Who would buy the data People who want to collect this information but can't do so legally. I'm thinking along the same lines as FBI illegal domestic HP wiretap Enron scandal something what.
and for what purpose? That varies by subject.
The primary opposing argument to privacy is when people begin registering domain names as "George Ballcup" and then using those domains to host trojans.
If people think they're secure enough to be able to maintain a domain name then they should provide some reliable contact information.
Some of the more obvious ones are While I agree, in principle, I still feel that people with such problems obviously have much larger concerns than registering a domain name. It's a matter of priorities.
I think recent (the last decade) legislation has shown that Congress is hardly qualified to make that kind of determination Congress has a long history of attempting to give itself powers outside of its jurisdiction such as "Act of 1820, commonly called the Missouri Compromise". The DMCA is what happens when the SCOTUS doesn't impose those limitations for a century or more.
At one point the 76service development/trial server was located at an ISP in Atlanta, Georgia, USA, the same city where SecureWorks is headquartered. A few days later, they moved to a server that appears to be located in the American Midwest (Texas, Oklahoma, or Kansas), but the server's IP address is in a block assigned to a company in Tampa, Florida, USA. They will likely move again soon. A google search on 76service shows this page.
route 65.254.48.0/20 Proxy registered route object GNAXNET NET 65 254 32 0 1 GNAXNET NET 65 254 48 0 1 Global Net Access, LLC 55 Marietta St, NW Suite 1720 Atlanta, GA 30303 and
as3595 AS GNAXNET AS Global Net Access, LLC 1100 White Street Atlanta, GA 30310 Who ran the Undernet's atlanta.ga.us.undernet.org server? Who worked for GNAX?
The law professors wouldn't want to risk their careers and personal lives on it. If the RIAA can afford to mount these kinds of campaigns they could probably afford a few smear campaigns to keep the academics in check--nobody knows how to create a smear campaign like attorneys (or insurance brokers) do.
The page included in this last IFRAME contained JavaScript code using XMLHTTP and ADODB (ActiveX Data Objects) functions to download and run an EXE file which was hosted on the same server. Any browser with similar JS, XMLHTTP, and ADODB capability is susceptible as an infection vector. The system put in place by the EXE relies on common OS infrastructure.
The code reveals that calls to functions in ws2_32.dll are used to establish itself as an LSP (layered service provider) using the Winsock2 SPI (Service Provider Interface). It "goes in between" Internet Explorer and the socket used to send the data. Do other browsers qualify for this? I see no objection.
This technique captures the data sent by Internet Explorer only. Many new authentication systems use AJAX, where JavaScript objects are used to create another HTTP session, send requests, and receive responses. This is implemented in code elsewhere, where the SSL sniffer component cannot see it. To capture this valuable data, Gozi includes a "grabs" module that hooks into the JavaScript engine...That page uses XMLHTTP to send form field data via an SSL-protected connection to the bank's authentication without having to refresh the page. The IE sniffer cannot see that, but the JavaScript sniffer can. Okay, there's the exception. If you use IE then your data is nabbed. If your bank uses AJAX then your data is nabbed.
Note that because this trojan includes the capability to download and execute arbitrary code from untrusted sources, a complete rebuild of the infected PC is the only absolute way to ensure 100% confidence and trust in data and system integrity. Unless it hides itself in auxiliary BIOSs as well.
reading that article is like looking at the blueprint for a neutron bomb: beautiful, magnificent, and pure evil Indeed. Whoever wrote that (both the trojan and the article) knew quite a bit about the internal structures of Windows.
Check this out:
The malware opened the named pipe "\\.\PIPE\lsarpc" and the "C:\autoexec.bat" file, but the tools did not log any writes. The tools were "a Windows XP VMware virtual machine with tools designed for behavioral analysis". A little further down:
Upack stub code is executed from the memory allocated for the executable's PE header. However, as it executes, that code changes, making normal breakpoints -- those set for certain code at certain addresses -- ineffective. Whoever wrote that binary also knew quite a bit about the way the overall architecture of the x86 series running the Windows kernel can be used to hide between the cracks.
SecureWorks Senior Security Researcher Joe Stewart wrote OllyBonE (Break on Execute), a plug-in for OllyDbg that would be very useful. To use it, the malware executable would have to be moved out of the virtual machine and debugged on native hardware. A 750 MHz Pentium III and 512 MB RAM was loaded with a default install of Windows XP Professional SP2 in an isolated environment. OllyDbg, Joe's OllyBone plug-in, and the malware executable were copied to the system. Now we're getting to the point:
After dismissing the error, execution is paused in ntdll.dll code. Upack must go back to the PE header for the working EXE file at some point, so bringing up the memory map (ALT+M) and right-clicking on that memory range brings up a context menu, where "Set breakpoint on execute" can be selected. Single stepping.
There's an entire internet full of zero-day trojans which run this deep. I wouldn't be surprised if the same people who know enough to write this rogue code also uses their expertise as a legitimate taxable employee someplace (security writing, security monitoring, detection, forensics, maybe on the LinuxSE team with the government). It's the same knowledgebase.
While infected, the xx_id value remains the same. Upon "cleaning" and re-infections, it changes; therefore it doesn't appear to be tied to globally unique identifiers (GUIDs). What they've written suggests that it was tied to GUIDs of the most meticulous kind--a data set constructed to be as resilient as possible against swamping the data pool with false grouping. This is indicative of a specific desire to track people individually even if it means assigning them a new number.
Is it just me, or did Hovsepian intentionally misunderstand that statement? Not that you would know anything about intentional misunderstandings.
It amazes me that companies still fall for that trick It's deplorable that people still pull it. The explanation is all about creating debt.
IBM points out that SCO puts forth a convoluted set of non-answers referencing each other to disguise it's inability to answer IBM. It's called being an ass blister. The only thing left for the SCO lawyers to do is claim some sort of mental disorder to gain disability pity.
That's one of the worst excuses I've ever heard All is fair in love and war.
you're arrogant and call people childish names Cite one flame war which I have started.
you use the word "productive" rather a lot Did you have anything productive to add? No?
If you're going to act like a fan club member then the least you could do is pay membership dues.
the real irony is that this is more your non-government employed neighbour propping up the oligarchy Because it would be a real shame if the division director would lose his job when the FCC or IRS decides to audit the local AT&T or Ma Bell office.
I can't blame citizens for rolling over when the word from the government is "comply or be watch your stock hit the floor due to bad press over audits".
Not that this has in recent years done much to deter prosecutors in general Recent news suggests that prosecutors lose their jobs when they place the rule of law above the rule of man.
Well yeah. If you were going to use the powers of the USAPATRIOT act inappropriately, why would you keep a paper trail? Funny. Every time I express a similar line of thought I get swamped by trolls and creeps shouting "conspiracy paranoia".
What's your secret to keeping the creeps off of you?
You're arrogant and confrontational If you are unable to tell that this was brought out by the trolls (including yourself), then you're a dumbass.
you weren't so stupid and ignorant...Since you away your life You're a bore. Did you have anything productive to say?
instead of calling people childish names Flamebait. Cite one example where I've lashed at someone in any context other than reaction. If you are unable to tell that this was brought out by the trolls (including yourself), then you're a dumbass.
Wouldn't that be nice? You have no credibility unless you're offering something productive.
If you're going to act like a fan club member then the least you could do is pay membership dues.
Do I think it should be done as a separate project built on top of the Mozilla platform? Yes. True. New projects are always interesting, exciting, and attract new talent.
The latter does not necessarily mean a reduction in the developer support for the Mozilla codebase, and may actually attract new developers to working on improving the platform With Enlightenment, Gnome, KDE, Beryl, and the whole of Freedesktop.org, though, I'd be worried that the desktop environment pool might become diluted. Free software hasn't established desktop supremacy with the consumer-at-large yet.
Javascript/ECMAScript is a full language limited only by its APIs I wasn't suggesting that it was limited. My understanding was that the implementations of those APIs were often buggy and left too many holes for possible exploit. I'll acknowledge that I've never actually programmed in it--I've only read about it and seen it in use on the 'net. What I've seen on the open internet, with the number of pages which don't port well from one browser to the next, the number of exploits allowed, the number of things which are flat out broken (and still deployed), I'm not encouraged about the robustness of JS. Maybe someone needed to solidify the underlying HTML implementation before they jumped into a JS implementation--but that was all part of the.com boom.
the primary issue with Javascript is that the majority of those who think they know how to program in it, do not. That's common with programmers in every language--including English.:-)
Issues affecting a desktop web browser do not relate to a desktop application unless it choses to provide web browser services My point was that the base of consumers-at-large have come to expect a web browser to provide underlying services, aka "seamless integration", mostly brought on by the corporate (mostly Microsoft) trailblazing in the name of embrace, extend, and extinguish. I do appreciate that even a monolithic web browser can be properly locked into its appropriate shell--at that point it becomes marginally useless to most people.
While perceived performance problems exist (e.g. slow startup, "feel" of GUI, etc.) the Virtual Machine itself is actually quite fast by virtue of runtime optimizations Okay, so where do those perceived performance problems come from? You've got to give something somewhere. It's not a hallucination.
The C64 did not JIT the BASIC code...the code was at no point compiled for native execution It was all the same. The interpreter was in the hardware chips and everything used the same core processor.
And I'm only scratching the surface You've posted quite a bit of advertising material but if I write a calculator app in both C and Java, and then independently translate each one to the other (hard to do if I've written both to begin with, but fake it a little), what's the difference in the compiled executables? That's what I'm after.
With all due respect, Mr. Homeless, information about the inner workings of today's software comes across as incomplete and nearly a decade out of date I think I've explained myself quite well. Maybe you're high.
Slashdot Mirror
If people think they're secure enough to be able to maintain a domain name then they should provide some reliable contact information. Some of the more obvious ones are While I agree, in principle, I still feel that people with such problems obviously have much larger concerns than registering a domain name. It's a matter of priorities.
route 65.254.48.0/20 Proxy registered route object GNAXNET NET 65 254 32 0 1 GNAXNET NET 65 254 48 0 1 Global Net Access, LLC 55 Marietta St, NW Suite 1720 Atlanta, GA 30303 and as3595 AS GNAXNET AS Global Net Access, LLC 1100 White Street Atlanta, GA 30310 Who ran the Undernet's atlanta.ga.us.undernet.org server? Who worked for GNAX?
The law professors wouldn't want to risk their careers and personal lives on it. If the RIAA can afford to mount these kinds of campaigns they could probably afford a few smear campaigns to keep the academics in check--nobody knows how to create a smear campaign like attorneys (or insurance brokers) do.
The code reveals that calls to functions in ws2_32.dll are used to establish itself as an LSP (layered service provider) using the Winsock2 SPI (Service Provider Interface). It "goes in between" Internet Explorer and the socket used to send the data. Do other browsers qualify for this? I see no objection.
This technique captures the data sent by Internet Explorer only. Many new authentication systems use AJAX, where JavaScript objects are used to create another HTTP session, send requests, and receive responses. This is implemented in code elsewhere, where the SSL sniffer component cannot see it. To capture this valuable data, Gozi includes a "grabs" module that hooks into the JavaScript engine...That page uses XMLHTTP to send form field data via an SSL-protected connection to the bank's authentication without having to refresh the page. The IE sniffer cannot see that, but the JavaScript sniffer can. Okay, there's the exception. If you use IE then your data is nabbed. If your bank uses AJAX then your data is nabbed.
Note that because this trojan includes the capability to download and execute arbitrary code from untrusted sources, a complete rebuild of the infected PC is the only absolute way to ensure 100% confidence and trust in data and system integrity. Unless it hides itself in auxiliary BIOSs as well.
Check this out: The malware opened the named pipe "\\.\PIPE\lsarpc" and the "C:\autoexec.bat" file, but the tools did not log any writes. The tools were "a Windows XP VMware virtual machine with tools designed for behavioral analysis". A little further down: Upack stub code is executed from the memory allocated for the executable's PE header. However, as it executes, that code changes, making normal breakpoints -- those set for certain code at certain addresses -- ineffective. Whoever wrote that binary also knew quite a bit about the way the overall architecture of the x86 series running the Windows kernel can be used to hide between the cracks. SecureWorks Senior Security Researcher Joe Stewart wrote OllyBonE (Break on Execute), a plug-in for OllyDbg that would be very useful. To use it, the malware executable would have to be moved out of the virtual machine and debugged on native hardware. A 750 MHz Pentium III and 512 MB RAM was loaded with a default install of Windows XP Professional SP2 in an isolated environment. OllyDbg, Joe's OllyBone plug-in, and the malware executable were copied to the system. Now we're getting to the point: After dismissing the error, execution is paused in ntdll.dll code. Upack must go back to the PE header for the working EXE file at some point, so bringing up the memory map (ALT+M) and right-clicking on that memory range brings up a context menu, where "Set breakpoint on execute" can be selected. Single stepping.
There's an entire internet full of zero-day trojans which run this deep. I wouldn't be surprised if the same people who know enough to write this rogue code also uses their expertise as a legitimate taxable employee someplace (security writing, security monitoring, detection, forensics, maybe on the LinuxSE team with the government). It's the same knowledgebase.
Controlling the flow of information is profitable.
If you're going to act like a fan club member then the least you could do is pay membership dues.
I can't blame citizens for rolling over when the word from the government is "comply or be watch your stock hit the floor due to bad press over audits".
What's your secret to keeping the creeps off of you?
If you're going to act like a fan club member then the least you could do is pay membership dues.
How about another link?