Slashdot Mirror
Inside the Duqu Worm's Source Code
angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."
count (duqu); :(){ :|:&};:
Pirate it and see who sues you.
I think someone is fibbing!
Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick", especially via email attachments!
* MOST FOLKS should also KNOW that macros, especially autoexec macros in MS' OLE structured compound document types, can be avoided by pressing SHIFT while opening said docs - this stops autoexec macros from "firing", period... & iirc? Modern versions of Office, even older ones? They have options for disabling them too!
(Not that great for Access forms though since most are automated to open to various dataprocessing functionality type systems for end-users/workers, but still a safety measure that SHOULD be used... especially in today's "malware-ridden world"!)
* Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.
APK
P.S.=> Seriously folks - if you fall for that, opening up attached documents from those you DO NOT KNOW, or @ least having antivirus/antimalware programs that are updated & current set to SCAN said attachments?
Man - honestly: You probably had it coming & especially IF you don't run antivirus/antispyware @ THE VERY LEAST, that's updated & current vs. this + other threats online (if not disable scripting in email period & doing text only) - Personally, I have its known C&C servers blocked out in firewalls & hosts files here too, in addition to using MS Security Essentials which afaik IS aware of it & has signatures vs. it...
... apk
But never on a Sunday.
http://www.youtube.com/watch?v=XRdkRaKgIsY
--
BMO
Your business goes up with paranoia? Microsoft cuastomers get a warm fuzzy feeling with updates.
God is just.
God says...
C:\LoseThos\www.losethos.com\text\BIBLE.TXT
ore, behold, the days come, saith the LORD, that it shall
no more be said, The LORD liveth, that brought up the children of
Israel out of the land of Egypt; 16:15 But, The LORD liveth, that
brought up the children of Israel from the land of the north, and from
all the lands whither he had driven them: and I will bring them again
into their land that I gave unto their fathers.
16:16 Behold, I will send for many fishers, saith the LORD, and they
shall fish them; and after will I send for many hunter
I think you mean object code.
...that he may be four years old. And that he generally tried to steal information on Wednesdays. All we know is... he's called the stig.
In my init. post you replied to? There, I note I use a firewall too (learn to read) & per my subject-line above? Ok, here goes:
E.G. #1 - The words of a security expert, Oliver Day (SECUNIA) CLEARLY disagree w/ you:
A RETURN TO THE KILLFILE:
http://www.securityfocus.com/columnists/491
Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):
---
"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."
Speed, and security, is the gain... others like Mr. Day note it as well!
---
"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."
Per my points exactly, no less...
Additionally - Guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!
(& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html
---
"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."
There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also)
PLUS?
Well, you'll also get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL as well - DOUBLE-BONUS!
---
Slashdotters've "modded up" my posts on HOSTS files in these posts also - you're outnumbered approximately 23:1 in them:
BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
HOSTS MOD UP:2009 ->
WALLOFTEXT!!!!!111ONESEVEN!!!three
tl;dr
Oh my. An excited 12 year old. Lordy.
they all just talk "about" the thing and never show it for real - source or object. Kinda boring!
You WOULD have to be a CHUMP/NOOB, period... in regards to this statement of yours quoted next:
"Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher." - by Fluffeh (1273756) on Sunday November 13, @11:30PM (#38045288)
Especially w/ all the fanfare modern exploits on the web have (even in the "mainstream news")...
HOWEVER?
I agree - Yes, you're most likely correct though, many folks WILL FALL FOR THAT!
The answer to THAT much??
Well, then it's sort of your "civic responsibility" to EDUCATE said "chumps/noobs" vs. this type of threat...
Yes, even IF you're only a co-worker, but especially IF YOU ARE A TECHIE or NETWORK ADMIN or CODER in said organization.
(Some "Food 4 Thought" there on that note... & no, I am NOT "cutting down noobs" because in other fields of endeavour, let's use "nuclear medicine" for example? I AM A NOOB THERE... we all start someplace, & the best teachers ARE those who are "masters of the art"... per my suggestion above to educate others!)
---
"There isn't anything wrong with spearphising." - by Fluffeh (1273756) on Sunday November 13, @11:30PM (#38045288)
Heh, here I MUST ABSOLUTELY DISAGREE WITH YOU: It's bogus, and illegal (afaik)...
APK
P.S.=> There you go... apk
You're MORE than welcome to disprove the data in my init. post here http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322 and GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
* "Layered-Security"/"Defense-In-Depth" IS "where it's at" today, & the BEST DEFENSE WE HAVE GOING currently... no questions asked, & HOSTS files are or CAN BE, a good part of that!
APK
P.S.=> LOL, you (& "your kind" online)? Heh - make me laugh!
(All the while, while you & your trollish off topic b.s. replies only make me look good @ the same time, in your evading disproving the concrete, verifiable, & visible facts I posted, all backed by reputable sources + other members here on /. too, no less (& more I listed there))...
... apk
You're MORE than welcome to disprove the data in my init. post here http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322 and GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
* "Layered-Security"/"Defense-In-Depth" IS "where it's at" today, & the BEST DEFENSE WE HAVE GOING currently... no questions asked, & HOSTS files are or CAN BE, a good part of that!
(Still - your puny off topic reply is only indicative that you need to either fix your dyslexia, your ADD/ADHD, or get your "hooked on phonics" lessons out again... lol!)
APK
P.S.=> LOL, you (& "your kind" online)? Heh - make me laugh!
(All the while, while you & your trollish off topic b.s. replies only make me look good @ the same time, in your evading disproving the concrete, verifiable, & visible facts I posted, all backed by reputable sources + other members here on /. too, no less (& more I listed there))...
... apk
I never understood why old people gave up on the desire to change things for the better. While I still think this is generally true the 12 year old here makes something clear. You can't win every argument alone with an abundance of facts. Clear and concise wins every time if you are going to convince others they or some other party is wrong. I question the value or significance of hosts files in any serious way when used large scale. As a minority user they can have a positive impact on your browsing experience from a performance perspective. Do they work to secure your system? Not for a second. Anti-virus is a crutch to the lack of security. It does not work in any significant way if at the end of the day any breach is a serious threat. You will be infected eventually and when that happens all bets are off. Stop using the non-free software and lets get back to real security. Fixing holes in the fence.
You're MORE than welcome to disprove the data in my init. post here http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322 and GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
* "Layered-Security"/"Defense-In-Depth" IS "where it's at" today, & the BEST DEFENSE WE HAVE GOING currently... no questions asked, & HOSTS files are or CAN BE, a good part of that!
APK
P.S.=> LOL, you (& "your kind" online)? Heh - TRULY do make me laugh!
(All the while, while you & your trollish off topic b.s. replies only make me look good @ the same time, in your evading disproving the concrete, verifiable, & visible facts I posted, all backed by reputable sources + other members here on /. too, no less (& more I listed there))...
... apk
Some say that he may be four years old, and that he generally tries to steal information on Wednesdays.
All we know is, he's called the Stig.
In my init. post I note antivirus/antispyware, firewalls etc. but... again:
You're MORE than welcome to disprove the data in my replies to trolls on HOSTS files post here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
* "Layered-Security"/"Defense-In-Depth" IS "where it's at" today, & the BEST DEFENSE WE HAVE GOING currently... no questions asked, & HOSTS files are or CAN BE, a good part of that!
APK
P.S.=> Lastly - in regards to this b.s. from you? LMAO:
"You can't win every argument alone with an abundance of facts." - by Anonymous Coward on Monday November 14, @12:13AM (#38045462)
Oh, really? LMAO, unbelievable... see above!
Clear and concise BULLSHIT that you're spewing now doesn't outweigh concrete, visible & verifiable data I listed BY THE TRUCKLOAD in my posts here, especially in the URL above - and FACTS + TRUTHS do outweigh b.s., everytime!
(Hence all the off topic illogical adhominem attacks & the like trolls are posting vs. the facts in the URL above)...
... apk
Someone learnt how to use bold on slashdot, want a medal or something?
You're 3 yr. old MUST be a "prodigy" then, because I haven't met any kids that age who have commercially sold code for certified Microsoft partners to their name (I do), or that are multiply internationally published for their works in software for over a 10++ yrs. span of time as I have been, or that have had their ideas place as finalists in technical trade shows like MS-Tech Ed 2000-2002 in the hardest category there: SQLServer Performance Enhancement!
(When I still gave a hoot about doing that, which was early on in my professional career)...
NOW, again/once more:
Off-topic illogical adhominem attack utilizing trolls such as yourself?
Please - You're MORE than welcome to disprove the data in my post on HOSTS here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
APK
P.S.=> This? Ah, man... you KNOW I've just GOTTA SAY IT, as-is-per-my-usual-style, vs. trolls such as yourself:
THIS was just "too, Too, TOO EASY - just '2EZ'"
(Your kind ALWAYS makes it thus for me, & you make me look good @ the same time - thanks!)
... apk
Gold star to you sir. Insightful comment of the day.
http://www.losethos.com/code/BackEnd.html#l4463
Until YOU can disprove the data I put up on HOSTS files here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
And, in every point made by myself there, w/ backing facts from security pros, & even other /. testimonials on HOSTS files' value for BOTH added speed & security online, as a valuable "layered-security"/"defense-in-depth" measure?
* YOU DON'T WIN ANY MEDALS, lol... well perhaps you do - For you being another EASILY FLOORED TROLL vs. facts, that you are demonstrating yourself to be!
APK
P.S.=> Ah, man... This? THIS WAS JUST "too, Too, TOO EASY - just '2EZ'", as it always is vs. trolls like youself that utilizing off topic illogical adhominem attacks when they're confronted with facts from reputable sources & their peers on this website also + more... apk
So it's your fault Windows is full of security holes?
Disprove the data I put up on HOSTS files here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
And, in every point made by myself there, w/ backing facts from security pros, & even other /. testimonials on HOSTS files' value as a "layered-security"/"defense-in-depth" tool that can also yields FAR BETTER SPEED ONLINE as well?
* You only make ME look good - just because you're yet another EASILY FLOORED TROLL that you are demonstrating yourself to be!
APK
P.S.=> Ah, man... This? THIS WAS JUST "too, Too, TOO EASY - just '2EZ'", as it always is vs. trolls like youself that utilizing off topic illogical adhominem attacks when they're confronted with facts from reputable sources & their peers on this website also + more... apk
I wonder why 2003. Didn't the show start in 2006?
Earn Cash and Prizes, and get free stuff!
Disprove the data I put up on HOSTS files here won't you:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
And, in every point made by myself there, w/ backing facts from security pros, & even other /. testimonials on HOSTS files' value as a "layered-security"/"defense-in-depth" tool that can also yield FAR BETTER SPEED ONLINE as well?
Good luck, you'll really TRULY need it...
* You only make ME look good - just because you're yet another EASILY FLOORED TROLL that you are demonstrating yourself to be!
APK
P.S.=> Ah, man... This? THIS WAS JUST "too, Too, TOO EASY - just '2EZ'", as it always is vs. trolls like youself that utilizing off topic illogical adhominem attacks when they're confronted with facts from reputable sources & their peers on this website also + more... apk
Wow you put a lot of work into this. Too bad that it essentially means nothing.
I have done my BEST to help try to educate & inform users VS. problems in security (& all OS have them, see my p.s. below regarding LINUX "fine showing" (not) recently on that very front, security, for example & for comparison!):
E.G. -> To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid.
".gnihton snaem yllaitnesse ti taht dab ooT .siht otni krow fo tol a tup uoy woW" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Monday November 14, @12:45AM (#38045592)
"???"
Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?
* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!
APK
P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!
("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):
---
#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)
def reverse(s):
try:
trollstring = ""
for apksays in s:
trollstring = apksays + trollstring
except:
print("error/abend in reverse function")
return trollstring
s = ""
print reverse(s)
try:
s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
s = reverse(s)
print(s)
except Exception as e:
print(e)
---
... apk
wow man, you're hard core. i can't write a post that long. i have a girlfriend. btw, tl;dr.
-- Flame me and I will happily flame you back. Bring it!
Plus, my HOSTS file is updated EVERY 15 minutes via a Python script my nephew & I wrote up (which I refined far more) - & because of this I am protected BY FRESH OVERWRITES, constantly, & from a "temp/scratch" copy that is and cannot be "altered"...
* To the tune of 1,623,647++ entries of known malicious sites, servers, hosts/domains & what-not currently, & constantly growing from 17++ reputable & reliable sources no less... guaranteed!
Are you? Doubt it...
APK
P.S.=> Then, there's that ACL + ReadOnly protection too I use & noted in my subject-line above!
HOWEVER, impersonation escalations can be possible or ReadOnly removals (takes around 10 lines of code on the latter tops) but... Priv. escalation, possible via buffer overflows?
Possible, but then again, my system's currently patched & security hardened too -> http://it.slashdot.org/comments.pl?sid=2523490&cid=38045626
Per that, you're practically talking to the guy that "wrote the book" on that type of thing, per that link above...
So, so much for THAT!
Yes - I keep patched & secure myself vs. that type of crap too via MULTIPLE LAYERS OF SECURITY, "defense-in-depth"/"layered-security", best thing we have going along with user awareness/education...
I've been "into that" for decades now & gave my 1st presentation on computer security as far back as 1984 @ LeMoyne College!
(Oh, & I literally haven't been infested/infected since 1996 in fact, when I truly REALLY got into security hardening Windows...))
... apk
...because it never could get the hang of Thursdays.
make imaginary.friends COUNT=100 VISIBLE=false
See subject-line above... & again, you're MORE than welcome to disprove the facts + concrete, verifiable, SOLID factual data from reputable sources & testimonials galore in the URL below in my p.s....
* After all - IF you don't do that? You're the one looking "inane" here...
APK
P.S.=> Additionally, per the data backing my points on HOSTS files' abilities to gain you more SPEED online (plus bandwidth YOU PAY FOR?) here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
Well, then? I am even F A S T E R... by far!
... apk
Try using your left hand then, & see subject-line above (your merely projecting your own issues about NOT having a human girlfriend is all, lol!)
APK
P.S.=> Yes, once more to YOU & "your kind" (off topic illogical adhominem attack utilizing trolls):
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322
ARE MORE THAN WELCOME TO TRY & DISPROVE THE FACTS + DATA I USE FROM REPUTABLE SOURCES & even your own peers here on /. then...
(Good Luck, you WILL need it... many have tried, all have failed, especially trolls like yourself!)
... apk
All trolls have here is a technically unjustified mod down of ur 1st post http://it.slashdot.org/comments.pl?sid=2523490&cid=38045260 and most especially the points you made vs. them on HOSTS files here http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322 that shut them up (and had them have to resort to off topic illogical adhominem attacks and modding down your post to try to hide it, hahaha, how weak of them)
From the article:
If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.
Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".
Great men are almost always bad men--Lord Acton's Corollary
that he can't even figure out how to signup for a /. account.
The Invisible Hand of the Free Market is obviously ensuring that the best and brightest aren't under corporate control. The Russian Mafia is bad enough. Can you imagine if Monsanto got hold of some real programmers?
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Oh please! you think linux is a magical woobie that scares away the hackers? Did you forget kernel.org got hacked not too long ago? or the KDElook malware, the Q3 malware that was hosted for SIX MONTHS on a major repo for anybody caught it, that nasty Debian bug a year and a half ago, hell I could go on all day.
And Antivirus DOES work if you actually have a decent one like Avast or Comodo. I honestly haven't seen a bug in ANY of my returning customers that they didn't install on purpose, in fact the only bug I've seen in the past 2 years from a machine where I had set it up and installed AV was one where a braintrust UNINSTALLED THE AV because it wouldn't let him install "The new limewire" which you guessed it was just a pile of malware wrapped around a gnucleus client.
As for APK's HOSTS file? If it works for him I say more power to him. i run my own recursive DNS but then again I get my electricity as part of the rent and have tons of spare boxes. If he wants to take the time to update the HOSTS file and it works for him? More power to the guy I say. I'd rather have my own DNS tied into several of the root servers so if any one goes down i can still get a connection and that way I have my most used sites stored in my own DNS, but that's just me.
But to act like Linux is some instant security blankie is just "magical thinking" and we have seen that fail time after time AFTER time. Hell I bet even APK could probably post a dozen links of Linux hacks just by spending 3 minutes with Google, i know i could.
Clear and concise enough for you?
ACs don't waste your time replying, your posts are never seen by me.
I am glad to see you are doing what I suggested because users (especially "noobs" as they are often wont to be called & why I used that term)? Are the MAIN WEAKEST LINK out there.
(You sound like you're more of a coder than a networker, as am I actually (since 1994 being doing MIS/IS/IT coding, mostly in Client-Server apps professionally))...
Now, as to THIS part from you, here's something you MAY like & you can tell Ms. Hester I sent you (email her):
"our business has over 4,000 emplyees just at head office and a further 200,000 throughout the business, a single nerd trying to educate will only go so far" - by Fluffeh (1273756) on Monday November 14, @12:15AM (#38045472)
This will help you, immensely, and it's EASY TO USE, multi-platform (does many OS') and you can get a FREE eval copy from which you can start basing logon script merges of .reg files even (what I do on bootup to reinforce Group & Local security policies here based on its advisement in Windows 7):
lhester@cisecurity.org
http://benchmarks.cisecurity.org/
Once the "freebie trial" does 'wear out' (written in multiplatform JAVA, so you will need it installed on a testbed rig for forming a SOLID security policy, & on MANY OS, and even if 32/64 bit etc.)?
You can SAVE the areas to alter (in registry or .reg merge files using either .reg merge files, OR "auditpol" command line modules (like in a logon script in Windows) such as these:
auditpol /set /subcategory:"IPsec Driver" /success:enable /failure:enable /set /subcategory:"Security State Change" /success:enable /failure:enable /set /subcategory:"Security System Extension" /success:enable /failure:enable /set /subcategory:"System Integrity" /success:enable /failure:enable /set /subcategory:"Computer Account Management" /success:enable /failure:enable /set /subcategory:"Distribution Group Management" /success:disable /failure:disable /set /subcategory:"Other Account Management Events" /success:enable /failure:enable /set /subcategory:"Security Group Management" /success:enable /failure:enable /set /subcategory:"User Account Management" /success:enable /failure:enable /set /subcategory:"File System" /success:disable /failure:enable /set /subcategory:"Registry" /success:disable /failure:enable /set /subcategory:"Audit Policy Change" /success:enable /failure:enable /set /subcategory:"Authentication Policy Change" /success:enable /failure:disable /set /subcategory:"Credential Validation" /success:enable /failure:enable /set /subcategory:"Process Creation" /success:enable /failure:disable /set /subcategory:"Logoff" /succe
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
auditpol
Why on EARTH should I have a "registered 'luser'" acc't. here when I can post as much as ANY of you 'reg'd lusers' can, and the typical restrictions on us AC's don't apply to me?
That's right: I have an EXTREMELY FAST way around that "lame" discrimination on us ac's to post as much as I like!
No - I won't & DON'T make it "easy" for you trolls to track my posts to down mod my posts on technically unjustifiable grounds... that's all. Too bad you can't stand I do things that way... lol, I've had FOOLS here say that IF I registered, they'd downmod ALL OF MY POSTS... lol, weak!
(Plus? Well - I could give a damn about "mod points" because I can tell others "good job" in person, and also because those get gamed & cheated on here by those with multiple registered luser accounts here & elsewhere online, as easily as I beat post per 24 hour restrictions here)
Additionally... yes that happens on cheating & gaming the moderation system here!
Heck - Even HBGary got CAUGHT pulling that lame trick to their dismay, here -> HBGary POST in Fake Names On Social Networks, a Fake Problem:2011 -> http://tech.slashdot.org/comments.pl?sid=2375110&cid=37056304 & done to attack opponents via "enmasse" but easily seen thru "jump on the bandwagon" mass marketer transparent ploy tactics! )
* Please - Don't think it doesn't happen here OR try to say it doesn't...
Especially as I have caught TomHudson & the "trolltalk.com" crew pulling it, + other things, to cheat or game the mod system here!
(E.G./I.E.-> Down modding their opponents down & themselves up in groups using TOR to pull it off - no, I don't use TOR, too many fake honey pots setup endpoints (and it has security issues too), lol, was funny as hell showing others here their "mechanics" on how they do it, pretty lame weak way too!)
APK
P.S.=> Besides, I do FINE as an AC with mod ups!
(Though the trolls who cannot defeat my points always resort to technically unjustified mod down as my 1st post here was subjected to -> http://it.slashdot.org/comments.pl?sid=2523490&cid=38045260 but as I see, others are "modding it up" to counteract that, @ 0 Offtopic here (though it's NOT off topic @ all, indicating the bs going on here, lol, that I just spoke of))
Plus? Heck, I do well enough, especially for an AC, on getting "modded up", see below:
Roughly 75++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):
+5 'modded up' posts by "yours truly" (4):
HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
----
+4 'modded up' posts by "yours truly" (3):
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://sci
this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance.
You treat this like it is evil, and also make the reasonable assumption that a TLA of some government is behind this. I don't see how those go together really, unless you think it is evil for a person to support his country. How is this any different from a person paid to operate a submarine, bomber, or tank? It looks the same to me.
Firist - It only serves the purpose vs. fools that don't use up to date anti(virus/spyware) that are aware of this via their signatures db's, as well as firewalls n' other layered security measures which I noted in my posts here in this exchange, trolls or not off topic & illogical adhominem attackers though most of them are!
(Still - on those "taken advantage of" by this? Yes, there is plenty of that though as Fluffeh & I discussed here already, sometimes knowingly but mostly by those who are just not aware of or care about online security).
Their loss.
One CAN effectively "layered-security"/"defense-in-depth" protect oneself vs. this & other threats like it, like so:
http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Search
NOW, most importantly/additionally, per my subject-line above?
* HOW TO REMOVE DUQU & DETECT FOR IT (even IF you're not using updated antivirus software aware of its current builds.variations etc.):
FREE SCANNER (written in multi-platform PyThon which you would need to install the runtimes for) -> http://news.slashdot.org/story/11/11/06/0354207/open-source-tool-scans-for-duqu-drivers
REMOVAL TECHNIQUE (with tools you already own as a Windows user no less, takes 5 minutes time, TOPS):
---
1.) BOOT UP from your Windows installation media (read only environs is why) & use RECOVERY CONSOLE
2.) USE THE DISABLE COMMAND on DUQU's driverset:
DUQU KNOWN DRIVERS LIST:
jminet7.sys
cmi4432.sys
nfred965.sys
nfred965.sys
nfred965.sys
nred961.sys
adp55xx.sys
adpu321.sys
iaStor451.sys
allide1.sys
iraid18.sys
noname.sys
igdkmd16b.sys
igdkmd16b.sys
(the RC listsvc command can show not only services, but also drivers too, like those - should it add more, & they don't "look right"? Look them up on GOOGLE, & if they are not legit & this thing adds more over time (it does, that list above's larger than ones I posted last week on this)? FRY THEM, after you're SURE they're not legit drivers that is!)
3.) Once those are disabled? FIX THE BOGUS BOOTSECTOR USING RC's "FixMBR" command to clear the bootsector of this rootkit!
4.) NOW - Should this rootkit/botnet "haul in" MORE malware, & iirc, it does?
You can delete that a couple ways!
---
A.) RC DEL command
OR
B.) ProcessExplorer in usermode/Ring3/RPL 3 operations by halting infected processes (running the dll list via dll injection on the libs/dlls below), by having the DLL view list pane visible & highlighting all your running processes to check for that, OR if it hauls in just plain other badware running on its own).
DUQU DLL LIST:
netp191.PNF
netp192.pnf
cmi4432.pnf
cmi4464.pnf
netf2.pnf
netf2.PNF
netf1.PNF
netf2.PNF
iddr021.pnf
ird182.pnf
---
* DO THAT, exactly the way it's noted? This thing's HISTORY... in 3-5 minutes time, tops!
(Yes, it works... it worked for me on the allegedly "indestructable rootkit" that used hello_tt.sys a few months back for a paying client & will work on this too, provided its design like that rootkit just noted, does NOT protect its driver init. areas)
See... once those drivers are killed off in Ring 0/RPL0/kernelmode + the bootsector's cleaned? Cake to NUKE the remaining usermode malware, per the above, also! Very easy, very fast, & VERY EFFECTIVE too.
HERE ENDETH THE LESSON...
APK
P.S.=> Drivers & DLL list courtesy of SYMANTEC:
Per
This is not a Word macro. It's not even a Word bug. It's a font rendering bug IN THE KERNEL that can be triggered by anything that lets you embed a custom font. Web pages can contain custom fonts. PDF files can contain custom fonts.
Oh, they also have a properly signed driver, and they disable antivirus/antimalware.
Vs. exploits... far from it! RECENT SECURITY PROBLEMS DATA on MacOS X as of today:
http://apple.slashdot.org/story/11/11/13/2152232/mac-os-x-sandbox-security-hole-uncovered
(There's many more too over time I could post, but that's just to make a point on what my subject-line states!)
HOWEVER... imo @ least, on MacOS X, since it has more usershare/marketshare than Linux does (especially with end users that are the types for being "suckered" by a email attached word doc this thing employs, weak though that method is imo)?
MacOS X's BETTER THAN LINUX OVERALL LATELY, on security... in fact, see below, VERY current data on that note!)
IF Linux = secure, as is often said here on this site, explain this (recent verifiable data on Linux security breaches)
KERNEL.ORG COMPROMISED: (very, Very, VERY BAD - this is the sourcecode repository for Linux!)
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
Linux's showing in CA's breached recently too? Also very, Very, VERY BAD - this is SSL security oriented:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/
and
http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june
---
* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...
(Why's that, as to all of the above? LOL, we KNOW why... see my ps below!)
All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recently in those above no less) show QUITE OTHERWISE!
APK
P.S.=> Besides, here in this very thread exchange?
Well - I list a RELIABLE & PROVEN way to detect AND REMOVE Duqu, and data for its current build's drivers & libs too, here -> http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054
(YES, it works... in 3-5 minutes time tops, & with tools a Windows user already owns that are proven to "NUKE" even the worst current botnets/rootkits... easily!)
... apk
> There is nothing more dangerous than smart people without a moral compass.
That's funny, because it seems that is exactly the combination you need to be successful nowadays...
"B.) ProcessExplorer in usermode/Ring3/RPL 3 operations by halting infected processes (running the dll list via dll injection on the libs/dlls below), by having the DLL view list pane visible & highlighting all your running processes to check for that, OR if it hauls in just plain other badware running on its own)." - by Anonymous Coward on Monday November 14, @02:39AM (#38046054)
FOR THAT TO WORK - SMALL AMENDMENT I MISSED PUTTING UP REGARIND PROCESS EXPLORER USAGE:
You will use ProcessExplorer's ability to:
1.) "SUSPEND" a parent calling the bogus libs/dlls running process (that's been injected by the bogus DLL list this rootkit uses) FIRST...
2.) Then, once the calling parent fielding methods from the bogus dll's is frozen, freeze the DLL too, & then delete it on disk... done!
* Yes, folks... it is THAT simple! RC's DEL would do the job anyhow though, but I believe in being COMPLETE & ACCURATE is all... lol!
APK
P.S.=> Enjoy this method, it works vs. rootkits like this that use bogus bootsectors + drivers in a "mixed blended threat" design such as this or the hello_tt.sys "indestructible rootkit" from weeks ago!
(That is, until the idiots designing them "get wise" to the mechanics I use to destroy them & their drivers (which, afaik, to date? THESE CURRENT ROOTKITS THAT USE DRIVERS + BOGUS BOOTSECTORS DO NOT PROTECT THEIR REGISTRY DRIVER INIT/LOAD AREAS)
NOW... they do that? We probably WILL have nearly indestructable, truly indestructable, rootkits... or, you'll have to use other methods than I do is all!)
... apk
MicrosoftFixit50792.msi from http://technet.microsoft.com/en-us/security/advisory/2639658
* YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...
PLUS, want to detect for & REMOVE IT, if you have been "hit" by it? EASY & 3-5 minutes of your time, here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054
It works... & has in the past for me vs. the allegedly "indestructible rootkit" that used hello_tt.sys a few weeks/months back as well while I did it for a paying customer...
APK
P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed & antivirus tools now detect for it as well, etc./et al
... apk
RECENT SECURITY BREACHES ON LINUX LIST HERE, BAD ONES, & YOU HIT ON ONE (the worst imo):
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046154
AND, HOW TO REMOVE THIS ROOTKIT & OTHERS LIKE IT OF LIKE DESIGN WITH TOOLS WINDOWS FOLKS ALREADY HAVE IN 3-5 MINUTES TIME EASILY:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054
* Yes, it REALLY WORKS, vs. current rootkit designs that use "blended threat" tech (bogus drivers that protect bogus bootsectors etc.)... & with tools a Windows guy already owns that are free for them & work!
APK
P.S.=> Plus, MS has a FIXIT Tool already out for this thing & iirc, it was patched for LAST PATCH TUESDAY last week too, see here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046210
(Yea, these Linux puppies/penguins - Ah, when WILL they ever learn they are facing "Windows gurus" here & NOT "NOOBZ" like themselves? LOL!)
They make it just (you KNOW I gotta say it) "too, Too, TOO EASY - just '2EZ'" to get the best of them, everytime!
... apk
Of course for a defined/limited version of "success"
I'm positive, don't belive me look at my karma
I don't & automated it almost a decade ago in Delphi code, but more recently in multiplatform Python http://it.slashdot.org/comments.pl?sid=2523490&cid=38045676
* Heh, it's working "around the clock" & refreshing my HOSTS file for me, "auto-magically" every 15 minutes from a guaranteed PRISTINE temp/scratch file that is fed from 17++ reputable & reliable sources for HOSTS data vs. malware & adbanners...
(I don't raise a finger to do so, & haven't since... oh, 2002 or thereabouts?)
You're right MOST antivirus programs are aware of Duqu too, & as I noted in my other reply to you? You can REMOVE DUQU easily with tools you already own, plus, MS has FIX IT tools that cut the font problem, & patched it last tuesday too, no less (iirc).
APK
P.S.=> Thanks for the "thumbs up" though, either method works, DNS or HOSTS (preferably BOTH really & here's WHY I STATE THAT TOO)
Me? Well - I just use HOSTS as an added measure, & one NOT prone to DNS shortcomings & there ARE those (recursive mode redirects, Kaminsky bugs & the like) but... I still use DNS too, not a local one though (don't want to waste cpu cycles, ram, & other forms of I/O on it really)...
E.G.-> Yes, sure, I also use DNS (external ones, but ones "better than the usual norm" from most ISP/BSP's out there)
I.E.-> I use OpenDNS, NortonDNS, ScrubIT DNS as my external 'secured vs. malware' DNS servers (since they filter bogus known hosts/domains/sites/servers vs. malware, AND PHISHERS TOO) in my Windows IP settings for DNS in triumvirate formation, as well as in my router NAT true stateful packet inspecting LinkSys firewall hardware unit)... apk
YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...
no, it has not ... they released a "temporary fix" (besides it was qualified has a "workaround", not sure wether it means "a fix that will last a few days before we need another one" or not), but not in time to be included in November's "ms patch Tuesday". Guess it will be for next month ...
P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed
not it has not, do your homework
Besides, if it is not too much to ask, could you STOP SCREAMING (please ?)
IF U get "hit" by it? I list how 2 remove & detect for it 1st w/ a free tool here:
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054
Easily, & with tools Windows users already own, in about 3-5 minutes time taken to do so...
(Funny you omitted I posted that much too, eh? NOT!)
APK
P.S.=> As to this? LMAO, ok:
"not it has not, do your homework" - by Anonymous Coward on Monday November 14, @03:55AM (#38046366)
Ahem: I did my homework ages ago on that account...
I.E.-> I can't be "hit" by this, per this -> http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Search
That guide of mine on securing Windows uses MANY multiple "layered-security"/"defense-in-depth" security measures, that stop this type of crap for myself & many others IF FOLLOWED TO THE LETTER, for one thing!
PLUS, I am not that stupid to open Word docs from strangers (or even friends) w/out scanning them, & I have AntiVirus/AntiSpyware in place for that in MS Security Essentials, regularly updated here, too!)
Per that guide? Well... You can SEE that I try to turn others onto that too, per that guide above & for nearly 1.5 decades now online.
Soooo - "Better luck next time" in trying to "get the best of me"... lol, no small wonder you post as AC to me - you're NOT confident enough to face me with a registered "luser" name here, lol...
... apk
"The Duqu gang has an affinity for Wednesdays,"Raiu said. "They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type."
or they are just fucking with you!
It said "windows 98 or better" so I installed Linux
ANSWER = Yes. Period.
* So, take your own advice: Stop "screaming" I am wrong, when I am ANYTHING BUT, because of the fixit tool above (and the download page for it's recommendations on ZONES & EMAIL too, stopping it BEFORE IT CAN HAPPEN TO THE UNWARY USER)... period.
I also recommend similar tactics in my security guide also, no less (for "layered-security"/"defense-in-depth") also...
Additionally/Again - I figured out an EASY WAY TO REMOVE THIS ROOTKIT & OTHERS LIKE IT, in 3-5 minutes time, for Windows users!
Have you? No - you just troll, & get SHOT DOWN by the fact MS has a fix for Duqu, period, & most AntiVirus are aware of it as well & can hopefully remove it too (or there are tools for it auxillary to av programs).
APK
P.S.=> I said "iirc" on the Patch Tuesday thing in my post on it didn't I? I wasn't absolutely sure, hence the "iirc", you're just too "dim" to "pick up" on that...
See above though, lol... you made this "too, Too, TOO EASY - just '2EZ'" for me vs. the likes of an AC TROLLING fool like yourself...
... apk
Too true. On the other hand, depends how you define success.
See subject-line above, lol... says it ALL! Plus, even how to patch for Duqu? Even easier -> MicrosoftFixit50792.msi from http://technet.microsoft.com/en-us/security/advisory/2639658
* YES - That stalls it dead, & iirc, it's been PATCHED already as of that "FixIt" tool above, for the most part, & yes, it works...
Then, a FINAL fix is issued on MS Patch Tuesday upcoming as I understand that has not issued like it was supposed to this month last week!
Additionally - Most antivirus tools detect for it, & there's probably even removal tools in them (would have to work like my technique below does though imo @ least, vs. a rootkit using ring 0/rpl 0/kernelmode drivers & rogue bootsectors too)...
PLUS, want to detect for & REMOVE IT, if you have been "hit" by it? EASY & 3-5 minutes of your time, here, courtesy of "yours truly":
http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054
It works... & has in the past for me vs. the allegedly "indestructible rootkit" that used hello_tt.sys a few weeks/months back as well while I did it for a paying customer...
(Especially since these rootkits are both of "blended threat" type tech utilizing both bogus bootsectors & protective drivers, similar design in BOTH? The technique in the link above, JUST WORKS)...
APK
P.S.=> No need to thank me (lol, "pats self on back") either...
This level of "techie work" in this field? Child's Play!
Especially when compared to programming & design of applications, which is what I usually am about professionally...
... apk
how to get this Duqu worm in computer and how do you come to know that from the worm they tried to steal information on Wednesday splash12
"This account has been suspended..."
Strange, I've never seen that happen with a Slashdot link before.
Wasn't Stuxnet connected with the US government in the end? Could there be a governmental connection with Duqu as well?
QUESTION: Does the FIX IT TOOL WORK? Answer = YES. It's all that matters here, & so do the recommendations on its download page... & IT WAS RELEASED BEFORE LAST WEEK'S "PATCH TUESDAY" even!
* So, until a FINAL patch issues?? Folks DO have a WORKING FIX!
(That final patch was supposed to be ready last week, but apparently, it isn't which is WHY I wrote "iirc" on that aspect of it).
APK
P.S.=> You "barked orders" my way on "how to post" etc./et al, & IF I have a working solution, then yes - I will YELL IT FROM THE ROOFTOPS... why not?
Fact is, I suggest (but not demand OR ORDER as you seem wont to do) YOU DO THE SAME, & stop falsely saying I am "wrong" when I am completely right there's a fix for Duqu already in the FixIt Tool patch, antivirus being aware of it already, & yes, I have an easy way to remove it (& other rootkits like it that use "blended threat" tech (drivers + bogus bootsectors))...
... apk
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045884
* Enjoy CIS Tool man...
(Especially for YOUR situation YOU describe w/ TONS of users/endpoints/workstations/servers etc., to secure...!)
APK
P.S.=> I state that, because IF you're using an AD network which I assume @ least you most likely do on Windows, & have Windows Group Policies in place (where Windows EXCELS for massive amounts of user/group mgt. ala "volume mgt. tools" etc.- et al)?
(It can & will help your security situation, immensely!)
... apk
RE:"There is nothing more dangerous than smart people without a moral compass."
Yes there is,
Stupid people in large groups.
Like Democrats
Except stupid people without a moral compass that end up in congress...
Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
FATMOUSE + YOU = FATMOUSE
The US and Israel have been convicted of releasing that malware without any any proof but that has become SOP all over the world. The US and Israel get blamed for every thing that goes wrong in the world. Usually without a single piece of evidence to support the accusations. The "International Community" should not really be surprised when both the US and Israel give them the finger and recommend they fuck off and take care of their on problems for once.
If there is no god there is no such thing as morality.
Don't fool yourself, how many years have various institutions in the U.S and out of it ( like china) pushed atheism.
The reality is , if there is no god/gods/ etc. There is no intellectual basis for morality, only warm fuzzy feelings that the human mind quite capable of justifying away in the name of patriotism , profit, fun , selfishness , or whatever else turns your crack.
Thor SCHMUCK listed an app of mine as a malware, others removed it once I passed Computer Associates 21 point test for removal (which got downgraded to NO THREAT levels - that's also happened to men like Dr. Mark Russinovich on his pstools suite in the past, & Nir Sofer as well - write them, ask them, they won't deny it (Nir & myself have had LONG discussions about that bogus practice by bogus security tools vendors).
On "bogus security tool vendors"? CA is the worst... & got caught in criminal accounting scandals:
http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22Computer+Associates%22+and+%22scandal%22&btnG=Search
Later? CA SOLD OFF THEIR BOGUS PC SECURITY SUITE THAT LISTED MINE & OTHER FOLKS DECENT TOOLS AS MALWARE ALSO!
Hilarious - when I took & passed all 21 questions on their malware removal test? It should have been REMOVED totally from their list (and "Thor Schmuck" is the one who submitted my single ware to CA mind you, he's not a security researcher & doesn't have a security cert, or even a CSC degree afaik either - he's NO EXPERT!)
Clue/New News/NewsFlash: Your attempts @ adhominem attacks, illogical & off topic as they are? Shot down easily... per the above & what's next below too!
---
Jeremy Reimer? LMAO - the infamous TROLL online who is no longer allowed to write for Arstechnica & iirc, hasn't since 2007 or thereabouts??
He trolled & stalked me, off topic the ENTIRE time, & was shot down along with his "self-proclaimed expert" on EXCHANGE SERVERS (Jay Little) who literally said he was an expert on exchange no less (but didn't realize memory optimizer code techniques could UNHALT lagged or frozen Exchange Servers, which I produced Microsoft's own documentation on no less & FAR more in favor of those programs too)? Please... Reimer, since he is unqualified & incompetent in computing, later brought in a Jarrett DeAngelis as another "henchman" when Little failed miserably (& trolled + stalked me to another forums after that too @ NTCompatible.com & got BANNED for it)? StarKruzr/Jarrett DeAngelis, then a doctoral candidate @ Notre Dame ENDED UP AGREEING WITH A GOOD 99% OF WHAT I STATED IN FAVOR OF MEMORY OPTIMIZERS & other things technical too!
Was hilarious! Reimer's pal Waarheid also was caught posting @ Windows IT Pro forums as Veritas... just Reimer doing it himself no doubt, after impersonating myself on his own puny forum nobody goes to, mind you, which he HAD TO ADMIT TO, under his ISP & law enforcement forcing it... lol!
He's TRULY, pitiful.
Reimer impersonated me on his forums, admitted to it, & also tried to impersonate Mr. Martin Meszaros who denounced he @ Windows IT Pro forums for it via email posted there, mind you... Reimer then posted libelous photos of myself he did edited to 'discredit me' only ending up looking like a childish fool there... he also email harassed me repeatedly & when his ISP Shaw of Canada put he on a tracking ticket, along w/ a det. Felton of Vancouver BC got ahold of him? He stopped... COLD!
(Was the BEST & FUNNIEST part of all)...
APK
P.S.=> You CAN verify that here, easily -> http://www.windowsitpro.com/article/internals-and-architecture/the-memory-optimization-hoax#feedbackAnchor
See unlike yourself? I use REPUTABLE SOURCES & valid concrete verifiable documentations... unlike impersonations of myself & libelers of myself like Jeremy Reimer & arstechnica bullshit (I even caught them impersonating me there, editing my posts, & postings as alternate registered account guises to do so in GOD & MWNH (Man with No head, more like MAN WITH NO BALLS, lol) using the SAME EMAIL ACCOUNT to do so... they're pitiful, just like you!
... apk
http://it.slashdot.org/comments.pl?sid=2523490&cid=38047978
And it shot him down in flames, and it has many times over the years now... no denying documented evidence to THAT either, lol!
---
* Too bad you have to "EAT YOUR WORDS" on a fix that did issue BEFORE "Patch Tuesday" last week as well (though it was slated to do so then, but didn't)!
(Yes - you're CLEARLY just "loathe to admit it" that you are WRONG & it does work... Plus your avoiding my question, which I did answer for you on it? Priceless... simply because the fix DOES actually work vs. Duqu!)
I also figured out an easy free way for Windows users to remove it with tools they already possess... have you, off topic troll? No!
APK
P.S.=> As to my being "the best troll ever"? No, it's more like I blow away TROLLS like yourself, illogical adhominem attacks & all as I have through this thread's replies directed MY WAY!
(Especially on HOSTS files, where my naysayer detractor trolls are left with nothing more than said adhominem attacks mind you, vs. disproving my points on them)...
Trolls like yourself & others here? Highly amusing & thanks to them?? I actually LOOK GOOD here!
Then again, a man's strength is judged by that of his enemies, & mine here with illogical adhominem attacks only vs. facts I posted? Not very strong... lol!
As to my being "the best troll ever"? No, it's more like I blow away TROLLS like yourself, & your illogical adhominem attacks!
... apk
Plus numerous other proofs from others there in that very exchange, & on arstechnica/Jeremy Reimer/Jay Little/Jarrett DeAngelis-StarKruzr + Computer Associates & Thor Schmuck's libeling myself, impersonating & stalking me, and far MORE reprehensible behaviours on THEIR parts?
Please, lol: My last post covers that too, with concrete, verifiable, reliable information from news sources, other software authors whose wares had them libeled thus as well!
(E.G.-> Nir Sofer & Dr. Mark Russinovich as well over time (pstools & more)) have had themselves libeled thus as well calling their wares malware too, like mine was (downgraded to ZERO threat levels in a single app of mine I have done online over time in about 40 of them total)).
* HOWEVER/Lastly - I look @ "the bright side of things" - It truly appears I am in "good company" though in those 2 @ least, especially vs. AC troll "ne'er-do-wells" such as yourself, lol...
APK
P.S.=> You don't realize one thing - I have my bases covered vs. illogical off topic adhominem attack spewing trolling trash like yourself online, & with facts, not your fictions... so, "Read 'em & Weep" -> http://it.slashdot.org/comments.pl?sid=2523490&cid=38047978 on ALL accounts noted above, vs. your attempted off topic illogical adhominem attacks on myself...
U FAIL, troll... & this? Man, I just GOTTA say it, as-is-per-my "usual style" vs. trolling trash like yourself that attempts to discredit myself?
This? This was ALL just "too, Too, TOO EASY - just '2EZ'"
... apk
Your off topic illogical ac trolling means something by comparison? Give us a break and take your meds and go back to your hole, troll.
Seriously off topic illogical adhominem attack using troll? Playing with youself? I know you are all about no-adhominem attacks. Thor SCHMUCK is exactly that: He's no expert, no security researcher with certs in it, no degrees in CSC either etc. (he's a schmuck, plain & simple).
Lastly - No matter what Reimer writes, it's all derivative drivel garbage, just like his BLATANTLY PLAGIARIZED HISTORY OF THE GUI vs. Doug Englebart's work before it
ON his "Scribblings" that nobody but his "private playpen" @ arstechnica will put up (he writes for no reputable technical sites)?
WELL... last time I looked, that goof hadn't written a thing since 1997 & arstechnica was practically CRYING & BEGGING Users not block ads, because it was getting authors there FIRED:
E.G.-> ----
An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM
http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars
"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."
and
"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"
Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!
----
On Reimer though? What a JOKE!
He is an undereducated in the Computer Sciences wannabe, no certs or degrees in them, & FAR from an "authority" on anything technical in computing, & this post proved that much easily -> http://it.slashdot.org/comments.pl?sid=2523490&cid=38047978 which is WHY he brought in Jay Little (shot down on Exchange server lol) & Jarrett DeAngelis/StarKruzr (a then doctoral candidate @ Notre Dame in those days who ended up agreeing with a good 99% of my technical points there).
You KNOW you've dusted a FOOL like Reimer, easily too, when he resorts to making libelous edited photos of yourself, impersonating you on his websites to defame you or try to (he was caught in it & HAD TO ADMIT IT, lol), email harasses you and gets put on ISP tracking tickets + having the law cool his jets on that & more (to which he BACKED OFF & admitted impersonating me publicly as well)... & far more bogus behavior from that little cowardly scumbag.
That's not adhominem attacks pointing out facts mind you, it's not libel when it's truth either.
Ask Reimer why after SO MANY YEARS "married" (to a stripper for Pete's sake who looks like she's an oriental mail order bride paid for & all, lol) WHY HE HAS NO KIDS?
Is his so-called childless marriage just a "cover up" for his TRUE "nature" (gay, lol) or does he need a dose of viagra to do his 'homework' on the wife? LMAO...
APK
P.S.=> You can "shy away" from facts in that thread, ones backed by MS' own documentation on Exchange Server especially (but there is tons more too), & evidences of Jeremy Reimer the trolling scumbag's wrongdoings too!
Stuff like stalking me there off topic the entire time, trolling myself there @ Windows IT Pro off topic the ENTIRE time, only to have:
1.) Large porti
I think my company needs to be aware of this and take proper precautions.
All computers should be turned off all day Wednesday to prevent Duqu stealing information.
As a computer programmer- I especially like the sound of this preventative measure.
"That's the way to do it" - Punch
...The "International Community" should not really be surprised when both the US and Israel give them the finger and recommend they fuck off and take care of their on problems for once.
And the world would instantly become a better place. Seriously.
That's not a real comment, it was just an excuse for the guy to plug the URL of his (now terminated, presumably for spamming) website.
To be fair, it's hard to dispute that it wasn't Israeli code with significant US assistance. But I haven't really seen anybody "convicting" them over it.
I thought Stuxnet was a master stroke. Disrupt someone's nuclear capability as effectively as bombing, but without any collateral damage and covertly enough that they can't link it to you solidly enough to consider it an act of war.
Genius, IMHO.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Sounds like a great premise for a future Bond movie! Not saying it's not real, just that there's room for a script in your concept too..
They aren't so stupid if they keep ending up in congress and do reasonably well for themselves and those they care about.
If the voters like to vote for people who seem stupid, the even the smart ones will pretend to be stupid if they want to keep getting elected.
obviously Duqu was written by ultraterrestrials.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
"hard to dispute"
Why? What magical insight do you possess that can support this opinion? By the time the phrase "hard to dispute" multiplies and mutates across the Internet millions of times people start thinking of it as a factual statement when it was only someones unsupported opinion. The Internet was supposed to be this great medium for spreading information but instead it's turned into the biggest bullshit spreader ever invented. There is no "true and false" or "right and wrong" anymore there is only "my side and your side" and that's what will end up destroying everything.
I can't wait for the day you get your wish. Seriously.
Not many people are aware of this, but anti-virus companies actively ignore the naming hints that malware writers suggest for their creations. This decision was made in sometime in the 90s and was for the purpose of not giving the satisfaction to virus writers. It is almost certain therefore that 'Duqu' is a name entirely of the choosing of the anti-virus industry and has nothing to do with anything inside this particular malware.
The reference to the Dexter, however, does seem to be an Easter egg from the malware writers (of course they personalize their code somehow if they spend this many months writing it - it'd be weird to expect no such references).
(Wikipedia and its citations)
You were doing well until you went off on some weird tangent about factual relativism. Not sure where that came from. All "hard to dispute" means is that it's not easy to dispute - not that it can't be done. But there is significant evidence that nation-states were involved, and the propensity of evidence suggests two nation-states in particular.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
I have no doubt there were nation state security agencies involved. Groups like ANonymos or Lulz don't even come close to having the capabilites to do something like this. To build and deploy Stuxnet required in-depth knowledge of the PLC systems and centrifuge technical data, 2 valid security certs that were stolen from 2 different companies located in Japan, physical access to get the memory stick into a very secure environment, 2 0-day exploits, and very sophisticated engineers and programmers. The facilities where the memory sticks were first deployed used a 3rd party Russian company who had the contract and access to the systems infected. Siemens, the PLC manufacturer, is a German corporation and would be in the best position to provide in-de[th technical information on their products, and to top it off a sizable amount of money would have been required to pull this off. There are numerous countries with the necessary engineering resources. There are also a lot of countries who have a motive to sabotage the Iranian nuclear program. Some of the Wiki-leaks documents revealed even a number of middle eastern countries had been asking for US help to stop the Iranian program for years. The US and/or Israel "could" have been the ones responsible but there is no definitive evidence that can prove this.
The "hard to dispute" was a mistake on my part. the statement claimed that it is hard to dispute that the US or Israel are the guilty parties which I interpreted as someone saying the US or Israel definitely did it but we can't actually prove it.
The general moral principle making the distinction here is the "no personal stake" rule. From the bible, the established principle is that almost any crime (but specifically stealing and killing) is forgivable under the following condition : the perpetrator cannot have any stake, either financially, socially, politically, or whatever, in the crime, and there is no reasonable option to avoid the crime.
This is how e.g. police authority works in the western world : a police officer is paid to stand between perpetrators and a victims. If he decides to shoot a suspect (who is nothing but a suspect at this point), he can only do so if the intent is to protect others and nothing more than protect others. If self-interest is involved, even tangentially, it's murder. Note also that this crime is only forgiven : it is *NOT* morally OK to shoot anyone, no matter how horrible the crime he was committing, or how few options the killer had. It is merely forgiveable, in the sense that there are no consequences. Anyone is free to act as a police officer under the same set of rules (if that's what it takes to prevent him from pressing a bomb-belt button, you will be forgiven for breaking the neck of a terrorist in court, or even shooting the guy point-blank. You will however get judged on this action).
You see how this rule would apply here ? You get to hack around for others' gain, but not for your own, not even indirectly : being "paid" to hack others in your employer's intrest is wrong (which is why "white hat" hackers are OK : it's perfectly allright to hack your employer, or even your customers, if they so desire). These hackers are in clear violation of that principle.
(btw. the reason this is a good dividing line is that it's brilliant in it's simplicity. E.g. islam uses the principle for police authority that the state has the right to kill anyone for any reason, in war or peace, without needing an excuse or even an explanation. They do not even consider themselves to have the duty to inform next-of-kin or anyone. If a "muslim court" (which is a very nebulous concept, e.g. most terror organisations justify themselves partially like this, without any outside authority) decides to do something, they quite literally send a mob to kill you, and throw your body in the nearest ditch. This is how it worked 1500 years ago, and in a lot of places, this is how it works today)
Never underestimate the power of stupid people in large groups.
And indeed economics confirms that being the sole "smart" person in a group of stupid people is not nearly as smart as you'd think :
A Darwinian enigma (generally, following the group is the wisest course of action, almost regardless of how stupid it is)
That's of course why atheism works : it's a double standard.
It's mathematical equivalent is to demand cooperation in the prisoner's dilemma, yet fail to cooperate yourself. It is inherently destructive behavior which will end once the default switches. When, by default, people refuse to help each other, atheism will wither and die. And every "convert" to atheism brings that day closer.
All of what you claim to require is available for dollars (or yen, as it was in Japan apparently - didn't know that).
You know which organisation would by far have the easiest time doing this ? Siemens itself. Anyone on this list, for example :
Siemen's management
If they think it their duty to be responsible, stuxnet may be part of that, no ? Then again, it's a corporation ... I don't know.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. This has led to the confused notion that you can't be good without also being religious, something that would be quite frightening if it were true. Consider the number of atheists, agnostics, and people with a very dim understanding of the faiths they profess to follow who inhabit the world. It would be far worse than it is if these were all completely lacking in any moral sense. No, one can be brought up as a kind, considerate, and conscientious man, even though he lacks any sort of deep faith. I think this is obvious; truly, have you never met such people?
It's also important to understand that not all faith regards moral laws as being of prime significance. Christianity, for one, is actually not a legalistic faith at all, in that it does not view the relationship of faith and law as being causational. I can demonstrate this by quoting from the New Testament. For example, those who haven't heard the Teaching may have a conscience:
Or, more amusingly, faith does not make the devil good:
And it can go the other way: conscience can precede faith. The famous Swiss theologian, Karl Barth, became a Christian because of the revulsion he felt at the end of the Second World War when he learned in full of all the evils of that dreadful conflict. He asked himself about the source of this moral revulsion. Why did he feel appalled when he learned about the massacres and the concentration camps? Why did he feel that these things were evil? He reasoned that if there is evil, then there must be a contrast: good. How could you realize that you're in the dark if you had never seen light? Barth reasoned that his revulsion was the result of a moral sense that had been implanted in him by his maker—God. It's part of the firmware, you might say.
I think we're living in a society that is in the process of breaking down, and the increasing immorality we see around us is just one of the signs of this. You see, the firmware can be overwritten. It can be erased by peer pressure, by poor or inadequate guidance from parents and teachers, by cultural values reinforced in the "media". In fact, if you've ever raised children, you get to observe first-hand that the firmware isn't booted at birth: it is supposed to be triggered by growing up in a supportive environment that provides good examples, that reinforces good deeds, and corrects out-of-bounds behavior. This society no longer provides such an environment. And that will be fatal: massive bad behavior leads to complete social catalysis. There's a reason why the code was written that way.
Great men are almost always bad men--Lord Acton's Corollary
http://it.slashdot.org/comments.pl?sid=2523490&cid=38045576
APK
Well I did claim significant amounts of money was required for this project. And if any corporation was involved I doubt the plan was presented to the board of directors for a vote. It only takes one person to breech corporate internal security and gain access to any information they need. This is were the money can make the biggest difference.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. [...]
I never said otherwise... and reading your well-thought-out post, I see we already think alike on this subject.
I am one of those Camus-style thinkers who, on seeing that in our world "All is permitted" (Camus quoting Machievelli), develops a moral code and takes it seriously, even though "in reason, there is no reason to", as they say.
And yes, I'm aware of Rand's credible effort to rationally derive a moral code, which is entirely correct yet can't (to my satisfaction) answer the free-rider problem.
FATMOUSE + YOU = FATMOUSE
True - but the same limit applies to any kind of security. It only takes 1 guy.
What amazed me is how security is treated. The office of the chairman of the european comission is highly restricted. Only a few guards, and 2 or 3 officials have access. Requests for access are almost never approved ...
Oh ... and of course the cleaning company has access. The one that dispatches the housekeeper.
Usually commercial corporations and most non-security related government agencies rely on simple but thorough background checks to fulfill their due diligence when it comes to security. But that doesn't mean a person with a squeaky clean background and high level security clearance won't change their mind for the right amount of money. I still find internal corporate security measures weak and practically useless for a determined person. There are only a very small handful of corporations I have worked for that took internal security seriously and these corporations were mainly defense contractors.
I don't think that developing a new moral code is either helpful or necessary; I'm not even convinced that it's possible. I don't think that our problem is a lack a of moral rules, nor that it can be solved by philosophers sitting around and thinking up better ones. I fear that our society has simply become one in which evil is tolerated and encouraged, and where the things that are valued are, in fact, worthless. To cite just one relatively trivial example, the adulation of "celebrities" is foolish and morally destructive. These "celebrities" (essentially, people who are famous for being well-known) are held up as examples. So silly people think that celebrities are important, and want to become like them. Yet the behavior of these "ideals" is often abominable (and, at best, mindless). What kind of society has ideals such as these? We've already discussed another example: the definition of "success" in our society, which amounts to "make more money, buy more toys, step on anyone who gets in your way, and live like there is no tomorrow."
From what you said earlier, it seemed to me that you think our old ethics have somehow become outdated. I don't think that's the case. What is outdated about "love thy neighbor?" Or, for that matter, "Love thy enemy?" Is forgiveness outdated? But you are clearly a thoughtful person; I don't think you meant to say this. I think perhaps you were lamenting the fact that it is more difficult to convince people to be good in these deteriorating times because our old educational methods—such as invoking God The Punisher— no longer work. There may be some truth in this—I suppose there are always people who behave well because they fear being punished. To that I say: we should never have relied on such methods in the first place! (No, I'm not silly enough to think that everyone will behave well if they are liberated from false God-derived fear: such people must, regrettably, be made to fear the lawful authorities.)
I think that neither moral rules nor judicial laws are really needed for a person to be ethical. Ethics does not, at least in my view, require a logical justification, nor does it require a set of either rules or laws. What kind of person has to riffle through a rule book before he can decide on a right action in the moral dilemma that he faces? I can't imagine anyone doing this—except maybe for an autist who is trying to stay out of trouble. Ethics is a matter of character; it has to do with the innate nature and quality of a person.
Being good is often hard, but it hasn't changed over the ages. To discover ethical guidance, look into yourself; read what is "written on your heart". Once you have done this, then the hardest part comes: doing what is right. No, it's not simple; no, all people will not agree on what is right in every instance. But just because it is not simple does not mean that it is false.
Thank you for your thoughtful remarks; you've made me think about these issues.
Great men are almost always bad men--Lord Acton's Corollary