That works for the attacker. If you target one big company and get good penetration, you can point out that if there are any signs of trouble you'll disappear and they'll never get their files back.
I am surprised we've never seen this as a targeted attack before, or maybe no one has reported it.
See my post below, there's no reason to have thousands of public/private key pairs. Combining public/private with a random symmetric key is a time tested alternative. PGP uses IDEA for encryption and public/private key crypto to protect the random IDEA key.
Since they recovered the files without the key, it looks like the guy wrote his own crypto. Score one for the good guys. Next time maybe the guy uses a well written public key library. Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.
There's no reason to think there would be a single interceptable "key" value that would unlock everyone's files. It depends on the skill of the author.
Yeah, I think so. It's an oversimplification of course. Hunger, cold, etc. But ultimately why do we bother? If you turned on an AI and asked it to go find you an airline fare, and assuming it was a real AI that would think and reason and question, why would it bother? What is there about living that is better than not living to an AI that lacks fear, pain, lust, hunger? What is the underlying motivation?
If you lower the cost of entry to producing a book release, won't that mean more books swimming around? With the increase of different books everywhere, won't that dilute the power of books?
Making content distribution easier and cheaper has always been a good thing. I understand your concern about nearly-identical content being broken up into multiple smaller swarms, I just think it's insignificant compared to the power of being able to publish a torrent with a blog and a torrent client.
You seem to be referring to the kernel API fsync() rather than the ATA spec for fsync(). The author is talking about the ATA spec, and the fact that the drive is ignoring the command to flush cache to media.
Even if you're definately not going to switch, it might be worthwhile to have a pilot, and make sure your MS rep knows how well it went. You know, just before you talk about prices.
Better yet, use competitive pricing as an excuse with your boss to do the comparison. If they love it, you're a hero. If they hate it, you still smell like a rose, since switching wasn't the "real plan".
When I do a commercial skip (2.5 minutes - thank you SageTV) I am fully aware that what I'm doing is not sustainable. There is an ecosystem in television - the people creating the shows feed off the people buying the advertising slots. When the TV ads are no longer effective, the TV creators die off, and I have nothing to watch. Commercial skipping only works to the extent that a small minority of people do it. I am aware that I am part of a growing problem.
There has to be an equilibrium for the ecosystem to survive long term. I'd love to see pay-per-view primetime programming, where you pay 3 cents (or 30 cents) to watch futureama with no advertising.
The invisible hand of the market has never been any good at managing companies who damage their environment, wether it be pollution, overfishing, or zombie PCs spewing out packets. That's why we balance capitalism with rules and regulations.
It's not the selling part that's a hassle, it's the accounting for the sale with corporate. the bean counter DO NOT want you coming up with new revenue streams for them to have to file.
One thing I have heard from the hosting group is that when a group buys a server, it's difficult to migrate off of it once the hardware is obsolete. You can't really sell it easily, and who would you sell it to? It still runs, so how do you get the business owner to pony up for newer hardware? Before you know it you're heating the server cage with a half dozen Apollo DN3000's.
When the client is paying hardware rent every month it's easier to say "good news, for the same rent you can get the latest hardware".
I'd rather have a paper book, or a physical cd, that I can do with as I please.
I haven't bought HL2 (and it's killing me) because it's a CD with an encrypted copy of the game on it, and I don't want to play along. Vote with your money.
I would be worried about the landline providers using this as an excuse to block voip providers. imagine if sbc started asking people when they sign up "would you like to block inbound internet calls that the telemarkers use?" you know, just giving people what they want, nothing to see here. then I would have to give up my $16 a month vonage line and go back to $55 a month landline, or accept that there are swaths of people I can't call.
The article specifically talks about the marketers using VOIP to initiate the calls. This is the enabling technology for them to put huge call centers in rural china and make calls into the US. The receiving caller will be any US phone number.
So they will not be originating on POTS, and VOIP users are not being targeted. The calls are beginning on VOIP and will target any phone.
Reminds me of the internal cigarette documents that came to light in the tobacco trials. I wonder if there will be enough people injured to have massive class action suits.
Althoguh from what I understand the new digital cells are nothing like analog phones for the amount of energy they put out. I know when I'm in an analog only area my phone goes flat in less than a day, compared to 3-4 days when I have digital service. So anecdotally I'm seeing maybe 1/3 to 1/4 of the power output with digital.
Am I a fool for giving up steady work and good pay?
Yes.
Next time, try doing a half-assed job while creating a poisoned atmosphere by trash-talking the company with your co-workers. You'll get the same pay for very little work. Then, once it's clear to everyone that you're not interested in the job, start fishing for a new one.
When I was specing out a PC for my mother in law, she pointed at the case and said "I don't think I'll need that part". She wanted just the monitor, keyboard and mouse.
Even if the app you're running isn't multithreaded you'll see some benefit from dual processor. After all, you're always running the OS as well as your application, including your wireless drivers and what have you. If nothing else you're saving a context switch by giving the application its own processor.
For the same reason you would leave someone a dollar in your will. Better to mention some ridiculously small amount then to leave it unmentioned entirely.
It becomes the agreed-apon limit to their liability.
Slashdot Mirror
That works for the attacker. If you target one big company and get good penetration, you can point out that if there are any signs of trouble you'll disappear and they'll never get their files back.
I am surprised we've never seen this as a targeted attack before, or maybe no one has reported it.
See my post below, there's no reason to have thousands of public/private key pairs. Combining public/private with a random symmetric key is a time tested alternative. PGP uses IDEA for encryption and public/private key crypto to protect the random IDEA key.
Since they recovered the files without the key, it looks like the guy wrote his own crypto. Score one for the good guys. Next time maybe the guy uses a well written public key library. Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.
There's no reason to think there would be a single interceptable "key" value that would unlock everyone's files. It depends on the skill of the author.
Yeah, I think so. It's an oversimplification of course. Hunger, cold, etc. But ultimately why do we bother? If you turned on an AI and asked it to go find you an airline fare, and assuming it was a real AI that would think and reason and question, why would it bother? What is there about living that is better than not living to an AI that lacks fear, pain, lust, hunger? What is the underlying motivation?
The bit about the airplane reminds me of the novel "Altered Carbon". It has an AI hotel in it that craves guests the way a junkie needs a fix.
It made me think about what would motivate an AI, in the absence of our animal impulses. Without greed and lust, what would we have ever accomplished?
If you lower the cost of entry to producing a book release, won't that mean more books swimming around? With the increase of different books everywhere, won't that dilute the power of books?
Making content distribution easier and cheaper has always been a good thing. I understand your concern about nearly-identical content being broken up into multiple smaller swarms, I just think it's insignificant compared to the power of being able to publish a torrent with a blog and a torrent client.
You seem to be referring to the kernel API fsync() rather than the ATA spec for fsync(). The author is talking about the ATA spec, and the fact that the drive is ignoring the command to flush cache to media.
Even if you're definately not going to switch, it might be worthwhile to have a pilot, and make sure your MS rep knows how well it went. You know, just before you talk about prices.
Better yet, use competitive pricing as an excuse with your boss to do the comparison. If they love it, you're a hero. If they hate it, you still smell like a rose, since switching wasn't the "real plan".
What you're doing is sustainable. What I'm doing is not. I'm getting the shows, paid for by advertisers, and not watching the commercials.
When I do a commercial skip (2.5 minutes - thank you SageTV) I am fully aware that what I'm doing is not sustainable. There is an ecosystem in television - the people creating the shows feed off the people buying the advertising slots. When the TV ads are no longer effective, the TV creators die off, and I have nothing to watch. Commercial skipping only works to the extent that a small minority of people do it. I am aware that I am part of a growing problem.
There has to be an equilibrium for the ecosystem to survive long term. I'd love to see pay-per-view primetime programming, where you pay 3 cents (or 30 cents) to watch futureama with no advertising.
The invisible hand of the market has never been any good at managing companies who damage their environment, wether it be pollution, overfishing, or zombie PCs spewing out packets. That's why we balance capitalism with rules and regulations.
It's not the selling part that's a hassle, it's the accounting for the sale with corporate. the bean counter DO NOT want you coming up with new revenue streams for them to have to file.
One thing I have heard from the hosting group is that when a group buys a server, it's difficult to migrate off of it once the hardware is obsolete. You can't really sell it easily, and who would you sell it to? It still runs, so how do you get the business owner to pony up for newer hardware? Before you know it you're heating the server cage with a half dozen Apollo DN3000's.
When the client is paying hardware rent every month it's easier to say "good news, for the same rent you can get the latest hardware".
I want the same thing for other drivers. someone's driving like an a$$? tag them. when enough people tag them they lose their license.
I'd rather have a paper book, or a physical cd, that I can do with as I please.
I haven't bought HL2 (and it's killing me) because it's a CD with an encrypted copy of the game on it, and I don't want to play along. Vote with your money.
I would be worried about the landline providers using this as an excuse to block voip providers. imagine if sbc started asking people when they sign up "would you like to block inbound internet calls that the telemarkers use?" you know, just giving people what they want, nothing to see here. then I would have to give up my $16 a month vonage line and go back to $55 a month landline, or accept that there are swaths of people I can't call.
The article specifically talks about the marketers using VOIP to initiate the calls. This is the enabling technology for them to put huge call centers in rural china and make calls into the US. The receiving caller will be any US phone number.
So they will not be originating on POTS, and VOIP users are not being targeted. The calls are beginning on VOIP and will target any phone.
You've never met the majority of users, have you?
Interesting, thanks. I wondered if this was the case. I suppose it has something to do with being ready for incoming calls?
Reminds me of the internal cigarette documents that came to light in the tobacco trials. I wonder if there will be enough people injured to have massive class action suits.
Althoguh from what I understand the new digital cells are nothing like analog phones for the amount of energy they put out. I know when I'm in an analog only area my phone goes flat in less than a day, compared to 3-4 days when I have digital service. So anecdotally I'm seeing maybe 1/3 to 1/4 of the power output with digital.
Yes.
Next time, try doing a half-assed job while creating a poisoned atmosphere by trash-talking the company with your co-workers. You'll get the same pay for very little work. Then, once it's clear to everyone that you're not interested in the job, start fishing for a new one.
When I was specing out a PC for my mother in law, she pointed at the case and said "I don't think I'll need that part". She wanted just the monitor, keyboard and mouse.
Even if the app you're running isn't multithreaded you'll see some benefit from dual processor. After all, you're always running the OS as well as your application, including your wireless drivers and what have you. If nothing else you're saving a context switch by giving the application its own processor.
http://www.cbsnews.com/stories/2003/03/06/tech/mai n542962.shtml
For the same reason you would leave someone a dollar in your will. Better to mention some ridiculously small amount then to leave it unmentioned entirely.
It becomes the agreed-apon limit to their liability.