Carnegie Mellon Denies FBI Paid For Tor-Breaking Research

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"

So...

[Irate+Engineer]

...what was the $1 million for? What did the taxpayers get out this?

Re:So...

[msauve]

"what was the $1 million for? What did the taxpayers get out this?"

I'm thinking Astroglide. You can figure out the rest.

Re:So...

[MyAlternateID]

...what was the $1 million for? What did the taxpayers get out this?

I bet it would have cost them a lot less than $1 million to hire a lawyer and at least make even the most feeble effort to resist this subpoena.

Re:So...

Same thing they always "get out of this": screwed.

Re: So...

I'm sure they already have all the lawyers they need on the payroll - it's likely the advice was just hand it over or prepare to lube up.

Re:So...

[arth1]

I bet it would have cost them a lot less than $1 million to hire a lawyer

You're talking at least one meeting with the client, research, a letter, a follow-up, an expense account, and preparation fees for itemized billing. Yeah, this shouldn't have cost more than half a million going through a reputable lawyer. Or a unicorn-riding leprechaun.

Labor

So, when gathering the info, they technically provided free labor to the FBI in doing so, right? Even if it's just pointing them to the correct paperwork.

Re:Labor

[MyAlternateID]

So, when gathering the info, they technically provided free labor to the FBI in doing so, right? Even if it's just pointing them to the correct paperwork.

They probably compared the cost of said free labor, against the cost of being penalized for failure to comply with a subpoena, and decided that the former was much cheaper than the latter.

In the "land of the free" of course.

Re:Labor

[arth1]

In the "land of the free" of course.

Don't forget "home of the brave". The brave thing to do is of course to say "yes, sir, how high, sir?"
What's the current definitions of "free" and "brave" again?

It might be better if we just went back to the original lyrics. "to entwine the myrtle of Venus with Bacchus' vine" seems like a much more achievable sentiment.

Re:Labor

what do you expect from the nation of would sell out their neighbour for a cheeseburger

Re:Labor

So, when gathering the info, they technically provided free labor to the FBI in doing so, right? Even if it's just pointing them to the correct paperwork.

They probably compared the cost of said free labor, against the cost of being penalized for failure to comply with a subpoena, and decided that the former was much cheaper than the latter.

  They forgot to add.. "Not your personal army!"

In the "land of the free" of course.

Re: Labor

A mans gotta eat

Weasel Words

"Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder."

Now if that word "direct" had not been there I would have a little more faith.

As well know , there are hundreds of ways to indirectly pay for stuff...... "Hey here's some money for your sports team", "hey here's some money for your building funds", etc etc etc etc etc

Re:Weasel Words

[tylerni7]

The Software Engineering Institute is a Federally Funded Research and Development Center (FFRDC), similar to places like Los Alamos, Sandia, or Lincoln Labs. So yes, they certainly receive funding from the government, and that probably includes funding from the FBI.

It sounds like what they are saying is that they were doing general research on Tor as part of their normal research activities. Funding for this, like all other research they do as an FFRDC, comes from the federal government in some form. So yes, indirectly I'm sure the government paid for the research, but that does not seem shocking.

All in all, it's hard to understand what all the fuss is about for this, it seems pretty much in line with the goals of an FFRDC to do this type of research.

Re:Weasel Words

[rsborg]

"Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder."

Now if that word "direct" had not been there I would have a little more faith.

As well know , there are hundreds of ways to indirectly pay for stuff...... "Hey here's some money for your sports team", "hey here's some money for your building funds", etc etc etc etc etc

You forgot government grants. As the government gets more corporatized (even the good "public servants" are just less corrupt), you sure as hell can bet that the grant proposal/acceptance process can become part of the corruption (oh, look CMU - such nice grants proposals you have there ... )

Re:Weasel Words

[AntiSol]

Mr. Burns: I see. Well, I- ...Oh, that reminds me, it is time for your annual contribution. How much should I give?
Male Admissions Officer: Well frankly, test scores like Larry's would merit a very generous donation. A score of 400 would require new football uniforms. 300 would require a new dormitory. And in Larry's case? We'd need an international airport.
Female Admissions Officer: Yale could use an international airport, Mr. Burns.

Re:Weasel Words

[msauve]

As well know , there are hundreds of ways to indirectly pay for stuff...... "Hey here's some money for your sports team", "hey here's some money for your building funds", etc etc etc etc etc

"Here's $1MM of additional grant money to extend your work on breaking onion routing."

Re:Weasel Words

[phantomfive]

We've already seen that companies 'doing business' with the NSA have been prohibited from talking about it. In other words, they may have been threatened by the government (even with jail time) if they reveal their connections to the NSA.

Re:Weasel Words

All in all, it's hard to understand what all the fuss is about for this, it seems pretty much in line with the goals of an FFRDC to do this type of research.

What doesn't seem in line is the the way the research was "disappeared."

As for the debate of "direct" funding, I read it as "halt the disclosure or FBI will see to it that future funding is cut." Reminded me of the way they fucked over Qwest back before 9/11 by halting a bunch of unrelated classified contracts after Qwest refused to participate in a meta-data program.

Re:Weasel Words

Why does it matter if they use the word, "direct"? PR can lie so what difference does it make, esp. legally?

Re:Weasel Words

Here's some money for your foundation Hillary, don't mind we abuse and mistreat women in our own country. -The Saudis

Re:Weasel Words

[mSparks43]

Most likely the person writing the report is annoyed at having to lie. And this is their way of making it obvious.

Re:Weasel Words

[DirkDaring]

It says: "'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"
Right, no funding for compliance to the subpoena. If they got paid for doing any work isn't even a part of the sentence.

Re:Weasel Words

Disclaimer, I work for the US DoD. I have no inside knowledge of Tor

The FBI is actually cash strapped like any (every) other US agency. Since Tor was created by NRL (Navy Research Lab), it would be much cheaper and easier for them to talk DoJ to DoD than to do external research. If they were trying to "crack" it, $1M isn't a lot when you're talking about PhD's for an effort. My guess is if this did occur, someone at the FBI wasn't cleared or was ignorant to what the NSA (or FBI intelligence) was doing in this same vein* and paid for another (i.e. reinvention of the wheel) attempt at looking into Tor with year end excess funds or similar. Sadly, this happens more often than it should. It's not always a waste (sometimes researcher B finds something researcher A missed, or the funding from he first effort was pulled leaving the work unfinished and the second attempt completes to reveal something useful, etc.)

*-- I have no knowledge of what the NSA is actively working on, but I guarantee someone somewhere in NSA HQ is sponsoring / working on this.

Re:Weasel Words

[Coren22]

Here's $1MM

Did you fail in science class? Or is that supposed to stand for $1 mega million?

Re:Weasel Words

[freeze128]

I think it means one dollar's worth of m&m's....

Re:Weasel Words

[msauve]

No, "M" is ambiguous with regard to currency. It could stand for Million, or Mega, or the traditional accounting measure of 1000, from the roman numeral. MM is unambiguous, in addition to being a common abbreviation for million (thousand-thousand) in accounting.

There, you can tell your classmates you learned something today. Now go back to class.

Re:Weasel Words

[freeze128]

Why in the world would anyone use Roman Numerals in this day and age? Do you know what year this is? It's MMXV for God's sake!

Re:Weasel Words

[msauve]

They're not Roman numerals, but come from them. The Roman numeral MM would be 2000, and $1MM isn't a Roman numeral at all. Additionally, SI prefixes are always properly separated from the number with a space (1 km), while in accounting no space is used ($1MM).

Re:Weasel Words

[Coren22]

In recent years people started using k to denote 1000? What kind of drivel is that? Only if 1799 is recent...
http://physics.nist.gov/cuu/Un...

M for Mega or Million has been used for a very long time. MM only makes sense in Roman times, who the hell uses M to denote 1000 besides the Romans? Do you often mix Roman Numerals and Latin Numerals in the same sentence? Also, since when is MM equal to M multiplied by M instead of M plus M as Roman numerals work? MM is 2000, not 1,000,000.

Re:Weasel Words

[msauve]

Do you understand that there's a difference between accounting and science? Were you aware that the USD ($) is not an SI unit?

Re:Weasel Words

[Zero__Kelvin]

This is how intelligent people state to other intelligent people that they indeed received indirect funding. Don't worry; nobody expected you to pick up on it.

Re:Weasel Words

[mshieh]

"Hey here's some money for your sports team"

Your main point has merit, but this particular one cracks me up.

I think I've had one discussion ever regarding our sports teams, and it was from someone who was a member of a rival div iii football team.

Re:Weasel Words

Why go the bribe way when simply simply calling up the Dean, and say: "That's a nice research institute you got there. Pity if something were to happen to it..."
Does no one remember Joe Nacchio, former CEO of QWEST and his reluctance to jump when the NSA told him to?

Re: Weasel Words

Did you fail asshat class? No, apparently not.

They did it for free

The FBI first said it was innacurate they had paid 1 million USd. To which we could only conclude that they paid some other amount.
Now this... so Carnegie Mellon did it for free?

Re:They did it for free

They did it for free, and nobody got beaten up.

Liars

[Etherwalk]

"hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...

So they have received indirect payments or have received direct payments from non-government funders.

That's like when the Bush administration found "dozens of weapons of mass destruction related program activities" in Iraq, but no actual WMDs.

Re:Liars

[Frobnicator]

"hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...

So they have received indirect payments or have received direct payments from non-government funders.

Yes, that is exactly true. I'm assuming you didn't read the actual statement by the school.

It begins: "Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues."

So there you go, a blatant admission to an indirect payment. The government did not say "We will pay you to develop this specific technology" which would have been direct. The government told that lab, and many more, "Here is money to research this type of technology generally", and the lab happened to fund that project among many others, yielding an indirect payment. What most people probably didn't expect, the lab included, was that they would get a subpoena demanding the research.

While the tin-foil hat may be necessary elsewhere, no need for it here. The lab has always openly admitted to the indirect funding from federal grants. In their research papers, and in fact in the vast majority of university research papers, there is a line about the grants funding the lab. That is a non-secret.

Re:Liars

[Etherwalk]

Yes, I saw the wired statement first, which is more weasely, but the point stands--it is not an effective denial because it's not a statement as to what exactly happened. It is a non-statement that has gone through a communications office and/or legal counsel so that it ends up not saying anything. No sane reader would believe it as a denial, because it's not one. Of course that *could* be incompetence and stupidity, but why assume incompetence and stupidity when you're dealing with a high-quality engineering school accused of helping mass surveillance efforts?

Re:Liars

[stephanruby]

Besides, everybody knows that it's the NSA that pays for this type of research, not the FBI.

Most likely, the NSA didn't want to share the core technology, so the FBI just ripped off the NSA by going after its minions.

Re:Liars

[Zero__Kelvin]

It is a very effective "denial" if its intent was to state that CMU received indirect funding. In other words, it was not a denial, but a clarification of how they received the funding, to wit, indirectly.

translation:

Someone got paid without administration getting in on the goods.

Wording is quite telling.

[user+no.+590291]

No direct payment.

Wouldn't fool a 1st-year philosophy student

[ZipK]

CMU's statement is so full of non-denials and red herrings that a first-year philosophy student wouldn't be fooled.

So what?

Assuming it improves the security of projects like Tor and isn't weaponized* in the extreme, we _want_ smart people doing this research.

* If the research is made public, the FBI and others have the same access as everyone else, and given their resources, they're likely to act on e.g. vulnerabilities before they're fixed and eliminated from the wild.

Inexpensive aquisition of intellectual property

[John.Banister]

I wonder what other research the government also subpoenas - perhaps that of the aircraft manufacturer who had a nifty idea but whose bid didn't get the job?

Re:Inexpensive aquisition of intellectual property

[Actually,+I+do+RTFA]

Well, subpoena's don't change intellectual property rights, so I'm not 100% sure how that would be relevant.

Re:Inexpensive aquisition of intellectual property

[John.Banister]

So, if the FBI subpoena's Carnegie-Mellon's research, Carnegie-Mellon gets to set the price they charge for the use of their software? That could be a sweet deal, since the university knows in advance that they have a captive audience.

Carnegie Mellon = fucking punks

[PopeRatzo]

Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique

I guess they couldn't be bothered to say "no" to the FBI. A "subpoena" does not over-ride intellectual property rights. With all the money Carnegie Mellon has, they might have at least put up a little fight.

But the fact is that this is not the first time that Carnegie Mellon has done work for the government against the public interest.

Re:Carnegie Mellon = fucking punks

But the fact is that this is not the first time that Carnegie Mellon has done work for the government against the public interest.

Genuinely interested: what other instances are you talking about? any chance you could link to more information about this?

Re:Carnegie Mellon = fucking punks

[PopeRatzo]

Carnegie Mellon is one of the biggest academic military contractors in the US. They've been developing surveillance tools for the NSA for decades, as well as developing weapons for the purpose of "crowd control" and other aspects of domestic policing..

Look at this article, and when you read the word "cybersecurity" be aware that it's being used as a synonym for "surveillance".

https://thetartan.org/2015/8/3...

https://books.google.com/books...

Re:Carnegie Mellon = fucking punks

[Anonymous+Cow+Ward]

What are the software IP rights with regards to a federally-funded academic institution? The Software Engineering Institute at Carnegie Mellon is a Federally Funded Research and Development Center (FFRDC), which means grant money, which means conditions on what they can do with their research results.

I still agree with you that they should have fought it more, and it's definitely against the public interest, but I don't know if an IP tactic would have worked.

all this "we can/can't surveille terrorist attcks"

sh*z is getting to be too much. a silly falacy, a made-up issue.

terrorism works in the new days just as it did in the old days - spy against spy; trying to strike when least unexpected. seems the only thing that's changed is that some countries may know/intelligence an attack against some other country, then decide to -not- let them know, as some sort of b.s. strategic locally-political/economic advantage. (after the fact, pretend you knew nothing, and couldn't possibly have, unless you already had "X-Y-Z" in your lawfully-legal arsenal, which was already being dipped into - but can't be admitted lawfully as evidence in the current "this side of fascist" state of a country...)

the fbi didn't need "carnivores" (as they were so quaintly referred to once) to psych out 9-11; it took a bush to pronounce an intelligence report titled "bin laden to strike within the u.s." as "alright, you covered your ass" to make it plain and simple... the old spy-work works best, and doesn't usually need so much encryption-backdoors to make effective. eyes are being too distracted by the shiny and new, and not paying attention to the old tried-and-true ways that will never fail.

Re:all this "we can/can't surveille terrorist attc

and for that matter, don't get me started on the "ps4's are encrypted" b.s... the nsa's getting really pathetic, and begging the question why they even have a reason to exist in the first place. what the -eff- are you people doing there? if you can't provide any intel better than the effing cia, then maybe we'd better de-budget you, along with every weapons-manufacturer on the payola.

"DIRECT" payment

[frnic]

Watch for weasel words...

Re:all this "we can/can't surveille terrorist attc

also "the phones found contained encrypted messages with the content xxxyyyzzz". if it was encrypted, how the fuck did they open up the content.

for the law enforcement folk everything not just regular sms is encrypted.. never mind if it is or not. and there's plenty of reasons why one would not use sms - the high cost of international messaging would be one!

Anonymous accusation

[gourmetbum]

The whole $1 million payment accusation comes from "sources in the information security community". That's a hell of accusation to put out there, damaging a school's reputation, without anyone willing to stand up behind it.

Re:Anonymous accusation

Oh yeah, because the USG would totally not recommend killing someone or coerce someone to file false charges against them for being a responsible non-anonymous wistleblower.

Re:Anonymous accusation

[Zero__Kelvin]

That may well be, but it has been confirmed by a representative of the CMU SEI that the accusation was essentially true, and that CMU received funding for the purpose. That funding was paid indirectly, rather than directly.

This smells to me...

[surfdaddy]

...like a carefully worded statement designed to be strictly factually correct to remove the stink from CMU, but that there is probably mostly truth in the original story. Just the wording of their statement seems so carefully selected that you just know the reality is that they did do it, but not exactly the way they are defending their selves. So they can sound innocent when they probably are not.

It's in the wording...

"hadn’t received any direct payment"

direct? How about an INdirect payment?

Police State Lapdog

[ThatsNotPudding]

All in all, it's hard to understand what all the fuss is about for this, it seems pretty much in line with the goals of an FFRDC to do this type of research.

Yes, all they did was merely destroy the trustfulness of the CERT process to warn EVERYONE of vulnerabilities in software, instead of delightedly handing it over to the descendants of J Edgar Hoover and not bothering to tell the software maintainers anything. This is the main point; the million pieces of silver were just added insult.

$1M or not $1M here is the important bit

[ramriot]

OK lets accept for not that CMU did not receive payment for their data and that they only gave up their data upon subpoena, it really was just icing to the real issue. That of the un-ethical disclosure of peoples private data resulting in an indirect FBI evidential fishing exercise, which is allowed in discovery unless the evidential collection is prompted (hence the $1) which would render it 'fruit of the poisoned three' and why there is perhaps so much emphasis being placed upon payment.

Remember this, any entity involved in security research or even just a business can be subpoenaed for their data and required by law to not disclose the fact of the request. Further, resisting such requests can lead to extended legal difficulties; just ask Ladar Levison ( https://en.wikipedia.org/wiki/... ).

So what CMU did wrong here (if current evidence is correct) was to collect and keep significant personal information as a result of their 'Research', which is incompatible with what security research is about. If there had been an Ethical Review Board of the ongoing CMU research this should have been noticed and changes made.

Thus, what could CMU have done.

* They could have set up an internal Review Board to review the ethical, legal and other issues of such research {they admit they did not}
*They could have designed the data collection part of their exploit to anonymize data such that connection inferences can be made without disclosing actual IP addresses ( simply make a salted hash of each IP address ) {they did not}.
* They could have limited collection to just what was needed to prove the exploit and then shut it down {they did not}, instead they ran it for over 3 months.
* Upon proving the method they could have immediately followed responsible disclosure and briefed TOR group {they did not}
* If the research was launched initially by an FBI request or similar, they should have taken legal advice and realised that they could not do this ethically or follow the above and thus NOT agreed to do it {Clearly if so, they failed}

So in closing take note, in the current legal and criminal climate DON'T collect and store unnecessary information unless you can prove that you can protect it from disclosure in untargeted extralegal ways, lest you and your establishment end up be in hot water ( see Sony, Ashley Madison, CMU, NSA etc etc)

Tor Project making things up

Seems the Tor Project have a lot to answer for slandering a research institution and making facts up.

Re:Exactamundo... apk

[Coren22]

Yes, we all think you really are that fucking stupid. You can't read the 10 or so comments just above yours where they detail that the Software Engineering Institute is federally funded, and so quite literally, the research was indirectly funded because it was federally funded.. Heck, that response was like 45 minutes before yours.

Indirect Payment

[mschaffer]

Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder.

Ok. So I guess they received indirect payments for doing this?

Coren22's "greatest hits" fails #1/5... apk

"Apk doesn't think DNS servers are worth running & believes Microsoft Active Directory can run w/out DNS." - by Coren22 (1625475) on Tuesday October 27, 2015

Where'd I say it? Show us. I say AD needs internal DNS far back as 2007 http://forums.tweaktown.com/wi...

See "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers" there on OpenDNS free (I use it) + AD in my security guide.

+ how to migrate hosts across a LAN (admin/scripts not GPO)-> http://slashdot.org/comments.p...

---

I'm RIGHT on admin priv + hosts (WFP/SFP)!

"figured out why privilege escalation's a bad thing?" - by Coren22 on Tuesday September 22, 2015

How else can I programmatically update hosts itself?

---

"it requires elevation to write hosts" - by Coren22 (1625475) on Wednesday September 23, 2015

Hypocrite later admits it!

Even MalwareBytes AntiMalware DEMANDS it or it can't do a job fully like many security tools!

---

"Needing admin privileges every time a program updates is poor design" - by Coren22 (1625475) on Tuesday November 10, 2015

Mine doesn't to get new data to update hosts vs. threats. Only hosts itself updates need it vs. WFP/SFP. Users set it too. It's not programmatic impersonation.

---

"90's tech to fight modern war" - by Coren22 (1625475) on Tuesday November 10, 2015

Ozymandias/Watchmen per a namesake:

"I resolved to apply antiquities teachings" (hosts) "to our world today & began my path to conquest - Conquest not of men but of the evils that beset them: Fossil Fuels (antispyware), Oil (antivir), Nuclear Power (addons) are like a drug & you gentlemen along w/ foreign interests are the pushers"

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

Oliver Day (Symantec) too-> http://www.securityfocus.com/c...

MalwareBytes' hpHosts' Admin hosts+recommends APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

P.S.=> Con't. in #2/5... apk

Coren22's "greatest hits" fails #2/5... apk

"I guess we should avoid your crap, it looks like it is marked as malware. Good luck getting that removed." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)

62 sources of good repute show + /. users say otherwise:

Proven safe by 57 antivirus programs in its 64-bit model https://www.virustotal.com/en/...

+

Same for the 32-bit model https://www.virustotal.com/en/...

&

Per VirScan its installer too -> http://f.virscan.org/APKHostsF...

---

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news... /.'ers say my work is good too:

"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10, 2015 @03:34PM (#50287195)

"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015 @03:57PM (#50489401)

"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015 @11:30AM (#50736071)

"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg (948359) on Friday September 25, 2015 @09:57AM (#50596461)

---

You tried using Computer Associates antivirus that I overturned on false positives (1/8 over time) were caught in ACCOUNTING SCANDALS FRAUD http://www.bing.com/search?q=c...

Reputable source (not): They had to sell off their PC security suite too (crap too) LOWERING the 'threat level' on THAT program (not my hosts file engine) TO ZERO!

* YOU ARE WRONG ON EVERY ACCOUNT NOTED!

APK

P.S.=> Con't in part #3/5... apk

Coren22's "greatest hits" fails #3/5... apk

"Virus scanners/Adblock software don't need admin priv to update" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

Neither does my program. AV does to remove threats - Adblock addons = Vastly INFERIOR in abilities + efficiency vs. hosts as I proved & no one proved me wrong to date!

---

"your software does" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

No, hosts do due to WFP/SFP - Intake update of new hosts data doesn't!

---

"won't reveal your source code" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I don't owe you it. I don't give away work to be stolen by others so it's misused like GOOGLE CHROME http://it.slashdot.org/story/1...

---

"What's stopping you from pointing my bank's web site at your private server?" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I don't keep a server. Security guru (not - you create no ware for security & your forensics skills = non-existent): Put it in a VM, trace it using process monitor + wireshark to prove it (don't need code)!

---

"the possibility of being caught, which would be pretty hard to catch w/ such a large hosts file, as no one can go through it manually." - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I place hardcoded fav sites @ top of hosts for speed & reliabilty - you'd spot it easily & bulk of hosts is sorted blocked known bad threats.

---

"What are you going to do when Windows gets rid of the hosts file completely?" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

Hasn't happened!

---

"They have already taken steps to make it useless in Windows 10." - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

It works there!

Telemetry tracking's killing 10 by itself: Win10 = Win8 = flops - who're you fooling other than yourself?

APK

P.S.=> Con't. in #4/5... apk

Coren22's "greatest hits" fails #4/5... apk

Coren22 'eats his words' vs. me 2x yet again:

"introduces risk you are relying on a 3rd party to update a hosts file potentially opening you up to MITM attacks" - by Coren22 (1625475) on Tuesday November 17, 2015

How can my program do it?

Only things it puts in as non-blocking IP addy to hostnames is ones users give it as their favs to speed up @ the TOP of hosts REVERSE DNS VERIFIED!

(For more speed, & reliability + security - in RAM as 1st resolver queried = faster & more secure vs. remote DNS w/ all its security issues in Kaminsky flaw, DNSChanger malware IP stack settings, routers bushwhacked in DNS settings, rogue DNS, Open DNS servers abused by malware. It aids in reliability vs. redirects).

YOU'D SPOT IT INSTANTLY AS THEY ARE @ TOP OF CUSTOM HOSTS & can easily edit anything you want out of it!

(Rest = known bad sites from 10 reputable security community sites for blocking - the MAJORITY of what's in my hosts files!)

---

"maybe one day you can get a score 5 comment" - by Coren22 (1625475) on Tuesday November 17, 2015

See subject & ~ 12 +5 upmods making you "eat your words" vs. me (1st one: You tried using what I post there against me to FAIL):

+5 'modded up' posts by "yours truly" (11):

http://news.slashdot.org/comme...
http://tech.slashdot.org/comme...
http://news.slashdot.org/comme...
http://science.slashdot.org/co...
http://tech.slashdot.org/comme...
http://hardware.slashdot.org/c...
http://news.slashdot.org/comme...
http://news.slashdot.org/comme...
http://hardware.slashdot.org/c...
http://yro.slashdot.org/commen...
http://yro.slashdot.org/commen...

"You believe you are getting the better of me" - by Coren22 (1625475) on Tuesday November 17, 2015

YOU GOT THE BEST OF YOURSELF in tech fails & lies about me. Your immature signatures about me SCREAM you're butthurt! You did it to yourself.

APK

P.S.=> Con't. in #5/5... apk

Coren22's "greatest hits" fails #5/5... apk

"defame me saying things he knows aren't true - by Coren22 (1625475) on Wednesday November 04, 2015

Hypocrite You're projecting & your signatures do the rest.

"the feeling of icky his software - by Coren22 (1625475) on Wednesday November 04, 2015

I show /.'ers say differently by quoted testimonials - Show us you've done better: YOU can't!

"maybe someone will think they are true - by Coren22 (1625475) on Wednesday November 04, 2015

Quotes of you = true - & You can't keep your word + projecting what YOU do (AD/DNS lie).

"I don't have time for the Troll APK, and refuse to respond anymore to a post signed APK" - by Coren22 (1625475) on Tuesday November 03, 2015

I protect users speeding them up, helping reliability, & security + anonymity online w/ more ability & efficiency than ANY 1 solution doing more w/ less - do you? No.

"I should change my signature again to rile him up more." - by Coren22 (1625475) on Tuesday November 03, 2015

Childish sigs = all you've got!

"I refuted his assertions - by Coren22 (1625475) on Wednesday November 04, 2015

&

"You claim I have never proved you wrong...a flat out lie." - by Coren22 on Monday November 16, 2015

&

"I proved you wrong on numerous occasions" - by Coren22 on Monday November 16, 2015

Where & on what tech? "Cat got your tongue"??

"written in shitty Delphi, "How to secure Windows" docs I could have written in my sleep when I was 20" - by Coren22 on Monday November 16, 2016

You're 30++ & haven't done either!

Show you've done MORE vs.a small partial list of mine & better, + earlier:

http://slashdot.org/comments.p...

THEN talk vs. TALKING OUT YOUR ASS!

CIS Tool took fixes from me http://slashdot.org/comments.p... which you doubted & my layered security guides got me paid http://pcpitstop.com/news/winn... MILLIONS use.

APK

P.S.=>

"I never admit you were right" - by Coren22 (1625475) on Tuesday November 10, 2015

You PROVED I am... apk

My point is subterfuge wording... apk

On the word "directly" (that's a 'red flag' in & of itself) & others made points that are important on that note seconding me, along w/ the guy I replied to - put it THIS way: There's a ZILLION & 1++ ways to 'wash money clean'... happens all the time.

By the way: YOU have to STILL "face the music" here -> http://slashdot.org/comments.p... AND HERE -> http://slashdot.org/comments.p...

Where I FINALLY have you cornered & on specifics (only some of what's in your 'greatest hits fails lists' mind you) - so don't YOU, of all people, DARE to call ME 'stupid', stupid... you're already "eating your words" there & you've seen what I am capable of exhausting you, your sockpuppets (MyAlternateID) & fellow trolls of your modpoints... once that happened?

YOU HAD TO FACE UP TO ME DIRECTLY, finally!

APK

P.S.=> That's where you FINALLY got the balls together but failed badly anyhow... do you aspies have trouble reading? Seems it - like you take things way, Way, WAY too literal & don't finish reading things in their entirety (you'll see when you get there & I also posted EXACTLY how I use dns, not internal, but external (OpenDNS in combination with hosts & why))... apk

CMU Not Done Yet

CMU u got some 'splainin' to do!