Is it really? You mean like US haven't ever tried to censhorship things embarrasing them or leaking info?
They even want to be included in the list with China and other censoring countries:
As an odd justification for the plan, the report claims that 'Several foreign countries including China, Israel, North Korea, Russia, Vietnam, and Zimbabwe have denounced or blocked access to the Wikileaks.org website.'
It's not just China, but other countries too and even internationally (and also DMCA laws affect me and I'm not even in US nor using US Google).
And it's not like the whole situation was about blocking human rights organizations, but Chinese activists. You know what US does in a same kind of situation? It goes in war with Afghanistan and Iraq. And forget acting humanly - soldiers were raping whole families and so on.
Even if China did actually try to hack their email accounts, US doesn't need to do even that - US companies, especially large ISP's, have willfully installed backdoor systems for the government already.
It's not like Google doesn't have to obey US laws, including censoring, either. It's just a different thing what's being censored - in US it's censoring search results based on DMCA notices. It's censoring and removing search results based on laws never the less.
And to add to that last point, it's not that easy to send money to wrong bank account number as some of the digits are checksums. If you write a number wrong it refuses to transfer the money as the checksum doesn't match.
What if I want to give someone money when I don't have an Internet connection? (Similarly with a wire - I can't believe that the OP of this thread thinks going into a bank is easier than just writing out a cheque, although maybe these things have different names in the UK to the US?)
Then you give him cash or tell him you transfer it from your bank account. Wire transfer (or it's closer to ACH I guess) everyone mostly does from Internet now a days. There's no need to go to bank just to transfer money (while it still of course is a possibility)
Or what if I don't have the security keypad device thing that my bank requires me to use? Or I don't have access to the strong passwords on me at that moment? What if the bank introduces new security measures, and you can't access the website until then (yes, mad as it sounds, Barclays pulled this one on me, when they started requiring the aforementioned keypad device things).
We use two level one-time pin lists. Other one is running one-time list to login to bank account, and the other one additional list to confirm payments. Secure and easy and there's no need to change it (and I can't understand why US banks don't use the same kind of system).
What if the website's "down for maintenance"?
They rarely are. If one bank happens to be down a few hours during night time it's usually mentioned in news too. Bank's aren't run off someones basement, you know.
What about liability? In the UK, there have been cases of people paying the wrong person, and it's their fault because they're the ones who typed it in - the recipient legally is entitled to the money.
It's illegal to keep money not send to you. If you're mistakenly send money to a wrong person and they haven't send it back, you contact bank and they contact the recipient (or his bank if it's not the same bank) and ask to send it back. Unless they do in reasonable amount of time, it's a criminal matter and will be liable if theres no good reason (ie., on holiday so didn't receive letter or call and so on)
Wire transfer (or it's more close to a system like ACH I guess) is mostly for paying bills and rent and such or otherwise transferring money between people. Debit/Credit cards are good for purchasing in stores, eating in restaurants or buying online, unless you prefer cash of course.
Tell that to European banks who don't really even accept checks anymore. If you really want to cash in a check, you have to wait like 3-4 weeks so it clears for the bank and then they transfer it to you. With high costs, of course. A bank woman even said that 99% of checks now a day are fraudulent and that's why they have to do it.
Paying via wire transfer (or ACH, not sure which is the equivalent) is a lot safer as is online banking. Here at least - it seems like US banks managed to fuck up that too with username/password like protections, instead of running physical pin list like we have here.
Physically you can just pay with cash if you're worried about credit cards. Then you avoid the fees and privacy issues too.
Yes, it's enough to have just the account number like 495893-5889298 to do a transfer. If you're doing international transfers, then you need IBAN (International Bank Account Number) and information like name and address of the receiving bank. Not exactly complicated.
maybe where I am (the UK) the bankers make their money some other way
Banks make their money by loaning the money you gave them (well, actually "loaned") to other people on higher prices. That's why it makes no sense to ask high fees from people who are pretty much loaning you money.
Or what if US just stops using inferior checks and just wires money like rest of the world? It's also possible to even push money in to credit cards directly, in addition to normal bank wires. Checks are insecure, inconvenient and pretty useless in today's electronic world. For non-electronical purposes you can just use cash.
Some applications do self-modify itself (Skype notably, which is most likely used in many corporate settings) to protect it's code. So do games with DRM and probably many other programs too. You can't make a memory fingerprint of that.
Even that alone aside, you can't fingerprint the memory data because it's changing constantly when you're running the program, and is just as well capable of executing code.
So as a conclusion, it doesn't alter the process size and fingerprinting process memory is not possible.
We aren't talking about files, we're talking about memory allocated to a process. INT3 opcode was just an example - it's just an empty opcode in this purpose as it's never being executed (compiler just put it in).
The large empty area after the code section was explained here. Modifying it doesn't change memory allocation.
The article I linked does quickly mention empty space but it is not really point of the whole article. However that empty space is used in it to create cheats for a game:
Since codecaves must be in the process space of the application, there are two possibilities, in the EXE or in a loaded DLL. When a codecave is in the EXE, it is usually coded inline. This simply means the codecave is placed somewhere in an unused portion of the EXE that is empty or not used on a regular basics, such as exception handling code.
btw, from a 4 digit UID I would had expected better, as you pretty much yelled this non-sense around all the comments. It's you who doesn't understand even the basics about PE files and how they're memory mapped. And again, we aren't talking about files on hard drive but in memory - two completely different matters.
Plenty of empty space in the code segments? How so? There are not 'empty blocks' that malware can put itself into, it will either need to delete things (and break things in the program) or enlarge the program.
And with this comment we can conclude you don't know how PE files are mapped in to memory in Windows.
There's plenty of unused space between functions for example, usually INT3 opcodes which never get run as they're outside the program execution path. PE code sections usually also contain a lot of zero-byte 00 memory mapped, which again isn't in use, but is still allocated. Read more here, it's also used when making cheats to games. And that's only way to inject your code in to existing program, and doesn't change it's memory allocation at all.
What memory footprint is that? The polymorphic code residing inside another process?
There is plenty of empty space inside processes when it's mapped to memory. If it's polymorphic code you won't even find it with scanning, and even if it isn't, it can still semi-intelligently map itself to different blocks of empty space in that process.
You also cannot have clear snapshots of any program in memory, you can only have how it looks on disk. Theres various copy protection systems and the programs like Skype that self-modify itself to protect their code. Every program also modifies their.data section as that's where they store their memory - a place where such malware can also reside and execute.
But like I said in the very beginning, if it resides inside another process there isn't any extra memory allocated. It's just using empty space inside another program.
Yes, and what happens when everything gets swapped back? There's the malware again.
If you assume it would be easier to find and delete the malware when it's not resident in memory anymore, then you could do that just fine on another computer and working directly with the hard drive. You would need to do that anyway, since your RAM is swapped out. AV's are already quite integrated in to the system, never can delete anything (so you would need to do it by hand) and in worst case scenario could do the deleting upon reboot. So, what's the point?
So the malware will just let itself to be swapped out too? This is especially true if it's running inside another process because you know, if the parent process is getting swapped it can't just continue running there. It will get swapped too.
Even if did run as it's own process and were actively defending it's own memory, wouldn't it be quite trivial to detect that everything is suddenly getting swapped out and go to "sleep" mode?
I did, and he doesn't say anything about this point.
Regarding making a keyed hash of the entire memory content, how would that even work? Every program modifies it's memory all the time. Then there's the programs like copy protections and Skype etc that modify it's own code in real-time too.
They forgot that malware code can reside inside another process and it's memory space, in which case comparing and writing random bytes to free RAM is a moot point.
And it's not like any of those top 5 browsers are much worse or better than another (ok IE aside for us nerds). Chrome, Opera, Firefox and Safari are all good browsers.
It seems Opera has increased it's market share most. It's probably the best choice too, since a casual user doesn't need to go finding all the different addons and other things he or she doesn't have any idea about. People seem to love it and stay with Opera. It's just that they didn't hear about it before, as Opera doesn't have such zealots as Firefox yelling all around how good their browser supposedly is and spamming fox pictures all over forums.
Slashdot Mirror
It seems that even IE beat Firefox in Javascript performance now. Firefox sure has been slacking recently. There's still road ahead though, Chrome and Opera are leading.
Is it really? You mean like US haven't ever tried to censhorship things embarrasing them or leaking info?
They even want to be included in the list with China and other censoring countries:
As an odd justification for the plan, the report claims that 'Several foreign countries including China, Israel, North Korea, Russia, Vietnam, and Zimbabwe have denounced or blocked access to the Wikileaks.org website.'
It's not just China, but other countries too and even internationally (and also DMCA laws affect me and I'm not even in US nor using US Google).
And it's not like the whole situation was about blocking human rights organizations, but Chinese activists. You know what US does in a same kind of situation? It goes in war with Afghanistan and Iraq. And forget acting humanly - soldiers were raping whole families and so on.
Even if China did actually try to hack their email accounts, US doesn't need to do even that - US companies, especially large ISP's, have willfully installed backdoor systems for the government already.
It's not like Google doesn't have to obey US laws, including censoring, either. It's just a different thing what's being censored - in US it's censoring search results based on DMCA notices. It's censoring and removing search results based on laws never the less.
Yeah right. Google's market share in China is ~35%, while Baidu's is ~64%. The rest, including Bing, have like 0.10% each.
And to add to that last point, it's not that easy to send money to wrong bank account number as some of the digits are checksums. If you write a number wrong it refuses to transfer the money as the checksum doesn't match.
What if I want to give someone money when I don't have an Internet connection? (Similarly with a wire - I can't believe that the OP of this thread thinks going into a bank is easier than just writing out a cheque, although maybe these things have different names in the UK to the US?)
Then you give him cash or tell him you transfer it from your bank account. Wire transfer (or it's closer to ACH I guess) everyone mostly does from Internet now a days. There's no need to go to bank just to transfer money (while it still of course is a possibility)
Or what if I don't have the security keypad device thing that my bank requires me to use? Or I don't have access to the strong passwords on me at that moment? What if the bank introduces new security measures, and you can't access the website until then (yes, mad as it sounds, Barclays pulled this one on me, when they started requiring the aforementioned keypad device things).
We use two level one-time pin lists. Other one is running one-time list to login to bank account, and the other one additional list to confirm payments. Secure and easy and there's no need to change it (and I can't understand why US banks don't use the same kind of system).
What if the website's "down for maintenance"?
They rarely are. If one bank happens to be down a few hours during night time it's usually mentioned in news too. Bank's aren't run off someones basement, you know.
What about liability? In the UK, there have been cases of people paying the wrong person, and it's their fault because they're the ones who typed it in - the recipient legally is entitled to the money.
It's illegal to keep money not send to you. If you're mistakenly send money to a wrong person and they haven't send it back, you contact bank and they contact the recipient (or his bank if it's not the same bank) and ask to send it back. Unless they do in reasonable amount of time, it's a criminal matter and will be liable if theres no good reason (ie., on holiday so didn't receive letter or call and so on)
Wire transfer (or it's more close to a system like ACH I guess) is mostly for paying bills and rent and such or otherwise transferring money between people. Debit/Credit cards are good for purchasing in stores, eating in restaurants or buying online, unless you prefer cash of course.
Tell that to European banks who don't really even accept checks anymore. If you really want to cash in a check, you have to wait like 3-4 weeks so it clears for the bank and then they transfer it to you. With high costs, of course. A bank woman even said that 99% of checks now a day are fraudulent and that's why they have to do it.
Paying via wire transfer (or ACH, not sure which is the equivalent) is a lot safer as is online banking. Here at least - it seems like US banks managed to fuck up that too with username/password like protections, instead of running physical pin list like we have here.
Physically you can just pay with cash if you're worried about credit cards. Then you avoid the fees and privacy issues too.
Yes, it's enough to have just the account number like 495893-5889298 to do a transfer. If you're doing international transfers, then you need IBAN (International Bank Account Number) and information like name and address of the receiving bank. Not exactly complicated.
maybe where I am (the UK) the bankers make their money some other way
Banks make their money by loaning the money you gave them (well, actually "loaned") to other people on higher prices. That's why it makes no sense to ask high fees from people who are pretty much loaning you money.
Just saying it's possible. Wire transfer is the normal way and usually doesn't cost anything unless it's an international transfer.
Or what if US just stops using inferior checks and just wires money like rest of the world? It's also possible to even push money in to credit cards directly, in addition to normal bank wires. Checks are insecure, inconvenient and pretty useless in today's electronic world. For non-electronical purposes you can just use cash.
Some applications do self-modify itself (Skype notably, which is most likely used in many corporate settings) to protect it's code. So do games with DRM and probably many other programs too. You can't make a memory fingerprint of that.
Even that alone aside, you can't fingerprint the memory data because it's changing constantly when you're running the program, and is just as well capable of executing code.
So as a conclusion, it doesn't alter the process size and fingerprinting process memory is not possible.
We aren't talking about files, we're talking about memory allocated to a process. INT3 opcode was just an example - it's just an empty opcode in this purpose as it's never being executed (compiler just put it in).
The large empty area after the code section was explained here. Modifying it doesn't change memory allocation.
The article I linked does quickly mention empty space but it is not really point of the whole article. However that empty space is used in it to create cheats for a game:
Since codecaves must be in the process space of the application, there are two possibilities, in the EXE or in a loaded DLL. When a codecave is in the EXE, it is usually coded inline. This simply means the codecave is placed somewhere in an unused portion of the EXE that is empty or not used on a regular basics, such as exception handling code.
btw, from a 4 digit UID I would had expected better, as you pretty much yelled this non-sense around all the comments. It's you who doesn't understand even the basics about PE files and how they're memory mapped. And again, we aren't talking about files on hard drive but in memory - two completely different matters.
Only one way, not the only way.. Damn preview.
Plenty of empty space in the code segments? How so? There are not 'empty blocks' that malware can put itself into, it will either need to delete things (and break things in the program) or enlarge the program.
And with this comment we can conclude you don't know how PE files are mapped in to memory in Windows.
There's plenty of unused space between functions for example, usually INT3 opcodes which never get run as they're outside the program execution path. PE code sections usually also contain a lot of zero-byte 00 memory mapped, which again isn't in use, but is still allocated. Read more here, it's also used when making cheats to games. And that's only way to inject your code in to existing program, and doesn't change it's memory allocation at all.
What memory footprint is that? The polymorphic code residing inside another process?
There is plenty of empty space inside processes when it's mapped to memory. If it's polymorphic code you won't even find it with scanning, and even if it isn't, it can still semi-intelligently map itself to different blocks of empty space in that process.
You also cannot have clear snapshots of any program in memory, you can only have how it looks on disk. Theres various copy protection systems and the programs like Skype that self-modify itself to protect their code. Every program also modifies their .data section as that's where they store their memory - a place where such malware can also reside and execute.
But like I said in the very beginning, if it resides inside another process there isn't any extra memory allocated. It's just using empty space inside another program.
Yes, and what happens when everything gets swapped back? There's the malware again.
If you assume it would be easier to find and delete the malware when it's not resident in memory anymore, then you could do that just fine on another computer and working directly with the hard drive. You would need to do that anyway, since your RAM is swapped out. AV's are already quite integrated in to the system, never can delete anything (so you would need to do it by hand) and in worst case scenario could do the deleting upon reboot. So, what's the point?
So the malware will just let itself to be swapped out too? This is especially true if it's running inside another process because you know, if the parent process is getting swapped it can't just continue running there. It will get swapped too.
Even if did run as it's own process and were actively defending it's own memory, wouldn't it be quite trivial to detect that everything is suddenly getting swapped out and go to "sleep" mode?
I did, and he doesn't say anything about this point.
Regarding making a keyed hash of the entire memory content, how would that even work? Every program modifies it's memory all the time. Then there's the programs like copy protections and Skype etc that modify it's own code in real-time too.
It doesn't need to do even that.
They forgot that malware code can reside inside another process and it's memory space, in which case comparing and writing random bytes to free RAM is a moot point.
You kids with your fancy computers. In my days we used to serve web pages to each other with letters and postal mail!
And it's not like any of those top 5 browsers are much worse or better than another (ok IE aside for us nerds). Chrome, Opera, Firefox and Safari are all good browsers.
It seems Opera has increased it's market share most. It's probably the best choice too, since a casual user doesn't need to go finding all the different addons and other things he or she doesn't have any idea about. People seem to love it and stay with Opera. It's just that they didn't hear about it before, as Opera doesn't have such zealots as Firefox yelling all around how good their browser supposedly is and spamming fox pictures all over forums.