Silly. If a person lies in such amounts about something like this, the "case" should just be dropped. If he has evidence, he should sue her for slander, or whatever the equivalent legal process is in Ireland.
On reading the accusation and Evan's reply, if neither party is misrepresenting what happened or their view of it, Evan's has clearly acted inapproperiately but might not have realized this. Most of "her" complaints that do not concern the physical "hugging" and so forth are clearly unjudgeable without perceiving the tone of the situation. A case of Aspergers, perhaps?
Science is science; what little simple-minded cretin made this decision? Someone should dig up the name and contact details, so we can mock him/her properly.
No, the best counter is to "gracefully sidestep", but it's often misunderstood as "ignore". However, if you fail in this (which wikipedia now officially has), the next best counter is a swift sucker punch where it hurts. Unfortunately.
The fact that the OS has internal privilege separation. You could try to imagine it as the OS and kernel (and the parts of the antivirus running with kernel privileges) being able to "envelop" the code, if the code only has user privileges. The antivirus is not a "barrier" into the envelope, but an eye and a hand trying to spot and clean away cruft that gets in. This exploit holds up a fake image of clean code to the eye whenever it's gaze falls on the cruft. Other, unrelated methods of avoiding the antivirus includes packaging the cruft into a packet that the hand cannot open (but the hand is surprisingly dextrous), wrapping the nasty parts of the cruft in generic-looking code, and twisting the cruft in around itself so that the eye will get confused and give up.
No. Just because you already have code on my machine doesn't mean that that code is in a position to do anything, or that it won't get caught if it tries to. I'm not a virus writing expert by any means, but *ahem*: Perhaps you misunderstand how this part of antivirus works, but essentially (given that you pass a passive heuristic scan) the AV program only reacts when code tries to "do something funny" during unpacking/sandbox execution. The exploit bypasses this part. Of course, if you already have *kernel privilege level* (ring0) code running, you can do whatever you want, but this exploit works to hide user-level code as well. If it works the way they say it works, it's quite severe, because it basically bypasses that whole system of malicious behaviour detection. Follow me?
You're missing the point. This is a way to allow malicious binaries to execute without being picked up by anti-virus; of course, you need a way to get the code on the system in the first place (trojan, social engineering, dual-stage shellcode, etc...). It's not a compromising attack in an of itself, but a method to aid and hide standard attacks.
This attack is apparently effective when the code executes as an unprivileged user, and from the model they've implemented it seems to not require any previous malicious code to reside on the system. Where did you get that from?
I remember being a young child. But on the other hand, I read a *lot* from the age of five and upwards, so my experiences might not be valid for all children.
I can only speak for myself, but if you want to read a text, you read it? Any child should intuitively turn the illustrations off, or simply ignore them if they are distracting. Talking about the "pondering abstracted" reader or the "inertness" of books is just silly romanticism, text is text. And as a sidenote, I have ADD; I know the subject of distraction fairly well.
In the interview, they explicitly state that they got access:
"Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo."
The "lumpenproletariat" and the working class is cursing loudly at any percieved incursion by the US; most of the middle and upper-middle professional-class people (at least those who lean towards the moderates/liberals) seems to have a more pro-globalization view of things, because it's in their interest; they want to be able to take their careers wherever they want. I think they also might want to distance themselves from the "lower" people. The country is going through a bit of political turmoil, from social democracy to a more liberal "lean" economy. I support this, because the old system was bloated and did not evolve, but I can feel the devil tugging at my heartstrings and bloodthirst dancing in the eyes of the more ambitious people around me. I don't want "Reaganism". The government has thus far kept itself from oversteering, but the balance feels a bit unstable.
Sure. I don't say it's a decisive factor all by itself, but it's certainly a factor. We could be seeing the "mainstream" thing from two different angles; here in Sweden the newspaper polls show 50+ of questionees admitting to filesharing. An even nicer angle: most of these people are probably "adults" of voting age.
I think it could be relevant as a security issue, if it's not common knowledge for Joe Sixpack that the database(s) are publically accessible, or as it would seem in the SS7 case, semi-private. Here in Sweden we have a comonly used cell/landline whitepages service, www.eniro.se, but if there isn't such a service where Joe lives it's counterintuitive that the data wouldn't be private. Joe Sixpack might be threatened by stalkers or a violent ex, and might not realize that the little fucker can get at you in this manner.
Yeah. Bugged hardware is probably taken quite seriously by the intelligence people. I don't have any insight into counter-espionage, but if the (presumably) greatest intelligence threat against my employer also happened to be the one manufacturing a lot of the worlds electronics...
But unlike hacking, file sharing is mainstream; this is why it persists. I'm too young to have been a part of that scene, but from my digging I know that the "hackers" never went away; only the "open underground" disappeared. Discussing illegal computer breaching on open forums today is an unimaginable taboo, at least if you live in a western country.
The first part of the operation involves getting a target's cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.
"We log that information and associate it with a phone number in a (caller ID) database," DePetrillo said. "We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks... We have done whole cities and pulled thousands of records."
"It's not illegal, nor is it a breach of terms of service," Bailey said.
Next up is matching the phone number with a geographic location. The SS7 (Signaling System) public switched network routes calls around the world and uses what's called the Home Location Register to log the whereabouts of numbers so networks can hand calls off to one another, DePetrillo said. Individual phones are registered to mobile switching centers within specific geographic regions and they are logged in to that main register, he said.
Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo.
Because the article basically says that they will, and now presumably have, presented the details at SOURCE Boston, and the papers/slides from there haven't been released yet.
Found an interview with some more details here, though: http://news.cnet.com/8301-27080_3-20002986-245.html
Slashdot Mirror
And everything has to be "good" or "bad"?
How do you argue that violence is inherently bad?
Silly. If a person lies in such amounts about something like this, the "case" should just be dropped. If he has evidence, he should sue her for slander, or whatever the equivalent legal process is in Ireland.
On reading the accusation and Evan's reply, if neither party is misrepresenting what happened or their view of it, Evan's has clearly acted inapproperiately but might not have realized this. Most of "her" complaints that do not concern the physical "hugging" and so forth are clearly unjudgeable without perceiving the tone of the situation. A case of Aspergers, perhaps?
Science is science; what little simple-minded cretin made this decision? Someone should dig up the name and contact details, so we can mock him/her properly.
Finding common ground, IMHO, is almost always preferable to stabby-slashy murder, no matter if your motive is profit or the welfare of man.
(Yes, I have karma to burn, someone had to write it, etc...)
No, the best counter is to "gracefully sidestep", but it's often misunderstood as "ignore". However, if you fail in this (which wikipedia now officially has), the next best counter is a swift sucker punch where it hurts. Unfortunately.
The fact that the OS has internal privilege separation. You could try to imagine it as the OS and kernel (and the parts of the antivirus running with kernel privileges) being able to "envelop" the code, if the code only has user privileges. The antivirus is not a "barrier" into the envelope, but an eye and a hand trying to spot and clean away cruft that gets in. This exploit holds up a fake image of clean code to the eye whenever it's gaze falls on the cruft.
Other, unrelated methods of avoiding the antivirus includes packaging the cruft into a packet that the hand cannot open (but the hand is surprisingly dextrous), wrapping the nasty parts of the cruft in generic-looking code, and twisting the cruft in around itself so that the eye will get confused and give up.
No. Just because you already have code on my machine doesn't mean that that code is in a position to do anything, or that it won't get caught if it tries to. I'm not a virus writing expert by any means, but *ahem*: Perhaps you misunderstand how this part of antivirus works, but essentially (given that you pass a passive heuristic scan) the AV program only reacts when code tries to "do something funny" during unpacking/sandbox execution. The exploit bypasses this part. Of course, if you already have *kernel privilege level* (ring0) code running, you can do whatever you want, but this exploit works to hide user-level code as well. If it works the way they say it works, it's quite severe, because it basically bypasses that whole system of malicious behaviour detection. Follow me?
You're missing the point. This is a way to allow malicious binaries to execute without being picked up by anti-virus; of course, you need a way to get the code on the system in the first place (trojan, social engineering, dual-stage shellcode, etc...). It's not a compromising attack in an of itself, but a method to aid and hide standard attacks.
This attack is apparently effective when the code executes as an unprivileged user, and from the model they've implemented it seems to not require any previous malicious code to reside on the system. Where did you get that from?
We run Linux/*nix.
I remember being a young child. But on the other hand, I read a *lot* from the age of five and upwards, so my experiences might not be valid for all children.
I can only speak for myself, but if you want to read a text, you read it? Any child should intuitively turn the illustrations off, or simply ignore them if they are distracting. Talking about the "pondering abstracted" reader or the "inertness" of books is just silly romanticism, text is text. And as a sidenote, I have ADD; I know the subject of distraction fairly well.
I had the exact same experience.
Now we just have to wait for the version that flatlines intruders through DNI overstimulation and erases the data from the attacking host(s).
Just because your mind is clouded by bloodthirst doesn't disqualify you from having points.
In the interview, they explicitly state that they got access:
"Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo."
The "lumpenproletariat" and the working class is cursing loudly at any percieved incursion by the US; most of the middle and upper-middle professional-class people (at least those who lean towards the moderates/liberals) seems to have a more pro-globalization view of things, because it's in their interest; they want to be able to take their careers wherever they want. I think they also might want to distance themselves from the "lower" people. The country is going through a bit of political turmoil, from social democracy to a more liberal "lean" economy. I support this, because the old system was bloated and did not evolve, but I can feel the devil tugging at my heartstrings and bloodthirst dancing in the eyes of the more ambitious people around me. I don't want "Reaganism". The government has thus far kept itself from oversteering, but the balance feels a bit unstable.
Sure. I don't say it's a decisive factor all by itself, but it's certainly a factor. We could be seeing the "mainstream" thing from two different angles; here in Sweden the newspaper polls show 50+ of questionees admitting to filesharing. An even nicer angle: most of these people are probably "adults" of voting age.
I think it could be relevant as a security issue, if it's not common knowledge for Joe Sixpack that the database(s) are publically accessible, or as it would seem in the SS7 case, semi-private. Here in Sweden we have a comonly used cell/landline whitepages service, www.eniro.se, but if there isn't such a service where Joe lives it's counterintuitive that the data wouldn't be private. Joe Sixpack might be threatened by stalkers or a violent ex, and might not realize that the little fucker can get at you in this manner.
Yeah. Bugged hardware is probably taken quite seriously by the intelligence people. I don't have any insight into counter-espionage, but if the (presumably) greatest intelligence threat against my employer also happened to be the one manufacturing a lot of the worlds electronics...
But unlike hacking, file sharing is mainstream; this is why it persists. I'm too young to have been a part of that scene, but from my digging I know that the "hackers" never went away; only the "open underground" disappeared. Discussing illegal computer breaching on open forums today is an unimaginable taboo, at least if you live in a western country.
From the Cnet interview at http://news.cnet.com/8301-27080_3-20002986-245.html:
The first part of the operation involves getting a target's cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.
"We log that information and associate it with a phone number in a (caller ID) database," DePetrillo said. "We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks... We have done whole cities and pulled thousands of records."
"It's not illegal, nor is it a breach of terms of service," Bailey said.
Next up is matching the phone number with a geographic location. The SS7 (Signaling System) public switched network routes calls around the world and uses what's called the Home Location Register to log the whereabouts of numbers so networks can hand calls off to one another, DePetrillo said. Individual phones are registered to mobile switching centers within specific geographic regions and they are logged in to that main register, he said.
Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo.
Because the article basically says that they will, and now presumably have, presented the details at SOURCE Boston, and the papers/slides from there haven't been released yet.
Found an interview with some more details here, though: http://news.cnet.com/8301-27080_3-20002986-245.html