Slashdot Mirror
Real-Time Keyloggers
The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."
My Windoze apps at work don't even respond in real time. Maybe the trojan provides a free performance boost?
RSA Secuid is a one time password,it can't be reused.
Only when we start immediately and publicly executing these hackers whenever we discover them will we start to put a dent into this problem. Frankly, I don't think that they'll be missed afterwards.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
RSA was good while it lasted. It's still better than nothing. Looks like we may need to invest in biometric laptops for the crew. What a pain.
Do not mock my vision of impractical footwear
Again, a proper banking system like my bank uses
- a one time pad for logging on
- another set of codes, from which one is picked randomly, to confirm transfers
The one time pad means they can't open a second session. Even if they could hijack the session I've opened they can't transfer money without my explicitly authorizing each transfer by entering the second code.
I'm sorry if I haven't offended anyone
"By going real time, hackers now can..." Exactly the kind of crap that gives REAL hackers a bad name to the lay-person. The douchebags stealing info from banks aren't hackers... they are thieves and crackers.
RSA SecurID can be configured to only allow a tokencode to be used for authentication once. If configured in this way, the above keylogger still wouldn't let someone log in remotely after the legitimate user had used the tokencode.
Not too much of an issue, really.
The technique menaces the 2-factor authentication that some banks have instituted:
Sure, they could intercept my login, but that would get them nothing. A new token is required for each and every transaction once logged in. I suppose they could try to add an emulation layer of sorts for the entire bank site, but that starts to become a lot of work with a lot of opportunity to notice something strange going on.
Does it really matter? If they have access to your PC, why on Earth is this an issue anyway? Two-factor authentication or not, they have *ACCESS* to your Visa numbers, Amazon account, bank details (if you pay some bills online by direct transfer etc.). What the things *do* once they are on your machine is irrelevant. How they got there and finding them is infinitely more important.
This doesn't break RSA's 2-factor at all, as long as they have it setup to accept each temporary password only once.
Madonna is 51!
HAPPY BIRTHDAY MADONNA!
I made it through the wilderness
Somehow I made it through
Didn't know how lost I was
Until I found you
I was beat incomplete
Id been had, I was sad and blue
But you made me feel
Yeah, you made me feel
Shiny and new
Chorus:
Like a virgin
Touched for the very first time
Like a virgin
When your heart beats (after first time, with your heartbeat)
Next to mine
Gonna give you all my love, boy
My fear is fading fast
Been saving it all for you
cause only love can last
You're so fine and you're mine
Make me strong, yeah you make me bold
Oh your love thawed out
Yeah, your love thawed out
What was scared and cold
MADONNA IS THE BEST!
No need to execute them. No need to punish them severely at all. We just need to catch them. Given a 50% risk of being caught a one year prison sentence would provide more than adequate deterrence. Given the present one in 100 million risk of being caught an 18th century hanging would offer no significant deterrence.
This applies to crime in general as well.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I'm careful but I just noticed a lag in my e-mail typing so I'm assuming I got nailed by a logger. I switched off that machine and don't use it for the internet but I am having trouble getting rid of it. I've been having a lot of trouble getting rid of things since I switched to Vista. What's the best software these days? I had all my security up and I hadn't been downloading even commercial software so I haven't a clue where it came from. I do a lot of on-line banking so I'm not about to use that machine again but I'd love to get rid of it since I do have a lot of web sites saved off on that one. All I can think was I got it from clicking on a web link to a story. I do surf a lot of news.
I wonder if the next step will be a dedicated hardware device such as IBM's ZTIC, where one does their transaction confirming on a closed secure device. This way, even though the consumer's PC may be compromised, an attacker trying to run transactions would be stopped when there is no device confirming the transaction.
Of course, there are always issues like spamming the user with bogus transactions, or compromise the hardware device. However, it is a lot harder to compromise a hardware device than a generic PC which has to parse/execute/render untrusted code from the Internet on a common basis.
And browse / log in using the VM. Done.
------ The best brain training is now totally free : )
why won't slashdot delete my account upon request?
This message means your browser has been exploited with a known hole causing black hat crackers to receive what you type!
I herd u liek browser. Tis MINE NAO! Im in ur b0x0rz stealin ur keystrokes! All your cardz are belong to us!
From TFS:
"Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula."
The RSA SecurID tokens generate a unique code that is only valid for ONE logon transaction. As soon as it's used, it becomes invalid, no matter if it's still within the one-minute window of validity or not, so you can't log on twice with the same code. The only chance the real-time hackers would have is to grab the code and log in in the few moments between when the user finishes typing in the passcode and them pressing enter.
Real time key logger, that reports back visited web sites? Isn't that how Google Chrome address bar works?
VMs can break into their host machine.
Read the paper presented at the recent BlackHat Conference.
Its not like we don't know what countries most of this Cracker crap is coming from. We need to deal effectively with the nations that are lax on this stuff. They are lax because it serves their political interest. Eastern Europe is a big place but rather authoritarian. This stuff could would stop over night if they wanted to stop it.
... that I'm still a Bank of America customer. I've grown to like their 2-factor authentication mechanism. You can set up your account so that whenever you try to log in they send a random 6-digit number to you via a text message to your phone. You then enter that number into the website as you're logging in. Since it's truly a one-time-use number sent out of band from the way you're logging in it's about as secure as you can get.
Who uses a keyboard anyway ?
>>>Given the present one in 100 million risk of being caught...
And since our lazy leaders, who don't even bother to read the bills they pass, are unlikely to change this statistic, I'm going to go close my online bank account right now. The last thing I need is some asshole swiping my half-million life savings. I'll just drive to the bank instead.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
We just need to catch them. Given a 50% risk of being caught a one year prison sentence would provide more than adequate deterrence.
Your post displays a lack of understanding of the criminal mind. Don't feel too bad though, because most people (especially lawmakers) have the same lack of understanding.
The thing about criminal sentences is that they don't work as deterrents - because criminals don't believe they'll be caught. Career criminals believe that only idiots get caught, and since they're smarter than everyone else (thanks to the Dunning-Krueger effect), they won't be caught.
I am pretty sure they know who the "cyber criminals" are mostly.
Wait, aren't ALL keyloggers real time?
Bank of America used to have a good system for authenticating their site. At login, you input your ID, and the B of A site gave you back a photo of your own choosing to tell you that you were on the real Bank of America site. Only then did you input your password.
Last Friday, B of A broke this feature. I'm now getting a password prompt without seeing the photo I'd chosen. My first thought was that there's was a security problem. I checked the SSL cert info, which looked OK. I reinstalled Firefox. No change. I called Bank of America. They wanted me to remove Flash, which I did. No change. They advised me not to log in. Then they passed me off to tech support, which hasn't called back yet.
Then I took out a Linux-based Eee PC 2G Surf that had been unused for months, powered it up, plugged in an Ethernet cable, and saw the site doing exactly the same thing. So it's probably not a client side problem.
What I think happened is that someone at B of A did a partial site redesign and broke something. They introduced some Flash (something called "/sas/sas-docs/html/pmfso.swf") on the password page (a terrible idea, given Flash's history of security vulnerabilities) and along with that, broke some part of the login process.
If, in fact, they've had a break in on the server side, the main login of Bank of America has been compromised for at least three days now. I'm not seeing any indication of that, though; just general ineptitude.
(The page HTML is awful. It's clearly been modified over and over for years without a cleanup. It has Flash, Javascript, CSS, single-pixel GIFs for formatting, and comments like "July maintenance OLB timeout inactivity update starts". The "enter password" page has 966 lines of HTML and JavaScript, not including external files. That's too much flaky machinery for such a security-critical function.)
New slashdot poll suggestion:
Real-time keyloggers were first discovered in the wild last year
The above statement is:
1. True
2. Not true
3. Funny
4. Absurd
5. F*ckin' hilarious
Nobody really wants to face uncomfortable facts so we write stories blaming it all on some hackers in some other part of the world. A good hacker is the fellow who says,"I see how that could be done but I, myself, have no interest in figuring out how to do it because I have more important things to work on and I wouldn't do something like that." An evil hacker is the guy who says,"I see how that could be done and I am going to devote time and effort to figuring out how to do it for my own fun and profit." Face reality. Both of those guys have been around for over a generation now and they are not going away. Those guys, both the good guy and the bad guy, are employed by governments (including ours), employers (including yours), and ISPs (everyones).
Do not allow yourself any illusion about computer security. Computers in today's world are blocks of swiss cheese. You may not know the exploits, nobody in your immediate circle of friends knows the exploits, but they are there and have been there for at least thirty years. That is thirty years' worth of evil hackers who have created systems of exploiting the unknowing userbase. How large does any useful or profitable business segment become after thirty years? Would the government have an interest in keyloggers--they have telephone filtering, so why not? Would your employer have an interest in keyloggers? Would your college or university have an interest in keyloggers? If only for your own sanity you should start allowing yourself at least a tiny morsel of honesty.
I do not know how to properly convey this to the general population (or the mods) but sticking your head in the sand is not going to improve the situation.
Is there a solution? Yes, but you will not like it.
A good portion of the solution begins with buying a good dinner for me and ensuring that I have a place to sleep at night more comfortable than concrete in the open breeze.
the NPG electrode was replaced with carbon blac
How many of these stories do we have to see before people wake up and realize that the login and security method is irrelevant if the OS itself is compromised?
As long as everything needed for a successful bank transaction is done through one line (e.g. your Internet connection at home) and a malicious hacker is able to control your endpoint of that connection, he will be able to attack any transaction, no matter how complex the security is (all secure communication schemes are based on the assumption that the endpoints are secure)
A good solution is to require communication over a second channel, e.g. telephone calls or SMS for confirmation of transactions (bank sends SMS with transaction data, client sends SMS with "authorize"). This is done by some banks already.
The human immune system is in part adaptive. It learns, or, acquires a repertoire of effective actions against invading antigens. The black hats drive PC and Internet security. In a sense their critical doubt run amok, but, as such, push innovative responses. In the late 90's the Internet was alive with crackers and script kiddies. There was a one time a community of reverse engineering that "boasted" a University. I'm not saying they're good. There a bad pain in the ass but I'd rather give their kind enough room on the Internet to allow white hats to keep the best possible eye on them. How lame would PC security be without being incessantly tested?
ideopath @ play
will it run on Linux?
Realtime keyloggers have been around since botnes have been and then some. Utter Bullshit.
...Your router's activity light blinks every time you press a key on the keyboard.
I assume it's trivial to detect this type of keylogging.
Assuming your phone isn't being compromised, the bank could just call you on your telephone-number-of-record. Of course, you'd need to make sure the bad guys couldn't change that number.
Also, banks should be on the lookout for things like "he used his ATM card at home yesterday, he's in Eastern Europe today" and react accordingly.
These won't stop all such attacks, but they will help.
Another technique is to require inter-bank transactions over a certain amount to be held until they can be affirmed "in person," such as by the customer going into any cooperating bank, ATM, grocery store, etc. and smiling for the camera as he affirms the transaction.
Attack-the-consumer bank fraud cannot be completely stopped but by making it not worth the effort, criminals will try other ways of getting rich, perhaps even honest ones.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Your post displays a lack of understanding of the criminal mind. [snip] The thing about criminal sentences is that they don't work as deterrents - because criminals don't believe they'll be caught.
There is no single "criminal mind."
True, many criminals grossly underestimate the chances of getting caught or suffering significant consequences.
Some, those who who protest against governments in violation of the law or who steal from the rich to give to the poor, do so for a real or imagined higher purpose.
Others are aware of the consequences but get some benefit out of it, such as the thrill of "getting away with it," the thrill of showing they are, at least this time, more powerful than their victim or society, the thrill or other benefits of a drug high, or simply for financial gain.
I can give you a USA-based example with misdemeanor speeding tickets: Many people spend their entire adult life speeding 5-10% over the speed limit on the highways even when it is safe to go the speed limit, knowing they will get caught a few times a decade. For them, it's simply a matter of cost-vs-benefit. In some parts of the world or for people with certain political connections, the cost-benefit equation for fraud favors the criminal.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
When the first part of the authentication is done by a Greasemonkey script, keyloggers don't see that. Or do they?
This may sound like a joke, but in fact I do have one part of the authentication scripted in Greasemonkey. That gets me directly to the next step with some sort of challenge-response system involving a calculator-like gadget with my bank card inserted in it.
Of course, if your bank requires nothing else than an account number and a password which you have in a GM script, I would be glad to borrow your computer...
The systems I know are the ones of the swiss post (pdf) and of UBS (pdf). I do wonder if these can be attacked by such instant keloggers.
Why is there a "GoogleWave" tag? I don't get it.
They use wish-it-was two-factor
Two-factor authentication is when authentication requires two different factors of authentication. Some possible factors of authentication are something you know (PIN numbers, passwords, usernames, secret answers to questions arranged in advanced), something you have (smart card, key fob, pass-card, a special piece of hardware, a SSL certificate loaded on a device that you can't read), something you are (biometric identification, facial, voice, fingerprint recognition, hardware that reads your GPS position to verify you are at home, a phone number that checks your ANI caller ID information)
Most banks only require something you know. The security question/answer dialogs that are commonly used are equivalent to a second password, granted: a second password that is likely to be a lot less secure.
Issues like the 'temporary passwords' on your key fobs being discovered when you use them can be defeated, by only allowing the password to be used once. If an attempt to use the temporary password is used again, or an attempt is made to use any incorrect temporary password, then all active sessions should be logged out.
In addition both sessions should be warned about the attempt, and that their computer station may be compromised, they should update their antivirus and antispyware scanners, disconnect from the internet, and perform a full scan.
Do these real-time keyloggers affect Linux?
My wife is really comfortable with her WinXP software and I'll never get her to change to Linux (I've tried, but it's hopeless). Still, I have given her a Linux laptop for doing her on-line banking and she does not use the WinXP machine for any financial transactions. I was thinking that I only had to deal with Firefox exploits that way
Escaping that sort of detection is easy by not transmitting each individual keystroke in real-time. Maybe once every 4 or 5 keystrokes, or when you click, press enter, submit, space bar, or do something else that indicates a "text break".
In addition, they can attenuate this by sending a constant low-bitrate stream of data when you aren't typing anything, so your router's activity lights are always blinking.
E.g., they might transmit a 56-byte packet every 2 to 3 seconds, say something innoculous like a port 80 ping to windows update servers (or your distro's update servers for Linux users).
Needless to say, all the keystroke log transmissions would be encrypted and random fuzziness generated to make it hard for adversaries and network-based IDS to identify generated packets as keylogger traffic.
Me and my friends have been using this in the USA since uhm... ever. It's pretty easy.
sock.send(keypressed);
Or something to the effect of that.
On the other end:
sock.recv(keypressed);
cout keypressed;
"Your post displays a lack of understanding of the criminal mind."
Who the fuck do you think you are? Axel Foley? Your post displays a lack of open-mindedness and foresight.
So you're saying that an increase in the number of arrests (by percent) would not deter criminals, or - to give you the benefit of the doubt - enough to make a difference? Why don't you take a look at the statistics. With respect to that, it seems that perhaps an increase in probability of arrest would be something of a deterrent. Needless to say, making those arrests, that is, not ignoring them as you would do, would also keep those who disregard the law entirely from repeating their offense. Here is a nice chart indicating percent change of crimes from one year to the next.
There will always be people who don't care about the consequences of their actions, and those actions will always be the more damaging when the "unthinkable" occurs (i.e. 9/11, Columbine, and so forth), but one thing that the threat of punishment can do is deter the would-be criminals with weaker motivations or morals that are not completely skewed. This wont prevent the "unthinkable," but it will keep more people from committing most crimes. The main problem with trying to prosecute international cyber-crimes is jurisdiction, which would likely cause a larger bureaucratic mess than the crime itself.
Punishment is supposed to be about demotivation, though the Us doesn't have a great track record on demotivating those convicted of their crimes. The threat however, is likely a more powerful demotivator to those who would be susceptible to being talked out of committing the crime.
Statistically speaking, if it were possible to find and prosecute a sizable enough number of any group of criminals, it would seriously deter enough of them to represent a decrease in the volume of acts committed.
To get back on topic, one time pads and other methods should have been implemented by financial institutions to begin with. This sending of unencrypted bank information - especially to cell phones - to and from clients is ridiculous.
- Spades
The speed limit was set to 55mph in the mid-70s to conserve oil.
Even with today's fuel-efficient cars, going 65 saves money over going 85.
This is for at least two reasons:
* atmospheric drag
* engine efficiency
The former you can't do much about save driving with a tail-wind: You will get more drag at 85 than 65, and more drag at 65 than 45, more at 45 than 25, and more at 25 than at a dead stop.
The second is determined by the car's engineering. For cars sold in America, most have maximum engine efficiency somewhere in mid-RPM range, corresponding to somewhere in the 50-70mph range in top gear. Any faster than that and you'll lose efficiency.
As long as people are focused on pollution, don't expect wholesale speed-limit reductions, especially in urban areas.
Oh, there is also the safety factor: Even on a road designed for 85mph travel, that's with a given level of traffic and with a given driver behavior pattern. If the traffic is lighter and the drivers behave "better" the ideal speed may be higher, if the traffic is heavier or you have someone weaving in and out of traffic, or even adverse weather or night driving, the ideal speed may be lower.
Speed limits need to be set on a case by case basis for each road segment, taking into account typical actual traffic patterns including typical actual speeds, the accident and near-accident history of the road, pollution levels in the region and downwind, and other factors. The national maximum of 80-ish mph may be too low, but there are very few places near cities where anything higher than even 70mph makes sense.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Yes this "new" ability! Oh wait, Sub7 has had a real time keylogger on it for almost 10 years. Oh no, that doesn't sound very new at all.
"Made possible by Microsoft(TM)"
Right?
TFA says nothing about the OS involved, which usually means a Microsoft Windows PC. I suppose the NYT is able to sell more advertising if they keep it ambiguous.
Now, to be fair, Linux recently patched a root-privilege bug that went unnoticed for EIGHT years. But, to be just as fair, there are several orders of magnitude more compromises available courtesy Redmond, and due largely in part (as Djikstra quipped...) to their poor reinvention of UNIX.
I have family that use Windows. What am I supposed to do? This is getting ridiculous. Sure, they get the OS they deserve. Sure, my employer gets the security compromises they deserve. But some part of the blame has to be shared by the company which made all of this possible.
Programmers have always written buggy software. But it took Microsoft to create security flaws *by design* - that is, to deliberately architect software in an insecure an unreliable manner. It took Microsoft to disregard the lessons learned in UNIX, (as Djikstra would say) "To reinvent it poorly."
I know, I know, ./ers will say, "Don't use Windows". Okay, I don't. But you have to understand that not everyone is a geek. The folks at corporate *BUY* Windows licenses because they don't know any better. My relatives use it because it came with their computer, or, their department at the university uses word, or they want to play games, or they want something familiar.
What about them?
Is it really acceptable for us to ignore the needs of the average user? Is it really acceptable to blame the victims?
Or, should we hold Microsoft accountable to the same standards adhered to by everyone else in the industry?
The society for a thought-free internet welcomes you.
Since my bank requires the gadget to be used not only at logon time but also whenever I request a transfer of money to a new entity, as well as a 4-digit pass code puched in via mouse, I'd say the hackers may have a rather tough time trying to dig me debt-trench deeper than it already is.
Although they may have a laugh browsing my accounts, that won't help them a bit.
This signature is DRM protected. By the DMCA, you are not allowed to counteract or oppose to it.
I think that the parent needs heard. ,likeminded and in danger of the same abuse to erradicate the predator is natural human and perfectly acceptable.
There are certain facts I believe everyone can agree on.
1. These are thieves that both steal money and Constitutional rights (or if not a u.s. citizen a human right to life liberty and the pursuit of happiness which we may agree are all fueled by money won by our sweat,talent and wits)
2. Law enforcement is no where near to bringing any of these to justice nor will they be in the foreseeable future.
3. Any human may defend themselves especially in the event where there is a lack of , or insufficient police protection .
4. To call on others
5. Since incarceration hasn't deterred black hattery since before Mitnik , it has been seen that something stronger than incarceration is in fact warranted.
6. Black hatters like others of their ilk lack the survival instinct necessary to form moral barriers that protect them from their own behavior and to allow this to continually muddy the gene pool is not in the interests of humanity.
So an international treaty providing sanctions of first castration/sterilization for underage offenses and wretched horrific public execution complete with sadistic experementation should actually be manditory.
I have thought long and hard about this and considered that there are absolutely no other ways more peaceable or humanitarian to have an acceptable outcome.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
When you authenticate successfully with a passcode the passcode is immediately invalidated and cannot be used again. You cannot complete a login then use the same passcode again. At my old company we had to request special 30-second fobs for this reason. People would connect to a machine using their passcode and then need to su to root, but had to wait for the code on the token to change before they could authenticate again. If an attacker captures your passcode after you use it to successfully log in it's not going to do them any good at all. I feel like I'm missing something because none of the comments that I read above mention this fact. Pretty basic stuff to anyone who has administrated the system before.
I couldn't find any ribbed for "his" pleasure so I had to turn them inside out and tell her I bought the plain ones.
And since our lazy leaders, who don't even bother to read the bills they pass
We could do real reform to the whole system if we sunset every law in effect now and require new laws to be read aloud in full before they are allowed to be voted on. That's supposed to be the law (at least in the Senate) ...
Well, hmmm, I don't recall them going too lightly on Mitnik and incarceration wasn't the only punishment necessary to sit on him til he was considered somewhat harmless. These clowns have no regard for their victims lives,property or money. If you don't believe that money is fuel for life, just try living without it. ,who should know better already.
Granted in some countries the government guarantees banks for up to $100,000 dollars as in the U.S. but this isn't universal and kind of irrelevant when you consider this is still an attack on those who work hard for their money at minimum to buy food shelter clothing for themselves and dependants. Since this $100k insurance is still money taxed from the same people and could've gone to other ways to further these tax payers it is still robbing life liberty and the pursuit of happiness from them. When law enforcement fails, humans may only rely on themselves for protection from predators. As I said in my post above, incarceration fails to be a deterrent to what seems to be a genetic mutation lacking human moral compass.
This mutation should be erradicated by sterilization of the young who may still learn to be an asset to humanity and a horrible public torture and execution as a possible deterrent for those older and set in their ways
If you can actually come up with a FEASABLE way of doing this more peacefully and actually getting the job done without regurgitating more buzz and diatribe, we would all love to hear.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
The speed limit was set to 55mph in the mid-70s to conserve oil.
It was set there by Dick Nixon right after the election. Even the idiots at Wikipedia got it right.
And it was sold as "55 saves lives", not as a consumption reduction measure.
Get off my lawn!
(Barry-O's spiritual forefather was Dick Nixon, not Jimmy Carter)
It was set there by Dick Nixon right after the election. Even the idiots at Wikipedia got it right.
And it was sold as "55 saves lives", not as a consumption reduction measure.
If by right you mean even Wikipedia says the reason they changed it was due to safety, which Wikipedia article do you mean?
National maximum speed law and Speed limit both point to fuel-efficiency as the initial reason for the 55mph Untied States speed limit in 1973.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Richard Nixon, Statement on Signing the Emergency Highway Energy Conservation Act, January 2, 1974:
"I AM pleased to sign into law H.R. 11372, an act aimed principally at helping to reduce gasoline and diesel fuel consumption during the energy crisis."
I'm not saying you are wrong about the ads, I am saying the official reason for the change was to save energy. I am also saying that if some Wikipedia article is claiming otherwise, it needs to be reconciled with the two articles I mentioned above. Happy editing.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Career criminals believe that only idiots get caught, and since they're smarter than everyone else (thanks to the Dunning-Krueger effect), they won't be caught.
That paper is the best (+1 Informative), most insightful (+1 Insightful), most disturbing (+1 Troll) and funniest (+1 Funny) psychology paper I have ever read.
http://www.apa.org/journals/features/psp7761121.pdf
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
what do you mean blink? its always on, only turns off when my pc is turned off or i have stopped all my torrents :P
DEMOCRATS Speed-read Bill:
http://www.youtube.com/watch?v=_uxsAuY1AF4
This is not a solution. What needs to be done is to allow time for review of the bill in private - at least a month. Why rush lawmaking, especially when these laws last decades.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Research indicates otherwise.
75% of music pirates would stop if told to by their ISP.
Interested in open source engine management for your Subaru?
I heard of a case where the locals set the speed at some arbitrary level, I think 55 or 60, but everyone was going 60 or 65.
Either the state transportation agency or the state courts ordered the city to use rational justification to set the speed limits. They were specifically ordered to take into account prevailing actual speeds and actual accident rates. After a brief study, the speed limit went up. This was post-1995, possibly during one of the mini-oil-gluts of the past 15 years, and fuel-conservation wasn't a specific factor.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
First off, whatever he did, he didn't do alone - he had help from Congress, and help from courts who rejected 10th-amendment arguments.
Second, this was all about money. States were free to reject highway funding, at least in theory.
I agree though, he and Congress together violated the spirit and intent of the 10th amendment, while very obviously not violating the letter.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
There are places, usually small towns, where they will ticket you for going 1mph over. This can be enforced by means other than a radar gun, means that will hold up in court.
There are also special situations, such as around schools, parks, and neighborhoods with a lot of children at play, where locals demand strict traffic enforcement. I once knew of a town that had an unwritten rule: "we'll give you 10mph, except in a school zone right before and right after school, where we will pull you over for going 1mph over." Not that they would actually ticket you for going 1mph over, but they would get your attention and a mini-lecture on traffic safety around children.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I wasn't aware of this research before, and it seems ironic to me that it seems to have coincided with the increased use of self-assessment forms in job applications. As someone with a high degree of knowledge of my area of work (web development) I am almost painfully aware of my areas of inadequacy. I choose to answer these questionnaires honestly, but I wonder now if that means I am getting passed over for people with an over-inflated idea of their competence? Or do people set these tests in order to weed out the ones who give themselves high scores in every area?
How does this "indicate otherwise"? If you receive one of these letters, you have already been caught.
Online banking security in the face of malware is an argument for TC. Which Stallman calls Treacherous Computing.
Although, if you controlled the root keys, this would be a step in the right direction.
-- I was raised on the command line, bitch
yup tech from ten years ago......
This "amazing" attack is easily defeated. Only allow the six-digit number to be used once. Then it can be sniffed and used immediately -- and the attacker will be denied access as it will be the second time.
Currently hooked on AMP
"I have family that use Windows. What am I supposed to do?" - by gillbates (106458) on Sunday August 23, @09:53PM (#29168277) Homepage
THIS:
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA (& beyond), + make it "fun-to-do", via CIS Tool Guidance (& beyond):
----
http://www.tcmagazine.com/forums/index.php?s=e9bb2f3f527af8305dc4891065f330c4&showtopic=2662
----
IT WORKS...
How well? Ok, a testimonial, from -> http://www.xtremepccentral.com/forums/showthread.php?s=79253c5b286c472a012ff2ef7e7f2230&t=28430&page=3
----
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local." THRONKA, user @ xtremepccentral.com
----
That's 'how well'... for going on 2++ yrs. now for Thronka & his paying clients, & for myself? Since 1997-1998 or so, through many machines since those days, to the present today, same results here!
APK
P.S.=> Enjoy - that guide, once you apply its points? It MAY "change your 'pov'" on Windows... Especially because you're such a "Pro-*NIX" type! apk
Good consumer banks, employing sane programmers, do it in a way that is 100% foolproof, unless a major mathematical discovery rendering all cryptography useless is made...
The correct way to do it is not only to use such a generated token for login, but also to mandate the bank account number of the person/firm you want to send money to be part of the cryptographic challenge.
There's no "real-time keylogger" that lowlifes can use to work around that. There simply is no way. It's 100% foolproof when done correctly.
Cryptographic challenges, once done correctly, will be impossible to defeat. There are already some consumer banks doing this.
And it's just the beginning.
The math is out there. The knowledge is out there. The programmers able to implement that are out there.
Once upper management takes this seriously, the bad guys will have a *really* hard time trying to steal money from bank account by doing MITM-type attacks, or any other type of cyber-attack.
Once again, several consumer banks already implemented this in Europe.
Good luck lowlifes.
Real-time keyloggers? What is it, the 80s? This is new?