While you'll possibly get to #6, well before you get to #10 some news report will come out about how the girl you might not have dated, but definitely hung out with in high school (according to "anonymous sources"), may have briefly turned to stripping for a 3 month period 4 years after high school (according to more "anonymous sources") when you'd lost contact with her, and the only coverage there will be in the mass media will be "Aspiring congressman dated stripper!" Consequently, every media conference will be full of questions about your past relationship with the stripper, whether you encouraged her to be a stripper, how many other strippers you dated, if you're currently dating a stripper, whether you've ever dated a prostitute, etc.etc. Nothing will be asked at all about your political platform, proposed laws, etc, because this kind of thing doesn't sell papers, and it's boring. Sex scandals are a guaranteed sell, with the bonus that trashing your election chances doesn't upset the political apple cart, and the media can maintain its position of information control.
Something like that might even happen before you get to #6, depending on how vicious the local politics are in your municipality.
I was following a Mercedes SUV the other day, I'd guess at least a $100k vehicle. One of its rear tires was so worn that the steel belts were showing through the rubber of the tread. Keep in mind, this wasn't an up close inspection. This was what I could see from the driver's seat of my vehicle while I was behind them. I'd guess the belts were showing for between a quarter and a third of the circumference of the tire. The other side wasn't showing belts, but it was obviously pretty much bald, too.
For a wireless network, you're right. The MAC is in the plaintext packet header. But if your bank is using wireless intentionally, then you're already screwed. I don't know of any bank in my area that has a wireless network, other than the occasional "HP_Setup" ad-hoc from a wireless-capable printer that hasn't had the wireless disabled. You'd need to be on the wire already to pick up a MAC anywhere around me, and there's no way to do that without triggering the IDS. Plus, the MAC you'd pick up in the unencrypted wireless headers would be the wireless MAC. You'd not be able to use that on the wire with a device like in the story, because a wireless MAC never touches the wired network, unless you're using a consumer-grade access point/switch/router type device that directly connects them together. Again, if your bank is using something like this by choice, you're already screwed. I suppose a single AP plugged directly into an otherwise wired network would also let this happen, but the "you're already screwed" part still stands in that case, too.
Go look up the story rather than randomly guessing.
I wasn't randomly guessing. I was basing my comments on the coverage of the story that I remember reading. I don't remember reading anything clearing up the original claims of "backpack and pressure cooker searches" coverage, but I do have stretches that I don't get onto/. for a while, because I have to, you know, work. It's entirely possible that I missed the clarification coverage.
It is funny how the media reports it as a sophisticated attack with criminal masterminds as they don't want you to know that it is something that pretty much anybody with a little tech understanding could do. They are only reporting this one because they were such clever criminal masterminds that they got caught doh!
I'm sure it's also that they want it to seem that the police are complete tech geniuses that can thwart any crime, no matter how much of a "criminal mastermind" the perpetrator is. In reality, of course, they're just as incompetent as the criminals for the most part.
You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS. Any bank with IT worth keeping has MAC filtering on their switches. That alone will prevent your "access point/switch in the network line from a workstation" from working. At best, the legit device will stop working, resulting in a call to IT. At worst, the IDS will be triggered immediately, Either way, IT will investigate, find your additions to the network, probably call the police, get your AP fingerprinted, etc.etc.
A network device WILL be detected on anything but the simplest "plug it in and it works as recommended by Best Buy" kind of network. I've got two older Cisco Catalyst switches on my home/home business network; a 2950 and a 2960. Even these support locking a specific MAC to a port, so an unauthorized device won't work if plugged in. I`m going to set the 2960 this way soon, but haven`t yet as it`s a new addition to the network, as an emergency replacement for a different switch that died. The 2950, though, is on my workbench, which has customer machines connected and disconnected on a regular basis, so this kind of setting would be counterproductive.
So when I get the setup finalized, your "AP in a network cable" wouldn't even work on the trusted subnet of my home network, forget about a bank. My workbench subnet has no access to anything important, so unless you're wanting to hack a customer machine that's already infected with a dozen viruses, you're not going to get anywhere.
Googling certain items results in a visit from the FBI.
The one time I read of that happening it was on a work computer, the IT staff saw it and called the FBI. He googled for a backpack for hiking, his wife googled for a pressure cooker for cooking, and as it was right after the Boston bombing. It wasn't the NSA, it was his employer spying on him.
That doesn't seem likely to me. It would mean that the man and his wife both worked at the same location, and probably would have had to have used the same computer. After all, it's unlikely that the IT dept would be cross referencing searches between various employees based on their relationship with each other.
"Hey! This guy Googled for backpacks! Let's go see what his wife has been searching for!"
Sounds more like: We, the NSA, were monitoring this guy, but we don't want anybody to know, so lets make up some shit about his employer's IT dept....
GP didn't say that it was the US' fault entirely. You cut out his "Don't delude yourself by thinking that.." at the beginning of the sentence, which turned the meaning of the sentence into the opposite of what was originally posted.
It's antisemitism because you're focusing on Israel when in fact this information is shared with 5-6 other countries mentioned in the article. Equal standards for everyone. As soon as you start making unfair comments because it happens to be Israel then we've got a problem.
You must be new here.
This is/. Most readers don't get beyond the summary. The summary only mentions Israel, so why should most readers assume that there are other countries that aren't mentioned in the summary?
If anybody's being antisemitic here, it's not the GP, it's Dice and the editors, but I think that's even a stretch.
That's still an attack. If the UK had invaded the US in retaliation for the latter's role in supporting IRA operations, would that not have been an attack?
Not really, no. Defensive actions aren't attacks, in the conventional sense of the word, even if the action is brought to the original aggressor. If some guy comes up to me on the street and punches me, would I be attacking them if I clobbered them back? Of course not. Why is it different if "me" and "some guy" are nation states?
What if it included a signed admission from Obama that the NSA was running illegal surveillance, but he didn't give a shit, because Hitler and Stalin were his heroes?
See? We can play "what if" till we're blue in the face, but it's just meaningless, speculative bullshit.
You're using nearly a decade worth of 2.6 kernel releases, covering at least 40 distinct releases, to compare to a single product release from MS? And you call ME a fail? I think you need to go take a few statistics classes, because you are completely off your bat shit insane rocker if you think this is even in the same universe as a sane comparison.
One of them not critical at all, and the others "less" critical. For Secunia, "less" critical means it's hardly a vulnerability at all. It cannot result in your computer being taken over, it cannot result in any serious information leakage, and it can't do anything without the user doing something to cause it.
What they can do: http://secunia.com/advisories/graph/?type=imp&period=2013&prod=2719 Half of them can DoS your computer. Really. A local DoS. So I can lock up my own computer and prevent myself from accessing it. That's not even a vulnerability as far as Microsoft is concerned.
BTW, do you notice how much more readable this is than one of your screeds? That's because I use knowledge and logic, rather than foaming at the mouth fury when I type my posts. How many keyboards do you have to replace because you've either pounded the keys into oblivion, or soaked it with spittle to the point where it doesn't work anymore?
I always thought that image was funny because it was so far over the top. Then I ran across you on here, and found out there are people who really are that passionate about being stupid.
You post a link to the post you're replying to? Really? Do you really think the entirety of the world is so mindbogglingly stupid that they couldn't find the post you're replying to without you posting a link to it?
I guess that explains a lot about the stalking douche that is APK.
BTW, I notice you're not signing your AC posts, anymore. Is that because people were starting to black flag any post with the APK sig, and automatically modding it down to -1, because that signature virtually guarantees that the content of the post will be obnoxious, rude, wrong, and have brain damaged font changes and paragraph structure? (If you can call ANYTHING you post "structured".....)
I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt.. I'm APK..I kicked your ass, fool!...zzzzt..
You're starting...no...not starting...continuing to sound like a broken record.
Do you really get any satisfaction from stalking people who've beaten you in arguments, and trying to rewrite the debate to make it seem like you won? How much effort does that take, compared to what it would take to just learn the subject you're bullshitting about? You'd probably win many more arguments if you had a clue, and I'm betting it would be less effort than the amount you must put in doing all this following and trolling bullshit that you currently do.
Tell me one more thing: How much caffeine do you consume in a day?
How is this a troll? Rude and blunt, maybe, but they're right. There is no constitutional basis for not releasing the information. A bullet might be a little bit overkill, but it depends on the threats that the "human filth" makes to Facebook/Yahoo/Google first, doesn't it?
Seems like another witch hunt to me. Good ol' McCarthy would have been proud. Instead of searching for culprits, get the community to examine the compromised code and improve it. If you think the whole community is in the hands of the NSA then we've already lost.
You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.
I go by the policy of innocent until proven guilty. Until it's demonstrated that this material will actually endanger someone's life, it's just hollow words from a bunch of biased people who have already demonstrated a willingness to break the law.
So, basically, what possible reason could we have to believe the government on this, when they have done everything they possibly could to destroy any trust we have in them?
Slashdot Mirror
While you'll possibly get to #6, well before you get to #10 some news report will come out about how the girl you might not have dated, but definitely hung out with in high school (according to "anonymous sources"), may have briefly turned to stripping for a 3 month period 4 years after high school (according to more "anonymous sources") when you'd lost contact with her, and the only coverage there will be in the mass media will be "Aspiring congressman dated stripper!" Consequently, every media conference will be full of questions about your past relationship with the stripper, whether you encouraged her to be a stripper, how many other strippers you dated, if you're currently dating a stripper, whether you've ever dated a prostitute, etc.etc. Nothing will be asked at all about your political platform, proposed laws, etc, because this kind of thing doesn't sell papers, and it's boring. Sex scandals are a guaranteed sell, with the bonus that trashing your election chances doesn't upset the political apple cart, and the media can maintain its position of information control.
Something like that might even happen before you get to #6, depending on how vicious the local politics are in your municipality.
So basically, it's a separate company in the same way that Chevrolet is a separate company from General Motors?
I was following a Mercedes SUV the other day, I'd guess at least a $100k vehicle. One of its rear tires was so worn that the steel belts were showing through the rubber of the tread. Keep in mind, this wasn't an up close inspection. This was what I could see from the driver's seat of my vehicle while I was behind them. I'd guess the belts were showing for between a quarter and a third of the circumference of the tire. The other side wasn't showing belts, but it was obviously pretty much bald, too.
For a wireless network, you're right. The MAC is in the plaintext packet header.
But if your bank is using wireless intentionally, then you're already screwed. I don't know of any bank in my area that has a wireless network, other than the occasional "HP_Setup" ad-hoc from a wireless-capable printer that hasn't had the wireless disabled. You'd need to be on the wire already to pick up a MAC anywhere around me, and there's no way to do that without triggering the IDS.
Plus, the MAC you'd pick up in the unencrypted wireless headers would be the wireless MAC. You'd not be able to use that on the wire with a device like in the story, because a wireless MAC never touches the wired network, unless you're using a consumer-grade access point/switch/router type device that directly connects them together. Again, if your bank is using something like this by choice, you're already screwed. I suppose a single AP plugged directly into an otherwise wired network would also let this happen, but the "you're already screwed" part still stands in that case, too.
Go look up the story rather than randomly guessing.
I wasn't randomly guessing. I was basing my comments on the coverage of the story that I remember reading. I don't remember reading anything clearing up the original claims of "backpack and pressure cooker searches" coverage, but I do have stretches that I don't get onto /. for a while, because I have to, you know, work. It's entirely possible that I missed the clarification coverage.
It is funny how the media reports it as a sophisticated attack with criminal masterminds as they don't want you to know that it is something that pretty much anybody with a little tech understanding could do. They are only reporting this one because they were such clever criminal masterminds that they got caught doh!
I'm sure it's also that they want it to seem that the police are complete tech geniuses that can thwart any crime, no matter how much of a "criminal mastermind" the perpetrator is. In reality, of course, they're just as incompetent as the criminals for the most part.
You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS.
Any bank with IT worth keeping has MAC filtering on their switches. That alone will prevent your "access point/switch in the network line from a workstation" from working. At best, the legit device will stop working, resulting in a call to IT. At worst, the IDS will be triggered immediately, Either way, IT will investigate, find your additions to the network, probably call the police, get your AP fingerprinted, etc.etc.
A network device WILL be detected on anything but the simplest "plug it in and it works as recommended by Best Buy" kind of network. I've got two older Cisco Catalyst switches on my home/home business network; a 2950 and a 2960. Even these support locking a specific MAC to a port, so an unauthorized device won't work if plugged in. I`m going to set the 2960 this way soon, but haven`t yet as it`s a new addition to the network, as an emergency replacement for a different switch that died. The 2950, though, is on my workbench, which has customer machines connected and disconnected on a regular basis, so this kind of setting would be counterproductive.
So when I get the setup finalized, your "AP in a network cable" wouldn't even work on the trusted subnet of my home network, forget about a bank. My workbench subnet has no access to anything important, so unless you're wanting to hack a customer machine that's already infected with a dozen viruses, you're not going to get anywhere.
Googling certain items results in a visit from the FBI.
The one time I read of that happening it was on a work computer, the IT staff saw it and called the FBI. He googled for a backpack for hiking, his wife googled for a pressure cooker for cooking, and as it was right after the Boston bombing. It wasn't the NSA, it was his employer spying on him.
That doesn't seem likely to me. It would mean that the man and his wife both worked at the same location, and probably would have had to have used the same computer. After all, it's unlikely that the IT dept would be cross referencing searches between various employees based on their relationship with each other.
"Hey! This guy Googled for backpacks! Let's go see what his wife has been searching for!"
Sounds more like: We, the NSA, were monitoring this guy, but we don't want anybody to know, so lets make up some shit about his employer's IT dept....
GP didn't say that it was the US' fault entirely. You cut out his "Don't delude yourself by thinking that.." at the beginning of the sentence, which turned the meaning of the sentence into the opposite of what was originally posted.
the perfect job and wouldn't leave it, lot's of people commute to work.
Maybe the next school district over taught punctuation like that....
The only person who is talking about servers on user accounts is you.
For example, if you iOS/Android/WP device is connected to a wifi network, they have the password.
Well, I put one over on them, then. My wireless isn't encrypted!!!!
Figure out that password, Clapper!!!
Porpoises, dammit!
PORPOISES!!!!
It's antisemitism because you're focusing on Israel when in fact this information is shared with 5-6 other countries mentioned in the article. Equal standards for everyone. As soon as you start making unfair comments because it happens to be Israel then we've got a problem.
You must be new here.
This is /. Most readers don't get beyond the summary. The summary only mentions Israel, so why should most readers assume that there are other countries that aren't mentioned in the summary?
If anybody's being antisemitic here, it's not the GP, it's Dice and the editors, but I think that's even a stretch.
That's still an attack. If the UK had invaded the US in retaliation for the latter's role in supporting IRA operations, would that not have been an attack?
Not really, no. Defensive actions aren't attacks, in the conventional sense of the word, even if the action is brought to the original aggressor.
If some guy comes up to me on the street and punches me, would I be attacking them if I clobbered them back? Of course not. Why is it different if "me" and "some guy" are nation states?
Whoosh whoosh whoosh.
What if it included a signed admission from Obama that the NSA was running illegal surveillance, but he didn't give a shit, because Hitler and Stalin were his heroes?
See? We can play "what if" till we're blue in the face, but it's just meaningless, speculative bullshit.
You're using nearly a decade worth of 2.6 kernel releases, covering at least 40 distinct releases, to compare to a single product release from MS? And you call ME a fail? I think you need to go take a few statistics classes, because you are completely off your bat shit insane rocker if you think this is even in the same universe as a sane comparison.
Let's take a look at the 5 Secunia releases for 2.6 in 2013, shall we?
This is from the page you linked to in your "open sores" rant, BTW:
http://secunia.com/advisories/graph/?type=cri&period=2013&prod=2719
One of them not critical at all, and the others "less" critical. For Secunia, "less" critical means it's hardly a vulnerability at all. It cannot result in your computer being taken over, it cannot result in any serious information leakage, and it can't do anything without the user doing something to cause it.
Similarly:
http://secunia.com/advisories/graph/?type=fro&period=2013&prod=2719
NONE of them are remotely exploitable.
What they can do:
http://secunia.com/advisories/graph/?type=imp&period=2013&prod=2719
Half of them can DoS your computer. Really. A local DoS. So I can lock up my own computer and prevent myself from accessing it. That's not even a vulnerability as far as Microsoft is concerned.
BTW, do you notice how much more readable this is than one of your screeds? That's because I use knowledge and logic, rather than foaming at the mouth fury when I type my posts. How many keyboards do you have to replace because you've either pounded the keys into oblivion, or soaked it with spittle to the point where it doesn't work anymore?
I imagine you like this typing most of your posts:
http://stream1.gifsoup.com/webroot/animatedgifs/257866_o.gif
I always thought that image was funny because it was so far over the top. Then I ran across you on here, and found out there are people who really are that passionate about being stupid.
You post a link to the post you're replying to? Really? Do you really think the entirety of the world is so mindbogglingly stupid that they couldn't find the post you're replying to without you posting a link to it?
I guess that explains a lot about the stalking douche that is APK.
BTW, I notice you're not signing your AC posts, anymore. Is that because people were starting to black flag any post with the APK sig, and automatically modding it down to -1, because that signature virtually guarantees that the content of the post will be obnoxious, rude, wrong, and have brain damaged font changes and paragraph structure? (If you can call ANYTHING you post "structured".....)
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
You're starting...no...not starting...continuing to sound like a broken record.
Do you really get any satisfaction from stalking people who've beaten you in arguments, and trying to rewrite the debate to make it seem like you won? How much effort does that take, compared to what it would take to just learn the subject you're bullshitting about? You'd probably win many more arguments if you had a clue, and I'm betting it would be less effort than the amount you must put in doing all this following and trolling bullshit that you currently do.
Tell me one more thing: How much caffeine do you consume in a day?
Hey, APK. Haven't seen you for a while.
How are your mental imbalances holding up?
How is this a troll? Rude and blunt, maybe, but they're right. There is no constitutional basis for not releasing the information.
A bullet might be a little bit overkill, but it depends on the threats that the "human filth" makes to Facebook/Yahoo/Google first, doesn't it?
(how many sites changes ca when issuing a new cert anyway).
Google's done it. Pretty sure there are plenty of Diginotar and Comodo customers who've done it, too.
Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
Instead of searching for culprits, get the community to examine the compromised code and improve it.
If you think the whole community is in the hands of the NSA then we've already lost.
You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.
For a permanent solution, the mole MUST be found.
I go by the policy of innocent until proven guilty. Until it's demonstrated that this material will actually endanger someone's life, it's just hollow words from a bunch of biased people who have already demonstrated a willingness to break the law.
So, basically, what possible reason could we have to believe the government on this, when they have done everything they possibly could to destroy any trust we have in them?