Slashdot Mirror

← Back to Stories (view on slashdot.org)

FinSpy Commercial Spyware Abused By Governments

Posted by Soulskill on from the you-can-trust-us dept.

plover writes "The NY Times has a story about FinSpy, a commercial spyware package sold 'only for law enforcement purposes,' being used by governments to spy on dissidents, journalists, and others. Two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world. 'The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones. But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.'"

60 of 87 comments (clear)

  1. *insert fake surprise here* by JustAnotherIdiot · · Score: 5, Insightful

    Seriously, you give an infant a toy, they're not going to listen to how you tell them to play with it.

    --
    What do I know, I'm just an idiot, right?
    1. Re:*insert fake surprise here* by Tackhead · · Score: 4, Insightful

      "Whenever a controversial law is proposed, and its supporters, when confronted with an egregious abuse it would permit, use a phrase along the lines of 'Perhaps in theory, but the law would never be applied in that way' - they're lying. They intend to use the law that way as early and as often as possible.

      Meringuoid's Law, Nov 24, 2005.

      Seriously, you give an infant a toy, they're not going to listen to how you tell them to play with it.

      Think of it from Dad's viewpoint: the Dad who buys his newborn son a new power drill and fishing gear, and a set of Lego Mindstorms for his first birthday. The kid may not be interested in carpentry, angling, or robotics, but Dad sure loves the excuse to go shopping!

    2. Re:*insert fake surprise here* by Anonymous Coward · · Score: 1

      "The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes"...........

      Really? Like Sub7 used to do back in 1998?

    3. Re:*insert fake surprise here* by b00py · · Score: 1

      What fun would it be, then? I am curious as to how this works out with Antivirus groups/companies/researchers. My paranoia says there's definitely potential in having a government funded application purposely ignored by a antivirus companies engine (if company is based in the same country). Common sense says these will mostly be all "build and burn" jobs, constantly reshaping a needle for the haystack.

    4. Re:*insert fake surprise here* by Anonymous Coward · · Score: 1

      I could not find any evidence on the internet that it takes over iphones, and given the security structure of iOS and how it limits multitasking to certain scenarios, I fail to see how it could. evidence or it didn't happen.

      You honestly believe that spyware developers selling products to Governments would somehow not write spyware for arguably the most popular mobile device on the fucking planet?

      I can't quite tell if your logic is being baffled by a cloud of ignorance or a mountain of bullshit.

    5. Re:*insert fake surprise here* by Anonymous Coward · · Score: 1

      Duh, Apple doesn't have security issues because they are better.

    6. Re:*insert fake surprise here* by interval1066 · · Score: 1

      ...given the security structure of iOS and how it limits multitasking to certain scenario...

      And Macs don't get viruses I suppose...

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  2. Paywall by Anonymous Coward · · Score: 5, Insightful

    STOP linking to articles that are behind paywalls!

    1. Re:Paywall by betterunixthanunix · · Score: 2, Informative

      https://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html?_r=1&ref=technology

      Disable Javascript and you should have no trouble accessing this article.

      --
      Palm trees and 8
    2. Re:Paywall by Anonymous Coward · · Score: 5, Funny

      You tried to read the article?

      BURN THE HERETIC!

    3. Re:Paywall by Larry_Dillon · · Score: 1

      Use this link instead:

      http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html?_r=1

      --
      Competition Good, Monopoly Bad.
    4. Re:Paywall by Taco+Cowboy · · Score: 1

      http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html?_r=1&adxnnl=1&adxnnlx=1346426124-tpUipAjgoKkvdqCAOV2KyQ

      Thank you !!

      --
      Muchas Gracias, Señor Edward Snowden !
  3. Obligatory question by Anonymous Coward · · Score: 5, Funny

    Does it run on Linux?

    1. Re:Obligatory question by awrowe · · Score: 1

      Runs on Android and iOS, so it would seem it works on some forms of *nix yeah. *blink*

      --
      A.I. Research. The peculiar science in which we know the question and we know the answer, but can't show the working
    2. Re:Obligatory question by Anonymous Coward · · Score: 2, Informative

      According to there sales brochure, yes it runs on Linux and Mac

      http://wikileaks.org/spyfiles/files/0/289_GAMMA-201110-FinSpy.pdf

    3. Re:Obligatory question by Yvan256 · · Score: 1

      That's it, I'm switching to Haiku. And if that doesn't work, I'm getting my CoCo3 from the attic.

  4. Unpossible! by Anonymous Coward · · Score: 4, Insightful

    Police abusing their authority and spying on the people they swore to protect? I'm shocked. Shocked!

  5. Law enforcement only? by tomhath · · Score: 1

    sold 'only for law enforcement purposes,'

    Yea, sure. But presumably anyone can buy it (I didn't read the article for obvious reasons)

    1. Re:Law enforcement only? by jesseck · · Score: 1

      sold 'only for law enforcement purposes,'

      Yea, sure. But presumably anyone can buy it (I didn't read the article for obvious reasons)

      You also need to realize... "law enforcement" is what it is being use for. Just because a "law" seems unjust to us doesn't make it less legal in another place. Dissidents are breaking their government's law, and as such, the software is only being use for "law enforcement".

      I don't agree with the abuse of this software, and it should be tightly regulated. However, the "law is in the eye of the beholder" (or pocketbooks of the rich), and it is that view that allows FinSpy's developers to sleep at night. Those Syrian Dissidents are breaking the law- how dare they use a computer for it!

    2. Re:Law enforcement only? by aurispector · · Score: 1

      Just imagine any such technology in the hands of the worst, most repressive government. That's the acid test.

      --
      I have mod points. The reign of terror begins now.
  6. Long time concern by IndustrialComplex · · Score: 5, Insightful

    It has always concerned me the loopholes which you know are being abused.

    Sure, the government isn't 'legally' allowed to spy on citizens without following the Constitution. But that doesn't hold for 3rd Parties. Nor does it hold true for other governments.

    Oh the government didn't conduct the surveillance, it just purchased the already performed surveillance dataset from 'Private Investigation Company XYZ'. See, it was the private company that did the spying, not the government. The data wasn't only spy data, it was also available to be sold to marketing firms, so it isn't just a shell for the government, the government just happens to buy from them. A lot.

    I'm also really curious to know about the whole 'sharing' of intelligence data.

    Sure, our intelligence agencies aren't 'supposed' to spy on US citizens, but they can spy on UK citizens. And the UK agencies ARE spying on the US citizens. So when that data package from the UK agencies is shared with the US agencies, it's just a convenient benefit. The US agencies didn't technically do anything to perform the spying, they just benefit from it.

    I'm sure I'm being paranoid, but it doesn't even require maliciousness on behalf of the agencies. It just requires people who try really hard to do their jobs. Something that is technically legal can be immoral, unethical, evil, oppressive, and counter-productive... but technically legal is still legal.

    --
    Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    1. Re:Long time concern by Type44Q · · Score: 1

      Sure, the government isn't 'legally' allowed to spy on citizens without following the Constitution. But that doesn't hold for 3rd Parties. Nor does it hold true for other governments.

      It hasn't held true for our own, either.

  7. I don't believe the creators did anything special by fustakrakich · · Score: 1

    They just told Kaspersky Lab, Symantec, F-Secure and others to back off and let it through. Wouldn't be the first time.

    --
    “He’s not deformed, he’s just drunk!”
  8. URL by Penurious+Penguin · · Score: 1, Informative

    http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html?_r=1&adxnnl=1&adxnnlx=1346426124-tpUipAjgoKkvdqCAOV2KyQ

    I think this is the missing link.

    --
    Forward! -- Emperor Norton, 2012
    1. Re:URL by Penurious+Penguin · · Score: 1

      Odd; when I first clicked the link it gave an error and asked for credentials. Now, it is working fine.

      --
      Forward! -- Emperor Norton, 2012
  9. Confirms what Everybody already knows... by dryriver · · Score: 1

    ... that governments around the world are spying on their citizens... because... well... because they can. Also because a small number of unscrupulous IT companies keeps churning out digital tools that are made solely to spy on people. ---- IMHO this practice needs to stop. People should pay nnnn Dollar for smartphones and computer gear, and be safe in the knowledge that they are NOT spied on when they use these gadgets. -------- Its sad, just sad that governments, instead of being on the side of people, increasingly see people as ORGANIC DATA GENERATORS.---- The more data you can collect on people, the better, these people think. ----- Once again, this is a sad, sad picture. The practice of spying on people casually needs to stop!

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  10. Are you guys stupid? by Anonymous Coward · · Score: 1

    So, we designed software to catch criminals.

    Other people have different laws that we do. Some of the things we declare to be legal, they consider to be crimes.

    You are surprised that the software we designed to catch our criminals also catches the people they declare to be criminals? Just because we think they are not criminals, somehow that gives you the right to be offended?

    If you want to be offended that other countries don't give their citizens the right to free speech and to protest, go ahead.

    But complaining that they are using police software to catch people they consider to be criminals is just stupid.

    You also know that other countries consider it illegal to own a gun right? And that our software help them catch people illegally buying guns - even if it is for home protection?

    Also, in other countries it is legal to use pot, but our government uses software to look for pot sellers?

    Be offended at the laws, not the software usage.

    1. Re:Are you guys stupid? by Sectoid_Dev · · Score: 1

      Because Mr LEO would never watch skype traffic between a husband and wife who are separated and missing each other.
      Or just between a couple of freaky horny teenagers.
      Because nobody would ever do such a thing, right?

  11. How else Govt to get their p0rn.... by realsilly · · Score: 1

    In the guise of law enforcement, the govt can get their p0rn fix more readily.

    Laws Smaws!

    --
    Life takes interesting turns, but the most interest is when you're off the beaten path.
  12. Blatantly Missing Information by Fantasio · · Score: 2

    How can I detect that I am infected with FinSpy !

    1. Re:Blatantly Missing Information by Anonymous Coward · · Score: 1

      Late at night you will get a knock on your door...

  13. Finspy Promotional Videos by Penurious+Penguin · · Score: 4, Informative

    Two promotional videos of these pricks and their man-in-the-middle wares:
    http://www.youtube.com/watch?v=qc8i7C659FU&NR=1&feature=endscreen
    https://www.youtube.com/watch?v=Dejw2G83Moo
    The animation and general rascality of it always make me grin.

    --
    Forward! -- Emperor Norton, 2012
    1. Re:Finspy Promotional Videos by Penurious+Penguin · · Score: 3, Informative

      And another: https://www.youtube.com/watch?v=gDdASftllr4&feature=related

      --
      Forward! -- Emperor Norton, 2012
    2. Re:Finspy Promotional Videos by Penurious+Penguin · · Score: 2, Informative

      The last video I could find (perhaps the "best" too): https://www.youtube.com/watch?v=OvrmQg4NEL8&feature=related

      That music, ...Wankers!

      --
      Forward! -- Emperor Norton, 2012
  14. Yes by betterunixthanunix · · Score: 1

    Google around a bit, you'll see this mentioned. I have not yet found any information about what that attack vector is or how to defend against it, although I suspect that locking your system down with SELinux/AppArmor and using sandboxes to open attachments (even from people you trust -- what if their computer is infected?) will mitigate the threat somewhat.

    The moral of the story is this: dissidents should airgap any system they use for sensitive/secret material.

    --
    Palm trees and 8
    1. Re:Yes by __aaeihw9960 · · Score: 5, Insightful

      The moral of the story is this: dissidents should airgap any system they use for sensitive/secret material.

      I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.

      Is it wrong that this exists? Probably. Are you naive for believing that these types of tools aren't used every day? Absolutely.

    2. Re:Yes by girlintraining · · Score: 4, Informative

      I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.

      You say that like it's easy for anyone to pick up the tools of the trade. It isn't. There's tor, proxies, networking protocols, you need to understand RF fields, propagation, you need to be able to do an inventory of every electronic item you possess, you need to understand the differences between PKI and symetric key encryption, and how, if, and whether encryption provides plausible deniability or not. You need to understand Tempest -- how devices can radiate RF (and thus, information) on an otherwise perfectly secured system. You also need to understand how malware operates, how to detect it... and not only do you need all this understanding and technical expertise, but the equipment required to create a sterile lab environment from which to test, assemble, and validate your builds.

      Large corporations have problems getting this right because it's so complicated. Major world governments have screwed up. Actuall, all of them have. This is not just a simple matter of "spray and wipe down". Stop being so condescending, like it's just a simple matter. It's not -- not for you, not for them, not for anyone. And you can't go it alone. It's too complex for one person to navigate without making at least one mistake.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:Yes by __aaeihw9960 · · Score: 2
      I wasn't trying to be condescending. I do apologize - the intertweb does not lend itself to tone interpretation. What I was implying is that when folks get busted, they are surprised. When a malware/spyware/happy-fun-go-go-timeware is discovered that has the ability to spy on you, people are surprised. What I was trying to say is that most people, reporters, rebels, dissidents, Joe down the street, VASTLY underestimate what is possible. For some reason most people WANT to believe that this is possible, but most DON'T actually believe it.

      You are correct, staying truly anonymous and maintaining that anonymity is fucking hard. Staying clean in the Wild-Wild-Web is also fucking hard if you have to frequent bad-guy hangouts. BUT, if you have dirt, and I mean world-changing, put your ass in jail forever/disappear you in the night style dirt, it would be in your best interest to start learning those tools of the trade, or to find someone who already knows.

      I apologize, the tone was lighthearted, I assure you. My message wasn't that it is easy. My message is simply that many people who are found out, and prosecuted for their on-line activities are rarely able to say that they did all they could to stay anonymous.

    4. Re:Yes by girlintraining · · Score: 1

      Thanks for stepping up. It's rare to see that online. Unfortunately, condescending attitudes are a dime a dozen online. Things people would never say in person they do with gusto online, because they're small people in real life, and so they need to emotionally abuse strangers to feel better. Anyway, fair enough. I personally wish more IT professionals would do what I do. I have a homebrew install disc of winxp and win7 (all versions of each) that installs a slew of antivirus, antimalware, firewall, etc., on their systems. It installs a browser to a restricted account and uses the 'runas' functionality to call it so it can't see any of the user's actual files. I have scripts to harden the file permissions, install and configure tor, setup noscript and other goodies for Firefox, etc. All told, about 50 odd programs and patches get loaded.

      Then I sit down and spend a few hours explaining to them how to use each item and why it's there. I let them make choices about whether or not to use auto-updating software, how to safely download and check files, etc. Now, most of them call me for weeks on end after because they forgot what I told them, or broke something because it wasn't configured in the expected way, but I'm okay with helping them -- remote desktop and VNC are my friends.

      But then, most people on slashdot, as the internet at large, don't believe in social responsibility. They're happy to point at the victim and say "ha ha, sucks to be you."

      --
      #fuckbeta #iamslashdot #dicemustdie
    5. Re:Yes by s.petry · · Score: 2

      The moral of the story is this: dissidents should airgap any system they use for sensitive/secret material.

      What about the Free journalists in countries like the USA where they should not be considered "dissidents"? Perhaps this was just an oversight on your part. In the USA, many Journalists are called dissidents by US Government Agencies (CIA/DHS/TSA) but that is not correct constitutionally.

      I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.

      Is it wrong that this exists? Probably. Are you naive for believing that these types of tools aren't used every day? Absolutely.

      As with my comment above, there is a danger in suggesting that _all_ journalists are dissidents, and that _any_ or _all_ Governments should be actively fighting against free journalism. In the last 50 years in the US, we have lost the wisdom of JFK. The full text can be found here in both edited and unedited form. Before you claim "but but conspiracy blah blah" go read the full fucking speech you lazy pricks! (not to be interpreted as the poster I'm responding to)

      This deadly challenge imposes upon our society two requirements of direct concern both to the press and to the President–two requirements that may seem almost contradictory in tone, but which must be reconciled and fulfilled if we are to meet this national peril.I refer, first, to the need for a far greater public information; and, second, to the need for far greater official secrecy.

      The very word “secrecy” is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and to secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it. Even today, there is little value in opposing the threat of a closed society by imitating its arbitrary restrictions. Even today, there is little value in insuring the survival of our nation if our traditions do not survive with it. And there is very grave danger that an announced need for increased security will be seized upon by those anxious to expand its meaning to the very limits of official censorship and concealment. That I do not intend to permit to the extent that it is in my control. And no official of my Administration, whether his rank is high or low, civilian or military, should interpret my words here tonight as an excuse to censor the news, to stifle dissent, to cover up our mistakes or to withhold from the press and the public the facts they deserve to know.

      But I do ask every publisher, every editor, and every newsman in the nation to reexamine his own standards, and to recognize the nature of our country’s peril. In time of war, the government and the press have customarily joined in an effort based largely on self-discipline, to prevent unauthorized disclosures to the enemy. In time of “clear and present danger,” the courts have held that even the privileged rights of the First Amendment must yield to the public’s need for national security.

      I have added some emphasis on key items for consideration. We are beyond simply censoring news, we now have the NY Post sending stories pre-editor to CIA for preview. We now have media claiming racism on any criticism of Politics (hell, even Rush Limbaugh went off on that one today).

      I implore you to read the full speech and keep things in context. Evaluate where we have gone in the last 50 years, inductive reason should tell you that it has not been forward. To claim "no sense in fighting technology" is an ignorant stance suggesting we should all just say fuckit and stop being free.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    6. Re:Yes by RevSpaminator · · Score: 2

      "What about the Free journalists in countries like the USA where they should not be considered "dissidents"? Perhaps this was just an oversight on your part. In the USA, many Journalists are called dissidents by US Government Agencies (CIA/DHS/TSA) but that is not correct constitutionally." - Silly hippie, free speech is one step away from godless communism and definitely an un-American activity.

    7. Re:Yes by s.petry · · Score: 1

      You should put a :) or something after your post so people don't think you are a peon working for an agenda and propagating such a Philosophy.

      Well, maybe you are.. hell, I don't know..

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    8. Re:Yes by __aaeihw9960 · · Score: 1

      I'm pretty well educated in on-line security, and my critical thinking skills have taught me how to avoid the bad people. I made a conscious choice to look at the things I do on-line, and realized that even if I'm being tracked, all 'they' are going to see is one really bored human who browses weird things. So, in my life, the inconvenience of many steps is outweighs the benefits for privacy (For example, I have a stupidly low bandwidth cap and obscenely high latency with my satellite internet connection, so a VPN is right out). I've been mulling this over for a week now, and I'll bite -

      1. Why do you do that?

      2. What type of people do you do that for?

      3. What are the programs and in what order do they load (unless you get paid to do that. . . . then I understand if you don't want to list them off).

      4. And again, what's the goal? Is it user safety for people you know? Clients? Family (to avoid the inevitable 'my computer's running slow, I bet it's that foxfire thing you put on there' conversation)? Why do you do these things?

    9. Re:Yes by girlintraining · · Score: 1

      > 1. Why do you do that?

      Because it's my civic responsibility to teach others how to be safe in a world they don't fully understand.

      > 2. What type of people do you do that for?

      Friends, family, and anyone that's a part of their social network, etc. A large part of it is referrals and reputation. People know me by reputation and my connections, and my willingness to teach.

      > 3. What are the programs and in what order do they load (unless you get paid to do that. . . . then I understand if you don't want to list them off).

      Varies by person, but most usually I show up with a harddrive on day 1, connect it to the computer, and make a full backup, then compress it and give it to them as a restore DVD/bluray, or on a flash drive. There are scripts once that completes to automatically load in a VM session, update all the scanners, and run them sequentially, generating log files, screen shots, etc. Because of the amount of time each individual scanner takes to run, and that they can't (unfortunately) be parallelized, I usually return the following day, as it takes about 12-16 hours to run everything.

      I usually install Firefox with a bevy of plugins like noscript, proxy switchers, cookie and LSO managers, etc. I do not care much for which ones are used -- as long as they are under current development. Then followup with spybot, malware antibytes, and avast, though again, I'm constantly reviewing and testing various products. My only requirements is that the 'realtime scanner' be disabled (and stay disabled), that it doesn't come with intrusive advertising or 'phone home' components -- in other words, it does what it says on the tin and that's it. I also install Comodo firewall because it's one of the few that are free and offer fine-grained control over outgoing connections. I have my own registry patches and such to preconfigure applications.

      Then comes the hard part: User education. I usually spend 2--4 hours with printouts and stuff I've made explaining to them how it all works, why it is setup the way it is, and how to use the tools in a day to day fashion.

      > 4. And again, what's the goal? Is it user safety for people you know? Clients? Family (to avoid the inevitable 'my computer's running slow, I bet it's that foxfire thing you put on there' conversation)? Why do you do these things?

      The goal is to create an environment where people can be safe, secure, and have privacy online -- a task that becomes more difficult as more middlemen pile into the fold with visions of becoming rich by screwing over their fellow man. I suppose you could say my ultimate goal is to make exploitation of people's digital lives unprofitable, since making it illegal is out of the question in a country like the one I live in where money makes laws, instead of people.

      --
      #fuckbeta #iamslashdot #dicemustdie
  15. Re:I don't believe the creators did anything speci by zlives · · Score: 1

    also what does the uk/us govt do with the installation backdoor to the other govt's data....

  16. Re:I don't believe the creators did anything speci by fustakrakich · · Score: 1

    That happens in meatspace when undercover cops bump into each other. Hilarity ensues.

    --
    “He’s not deformed, he’s just drunk!”
  17. Problem? What problem? by interval1066 · · Score: 3, Funny

    Contractor/Vendor: "Here is a hammer. Its use for driving nails. YOU MAY NOT use it to murder people. Understand? No murdering."
    Government: "Ok. No murdering."

    Frankly, I don't see the problem.

    --
    Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    1. Re:Problem? What problem? by Anonymous Coward · · Score: 1

      Contractor/Vendor: "Here is a hammer. Its use for driving nails. YOU MAY NOT use it to murder people. Understand? No murdering."
      Government: "Ok. No murdering."

      Citizen: "I have protection from self-incrimination."
      Government: Slams hammer on citizen's fingers. "You're lucky you're not dead."

  18. Since Slashdot was once "News for Nerds"... by couchslug · · Score: 2

    Let's mention ways around such threats:

    Boot from a live Linux CD/DVD (preferable as they are read-only, with some specialty exceptions) or USB key/CF card/other flash media.

    Do your business, and your "innocent" Windows drive is untouched. Surf only "wholesome" sites on Windows and create a convincing alternate identity.

    MAC spoofing is easy and there is plenty of info on it.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    1. Re:Since Slashdot was once "News for Nerds"... by Anonymous Coward · · Score: 1

      There is no way to realistically prevent the USA government from tracking you on the internet if you are inside the USA. SSL doesn't matter.

      Only a VPN that doesn't use DNS for certificate validation with IPSec would be trusted.

      Folks will tell us to use Tor or a DNS tunneling solution to have privacy - they are leaving out critical information. Tor alone is not enough.

      Using MS-Windows on the internet is stupid. It doesn't matter which websites you visit. Even trusted websites are cracked or their ad networks are cracked, so there isn't any viable way to use MS-Windows. If you talk with security researchers, they say it takes about 2 weeks to find a zero day exploit in any version of MS-Windows. There is no shortage.

      OSX and Linux probably aren't really any safer, those are simply smaller targets. For now, they are really safer in the wild, but only for that reason. Android will be attacked more than any other OS next, purely due to market share and the sensative nature of the information on the devices.

      Using a read-only boot device is good advice, but the lack of convenience stops me. I do use an ISO to boot into a virtual machine for banking, but if my hostOS is compromised, every guestOS probably is too.

      If you have any OS on the internet, be certain there is outbound connection filtering and inbound connection filtering by a good firewall. A home router firewall is not much protection, though it is better than nothing. If you don't believe me, enable iptables to block all unrequested inbound traffic and look at the hundreds of connection attempts from advertising networks that pass right through the router firewall, but are blocked by iptables.

      Most people, including so-called "techies" don't understand the real level of threats from everywhere - government, evil people AND corporations.

  19. Mic/cam by jones_supa · · Score: 1

    The internal microphone and camera of laptops can be too easily enabled (and silently without you knowing it). Typically you don't need them all the time anyway. There should be a clear on/off switch for them in every laptop, just like you have for WiFi.

    1. Re:Mic/cam by Penurious+Penguin · · Score: 1

      To mute the microphone, an audio or mic jack is great. Just clip off the wire and voilà; a virtual analog off-switch. For the cam, there aint nothin' like ducktape or even better, an icepick.
      Also, there are hardly ever hardware switches for wifi or sound anymore -- and not for the last 5 years so far as I've observed. It's all software switches now, which as you might imagine, has caused compatibility issues here and there. Yep, I'm all for breaking the circuit directly, but the designers aren't :(

      --
      Forward! -- Emperor Norton, 2012
  20. Re:I don't believe the creators did anything speci by zlives · · Score: 1

    and now I have the benny hill song running through my head... thanks a lot :)

  21. Abused? Hardly. by J'raxis · · Score: 1

    It's being used exactly as designed, not "abused." In most of these places "abusing" the software, spying on dissidents falls well within "law enforcement" as defined there. What, the creators expected it only to be used to enforce laws they agree with?

    And by the way, spying on dissidents is something the noble, enlightened U.S. Government does regularly---and it falls well within their legal "law enforcement" powers, too. Oh, you thought only the evil countries do that?

    --
    Liberty in your lifetime
  22. Quis Custodies.. by Tokolosh · · Score: 1

    Citizens should be using this to keep tabs on their government. This use is covered by the 2nd Amendment.

    --
    Prove anything by multiplying Huge Number times Tiny Number
  23. So how do you detect/remove this nasty? by HangingChad · · Score: 1

    There has to be some way to get this crap off a computer.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:So how do you detect/remove this nasty? by fm6 · · Score: 1

      You wish! Sometimes the only way to expunge malware is to wipe the disk and start over. I've had to do it myself a couple times.

  24. Re:When will this get hacked? by hypnosec · · Score: 1

    Well it seems that one of their servers has been hacked. I guess it has started already!!!

  25. Windows Only .. by dgharmon · · Score: 1

    I tried running it and got this error msg: Library MFC42.DLL (which is needed by "C:\\Program Files\\Software Informer\\softinfo.exe") not found ..

    --
    AccountKiller
  26. Anti Anti-virus required? by neither_geek_nor_ner · · Score: 1

    The latest upgrade of NortonMobile https://play.google.com/store/apps/details?id=com.symantec.mobilesecurity&hl=en does the same. Its enough to scare anybody who has even the slightest idea what it means. Anti-virus vendors working on behalf of the Law?