No, but a "security researcher" who finds an exploit might have some responsibility towards society, due to the very large market penetration of microsoft products. This premise is neccessary for there to even be a debate about responsible disclosure in the first place.
Yes, because eventually when you become leet enough you stop being limited by the constraints of return on effort. Also, all real bad guys know who all other real bad guys are, and they communicate.
That's solely because it's much more efficient - ignoring what is basically a list of free exploits for unpatched machines would be stupid. Also, you forget that the hard part is developing a working exploit from a known bug. Finding the bug is mostly about luck and patience.
No, I will not content myself with legal options when it's about something so nebulous as information and IP. I simply will not - the benefits to me are huge, compared to your losses from my activity. This does not mean I don't feel sad if a hundred thousand creativity leeches like me lead to your ruin, or that I somehow think that you should feel flattered and content with me "snacking on your soul" - but the responsibility for your aggregate ruin isn't mine, and I can't really manage to feel guilty about it.
The real question is, is the concept of "cyberwar" distinct from the concept of "computer espionage"? When I read about cyberwar as a concept, people always seem to use it about situations where the computer attack becomes a physical one, like the powergrid going down, or hospitals being thrown into chaos. There is a commonly cited predecent - the http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage, if that actually happened.
You forget that there's no need for the government to hire the "kiddies" directly, if they can whip them up into a nationalistic frenzy. And if they employ more skilled people, unless they fail epically, they're not going to be traceable back to their employing nation.
Re:denial, even on Slashdot == we're boned
on
Behind Cyberwar FUD
·
· Score: 1
Mod parent up - cyberwarfare and TSA-like technobabble might be stupid, but targeted computer intrusions are very real. No, your IDS will not react. No, your antivirus is useless. No, you won't be able to detect a compromised computer by hand either. Assuming the kind of tech easily and freely available through metasploit, the only way I know of to detect a reflective DLL injection attack is through direct inspection of process memory. 0day exploits? Fuzzing and good workflow will find you those easily. If nothing else, your users are will themselves be the easiest vector for a foothold in your network. Basically: you think something's too complicated and outlandish for it to be technically feasible, excepting some sort of computer demigod? It probably isn't. Go read some exploit technique papers sometime, it's absolutely amazing how you can twist things to pull off attacks. www.packetstormsecurity.org is the best intrusion whitepaper and tool archive on the net that I know of.
Re:And the schools will make money off of it, too
on
Behind Cyberwar FUD
·
· Score: 1
Yes, if they only have the skills given to them by these types of educations they are incompetent. Knowledge of computer security requires full awareness of as many devils in the details as possible, deep technical skills from bare metal machine code through bit-level knowledge of all common networking protocols up to PHP and web systems and languages. It is hard, opportunistic, and there's noone there to hold your hand. It's not at all impossible, however - but there are very few real "experts", on either side. At least everyone seems to think there are very few experts; noone can really quantify their number, for ovbious reasons. And no, I don't count myself into that number. Yet.
Ah - but that is a completely different situation. Either they're hiring incompetent personell, or your friends are doing a bad job. Since the first is probably more likely, the employers will either wise up fast or go bankrupt. I can't really imagine someone replacing experienced people for "kids" working a third of the pay staying in business for very long. It could also be that the don't actually need personell that is that skilled - your friends might want to seek a higher-paying position elsewhere. Real skills are rare, after all.
It's this theft that keeps poor dysfunctional families from being hungry, cops on the streets, etc... Here's the catch, that I've been thinking about lately: if you don't have a large public faceless organization to turn to when things go sour, you need to be cut open, someone's invading, and so forth, you have to turn to your neighbours and friends. I really, really don't want to have to be "a part of a community" in a social sense in order to be part of a society. I feel that this is the good part about socialism - facelessness and impersonality (although I guess corporations could fill in, but with the level of social responsibility and public feedback they would have to have, they would effectively be the government in such a situation).
I assure you, most anything with a network connection can be made to act as a proxy server, given enough work. Any exploitable execution redirection flaw and a staged shellcode that inserts a very small proxy server into memory should to the trick. Of course, it will be wiped out when the machine is restarted.
I don't have the networking expertise to comment on scaling or load issues, but at least this looks usable and practical enough that people would actually use it. I also like the whole host-it-wherever-you-like angle; when I first heard about this I was worried it would be like an insecure version of freenet, with content being hosted in a constant cache/request loop betwen users.
Extreme trade embargoes from the US would seriously hamper their economic growth, and halt the rising of the living standards in the country, a place where dirt-poor people really are dirt-poor. You can't treat countries, corporations and the relationships between them like people; that metaphor breaks down very quickly.
You could argue that governments not doing what they should do is the argument, rather than the existence of a strong government in and of itself. It could be that strong, centralized power removed from the constituents in a place like Washington is not going to give great results as long as human nature is what it is - but that doesn't invalidate government systems with shorter feedback loops, like state-level. But what should be state-level and what should be managed from the top? And so it goes. Any non-extremist viewpoint invariably boils down to something that can't be expressed with catchy rethoric.
Al's situation never struck me as strange, but I always assumed they where meant to be stuck in a debt trap of satirical proportions. As for desperate housewives, several people I know live with house+car even though they have only one income and kids - however, they are in debt, and all have middle-class jobs like phone system techie/specialist and ambulance nurse. On the other hand, as stated, I don't live in the US (I live in sweden.)
Sure, outsourcing only benefits corporations large enough to benefit from it. But eventually, as the standard of living rises in the area being outsourced to, the corporations are forced to move on and eventually the standard of living in the entire world is more or less on the same level, at least on the physical plane. Globalization, and the countries being able to fairly trade their natural resources, which would dump prices creating less jobs in the related area but much higher global prosperity in the long run, are the only realistic way solving the problem of most of the globe living in misery by our standards in any timeframe shorter than them reinventing the wheel completely. Your friends job is nothing compared to that.
Nope, that's not a flamebait. I mean what I say, even though I realize that unlike where I come from there's next to nothing stopping your fall if you loose your grip in the US. My parents have both been unemployed during most of my entire life, so I'm not exactly unfamiliar with a lower-class-bordering-on-middle only-reason-we're-not-poorer-is-'cause-none-of-us-are-drug-addicts lifestyle.
It's this kind of mercantilistic selfishness that leads to the third world continuing to be the third world. Engineering, Science and Art is not a zero-sum game. And if you're a blue-collar worker, well, that's on the level of luddism. Better yourself instead of complaining.
Not really - cars used in robberies are generally, where i live at least, jacked shortly before the heist and then torched somewhere secluded together with other evidence before a quick switch into another vehicle. Sort of like a real-life pay-n-spray.
So, you'd say that the internet could actually be useful to third-world people in the regard of amalgamating a more reality-based world-view, even though it's information and memes that westerners take for granted?
Slashdot Mirror
No, but a "security researcher" who finds an exploit might have some responsibility towards society, due to the very large market penetration of microsoft products. This premise is neccessary for there to even be a debate about responsible disclosure in the first place.
Yes, because eventually when you become leet enough you stop being limited by the constraints of return on effort. Also, all real bad guys know who all other real bad guys are, and they communicate.
That's solely because it's much more efficient - ignoring what is basically a list of free exploits for unpatched machines would be stupid. Also, you forget that the hard part is developing a working exploit from a known bug. Finding the bug is mostly about luck and patience.
Just to clarify - when I say "you" I mean content producers in general. I've never head about Jason Brown before.
No, I will not content myself with legal options when it's about something so nebulous as information and IP. I simply will not - the benefits to me are huge, compared to your losses from my activity. This does not mean I don't feel sad if a hundred thousand creativity leeches like me lead to your ruin, or that I somehow think that you should feel flattered and content with me "snacking on your soul" - but the responsibility for your aggregate ruin isn't mine, and I can't really manage to feel guilty about it.
The real question is, is the concept of "cyberwar" distinct from the concept of "computer espionage"? When I read about cyberwar as a concept, people always seem to use it about situations where the computer attack becomes a physical one, like the powergrid going down, or hospitals being thrown into chaos. There is a commonly cited predecent - the http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage, if that actually happened.
You forget that there's no need for the government to hire the "kiddies" directly, if they can whip them up into a nationalistic frenzy. And if they employ more skilled people, unless they fail epically, they're not going to be traceable back to their employing nation.
Mod parent up - cyberwarfare and TSA-like technobabble might be stupid, but targeted computer intrusions are very real. No, your IDS will not react. No, your antivirus is useless. No, you won't be able to detect a compromised computer by hand either. Assuming the kind of tech easily and freely available through metasploit, the only way I know of to detect a reflective DLL injection attack is through direct inspection of process memory. 0day exploits? Fuzzing and good workflow will find you those easily. If nothing else, your users are will themselves be the easiest vector for a foothold in your network. Basically: you think something's too complicated and outlandish for it to be technically feasible, excepting some sort of computer demigod? It probably isn't. Go read some exploit technique papers sometime, it's absolutely amazing how you can twist things to pull off attacks.
www.packetstormsecurity.org is the best intrusion whitepaper and tool archive on the net that I know of.
Yes, if they only have the skills given to them by these types of educations they are incompetent. Knowledge of computer security requires full awareness of as many devils in the details as possible, deep technical skills from bare metal machine code through bit-level knowledge of all common networking protocols up to PHP and web systems and languages. It is hard, opportunistic, and there's noone there to hold your hand. It's not at all impossible, however - but there are very few real "experts", on either side. At least everyone seems to think there are very few experts; noone can really quantify their number, for ovbious reasons. And no, I don't count myself into that number. Yet.
Ah, I missed that part on wikipedia. Correction: it's now apparently owned by a Shady Finance Cabal of some sort.
Ah - but that is a completely different situation. Either they're hiring incompetent personell, or your friends are doing a bad job. Since the first is probably more likely, the employers will either wise up fast or go bankrupt. I can't really imagine someone replacing experienced people for "kids" working a third of the pay staying in business for very long.
It could also be that the don't actually need personell that is that skilled - your friends might want to seek a higher-paying position elsewhere. Real skills are rare, after all.
It's this theft that keeps poor dysfunctional families from being hungry, cops on the streets, etc...
Here's the catch, that I've been thinking about lately: if you don't have a large public faceless organization to turn to when things go sour, you need to be cut open, someone's invading, and so forth, you have to turn to your neighbours and friends. I really, really don't want to have to be "a part of a community" in a social sense in order to be part of a society. I feel that this is the good part about socialism - facelessness and impersonality (although I guess corporations could fill in, but with the level of social responsibility and public feedback they would have to have, they would effectively be the government in such a situation).
Yeah, but that's because it's expected. If it's not, it's a sign of something going very wrong in your head.
I assure you, most anything with a network connection can be made to act as a proxy server, given enough work. Any exploitable execution redirection flaw and a staged shellcode that inserts a very small proxy server into memory should to the trick. Of course, it will be wiped out when the machine is restarted.
Perhaps.
I don't have the networking expertise to comment on scaling or load issues, but at least this looks usable and practical enough that people would actually use it. I also like the whole host-it-wherever-you-like angle; when I first heard about this I was worried it would be like an insecure version of freenet, with content being hosted in a constant cache/request loop betwen users.
Extreme trade embargoes from the US would seriously hamper their economic growth, and halt the rising of the living standards in the country, a place where dirt-poor people really are dirt-poor. You can't treat countries, corporations and the relationships between them like people; that metaphor breaks down very quickly.
You could argue that governments not doing what they should do is the argument, rather than the existence of a strong government in and of itself. It could be that strong, centralized power removed from the constituents in a place like Washington is not going to give great results as long as human nature is what it is - but that doesn't invalidate government systems with shorter feedback loops, like state-level. But what should be state-level and what should be managed from the top?
And so it goes. Any non-extremist viewpoint invariably boils down to something that can't be expressed with catchy rethoric.
The founder of Skype is swedish. However, it's now owned by eBay, and is based in Luxenbourg.
Al's situation never struck me as strange, but I always assumed they where meant to be stuck in a debt trap of satirical proportions. As for desperate housewives, several people I know live with house+car even though they have only one income and kids - however, they are in debt, and all have middle-class jobs like phone system techie/specialist and ambulance nurse. On the other hand, as stated, I don't live in the US (I live in sweden.)
Sure, outsourcing only benefits corporations large enough to benefit from it. But eventually, as the standard of living rises in the area being outsourced to, the corporations are forced to move on and eventually the standard of living in the entire world is more or less on the same level, at least on the physical plane. Globalization, and the countries being able to fairly trade their natural resources, which would dump prices creating less jobs in the related area but much higher global prosperity in the long run, are the only realistic way solving the problem of most of the globe living in misery by our standards in any timeframe shorter than them reinventing the wheel completely. Your friends job is nothing compared to that.
Nope, that's not a flamebait. I mean what I say, even though I realize that unlike where I come from there's next to nothing stopping your fall if you loose your grip in the US. My parents have both been unemployed during most of my entire life, so I'm not exactly unfamiliar with a lower-class-bordering-on-middle only-reason-we're-not-poorer-is-'cause-none-of-us-are-drug-addicts lifestyle.
It's this kind of mercantilistic selfishness that leads to the third world continuing to be the third world. Engineering, Science and Art is not a zero-sum game. And if you're a blue-collar worker, well, that's on the level of luddism. Better yourself instead of complaining.
Not really - cars used in robberies are generally, where i live at least, jacked shortly before the heist and then torched somewhere secluded together with other evidence before a quick switch into another vehicle. Sort of like a real-life pay-n-spray.
So, you'd say that the internet could actually be useful to third-world people in the regard of amalgamating a more reality-based world-view, even though it's information and memes that westerners take for granted?