Everywhere. References to "air gap" security, references to Wikileaks, and of course -- "the pentagon network" (as if there is actually such a thing...). And this is only in the first few minutes since the story got posted. Just wait a few hours and there'll be dozens, maybe hundreds...
...one of the older and more threadbare techniques in this particular game.
Criminals don't care how old it is, but rather how successful it is. Please try to remember that, people. Technology doesn't have to be new or complicated to be useful, and deriding it because it is older is telling of a lack of experience with the thing. Spam will continue to be effective because it only costs a few dollars to register a domain, a little bit less to setup a distribution point, and once you have a few compromised hosts, it pays for itself -- and then some.
After years of speculation, the a study has revealed that scientists are, in fact, human. The poor wages, long hours, and relative obscurity that most scientists dwell in has apparently caused widespread errors, making them almost pathetically human and just like every other working schmuck out there. Every major news organization south of the mason-dixon line in the United States and many religious organizations took this to mean that faith is better, as it is better suited to slavery, long hours, and no recognition than science, a relatively new kind of faith that has only recently received any recognition. In other news, the TSA banned popcorn from flights on fears that the strong smell could cause rioting from hungry and naked passengers who cannot be fed, go to the bathroom, or leave their seats for the duration of the flight for safety reasons....
Although I know that you're being sarcastic and a troll... I must point out that unless your laser is operating in a complete vaccum, there is some diffraction of the beam thanks to particles of dust and what-not in the air.
If it operates in the infrared spectrum, the bonus is that most glass blocks it, so it would be harder to get a signal. The downside is, a sufficiently sensitive thermal camera with LoS to the bulb or a reflector in LoS with the bulb would give it to you.
Some armchair economists (and a quite a few real ones) have long argued that the solution is deregulation.
You mean like they did with the telecos? Or the cable companies? Or any other kind of infrastructure? I challenge anyone here that can name a deregulation of a public utility or infrastructure that has lead to increased competition in the market in question over time.
This isn't news. Filing a lawsuit doesn't say anything; It's a numbers game. Think of it like this: Let's say you have a 10% chance of prevailing, it will cost you 1 million dollars in legal fees to get a shot at rolling those dice, and the payoff if you make it is 150 million in licensing fees. Is it worth it? Now, stop and consider that because of the way the patent system is setup, you can have many additional challenges, each with about a 10% chance of success. If a lawsuit is filed, it is because the risk/benefit analysis is favorable. It has nothing to do with justice, fairness, or any intangible value you might care to place on it.
This is one business throwing the dice and seeing if the bet pays off. It isn't news until pay day.
Rather than bitch about how they're making it closed source, or dismissing the gesture entirely, maybe this should be taken as a sign that the problem NX solves needs a different solution. Like, oh I don't know... maybe revising the X windows protocol so it doesn't suck so hard it has its own event horizon?
When you have a large DDoS tool at your beck and call, who has time to bother with accuracy and trifling details like the truth? This is just further evidence that "anonymous" is some unemployed young adult.
The profile of anonymous becomes less and less one of sophistication and intelligence and more that of teenage angst and a limited understanding of technology daily.
Security is achievable provided you start with good parameters. Believing your systems are "unhackable" is silly. No physical security is impenetrable, why would electronic security be different? But what you can do is make the cost of breaching that security more than the value of whatever it is being protected. Keep in mind though that what you're protecting also includes access, not just the data itself.
Problem is, in the private sector you have all these companies trying to control the internet, instead of keeping it as a public commons. The net result is that the cost to access it is often the main price consideration, at least in the United States.
pissed off that it's no longer a global superpower, and pissed off that it's language is no longer considered the "lingua franca" for global commerce.
They have the third largest nuclear arsenal in the world, and their economy, while unstable, is still ranked 9th in the world. That instability is caused by transitioning to a more capitalistic economic model. And before you go bad-mouthing France, I'd like to point out that the average French citizen has a higher cut of GDP than the average United States citizen, despite the economic crisis for one simple reason: The French didn't bend over and take it in the ass at the behest of corporate interests who sold out their future for a few SUVs and a bank-owned home that's not worth half of what it was paid for.
Frankly, France has a rosier future than the United States does -- they're making a difficult transition that will improve the standard of living for its citizens in the long run, at the cost of some short term pain. The United States is making a transition for the worse because our government has systematically chosen short term gain at the expense of sustainability and long-term growth.
...add any website to a black list, which access providers will have to enforce.
I don't know how feasible this really is. Are they going to block encrypted and VPN traffic as well? Deep packet inspection to disallow the use of proxies? Denying access to DNS servers outside France? The government has essentially passed legislation to hold service providers accountable for something that, frankly, is impossible to impliment. If you are an internet service provider in France right now, I'd be seriously thinking of selling my stocks, cashing in, and getting the hell out now, before you lose your whole investment on a piece of government legislation destined to cause many, many judges to facepalm.
If Anonymous is made up of random people who care about the issue of the moment, how do you investigate them over time?
Same way you investigate protesters: Put surveillance on the meeting places and their targets. The only thing slowing them down here is limited human resources. The data required to locate these people is already there, there's just a lot of it. An awful lot of it. It's not like these guys are using a decentralized architecture with encryption and steganographic techniques to distribute orders. They are using a IRC client with a bag on the side. Hardly the epitomy of sophistication here.
Frankly, I'm a little disappointed that they're having so much difficulty shutting this down. Private security researchers have done better without court orders, warrants, and the resources the international law enforcement community has at their disposal by just making a few phones calls to sympathetic network administrators to shut down bot nets smaller than this.
Makes me more than a little suspicious that despite the public statements, they just don't care to devote resources to the digital equivalent of Critical Mass: A bunch of self-righteous jerks stuffing up the roads here and there. Occasionally one of them winds up under a bus, but other than some short tempers nobody gives a crap.
we would have hack the authorized players, and to get the DRM keys out of them.
Just so you know... they transmit the keys as part of the handshake process. These keys aren't buried in some hardware register, or obscured in some closed-source application: They're transmitted over the network, in a wrapper. Decode the protocol, get the keys.
High school students are generally a lot more sociable than the general population. Outfit a large office building with these same sensors, and I bet you get different results.
You all may recall that the internet was designed as a peer to peer network. It was assumed that every node would have equal access to a decentralized network with many interconnects and pathways between each. The rise of DDoS attacks and other vulnerabilities is a direct result of the internet being used for other than it was designed: Businesses have forced a "one to many" relationship, a client-server architecture, and uneven upstream/downstream ratios. The centralization here is the weakness, not the internet.
The internet wasn't designed to support the business and organizational models that now dominate it. The solution to the DDoS problem is to decentralize, and restore a peer-based communication model -- that is how it was designed to be used. Of course, we could sit here and debate how to "save" the internet from "hackers" who are using the strengths of the network to great effect to attack those who built their solutions without much mind to the foundation.
It may be more secure for business, but it's less secure now for private individuals and the politically-active. Also, it's not more secure for websites not based in the United States, as those keys are already in government possession. This is just another way for the United States to exert control over an international resource for its own gain. And we're giving up that decentralized and free nature of the internet because of hackers/terrorists/boogiemen? Sad day.
Visa and Mastercard contribute loads of cash to political candidates -- you may recall recently the whole credit reform stuff making headlines? Well, Congress reached back and asked them to kill wikileaks as a return favor. Good old boys network... has nothing to do with ethics, since they have none: They're a business.
I'm pretty sure it's the file sharers who are out of touch if they don't see what they're doing as illegal.
There is often a misunderstanding about what "illegal" means. People very often equate illegal to immoral, as though the law was the standard for moral judgement. I think it would be more accurate to say that most file sharers do not believe their conduct to be immoral.
In the past thirty years, how many laws have been striken from the books? Okay, and how many added? Most legal experts will tell you that the complexity of our legal and judicial process is such that at any point in time, you are probably in violation of one law or another. In fact, this is so commonplace that contracts often come with several paragraphs of pre-empting clauses, and attempt to dictate the jurisdiction for any claims arising from said contract. Paid professionals dedicate their careers to becoming knowledgeable in small pockets of this enormous system. It is utterly impossible for the average person to follow all the laws, all of the time, but the expectation that they do remains.
So most people adopt simpler internal rules based on their religion, cultural norms, and personal history and live by those instead. And as long as that belief system doesn't conflict substantially with those around them, that is usually the end of it. File sharers are no different; And let's be honest -- this push for intellectual property laws is a recent invention, and not one that is well-understood or supported by the public, which is exactly why they have all these draconian laws on the books. Not because it's fair, or even supports their business model, but because people getting convicted under them make headlines. It's free PR when you sue someone living in their basement for $20 million bucks. Nevermind that it'll eventually get whiddled down, or settled, or even dismissed outright. These aren't legal costs -- these are promotional costs.
The majority of people are either apathetic to intellectual property (don't know, don't care), or somewhat hostile towards it. Only a small minority support it, and those are usually people with "something to lose"; i.e. middle-aged adults who now own property, have a family, etc., and while they might be morally opposed to it, they're not going to rock the boat, so in essence they support the paradigm by inaction. Besides that, the very rich, for obvious reasons: They get rich by creating artificial markets, like "intellectual property"
Sample costs: Labor $40/hour. 3-5 hours. hardware: cat5, mounting brackets, PoE adapters, routers travel costs: Maybe $800/trip, one way? Electricity: ? Management/project oversight: ? shipping and handling: ?... I'm going to guess (low, I think) that each install would cost about $5,000. So how many wifi installs can $15 million cover? About 3,000 buildings. How many people thing that in all three branches of the federal government, they only have 3000 buildings?
Where was it stated otherwise?
Everywhere. References to "air gap" security, references to Wikileaks, and of course -- "the pentagon network" (as if there is actually such a thing...). And this is only in the first few minutes since the story got posted. Just wait a few hours and there'll be dozens, maybe hundreds...
This is a credit union that happens to be used by military personnel. The credit union is not on a military network.
Have we entered an era in which electronics serve as mother, cop and coach because we can't manage our own desires?
Flamebait question. Computers? Being used to automate things? STOP THE PRESSES!
...one of the older and more threadbare techniques in this particular game.
Criminals don't care how old it is, but rather how successful it is. Please try to remember that, people. Technology doesn't have to be new or complicated to be useful, and deriding it because it is older is telling of a lack of experience with the thing. Spam will continue to be effective because it only costs a few dollars to register a domain, a little bit less to setup a distribution point, and once you have a few compromised hosts, it pays for itself -- and then some.
And they'll probably call it iShallow.com.
After years of speculation, the a study has revealed that scientists are, in fact, human. The poor wages, long hours, and relative obscurity that most scientists dwell in has apparently caused widespread errors, making them almost pathetically human and just like every other working schmuck out there. Every major news organization south of the mason-dixon line in the United States and many religious organizations took this to mean that faith is better, as it is better suited to slavery, long hours, and no recognition than science, a relatively new kind of faith that has only recently received any recognition. In other news, the TSA banned popcorn from flights on fears that the strong smell could cause rioting from hungry and naked passengers who cannot be fed, go to the bathroom, or leave their seats for the duration of the flight for safety reasons....
Although I know that you're being sarcastic and a troll... I must point out that unless your laser is operating in a complete vaccum, there is some diffraction of the beam thanks to particles of dust and what-not in the air.
Sorry for the late reply -- but thank you for your post. I wish I could do more than prop you for the time you spent putting this together.
If it operates in the infrared spectrum, the bonus is that most glass blocks it, so it would be harder to get a signal. The downside is, a sufficiently sensitive thermal camera with LoS to the bulb or a reflector in LoS with the bulb would give it to you.
Some armchair economists (and a quite a few real ones) have long argued that the solution is deregulation.
You mean like they did with the telecos? Or the cable companies? Or any other kind of infrastructure? I challenge anyone here that can name a deregulation of a public utility or infrastructure that has lead to increased competition in the market in question over time.
This isn't news. Filing a lawsuit doesn't say anything; It's a numbers game. Think of it like this: Let's say you have a 10% chance of prevailing, it will cost you 1 million dollars in legal fees to get a shot at rolling those dice, and the payoff if you make it is 150 million in licensing fees. Is it worth it? Now, stop and consider that because of the way the patent system is setup, you can have many additional challenges, each with about a 10% chance of success. If a lawsuit is filed, it is because the risk/benefit analysis is favorable. It has nothing to do with justice, fairness, or any intangible value you might care to place on it.
This is one business throwing the dice and seeing if the bet pays off. It isn't news until pay day.
Rather than bitch about how they're making it closed source, or dismissing the gesture entirely, maybe this should be taken as a sign that the problem NX solves needs a different solution. Like, oh I don't know... maybe revising the X windows protocol so it doesn't suck so hard it has its own event horizon?
When you have a large DDoS tool at your beck and call, who has time to bother with accuracy and trifling details like the truth? This is just further evidence that "anonymous" is some unemployed young adult.
The profile of anonymous becomes less and less one of sophistication and intelligence and more that of teenage angst and a limited understanding of technology daily.
Security is achievable provided you start with good parameters. Believing your systems are "unhackable" is silly. No physical security is impenetrable, why would electronic security be different? But what you can do is make the cost of breaching that security more than the value of whatever it is being protected. Keep in mind though that what you're protecting also includes access, not just the data itself.
Problem is, in the private sector you have all these companies trying to control the internet, instead of keeping it as a public commons. The net result is that the cost to access it is often the main price consideration, at least in the United States.
pissed off that it's no longer a global superpower, and pissed off that it's language is no longer considered the "lingua franca" for global commerce.
They have the third largest nuclear arsenal in the world, and their economy, while unstable, is still ranked 9th in the world. That instability is caused by transitioning to a more capitalistic economic model. And before you go bad-mouthing France, I'd like to point out that the average French citizen has a higher cut of GDP than the average United States citizen, despite the economic crisis for one simple reason: The French didn't bend over and take it in the ass at the behest of corporate interests who sold out their future for a few SUVs and a bank-owned home that's not worth half of what it was paid for.
Frankly, France has a rosier future than the United States does -- they're making a difficult transition that will improve the standard of living for its citizens in the long run, at the cost of some short term pain. The United States is making a transition for the worse because our government has systematically chosen short term gain at the expense of sustainability and long-term growth.
Just think of the benefits. Apparently from next year Americans are going to get a free prostate exam from the TSA every time they fly.
Half the population doesn't have a prostate, and of those that do, it's medically indicated for less than a third of them.
...add any website to a black list, which access providers will have to enforce.
I don't know how feasible this really is. Are they going to block encrypted and VPN traffic as well? Deep packet inspection to disallow the use of proxies? Denying access to DNS servers outside France? The government has essentially passed legislation to hold service providers accountable for something that, frankly, is impossible to impliment. If you are an internet service provider in France right now, I'd be seriously thinking of selling my stocks, cashing in, and getting the hell out now, before you lose your whole investment on a piece of government legislation destined to cause many, many judges to facepalm.
If Anonymous is made up of random people who care about the issue of the moment, how do you investigate them over time?
Same way you investigate protesters: Put surveillance on the meeting places and their targets. The only thing slowing them down here is limited human resources. The data required to locate these people is already there, there's just a lot of it. An awful lot of it. It's not like these guys are using a decentralized architecture with encryption and steganographic techniques to distribute orders. They are using a IRC client with a bag on the side. Hardly the epitomy of sophistication here.
Frankly, I'm a little disappointed that they're having so much difficulty shutting this down. Private security researchers have done better without court orders, warrants, and the resources the international law enforcement community has at their disposal by just making a few phones calls to sympathetic network administrators to shut down bot nets smaller than this.
Makes me more than a little suspicious that despite the public statements, they just don't care to devote resources to the digital equivalent of Critical Mass: A bunch of self-righteous jerks stuffing up the roads here and there. Occasionally one of them winds up under a bus, but other than some short tempers nobody gives a crap.
we would have hack the authorized players, and to get the DRM keys out of them.
Just so you know... they transmit the keys as part of the handshake process. These keys aren't buried in some hardware register, or obscured in some closed-source application: They're transmitted over the network, in a wrapper. Decode the protocol, get the keys.
High school students are generally a lot more sociable than the general population. Outfit a large office building with these same sensors, and I bet you get different results.
You all may recall that the internet was designed as a peer to peer network. It was assumed that every node would have equal access to a decentralized network with many interconnects and pathways between each. The rise of DDoS attacks and other vulnerabilities is a direct result of the internet being used for other than it was designed: Businesses have forced a "one to many" relationship, a client-server architecture, and uneven upstream/downstream ratios. The centralization here is the weakness, not the internet.
The internet wasn't designed to support the business and organizational models that now dominate it. The solution to the DDoS problem is to decentralize, and restore a peer-based communication model -- that is how it was designed to be used. Of course, we could sit here and debate how to "save" the internet from "hackers" who are using the strengths of the network to great effect to attack those who built their solutions without much mind to the foundation.
It may be more secure for business, but it's less secure now for private individuals and the politically-active. Also, it's not more secure for websites not based in the United States, as those keys are already in government possession. This is just another way for the United States to exert control over an international resource for its own gain. And we're giving up that decentralized and free nature of the internet because of hackers/terrorists/boogiemen? Sad day.
Visa and Mastercard contribute loads of cash to political candidates -- you may recall recently the whole credit reform stuff making headlines? Well, Congress reached back and asked them to kill wikileaks as a return favor. Good old boys network... has nothing to do with ethics, since they have none: They're a business.
I'm pretty sure it's the file sharers who are out of touch if they don't see what they're doing as illegal.
There is often a misunderstanding about what "illegal" means. People very often equate illegal to immoral, as though the law was the standard for moral judgement. I think it would be more accurate to say that most file sharers do not believe their conduct to be immoral.
In the past thirty years, how many laws have been striken from the books? Okay, and how many added? Most legal experts will tell you that the complexity of our legal and judicial process is such that at any point in time, you are probably in violation of one law or another. In fact, this is so commonplace that contracts often come with several paragraphs of pre-empting clauses, and attempt to dictate the jurisdiction for any claims arising from said contract. Paid professionals dedicate their careers to becoming knowledgeable in small pockets of this enormous system. It is utterly impossible for the average person to follow all the laws, all of the time, but the expectation that they do remains.
So most people adopt simpler internal rules based on their religion, cultural norms, and personal history and live by those instead. And as long as that belief system doesn't conflict substantially with those around them, that is usually the end of it. File sharers are no different; And let's be honest -- this push for intellectual property laws is a recent invention, and not one that is well-understood or supported by the public, which is exactly why they have all these draconian laws on the books. Not because it's fair, or even supports their business model, but because people getting convicted under them make headlines. It's free PR when you sue someone living in their basement for $20 million bucks. Nevermind that it'll eventually get whiddled down, or settled, or even dismissed outright. These aren't legal costs -- these are promotional costs.
The majority of people are either apathetic to intellectual property (don't know, don't care), or somewhat hostile towards it. Only a small minority support it, and those are usually people with "something to lose"; i.e. middle-aged adults who now own property, have a family, etc., and while they might be morally opposed to it, they're not going to rock the boat, so in essence they support the paradigm by inaction. Besides that, the very rich, for obvious reasons: They get rich by creating artificial markets, like "intellectual property"
Sample costs: ...
Labor $40/hour. 3-5 hours.
hardware: cat5, mounting brackets, PoE adapters, routers
travel costs: Maybe $800/trip, one way?
Electricity: ?
Management/project oversight: ?
shipping and handling: ?
I'm going to guess (low, I think) that each install would cost about $5,000. So how many wifi installs can $15 million cover? About 3,000 buildings. How many people thing that in all three branches of the federal government, they only have 3000 buildings?