly it is, given their browser share.
Other than web scripting/activeX etc. etc. which could be easily secured, there's real OS level holes, and tricking users into downloading and running things. Again who do we all need to point at? I don't expect every computer user to know that downloading random programs can be bad, but at the very least warn them! or at least run that program with limited permissions automatically unless they override it!
I just cant understand why all this is allowed to happen? someone please explain?
This comment does not represent the views or opinions of the user.
Oh, yeah. Let's play another round of "blame the victem"! Excuse me while I kick you in the Jimmies.
I've seen browsers get hijacked like this from people who I know for a fact were not looking at porn. I've had to clean a lot of them out at my job and I know from looking at the firewall's logs that these people were not visiting porn sites before their browsers got hijacked.
And yes, you ARE condining this poor bastard being marked as a sex offender.
Boobies never hurt anyone. - Sherry Glaser.
Security expert Bruce Schneier has talked about what he calls the trojan defense. He mentions several cases in which an illegal action was traced to a specific computer system, but the individual who was at the system claimed that a trojan horse was responsible for the action. In one case, an individual was suspected of launching a distributed denial of service attack, but they were acquitted after arguing that a trojan was responsible. In two other cases, individuals were charged with downloading illegal porn but were able to get the charges cleared via the trojan defense. Bruce Schneier supports the idea of this defense, but others might not.
mmmmm.... F-Prot... Run it on a 200MHz Pentium with 64MB of RAM and you wouldn't know it was there. Small program, small memory usage, and updated almost twice a day.
*twitch*
The site below can popup-flood Mozilla or IE.
WARNING: Site link below will flood your browser with popups of scat and child porno.
http://lm.pleaseeat.us/
Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.
When I hear "unallocated space", I think of, i.e., unformatted filesystems, unpartitioned hard drives, etc... Maybe they're referring to "deleted" files? A file would end up there from the cache if he clicked on the "empty cache" button fer chrissakes.
So, shall we vote whether to consider this poor shmuck the first casualty in Ashcroft's "War on pr0n?"
http://plextor.bounceme.net/
No I'm not going to link it; you can paste it yourself. WARNING, it goes to a browser hijacker that puts up a cascade of goatse.cx variety shock pictures. Not work safe. It completely wedged Mozilla 1.6 when I clicked on it. I didn't try in 1.7. Blecccch. If you look at it, don't say I didn't warn you. Note that if you turn off Javascript, you just see a blank page.
The JS in it also tries to capture the text from your clipboard and send it to the remote server, though I hope Mozilla isn't stupid enough to let THAT operation work.
You can't hide behind Mozilla -or anything for the matter. Lynx :-P
You know, there are people in this world who literally spend one million dollars to broadcast a television commercial that is 30 seconds long. One million dollars.
Are they fools?
No, they are business men and women, who know that in 30 seconds they can make a change in people's behaviour that, collectively, is worth more than one million dollars. Any individual - most individuals, even - won't have any change of behaviour, but a measurable number will buy the advertised product because they saw the ad.
I keep hearing people claiming that hours and hours of sex and violence on TV don't change people's behaviour, or that looking at porn doesn't change people's behaviour, that "there's nothing wrong with just looking". Really? So all these advertisers are wrong? Sorry, they are very heavily researching, and are also putting their money where their mouths are, and I believe that they know what they are doing.
This stuff does change people's behaviour. Not the behaviour of everybody who looks at it, but enough people to matter.
Sure you can, you can get a Mac. :))
(sorry, I hadn't seen anyone say it, and there is a quota, you know
It's amazing how much of a pain in the a** this stuff is. Now, not only do you have to run AntiVirus SW, you now have to run AntiMalware (Spybot S&D has my vote currently)
Mind, you I just finally snapped after seeing one VONAGE(May they rot in hell) ad too many and installed Privoxy.
I'd been using the Ad blocker Pith Helmet for the Safari browser, and the built-in ad blocking in OmniWeb, but Privoxy is really nice. Win/Lin/Mac versions, too. Beats the hell out or writing all those RegEx blockers myself.
So he could have been punished even after he thought he rightfully deleted them!!! That's right folks, if they want they'll not only go thru your caches, but also run an undelete program against your disks! That's simply not fair!!! because at that point, your not "posessing" the material anymore.. even your intent was to remove them! that's a VERY dangerous slope!!
I have had zero viruses, worms, malware, spyware, etc... in the ten some years I've been using computers. Yes, this includes my Windows computers. It's possible.
But they apparantly still filed a police report.
Quite possible a false police report? Either way, it wouldn't be a bad idea for the DA to open up a little investigation into the company's IT department to see if they were withholding anything, or intentionally overlooked things.
Something doesn't smell right about this case. I've got a gut instinct that company of his found an opportunity to make an example of him for the infamous "no personal use" policy, and decided to exploit him... and it just got out of hand.
Do you have any sources/proof that the UN, France, Germany, Canada, and Russia agreed with the US's estimation of Iraq's WMDs just prior to gulf war II?
Until lawyers get technically savvy, laws affecting technology will be terrible.
Laws affecting technology will always be bad until enough techies become lawyers.
In most areas you can legally record any conversation you a part of, i.e. in the same room as you.
Such recordings may or may not be able to be used in court, but never the less you'll have the truth of what happens in any situation well documented.
I also do not see why more people, including highschool students who are being bullied, do not bother to carry a recorder. It seems people suddenly are no longer assholes at the mere hint they are being recorded. Go figure.
a public attorney is awarded a wage, that is added to the fines of the convicted person. it isn't worth their time to go to trial and waste a bunch of money when they can just get the defendant to agree to a plea and at that point count on a thousand (or more) or so bucks payoff RE that case all for just visiting jail a few times and showing up in court once or twice.
from all the people i spoke to (yes, spoke to *in* jail who were serving time) it's common to sit down, and have them tell you you're looking at 3-4 years in prison (this of course varies) and recommend you just take a plea, all without even fucking asking about your side of the story.
yes, i'm bitter about it, but even moreso i'm angry for all the people whose lives get caught in the justive systems interminable process of rapid conviction commerce.
i can give you one rule, and it of course might be more obvious to some than others (like a frightened 18 year old in jail, or anyone else really) is that ALWAYS get a private defense attorney, NEVER trust your life with a public defender.
- I'd prefer not to.
I've seen a similar scenario up close, except that it was her husband and her brother that she accused of sexual abuse of the children. She had been going to a "religious" group for years and basically had been inducted into a cult; apparently when the husband started objecting to how she was siphoning money to these crooks they told her to make these false accusations in retaliation.
The men wisely chose to fight the charges, and both the brother and the husband ultimately were completely exonerated. The husband won custody of the children, and the accuser has lost all credibility. Before he was cleared, the brother, who had just finished eight years of grueling 120-hour weeks to build his medical career, spent about six months wondering if the next knock on the door was going to be the police come to lock him up and destroy his life in the blink of an eye.
Playing the pedophilia card has become a weapon for vicious and cynical people; it's easy to horrify juries with graphic descriptions of pedophilia, and children can be coached to say almost anything. Lives have been ruined, careers destroyed, and children traumatized almost as much as if true pedophilia had occurred.
This is not to say that there aren't plenty of pedophiles out there who need to be incarcerated to protect society, but it's such a travesty of justice that someone could easily wind up in jail or on a sex offenders list for the rest of his life as the result of a false accusation. If the accusee is innocent, plea bargaining is never a wise move, no matter what one's lawyer advises. Lawyers are out to help themselves, not their clients. Fight them, take lie detector tests, show them your home PC, whatever it takes to establish your innocence. This Russian guy was tragically mislead by a crook with a law degree; I hope he can somehow clear his name but he's into it pretty deeply now.
it's = "it is"; its = possessive. E.g., it's flapping its wings.
Bugger that. If you get a new machine, the very first thing you should do is.
NUKE and PAVE. Properly. Boot KNOPPIX for this one and run 'dd if=/dev/zero of=/dev/hda' to completely wipe the drive. If you're really paranoid, do it several times.
This will get rid of whatever crap the last used had. Warez, kiddyporn, stolen government documents, whatever. You don't need it.
Once you have the base install sorted out, burn all the drivers your hardware requires onto a CD. Put zonealarm, adaware, spybot, java, flash, acrobat reader, etc on the same CD so you don't have to keep downloading them.. Keep a copy of TheOpenCD handy too, and you'll have most of the decent OSS software right there.
It only takes a few hours to completely reinstall Windows and a bunch of OSS apps, which is all most home users really need. And never mind windows updates; if you're behind a good firewall and not using MS's bundled swisscheeseware (IE/OE/WMP) then you probably don't need them.
If your computer is slowing down or acting weird, run spybot, norton, etc. If that doesn't fix it backup your data to a CD, and NUKE and PAVE.
If it's been a year since you last reinstalled; backup all your data and NUKE and PAVE again. You'll be surprised how much better things run on a fresh install.
Seriously. Why are people so afraid to format and reinstall their damned OS? It's not like it's difficult or anything!!
455fe10422ca29c4933f95052b792ab2
"unallocated space" means simply, that there are no files actively stored at that address (innode, or whatever you want to call it).
It means, that a file was once there, and was "deallocated". Delete is somewhat of a misnomer, nothing gets deleted in a delete operation. The file is marked as non existant, but it's soul remain, until the file's address is written over again.
Lost clusters is an error that's usually associated with a hardware failure. Clusters are maked as lost when they're no longer usable for write operations (presumably because the surface of the disk was damaged). This was a big problem in the 80's.
"We found the gun, and the bullets match the ones found in the body. Additionally, there was video evidence of the killing, and we found traces of the victims blood on his shirt. He claims he was visiting his mother at the time, and has no idea about the blood and the bullets. If he was out of state, his mother should be able to verify his claim"
"Outragous! Whatever happened to 'innocent until proven guilty'???"
For those of you who don't get the example, nothing happened to "innocent until proven guilty." The phrase means that, up until you have been proven guilty, you are not to be treated as though you are guilty. What it does NOT mean, despite what everybody seems to think it means, is that you are not required to prove your innocence. You most certainly are. However, the prosecution is required to prove your guilt. If the proof is so flimsy that you do not have to defend yourself, it most likely would not go to trial. However, if the proof against you is solid, you will be convited unless you prove your innocence. Optimally, it would not be possible to prove somebody's guilt unless they were, infact, guilty. However, the world is not perfect. There are instances where evidence indicates you did something that you did not. In those cases, you can and should present an alternative explanation of the evidence. Presumption of innocence does not enter into it. This guy is not at all required to prove that a virus/trojan/worm downloaded the pornography. However, there is 100% solid evidence that he had said child pornography in his possession. If he does not prove his innocence, this is a sufficient proof of guilt.
ASCII stupid question, get a stupid ANSI
"It is not by any stretch of the imagination a victimless crime."
I've yet to see strong arguments or studies that child sexual behaviour with others is always necessarily harmful. (Few studies probably because anyone studying this issue is strongly frowned upon, esp. if you present any scientific evidence contrary to the mainstream perception that sexuality is harmful).
More to the point, if the standard of making images illegal is that there are 'victims' portrayed, then surely violent news and movies (or any other images of illegal activities) with victims must similarly be outlawed in your opinion.
Any individual - most individuals, even - won't have any change of behaviour, but a measurable number will buy the advertised product because they saw the ad.
Wrong, wrong, wrong.
If this was the case, why haven't I got a giant stack of tampons here? I'm a guy, I don't use them, but I see all these advertisements for them, and by your logic I'm therefore compelled to buy them.
Unfortunately your logic simplifies things too much. You don't see an ad for shampoo, run out to the store and buy Head and Shoulders, and return home just in time to see an ad for Zest. No, there is a higher level at work here in rational people. An ad for Brand X Foo works because you need Foo and because you saw the ad for Brand X. These two combined cause you to act. I suspect even in irrational people something similar occurs, except that for those people up late nights compulsively dialing every toll free infomercial number, seeing the product also produces a need for the product.
Likewise, playing quake doesn't make you go out and kill people. You feel a need to kill people, then the fact that you play quake perhaps influences the manner of murder.
This isn't meant to condone child pr0n, as some child is being victimized to produce that stuff, but perpetuating this junk even to attack child pornography is wrong.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Why was that guy even in the article the pictures weren't found in the cache they were in another part of his computer. Its pretty clear he was just lieing because its not easy to say "why yes I do look at child porn, ya got me!" This is not a real problem anyway because if somthing really were going around doing this with child porn more likely there would be more information about it out there. A program like that isn't going to just attack him and make him look at child porn. But that isn't even the point anyway because he had to have looked at the pictures if they weren't in the cache. If he really is innoccent (which is highly unlikely) the moral to the story is you see child porn on the internet tell the police. Even if it is a pop up ad.
just because your a schizophrenic doesn't mean people arn't really out to get you
On that page, there are about 50 links to the description of user.js
To make a long story short, the user.js file is not created by default. To create it, made a new file in your mozilla profile folder. On most systems the file would have a path as
Cheers.
Yet Socrates himself is particularly missed.
A lovely little thinker but a bugger when he's pissed.
Umm, yes, they had chemical weapons. Yes, they were willing to use them.
But do you really think that the U.S. Congress (or foreign governments) would have -ever- been willing to support a war if the only weapons we could "prove" existed were nerve gas launched from a SS-1 Scud missle (range of 700 miles or so)?
Plus you even bring up the possibility that they -did- destroy those weapons after Gulf War I. Gulf War II was sold on the premise that not only did they not do so but that they were in possession of even stronger weapons.
Was Husseing probably interested in sourcing larger weapons? Sure, but the point is he didn't from what every investigation has found. And by now some traces of nuclear devices and/or longer range missiles should have been found.
And if you do research into -why- those foreign countries thought Iraq had such weapons, you would find it was due to intelligence from the U.S. and G.B. that has proven to at least have been faulty if not fraudulent.
Should Hussein have been removed from power? Yep. But if the U.S. (of which I am a voting citizen) expects the rest of the world to behave in accordance to the U.N. and various treaties, we kind of need to lead by example. If GWB had been willing to wait another 6 months I believe he would have gotten the U.N. to throw in. And since there weren't significant WMD threats, the wait wouldn't have hurt the U.S.
Oh and don't forget the whole mess about going after Iraq because of 9/11, which has been proven to be tenuous if not plain wrong. If we wanted to take out the people who perpetrated 9/11 we should have gone to Saudi Arabia (Wahabism was the spark and support for Al-Qaeda) and the Phillipines (where Al-Qaeda cells are known to lurk and launch).
BTW, if you're going to say "Fuck you." it just proves that you're reacting from your own hatred, especially when you aren't willing to post from a logged-in account and have to be an AC.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
The guy should sue Amazon, they have the patent on that
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
There were training rooms set up with several computers around the perimiter. One day during a training session, while no one was seated at it, out of apparently nowhere a popup ad featuring big bouncing naked breasts came up.
Since no one was using the machine at the time, it was obvious that it had been hijacked. If some poor sould had been sitting there at the time, they would have either been fired on the spot or placed on a "final warning" for it.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
For the non-technical, the hard disk is like a huge stack of sheets of paper. Some get used and written on. When you "delete" a file, it goes back into the unused pile of sheets but the data on it is not erased until it is pulled back out to be used again.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I haven't seen anyone point out the obvious. It's trivially easy for a web site to plant child porn or other evil content into your browser cache without you seeing or knowing. It doesn't require spyware, malware, trojans, tricky javascript or popup windows.
All that needs to happen is for you to view a web page that contains something like this...
< img src="childporn.jpg" width=1 height=1 >
Bingo, you've just browsed child pornography. May we recommend the plea bargain with 6 months home detention and free sex offender status?
What Brian Rothery actually said. I dunno why the article spun what he said so differently.
I'm 95% sure the guy is innocent of the child porn thing.
I wouldn't send anyone to jail with crappy evidence like this. Browsers and PCs can be hijacked and hijacking is widespread. The scum who do the hijacking are the ones who should be sent to jail - they throw kids into jail for writing worms/viruses, well they should throw the hijacking scumbags in first.
I use IE but have scripting etc off (it's even off for my Local computer zone - so many of the zone crossing exploits won't work on me), so I have no such probs, but think of your nonsavvy friends and relatives.
Here are some sites for those of you with enough memory to create a RAM drive for your cache:\
Link 1
Link 2
Link 3 (BEST)
The last one has MANY ways to create a ram disk. Just fyi actually. You know, if you dont' want people to find what you have done on your hard drive, just set up one of these and set the history/cache/etc to a ram drive and every time you reboot - PRESTO! No trace at all!...
Hope that helps.
Which brings me to the question... if a program installed is popping up porno sites that include illegal material (kiddy, animal, etc), shouldn't the perveyor of that software (or the parent software which installed it etc etc) be liable?
I've not seen it myself, but I just recently ran into a low-tech computer user who proclaimed that his computer was getting popups of porn and, to quote, "sick shit, like kids and stuff."
I've had various sites sent me to popup hell with advertisements for so-called "lolita" porn, some of which is definately of dubious legality. I've not yet had any software do so, but then again I haven't accidentally installed such crapware in quite awhile.
If I were to be able to trace what were popping up the "sick shit," would I then be able to get a criminal investigation into the parent company. Moreso, could I do so without getting those with the actual material it downloaded (browser cache etc) nailed for having such things on their PC?
Am I the _only_ one that remembers the inspectors being let in, receiving cooperation?
I hope so, given that Blix himself testified Iraq was not giving full cooperation, as required by UN resolution, the cease-fire agreement, and international law.
This is way off. Microsoft were not slapped with the web browser anti-trust lawsuit because they bundled IE. The lawsuit was because of clear anti-competitive behaviour:
If Microsoft were to fix the security / virus / spyware related problems in Windows, this would not necessarily be an anti-trust issue. It would all depend on whether they used their monopoly position unfairly.
This is the most insightful, cutting, relevant and outrageous (because apparently true) quote I've come across in any /. discussion on rights, the law, or justice.
Thank you, Hatta 162192, for sharing.
La via sola al paradiso incommincia nel inferno
Once malware is running on your system, it chooses what to do -- or rather, it's author chooses to do. Sure there are possible defenses to malware, but none of them are foolproof. The vast majority of Internet users are spread eagle on the information superhiway, relying on Bill Gates to guard their anus.
In fact, there is no way to prove that any activity originating from a computer system was produced by the user at that computer system short of either filming them doing it (and you gotta love digital film folks!) or hooking up a device to their brain. (Wait a few years for that.)
Not convinced? A trojan can install itself without detection, do whatever the hell it pleases, and cover its tracks completely. All it needs are the right holes, and if you don't believe the holes are there to be found then you obviously don't read the news. Just imagine if that teenager from Germany caught this last week had decided his worm should mail death threats to public officials, or download illegal pictures, before shredding itself completely off the hard drive after propagating. The malware writers have, on the whole, been very very kind and very very stupid so far people; well, at least the trojans/worms/viruses/spyware we know about.
Even going beyond this, there's always the question of physical security on a machine. If someone can access a computer physically, chances are they can plant whatever they want to on it, AND YOU WONT BE ABLE TO DISTINGUISH IT FROM NON-PLANTED EVIDENCE. That, my friends, sucks.
The digital world is a scarey scarey place. Gone are the physical evidence trails. And don't think prosecuters dislike this new domain; it makes their job easier, not harder. Prosecuters don't have to consider the very real possibility that the actions of a computer system were hijacked. They only have to MAKE THINGS TERRIFYING ENOUGH for you to force you into the only rational decision; to take the deal, to sell out the truth and your rights to a jury trial because the cost of trying to convince someone on a jury that a completely untraceable event is possible in this digital world, something tantamount to "magic" in the real world happened. Good luck!
Cheers and remember, there's really no way you can prove I posted this
Did you actually read the artice you linked to?
"The explicit material allegedly was found last fall after Thiemann requested additional disk space on a school-owned computer at the office in his Harvard-owned residence, the Boston Globe reported, citing unidentified sources. Thiemann allegedly asked the computer department to transfer the images to the new disk drive. The material was not child pornography or illegal in any other way, the sources said, Thiemann did not comment, the newspaper reported."
So, doesn't look like he was busted for kiddy porn at all, just "normal" porn.
TURN OFF JAVASCRIPT
It's not that hard. Websites that require Javascript should be considered malware -- there is NOTHING that Javascript can provide the user that either isn't technically necessary or can't be provided some other way.
If everyone disabled Javascript, and boycotted websites that require Javascript, and browsers shipped with Javascript disabled, then this whole popup nonsense would go away.
Pick One: http://www-rohan.sdsu.edu/~stremler/sigs/sigs.html (Note - disable Javascript first!)
I don't think anyone denies it can happen. The problem is, if that is a valid defense what is to stop criminals from trojaning themselves? Perferably a trojan where you need to know some specific code to get in (as do happen, as to avoid others "stealing" compromised hosts).
Suddenly you have a trojan that's not real, it's just a front. There's no evidence as to whether someone out there actually knows the code. And the machine itself is compromised. You can't trust anything it tells you, particularly not about how the hell it got there.
That is why so many is opposed to this defense. It's too convienient, too easy to abuse. But it is also a terrible weapon for those who really have been hi-jacked, by random or otherwise.
I think most people here on slashdot would manage to infect the vast majority of people with a trojan, should they so want to (hell, bored script kiddies can).
And I think that using that persons computer as a proxy you'll be quite able to find something illegal as well, as long as you don't have to care about details like IP logs (you're using your victims machine, you know. Might as well add browser logs to it).
If you want to really make sure that persons is fucked, rig the NTFS stats (the ones disk defraggers use: see, this here kp pic you've been watching often), photoshop some family photos too and uninstall the trojan before alerting the cops.
I think that given a reason, I would be able to completely and utterly ruin the life of any one of 90%+ of the online population. And I find that thought deeply disturbing.
Kjella
Live today, because you never know what tomorrow brings
I mis-typed the URL of my preferred search-engine, and ended up at a typo-squatting porn-site that proclaimed itself to be
"The official internet incest site" and filled my screen with a series of images best left undescribed.
It did the usual thing, you close one window and it opens another 2, and I was at work so after a few seconds I took the brute-force approach and turned off the power.
I pulled the network plug, re-started the computer, and fired up the browser, sure enough, the browser immediately tried to access the same site. It took me over an hour to clean the f**king thing off my PC, all the while being secretive about the whole thing because I didn't want to explain to the boss why I had these websites in my browser history.
And I couldn't even report the bastards to the cops, as there was an article in the paper a few months earlier about someone who had a similar experience, called the cops, and ended up facing criminal charges as they took his complaint as a 'confession' to the crime of downloading child porn. I never heard if he was convicted, but call me a coward if you like, I'd rather not try my luck with the court system.
So, nudge-nudge-wink-wink all you like, but it does happen, and one day it may happen to you.
Quidquid Latine dictum sit, altum videtur (anything said in Latin sounds important)
*Sigh*
Mozilla's popup blocking works right now, only because Moz is such a minority. It would take only a trivial change in current popup javascript code to get around it.
In fact the only way to keep control of your own browser (rather than letting anonymous website authors do whatever the hell they want to your own computer) is to disable javascript completely.
If you take a mozilla approach further, and remove all ability for javascript to open pop-up windows, javascript will be left with no legitimate functionality any more. That is, unless you consider the ability to change status-bar text "legitimate functionality".
If you still don't believe that Mozilla's pop-up blocker doesn't work, and you don't think that javascript is disable, just visit the Not-Safe-For-Work, Burn-Your-Eyes-Out, Goatse-like fest that is http://www.nero-online.org/lastmeasure/
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I call bullshit. Mozilla and other alternative browsers makes all the difference, since they don't contain the pool of bile that is ActiveX. That some spyware authors try to exploit holes doesn't mean anything, since the Mozilla developers are actively fighting and closing these holes, in contrast to Microsofts IE team that still hasn't closed even the most obvious holes.
And I really find your java trojan story quite unlikely. Sure you didn't get it from somewhere else? Got any documentation that java trojans that install FTP servers even exist?
This information is correct, but impossible to do with anything less than a power user. With windows XP, You can't install games as a user, and if you install them as superuser then you have to manually tweak permissions to allow users access to them. It's a lose-lose. In l,inux, I can open my term and "su -" but in windows I can't do that at all, I'm just hosed when I try. I support a user who has stopped using administrator privaledges, but He's still gotten hijacked. The solution needs to be securer software.
Can I be a Luddite too?
I'm in charge of a mailshot for the Ski Club in the same town and I usually give these other guys a plug.
Until recently. I get an aguished call from a very nice lady working at a central bank. She clicked on the link and was faced with porn. I work at a major bank under an up to date patched XP with the guy that runs the beers site. I had no problem from Mozilla but when my colleague tried with IE, it replaced his home page with porn and then lots of pop-ups. It also installed something that reinstalled itself whenever he tried to change. Ironically, it turns out that this was promoting a system-cleaning utility.
My colleague had not put this on the web-site and the hoster denies ever putting anything like that up. We don't know what happened and a couple of days later it was gone. The thing is that it went straight past the defences of two major banks and was very embarassing.
Not only the local cache but squid would have been fllled with these images. Nasty for everyone.
The point is that yes, if someone looked at the dates on the cache, it could be traced to a single incident but in many places, you would have been thrown out by then.
See my journal, I write things there
In order to make any sense of this, we need to understand a bit about psychology. Men today are basically -- and with good reason -- shit-scared of being accused of any sexual offence, but especially paedophilia. You only have to look at the news reports on TV and in the papers.
So we live in denial. We try to pretend there is no such thing. But as soon as a real, live person is discovered who is suspected of being a paedophile, then a defensive mechanism which dates back to cave-man times kicks in. We are so desperate not to be that suspect, because we are doubly afraid -- revulsion at the thought that we might be capable of doing that, plus fear of the punishment we are conditioned to expect. All the time, we are exposed through the media to a gamut of images such as Britney Spears dancing erotically in clothing reminiscent of school uniform. And children -- especially girls {Western society has pretty much abandoned boys altogether, but that's another story} -- are adopting what would traditionally have been seen as the trappings of adulthood at a much younger age. These conditions are an ideal breeding ground for irrational behaviour.
People attack suspected paedophiles because they don't want to be suspected of paedophilia themselves; and if you are in a vigilante mob, baying for blood with the rest of them, then obviously nobody else in that mob thinks you would make a good next victim.
Je fume. Tu fumes. Nous fûmes!
I switched from Windows to an iMac with OS X last year. I have no problems with spyware, viruses, malware, whatever at home.
At work it is still a nightmare to deal with all the PC's I have to maintain - especailly the home PC that belongs to my boss. His kids are constantly downloading shit and installing it - sometimes without knowing.
Seriously. If the punishments are this hard, and it's easy as "the touch of a button" getting people convicted, you guys have a problem.
People getting killed for such abuse of the legalsystem might set the balance more straight, though.
Not Buzzword 2.0 compliant. Please speak english.
I'm a lawyer, not a law student. (I'm not your lawyer. I don't practice in your jurisdiction. This isn't legal advice. And I've never been a prosecutor or a criminal defense attorney. But I have worked a lot on issues related to kids, sexual content, and the Internet.)
Any possession, whatsoever, of child porn is a federal felony offense. It doesn't matter how you got it, that you didn't want it, or that the computer made you do it.
Maybe you could challenge the statute, but good luck finding a lawyer who wants to argue that possession of actual child porn shouldn't be illegal because the statute didn't include an element of mens rea. The ACLU had a hard enough time challenging the law prohibiting images that just looked like child porn, but didn't involve actual children.
Back in 1998 or 1999, there was a senior exec at Infoseek who was arrested for travelling interstate to have sex with a minor -- who turned out to be an FBI agent, not a little girl. He was also charged with possession of child porn.
When the case finally went to trial, he brought out expert witnesses, who were able to convince the jury that plenty of people go online and pretend to be someone other than they are to have sex. He said that he never thought she was a real child; he thought she was a woman who liked to pretend she was a child having sex.
As I remember it, he agreed to a plea during the trial. I think the prosecutors must have found the expert persuasive. Ultimately, he pled guilty to possession of child porn, and agreed to some sort of community service helping the FBI improve its enforcement of child sexual exploitation laws.
In this case, here's what I think happened: This shmuck was deliberately looking at porn that was, at the very least, borderline. But he didn't want to admit it. And he was afraid of the cost of defending himself. So he copped a plea, and now regrets it.
Judges won't let you plead guilty unless they are convinced that you understand what you are agreeing to, and what rights you are giving up by pleading guilty. But they can't stop you from making a stupid decision. That's why you have a lawyer.
Incidently, in many cases a public defender is going to get a better deal for a defendant than an average defense lawyer. (Texas is an infamous counter-example.)
Why? They're in the system all the time. They have a relationship with the judges and the prosecutors. In that plea negotiation process, they know how strong or weak the case is, and the judge and prosecutor know that someone with whom they work frequently isn't going to bullshit them. (Or they know the person is always full of shit, but I'm talking about a good public defender.)
Who are you more likely to offer a good plea agreement to -- someone you work with every week, who has pretty much backed up what he's said when you've gone to trial with a weak case before? Or someone you don't know or have worked with occasionally, who might be right that your case is weak or might be completely full of it?
Of course, none of this applies if you can afford a seriously elite defense lawyer. Like the Infoseek guy had, or OJ, or Martha Stewart. But many elite defense lawyers worked as public defenders for a few years early in their careers.
Liza
These opinions are my own. My employer is not aware of them, does not endorse them, and is not responsible for them.
Yes, yes they do. Still, that is because of stupidity on the part of the web designer.
There are plenty of sites that do the exact same thing on the server-side, hence no need for javascript. If a companies store does not work without javascript, I don't buy anything from them.
Netflix is a borderline website. Things like rating titles require javascript, but none of the other features do, so I can still use 95% of the functionality of the site without javascript... That's the only reason I'm still subscribed.
Yes, I know this isn't directly on-target, but javascript was mentioned, so I thought it a good place.
Regardless of this case, I have run into people who's home page has been set to a porn site (by javascript), so everytime they opened their browser they had hundreds of popups load, and two would popup for every one they closed.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
[District Attorneys] learn in District Attorney School that there are
two sure-fire ways to get a lot of favorable publicity:
Raid an "adult book store" and hold a press conference where you
announce you are charging the owner with 850 counts of being a
piece of human sleaze. This also never fails, because you always
get a conviction. A juror at a pornography trial is not about to
state for the record that he finds nothing obscene about a movie
where actors engage in sexual activities with live snakes and a
fire extinguisher. He is going to convict the bookstore owner, and
vote for the death penalty just to make sure nobody gets the wrong
impression.
The Machine stops.
If the malware really did cause the popups that would send someone to jail, couldn't the person/company that wrote the malware go to jail?
Could this be a way to stop people from writing "official" malware (like GAIN)?
http://www.google.com/profiles/malachid
Just yesterday someone at work overheard me discussing ditching IE and Outlook Express and using Opera instead because of its pop up blocking etc as he had found his computer infected by some browser hijacker. A third person overheard us and volunteered the following story..
Apparently blackmailers have started sending emails with scripts and innocent looking urls to company mailboxes in the hope that someone will click/open a link, and then download a bit of malware/hijacking software which works in the background (secretly downloading kiddie porn etc, and of course maybe propogating itself on to a few more victims)
Then after a few weeks, the victim is contacted and told where to look on their PC to find this stuff and offered an opportunity to reveal passwords/company secrets/pay money or the blackmailer will turn them in to the cops.
When they look at the browser history, because its been secretly going for a few weeks it doesn't just look like a frame up. Even if they don't plant kiddie porn its still bad as many business do operate a "no porn on pain of instant dismissal" policy.
When someone finally spoke out about it at one company they found nine other victims in the same company who had been keeping quiet about it and hoping to handle it on the blackmailer's terms.