Pull the drive, and hook it into a known-good system. Boot from the other disk, and run your tests from there. Nothing gets run from the infected drive, so you should get a clear picture of what's really there.
Ok. Say I'm going to build a custom program to spy on a small known group of people. Signature matching will be useless. Depending on my needs, I may not need it to hide all that well. Not many people actually dig into their Program Files directory, they just live off the desktop and the Start menu. Most antivirus software checks for things that'll hide a little bit better, if the program's willing to be so open, it must have nothing to hide. I'll even make it run only when the user tells it to, bundle it with some freeware game or something. It's not hard to hide spyware if you have a specific target in mind.
Geek Squad agents are given voluntary access to their customers hard drives, and may have a duty, or at least a 'suggestion' to take a quick peek if they have the time. I have never worked for a Geek Squad, nor do I know anyone who has, so this is pure speculation, but not unreasonable.
I strongly disagree. It's not any more reasonable than an auto mechanic having a "duty" to go through your glove compartment looking for drug paraphernalia or a hotel maid going through your brief case to see if you're engaged in corporate espionage. If they have any duty or "suggestion" to riffle through a user's private files, then it should be spelled out before they hand their computer over. I'd be willing to be that "We're going to look through your personal documents" would be both a major surprise and a source of lost customers if they announced it.
I apologize for not being clear enough in my statement. I was trying to say that it's not unreasonable to think that they might have a policy like that, not that a policy like that would not be unreasonable in and of itself. This policy, if it even exists, leaves as foul a taste in my mouth as I'm sure it does in yours. This is one of the many reasons why the Geek Squad is not allowed in the same room as one of my computers.
Like I said, I've done the system administration thing. While I have no illusions about how important or respectable the job was, I saw myself as having similar obligations to a doctor when it comes to being respectful of my users and keeping them informed when I had to do something that was even minimally invasive. Most of the system administrators I have known have seen it the same way. Unfortunately, while IT has become ubiquitous and many people put a lot of trust in the system, there's no understanding between the public and IT professionals when it comes to ethical behavior. IT support is often looked at like auto mechanics, and while they're very similar in many ways, the level of access they have to the intimate details of people's lives makes them much closer to doctors or lawyers. It's clear to me from the reaction to this that the public simply isn't informed enough to recognize that they need to hold their IT professionals to similar ethical standards. That's very sad.
I agree. On the other hand, it is much less taxing to gain the knowledge used by IT professionals than it is the gain the knowledge used by doctors. Anyone can use the Internet and build systems and networks from freely available parts. Not anyone can acquire cadavers or medicines. Because of this, there is no way to control who has this knowledge and ability. There is no license to practice computing as there is to practice medicine, there is nothing that can be taken away from you for not following an ethical code, there really are no sanctions at all as long as you stay on the right side of the law. There is no barrier to entry in this field. Medical school costs incredible amounts of money and time, and has ethical behavior pounded into you throughout. The greatest pioneers of computing are the hackers, the ones who just wanted to see what could be done. There is a wildly different history and feel to these two professions, one that leads towards rebels, and one that leads towards cogs in a machine.
The result of this is that the IT profession does not spit out any but the most egregious offenders. Kevin Mitnick has a security company now. Adrian Lamo appears on television programs from time to time. Countless others have been swallowed up by the NSA. The reason for this is that you cannot take the tools of the trade away from IT people, except in very rare cases like Kevin Mitnick, and even that isn't permanent. If you try to expel the people who are borderline as far as ethics go, they will take their skills elsewhere. Malware. Hacking. The dark side of the IT coin. And because the borderline cannot be discharged, they become accepted. Now that they're accepted, the border moves. Ethics is continuously declining in IT because you can't get rid of the bad seeds. Unfortunately, I don't really see a way around that.
Re:This is also the Pirate Party's stance
on
Patents Don't Pay
·
· Score: 1
That's true. However, it takes quite a bit of table salt before you've got enough of either elemental sodium or chlorine to do anything resembling damage. It's an uncommon thing for someone to go buy a hundred pounds of salt. Ammonia nitrate is a fertilizer, and farmers will require vast amounts of it. Diesel is another thing farmers might buy in bulk, considering how many farm machines run on it, and no one wants to be driving a thresher down to the nearest service station. When my grandfather was a farmer, he had his own underground tank that they'd come and fill for him, as if he were his own little gas station.
RDX is a high explosive, way higher than TNT or nitroglycerin. It's the explosive part of C-4, minus the binder. It is powerful enough that a portion small enough to be easily concealable could take out, say, an airplane. However, nitric acid is a difficult chemical to lay your hands on if you're not a major corporation. As a civilian, you've basically got boiling car batteries.
In a previous post that I'm too lazy to find, I mentioned that many things that are used for making explosives are also used for making meth, which is the reason so many meth labs explode for no apparent reason. Meth labs and bomb factories are very similar as far as equipment and ingredients go. Explosives aren't necessarily hard to make or get your hands on, but we're making it harder all the time.
Well, where I was going with the Walgreen's thing was that they have a duty to make at least a cursory check for illegal material. Geek Squad agents are given voluntary access to their customers hard drives, and may have a duty, or at least a 'suggestion' to take a quick peek if they have the time. I have never worked for a Geek Squad, nor do I know anyone who has, so this is pure speculation, but not unreasonable.
My point is that this agent did not get in trouble with the Geek Squad for looking through the files of a customer. He got in trouble for keeping copies of some of these files after he'd already handed back the originals. Privacy wasn't the issue for anyone except the consumer and the/. membership.
No, unless they were trying to get 1-2-3 to pay for the privilege of running on Windows. Otherwise, it's just anticompetitive behavior.
Re:This is also the Pirate Party's stance
on
Patents Don't Pay
·
· Score: 1
Don't forget about the war on terrorism. RDX isn't hard to make if you've got equipment and a source for the chemicals (nitric acid being the most important). After all, Ammonia Nitrate isn't a watched chemical because of meth labs, it's a watched chemical because of Oklahoma City.
Wrong. Extortion would be "Either you bundle Microsoft, and only Microsoft, or Windows will crash constantly on Dell Computers." Discounts for being exclusive is a legitimate, if somewhat slimy, business tactic.
First, I'm an atheist. The eternal scheme of things matters little, and only draws consideration on a physical level, rather than any unknown spiritual levels.
Second, I'm an introvert to the point of being truly antisocial. I do not go to bars, I do not go to concerts, it is very rare for me to leave my dwelling without a specific goal in mind. Other people's opinions are generally irrelevant to my life. My money mostly comes from freelance work, with plasma helping to cover the thin periods. As a freelancer, the only behaviors most clients care about are results, thus the only people who might have opinions that are meaningful to me are people unlikely to care to delve into my personal life.
I did indeed come to these observations during a time of privacy. I withdrew from just about everything, and spent several days with a pen and a notebook deciding just what did affect me, how it affected me, and how I affected it. I looked at my behaviors to analyze which ones were having a destructive influence on me, and realized that most of the social activities I was forcing upon myself were damaging me. The privacy I sought to figure everything out seems to be the solution in and of itself.
On a related note, that's when I discovered which interpersonal relationships needed more work, and which ones I could drop altogether. My real friends were the ones that came looking for me when I disappeared from the outside world. I don't have contact with the rest of them anymore.
First sign of Alzheimer's, using descriptions (towel room) instead of the proper word (bathroom). Apparently, that's how it started with my great grandfather.
If anyone's ever around Stevens Point, WI, there's Jolt at the Tank-n-Tummy by Belt's, and the BP stations all have Bawls. The K-Mart on the north side has Jolt gum in the impulse buy section by the registers.
Close. I've decided that I don't really have all that much that I need to hide. Outside of information that could be used for identity theft, there isn't much. I'm just not ashamed of my choices in life. I spent a lot of time dealing with some personal issues that all revolved around my perception of other peoples perception of me. I finally worked through all that crap by realizing how little most people care, and how little it actually mattered to me when I thought about it. One of the byproducts is that I have little desire to put a lot of work into keeping things about me private.
I have no shades on my bedroom window. The ones that were there when I moved in broke, and I haven't cared enough to put in new ones. The only issue I've had is that the sun wakes up well before I'd like to, but with a north-facing window, even that's not that big of a deal. Besides, I'm a hairy 220 lb. 5'7" man. My potential voyeurs are already too busy looking at goatse.
This is why you must always be very careful when displaying the prototype to mention that this is not a functional product, and make some sort of analogy to movie trailers.
Hmm. We know that the British did that 'Man who never was' thing in WWII, and they also prevented an attack with the threat of setting the English canal on fire. Those are the big reasons that any information that is leaked is considered suspect. I wouldn't be at all surprised if most of the leaks are real, but not used precisely because false leaks can be so destructive to people who rely on them.
I'd just like to mention that disliking people is likely a symptom of being highly intelligent. I learned very early on that the noise to signal ratio for people was incredibly high. By the time I was through high school, I had gone through enough crap that initiating relationships just wasn't worth the time/effort. I'd prefer to think of my behavior as social efficiency, as I only attempt to start social interactions when I've got a fairly good read on the person in question already. On the rare occasion that I start talking to someone I don't already know, I have about 90% chance of forming a friendship.
Innocuous chemicals were good enough in Oklahoma City. Before that, no one dreamed of worrying about the guy buying a load of fertilizer.
Besides that, how many meth labs are there in the country? Those are volatile enough as it is, they could easily be converted into bomb factories.
Buying explosives isn't a huge deal either. Go to Skylighter or some other place that sells chemicals for fireworks. Go buy a load of gunpowder for loading your own cartridges. Hell, it's not unreasonable to think a well-funded group could start a legitimate mining or demolitions business, and you can buy whatever you want.
Suppose you're embezzling money. Then, you give all the necessary evidence to your tax guy along with the rest of your financial stuff. Then, you get busted. You waive your right to privacy when you give your information to someone else.
If you encrypt data, you have not given the Geek Squad guy everything he needs to access it, and it's not unreasonable to expect that data to stay secret. But if you hand over an unencrypted hard drive, you should not find it unreasonable when it gets viewed. Hell, there might even be some sort of mandate to do a quick check, in case there's kiddie porn or something like that. If Walgreens is required to turn over potentially illegal photos, why not Geek Squad? After all, this guy got in trouble because he was making personal copies of these files, not because he searched for *.avi.
I know. But I used the source code example to demonstrate that there are indeed illegal ways to find exploits without having to stoop so low as to give the hint of legitimacy to EULA claims.
The economy in glitches thing can already be done, somewhat. I'm actually in favor of freelance reverse engineering being a workable career. While I do like to consider myself a fairly capable devil's advocate, that wasn't really what I was going for here. I wanted to know what your reasons were.
But this isn't like a biological weapon. It's like putting up for bid a set of security schematics for Fort Knox, with possible holes highlighted. If the government wants, it can bid, and win. Then, even if the seller also gives a copy to someone else, the government can look at the holes, and close them. Even if the seller sells to the security company, and then to a bunch of other people, the security company gets to close the holes in the next 'critical' patch.
Slashdot Mirror
I don't actually use Linux very much. My gamer ways have kept me with Windows.
Pull the drive, and hook it into a known-good system. Boot from the other disk, and run your tests from there. Nothing gets run from the infected drive, so you should get a clear picture of what's really there.
Ok. Say I'm going to build a custom program to spy on a small known group of people. Signature matching will be useless. Depending on my needs, I may not need it to hide all that well. Not many people actually dig into their Program Files directory, they just live off the desktop and the Start menu. Most antivirus software checks for things that'll hide a little bit better, if the program's willing to be so open, it must have nothing to hide. I'll even make it run only when the user tells it to, bundle it with some freeware game or something. It's not hard to hide spyware if you have a specific target in mind.
I apologize for not being clear enough in my statement. I was trying to say that it's not unreasonable to think that they might have a policy like that, not that a policy like that would not be unreasonable in and of itself. This policy, if it even exists, leaves as foul a taste in my mouth as I'm sure it does in yours. This is one of the many reasons why the Geek Squad is not allowed in the same room as one of my computers.
I agree. On the other hand, it is much less taxing to gain the knowledge used by IT professionals than it is the gain the knowledge used by doctors. Anyone can use the Internet and build systems and networks from freely available parts. Not anyone can acquire cadavers or medicines. Because of this, there is no way to control who has this knowledge and ability. There is no license to practice computing as there is to practice medicine, there is nothing that can be taken away from you for not following an ethical code, there really are no sanctions at all as long as you stay on the right side of the law. There is no barrier to entry in this field. Medical school costs incredible amounts of money and time, and has ethical behavior pounded into you throughout. The greatest pioneers of computing are the hackers, the ones who just wanted to see what could be done. There is a wildly different history and feel to these two professions, one that leads towards rebels, and one that leads towards cogs in a machine.
The result of this is that the IT profession does not spit out any but the most egregious offenders. Kevin Mitnick has a security company now. Adrian Lamo appears on television programs from time to time. Countless others have been swallowed up by the NSA. The reason for this is that you cannot take the tools of the trade away from IT people, except in very rare cases like Kevin Mitnick, and even that isn't permanent. If you try to expel the people who are borderline as far as ethics go, they will take their skills elsewhere. Malware. Hacking. The dark side of the IT coin. And because the borderline cannot be discharged, they become accepted. Now that they're accepted, the border moves. Ethics is continuously declining in IT because you can't get rid of the bad seeds. Unfortunately, I don't really see a way around that.
That's ludicrous.
That's true. However, it takes quite a bit of table salt before you've got enough of either elemental sodium or chlorine to do anything resembling damage. It's an uncommon thing for someone to go buy a hundred pounds of salt. Ammonia nitrate is a fertilizer, and farmers will require vast amounts of it. Diesel is another thing farmers might buy in bulk, considering how many farm machines run on it, and no one wants to be driving a thresher down to the nearest service station. When my grandfather was a farmer, he had his own underground tank that they'd come and fill for him, as if he were his own little gas station.
RDX is a high explosive, way higher than TNT or nitroglycerin. It's the explosive part of C-4, minus the binder. It is powerful enough that a portion small enough to be easily concealable could take out, say, an airplane. However, nitric acid is a difficult chemical to lay your hands on if you're not a major corporation. As a civilian, you've basically got boiling car batteries.
In a previous post that I'm too lazy to find, I mentioned that many things that are used for making explosives are also used for making meth, which is the reason so many meth labs explode for no apparent reason. Meth labs and bomb factories are very similar as far as equipment and ingredients go. Explosives aren't necessarily hard to make or get your hands on, but we're making it harder all the time.
Well, where I was going with the Walgreen's thing was that they have a duty to make at least a cursory check for illegal material. Geek Squad agents are given voluntary access to their customers hard drives, and may have a duty, or at least a 'suggestion' to take a quick peek if they have the time. I have never worked for a Geek Squad, nor do I know anyone who has, so this is pure speculation, but not unreasonable.
/. membership.
My point is that this agent did not get in trouble with the Geek Squad for looking through the files of a customer. He got in trouble for keeping copies of some of these files after he'd already handed back the originals. Privacy wasn't the issue for anyone except the consumer and the
Actually, the slug is the Imperial mass unit. Pounds are just for weight, and weight is dependent on local gravity.
No, unless they were trying to get 1-2-3 to pay for the privilege of running on Windows. Otherwise, it's just anticompetitive behavior.
Don't forget about the war on terrorism. RDX isn't hard to make if you've got equipment and a source for the chemicals (nitric acid being the most important). After all, Ammonia Nitrate isn't a watched chemical because of meth labs, it's a watched chemical because of Oklahoma City.
Wrong. Extortion would be "Either you bundle Microsoft, and only Microsoft, or Windows will crash constantly on Dell Computers." Discounts for being exclusive is a legitimate, if somewhat slimy, business tactic.
First, I'm an atheist. The eternal scheme of things matters little, and only draws consideration on a physical level, rather than any unknown spiritual levels.
Second, I'm an introvert to the point of being truly antisocial. I do not go to bars, I do not go to concerts, it is very rare for me to leave my dwelling without a specific goal in mind. Other people's opinions are generally irrelevant to my life. My money mostly comes from freelance work, with plasma helping to cover the thin periods. As a freelancer, the only behaviors most clients care about are results, thus the only people who might have opinions that are meaningful to me are people unlikely to care to delve into my personal life.
I did indeed come to these observations during a time of privacy. I withdrew from just about everything, and spent several days with a pen and a notebook deciding just what did affect me, how it affected me, and how I affected it. I looked at my behaviors to analyze which ones were having a destructive influence on me, and realized that most of the social activities I was forcing upon myself were damaging me. The privacy I sought to figure everything out seems to be the solution in and of itself.
On a related note, that's when I discovered which interpersonal relationships needed more work, and which ones I could drop altogether. My real friends were the ones that came looking for me when I disappeared from the outside world. I don't have contact with the rest of them anymore.
First sign of Alzheimer's, using descriptions (towel room) instead of the proper word (bathroom). Apparently, that's how it started with my great grandfather.
If anyone's ever around Stevens Point, WI, there's Jolt at the Tank-n-Tummy by Belt's, and the BP stations all have Bawls. The K-Mart on the north side has Jolt gum in the impulse buy section by the registers.
Close. I've decided that I don't really have all that much that I need to hide. Outside of information that could be used for identity theft, there isn't much. I'm just not ashamed of my choices in life. I spent a lot of time dealing with some personal issues that all revolved around my perception of other peoples perception of me. I finally worked through all that crap by realizing how little most people care, and how little it actually mattered to me when I thought about it. One of the byproducts is that I have little desire to put a lot of work into keeping things about me private.
I have no shades on my bedroom window. The ones that were there when I moved in broke, and I haven't cared enough to put in new ones. The only issue I've had is that the sun wakes up well before I'd like to, but with a north-facing window, even that's not that big of a deal. Besides, I'm a hairy 220 lb. 5'7" man. My potential voyeurs are already too busy looking at goatse.
This is why you must always be very careful when displaying the prototype to mention that this is not a functional product, and make some sort of analogy to movie trailers.
Hmm. We know that the British did that 'Man who never was' thing in WWII, and they also prevented an attack with the threat of setting the English canal on fire. Those are the big reasons that any information that is leaked is considered suspect. I wouldn't be at all surprised if most of the leaks are real, but not used precisely because false leaks can be so destructive to people who rely on them.
I'd just like to mention that disliking people is likely a symptom of being highly intelligent. I learned very early on that the noise to signal ratio for people was incredibly high. By the time I was through high school, I had gone through enough crap that initiating relationships just wasn't worth the time/effort. I'd prefer to think of my behavior as social efficiency, as I only attempt to start social interactions when I've got a fairly good read on the person in question already. On the rare occasion that I start talking to someone I don't already know, I have about 90% chance of forming a friendship.
Innocuous chemicals were good enough in Oklahoma City. Before that, no one dreamed of worrying about the guy buying a load of fertilizer.
Besides that, how many meth labs are there in the country? Those are volatile enough as it is, they could easily be converted into bomb factories.
Buying explosives isn't a huge deal either. Go to Skylighter or some other place that sells chemicals for fireworks. Go buy a load of gunpowder for loading your own cartridges. Hell, it's not unreasonable to think a well-funded group could start a legitimate mining or demolitions business, and you can buy whatever you want.
So they only kill people one at a time?
At a start up, the bar for significant amount of financial damage is set much lower. Sev 1 can happen regardless of how big the company is.
Suppose you're embezzling money. Then, you give all the necessary evidence to your tax guy along with the rest of your financial stuff. Then, you get busted. You waive your right to privacy when you give your information to someone else.
If you encrypt data, you have not given the Geek Squad guy everything he needs to access it, and it's not unreasonable to expect that data to stay secret. But if you hand over an unencrypted hard drive, you should not find it unreasonable when it gets viewed. Hell, there might even be some sort of mandate to do a quick check, in case there's kiddie porn or something like that. If Walgreens is required to turn over potentially illegal photos, why not Geek Squad? After all, this guy got in trouble because he was making personal copies of these files, not because he searched for *.avi.
I know. But I used the source code example to demonstrate that there are indeed illegal ways to find exploits without having to stoop so low as to give the hint of legitimacy to EULA claims.
The economy in glitches thing can already be done, somewhat. I'm actually in favor of freelance reverse engineering being a workable career. While I do like to consider myself a fairly capable devil's advocate, that wasn't really what I was going for here. I wanted to know what your reasons were.
But this isn't like a biological weapon. It's like putting up for bid a set of security schematics for Fort Knox, with possible holes highlighted. If the government wants, it can bid, and win. Then, even if the seller also gives a copy to someone else, the government can look at the holes, and close them. Even if the seller sells to the security company, and then to a bunch of other people, the security company gets to close the holes in the next 'critical' patch.