I need mod points. I predict there is a 99.95% chance that mseeger is spot on. This was the first thing I thought of. For those of you who think "The Man" is just a control freak - he probably couldn't care less if you wear headphones or stuffed bananas in your ears. All he cares about is productivity and his bonus and probably not in that order. If some weenie in another cube is bitching that they can't listen to music because they are tied to a phone and "it's unfair, whaaaaaa" then he'll do whatever he thinks will create the least friction in getting his bonus. Apparently dealing with your programming group bitching about not being able to listen to music is the path of less frustration.
Yeah, I remember the government education posters and bulletins reminding people to open the windows when they got in their cars lest they suffocate. They really needed to have a "Duck and Cover" type program for this - would have solved a lot of problems. I feel old now.
I am one of the folks that submitted this to SANS. I actually looked at the file prior to my teammate sending it and the initial report. The.gif file was really an executable file without the.exe extension. The file had an executable's header and link information strings referring to DLL load points at the end of the file. The middle of the file was compressed binary cruft. The attack vector used the CHM vulnerability to launch.
Another interesting thing we've noticed lately is how many attacks are now using multiple vectors. After dealing with this issue and a bunch of related ones we have come across I have to say that the entire banner ad system is corrupt and infected.
I never thought anything I had a hand in would show up on./. My life is complete...
This is false. The choice to allow a free felon to vote is made on a state by state basis.
This is from the DOJ website: "The right to vote is an important civil right in a democracy as well as a civil responsibility, and yet many persons who have been convicted of a crime do not know whether they are eligible to vote. For both federal and state elections, the right to vote is controlled by the law of the state in which you live. Some states restrict the right to vote for persons who have been convicted of a crime." http://www.usdoj.gov/crt/restorevote/rest orevote.h tm
If you pay for Ad-aware, you get a complementary app called Ad-watch. Ad-watch is a real time component to Ad-aware. That may be what you are looking for.
Ok, so I can sound like the last 50 people that said this: I am not a lawyer. Fine, done.
Here is how I have been trained in regards to wire tap (I am a security analyst):
The wiretap act is broad and prohibits intentional interception (use, etc) of someone else's electronic communications. This Act (see 18 U.S.C. p2511(1)) has a bunch of exceptions two of which are relevant to this discussion:
1. The provider exception may apply if the communications were intercepted during active monitoring for the purposes of system defense,
2. The consent of party exception may apply if you have banners declaring that you monitor all traffic.
From what I have been instructed, I only need to really take care with #1 which is what I'm exactly doing when I fire up a honey pot. (#2 is a part of company policy so it is not optional.)
If I deploy a honey pot for the purpose of monitoring and protecting my network, then I should be able to claim exemption from the Wiretap Act via #1 above. Of course the honeypot damn well better be deployed for the purposes of defense and not something I just threw on the corporate network without authorization.
That's the theory anyway; as far as I know, this has not been tested in the courts yet.
IANAL, but I am fairly certain that you have to be a part of law enforcement to "entrap" someone. I do not believe that private citizens can be accused of "entrapment".
Re:I dont understand how they could have missed th
on
Generation Wrecked
·
· Score: 1
call -936
Dear Lord, I feel old now. Time to get out my walker. Born 1969.
Um, I'm not sure, but I was under the impression that the folks that wrote IBM compatible BIOSes were not supposed to have anything to do with the (one true) IBM BIOS.
I remember something about these folks using the specs for the BIOS (function inputs/outputs) but never, ever viewing a single line of code from IBM. Most of them were supposed to be under clean room contracts saying that they a) had never viewed the code to the BIOS and b) promised to never look at the IBM BIOS while developing their compatible BIOS. This was to protect against any lawsuits.
Now, I'm not saying that reverse engineering didn't happen, but some companies apparently went to a lot of trouble to at least appear as if they developed their BIOS in a clean room with no IBM code.
No. The EULA that you "accepted" when you opened the plastic wrap on your copy of M$ whatever-the-fsck says that you can not hold M$ responsible for damages that result due to use of the product.
I think a big help to everyone would be if ISPs made sure that packets leaving their networks had a source address that belonged within their network.
I'm not sure why *I* have to deny all RFC1918 traffic and other garbage on my border router. In my shop, a packet doesn't leave unless its source address is from my network.
It could be easily done at the ISPs lowest branch routers so it wouldn't be too hard to configure or cost too much in performance.
Seems to me this would be the responsible thing to do for the entire community. I've never heard a reasonable argument for letting packets out onto the Internet that don't have a source address in your network.
The only problem here is that it will be still shown that you had those files in a usable state at one time. If nothing else, it would show intent to use.
Actually, the best way to defend against this is to use something like PGPDisk, i.e., create an encrypted windows drive or a file system. Then when you hear the police bashing in your door, you use some type of secure wipe program to wipe the virtual drive (usually a normal file).
This is not foolproof because an examination of the physical disk may still yield results, but this is much more expensive and time consuming to do.
I can configure iptables on Linux and ZoneAlarm on, well, you know what, to drop pings and such.
The real problem is that people believe that when they get DSL or cable that they are purchasing bandwidth and that they can use it however they want. This, according to the ISPs, is simply not true. Just because your are sold on a particular speed doesn't mean you can use it all. If you were, you would cause other people problems because it's all shared bandwidth in the back office.
The only problem with regulating or banning UCE is that the spammers will just move overseas.
I suppose that if it was a crime for someone to send UCE and you could track out of country spam back to the US spammer then you could take action. But how would you get cooperation from the other government to do this?
I'm not too sure that the 15 year old is getting shipments of blow directly from South America. I think the idea is to go after the importers who give the drugs to the younger pushers.
As an aside: 15 year olds have to be responsible for their actions, broken home or not. Prison or being expelled from school probably isn't the answer. But having the child to take responsibility for their actions (violating a law) is important.
I'll assume by your post that you are in a university environment. Well I'll tell you that the corporate world is very different.
For starters, many, many companies still use hubs for their networking. If you are plugged into a hub then you can hear anything on your subnet. I have personally worked with small to medium sized companies, with tens to thousands of users, who still link end stations to the LAN with hubs. In these cases snooping by the boss is actually less of a threat than your neighbor running an SMB sniffer and cracking your clever M$ password of "password".
Second, with the proliferation of intrusion detection system it is becoming less and less possible for your traffic to not be examined. Large organization use IDS not only on their Internet connections, but on their internal networks as well. This is because a majority of security viloations occur on the inside of a network. By definition, an IDS system must hear everything that happens on a segment it is to protect.
Third, bosses may not be technically capable of setting up a sniffer, but they are very aware that the opportunity exists. They will order the use of sniffing technology if they believe that they must use it to accomplish something. In practice, they will only do this if there is a significant reason to do so because of legal liability.
Fourth, something like 60% of US companies actively monitor their employee's use of Internet resources. They may not look at each payload, but if you are spending 50% of your day going to Hotmail with your browser, chances are that they already know about it.
Remember that in the US the current opinion is that if you are using a company's computer then the company owns the data input into or produced from that computer. If you are doing something that might be a no-no, you'd better not do it.
Slashdot Mirror
I need mod points. I predict there is a 99.95% chance that mseeger is spot on. This was the first thing I thought of. For those of you who think "The Man" is just a control freak - he probably couldn't care less if you wear headphones or stuffed bananas in your ears. All he cares about is productivity and his bonus and probably not in that order. If some weenie in another cube is bitching that they can't listen to music because they are tied to a phone and "it's unfair, whaaaaaa" then he'll do whatever he thinks will create the least friction in getting his bonus. Apparently dealing with your programming group bitching about not being able to listen to music is the path of less frustration.
> and nobody had air in their cars.
Yeah, I remember the government education posters and bulletins reminding people to open the windows when they got in their cars lest they suffocate. They really needed to have a "Duck and Cover" type program for this - would have solved a lot of problems. I feel old now.
I am one of the folks that submitted this to SANS. I actually looked at the file prior to my teammate sending it and the initial report. The .gif file was really an executable file without the .exe extension. The file had an executable's header and link information strings referring to DLL load points at the end of the file. The middle of the file was compressed binary cruft. The attack vector used the CHM vulnerability to launch.
./. My life is complete...
Another interesting thing we've noticed lately is how many attacks are now using multiple vectors. After dealing with this issue and a bunch of related ones we have come across I have to say that the entire banner ad system is corrupt and infected.
I never thought anything I had a hand in would show up on
Wisconsin.
This is false. The choice to allow a free felon to vote is made on a state by state basis.
t orevote.h tm
This is from the DOJ website: "The right to vote is an important civil right in a democracy as well as a civil responsibility, and yet many persons who have been convicted of a crime do not know whether they are eligible to vote. For both federal and state elections, the right to vote is controlled by the law of the state in which you live. Some states restrict the right to vote for persons who have been convicted of a crime."
http://www.usdoj.gov/crt/restorevote/res
Sorry to be OT but I wanted to correct this.
If you pay for Ad-aware, you get a complementary app called Ad-watch. Ad-watch is a real time component to Ad-aware. That may be what you are looking for.
Ok, so I can sound like the last 50 people that said this: I am not a lawyer. Fine, done.
Here is how I have been trained in regards to wire tap (I am a security analyst):
The wiretap act is broad and prohibits intentional interception (use, etc) of someone else's electronic communications. This Act (see 18 U.S.C. p2511(1)) has a bunch of exceptions two of which are relevant to this discussion:
1. The provider exception may apply if the communications were intercepted during active monitoring for the purposes of system defense,
2. The consent of party exception may apply if you have banners declaring that you monitor all traffic.
From what I have been instructed, I only need to really take care with #1 which is what I'm exactly doing when I fire up a honey pot. (#2 is a part of company policy so it is not optional.)
If I deploy a honey pot for the purpose of monitoring and protecting my network, then I should be able to claim exemption from the Wiretap Act via #1 above. Of course the honeypot damn well better be deployed for the purposes of defense and not something I just threw on the corporate network without authorization.
That's the theory anyway; as far as I know, this has not been tested in the courts yet.
IANAL, but I am fairly certain that you have to be a part of law enforcement to "entrap" someone. I do not believe that private citizens can be accused of "entrapment".
call -936
Dear Lord, I feel old now. Time to get out my walker. Born 1969.
I think the fourth admendment only protects against search and seizeure by the government. Your employer is a different matter.
If you resist your employer, they will probably just terminate you (if you are an employee at will).
Um, I'm not sure, but I was under the impression that the folks that wrote IBM compatible BIOSes were not supposed to have anything to do with the (one true) IBM BIOS.
I remember something about these folks using the specs for the BIOS (function inputs/outputs) but never, ever viewing a single line of code from IBM. Most of them were supposed to be under clean room contracts saying that they a) had never viewed the code to the BIOS and b) promised to never look at the IBM BIOS while developing their compatible BIOS. This was to protect against any lawsuits.
Now, I'm not saying that reverse engineering didn't happen, but some companies apparently went to a lot of trouble to at least appear as if they developed their BIOS in a clean room with no IBM code.
No. The EULA that you "accepted" when you opened the plastic wrap on your copy of M$ whatever-the-fsck says that you can not hold M$ responsible for damages that result due to use of the product.
Great state of affairs, isn't it?
If RAM was $50/KB back then a 128k Apple //e would have cost $6400 just for the memory alone...
I think a big help to everyone would be if ISPs made sure that packets leaving their networks had a source address that belonged within their network.
I'm not sure why *I* have to deny all RFC1918 traffic and other garbage on my border router. In my shop, a packet doesn't leave unless its source address is from my network.
It could be easily done at the ISPs lowest branch routers so it wouldn't be too hard to configure or cost too much in performance.
Seems to me this would be the responsible thing to do for the entire community. I've never heard a reasonable argument for letting packets out onto the Internet that don't have a source address in your network.
Nehmen Sie ein langes hart saugt auf meinem Arch.
Just a guess...
The only problem here is that it will be still shown that you had those files in a usable state at one time. If nothing else, it would show intent to use.
Actually, the best way to defend against this is to use something like PGPDisk, i.e., create an encrypted windows drive or a file system. Then when you hear the police bashing in your door, you use some type of secure wipe program to wipe the virtual drive (usually a normal file).
This is not foolproof because an examination of the physical disk may still yield results, but this is much more expensive and time consuming to do.
My wife left me, my dog died. The bank now has mah truck and I can't even play my Charlie Pride CD.
I can configure iptables on Linux and ZoneAlarm on, well, you know what, to drop pings and such.
The real problem is that people believe that when they get DSL or cable that they are purchasing bandwidth and that they can use it however they want. This, according to the ISPs, is simply not true. Just because your are sold on a particular speed doesn't mean you can use it all. If you were, you would cause other people problems because it's all shared bandwidth in the back office.
The only problem with regulating or banning UCE is that the spammers will just move overseas.
I suppose that if it was a crime for someone to send UCE and you could track out of country spam back to the US spammer then you could take action. But how would you get cooperation from the other government to do this?
I'm not too sure that the 15 year old is getting shipments of blow directly from South America. I think the idea is to go after the importers who give the drugs to the younger pushers. As an aside: 15 year olds have to be responsible for their actions, broken home or not. Prison or being expelled from school probably isn't the answer. But having the child to take responsibility for their actions (violating a law) is important.
I'll assume by your post that you are in a university environment. Well I'll tell you that the corporate world is very different.
For starters, many, many companies still use hubs for their networking. If you are plugged into a hub then you can hear anything on your subnet. I have personally worked with small to medium sized companies, with tens to thousands of users, who still link end stations to the LAN with hubs. In these cases snooping by the boss is actually less of a threat than your neighbor running an SMB sniffer and cracking your clever M$ password of "password".
Second, with the proliferation of intrusion detection system it is becoming less and less possible for your traffic to not be examined. Large organization use IDS not only on their Internet connections, but on their internal networks as well. This is because a majority of security viloations occur on the inside of a network. By definition, an IDS system must hear everything that happens on a segment it is to protect.
Third, bosses may not be technically capable of setting up a sniffer, but they are very aware that the opportunity exists. They will order the use of sniffing technology if they believe that they must use it to accomplish something. In practice, they will only do this if there is a significant reason to do so because of legal liability.
Fourth, something like 60% of US companies actively monitor their employee's use of Internet resources. They may not look at each payload, but if you are spending 50% of your day going to Hotmail with your browser, chances are that they already know about it.
Remember that in the US the current opinion is that if you are using a company's computer then the company owns the data input into or produced from that computer. If you are doing something that might be a no-no, you'd better not do it.