That sounds more like a feature than a bug to me. If you get busted by a tyrannical authority on suspicion of spying, your concern will tend to have more to do with labor camps than lost photographs
I'm referring to tyrants whose primary object is to harass photographers with no legal basis.
In other words, you did nothing wrong, but these officers are illegally harassing you anyways.
In other words, they would ruin your film, because they can get away with it, even though they have no legal right to do so.
I'm not suggesting they would accuse you of spying.
If you actually are breaking the law in a way legally punishable with labor camp, then yeah, easily destructible media benefits you,
and you can probably easily just drop the piece of flash on the ground and smash it, if you want.
The only thing that might come close would be a DIP switch toggle to allow for unsigned images to be flashed (which is shipped off), and all updates signed.
How about a special cable?
Have say a USB port with an extra 'notch' at the bottom.
When a special proprietary flash drive is plugged in that has an extra plastic notch attached to the bottom, the 'button' will be pushed and held down while it is plugged in, enabling a "hardware maintenance" signal line.
When the system is rebooted with the 'maintenance' button pushed down, the BIOS boots in maintenance mode, IDE/SATA controllers will be disconnected,
USB ports except the maintenance port physical disconnect, the system will zero all RAM and load an image from the flash drive into RAM.
Once the drive is removed, it will jump to code in RAM containing any firmware upgrades.
In maintenance mode, flashing is enabled and SATA controllers are disabled.
In non-maintenance mode, flashing is disabled and SATA controllers are enabled.
And the manufacturer can sell proprietary flash drives to make up for the extra expense.
run your in house tools to verify that the code on the card is the same as your in house code you developed
And a properly hacked card outputs to the in-house tool the exact code it's supposed to,
because the hack contains a bit of code to remove all the patches and return itself to pristine state, when a debug connection is detected
say you're a front for the chinese military making these things. you install the rootkit. broadcom or whoever will do an audit of retail boxes to make sure the cards are being produced to spec. how do you hide what you did?
One way is to operate completely within spec. The 'retail box audit' normally includes hardware components, not the actual firmware,
so an audit is not likely to detect.
It is not like they're going to audit NICs with a $100,000 logic analyzer, and spend thousands of skilled man hours verifying every bit on the programmable chip service matches their master. Hacked firmware can be designed to lie about its own contents when inquired, and these things can be designed to lie dormat for months on average.
The hacked firmware might open a backdoor only periodically, not every time. Each box will probably be audited once, not 50 times.
When an end user gets the thing, they will eventually trigger the malicious code, because they'll use their machine for a long time.
Isolating the NIC as a cause would be extremely difficult, if the malicious code is sensitive to network activity, and specific kinds of network activity,
for example keywords.
Perhaps the hack is configured only to activate if the computer sends something to an IP address in certain ranges, or containing a certain keyword.
There are innumerable criteria that auditing won't detect
the code+data will have to fit in whatever RAM or EEPROM capacity the network card has.
Or a downloader/backdoor will have to fit on the card to allow a remote load of any code that can't be stored on the PROM.
It could be a simple stub, executing exactly instructions carried in magic data packets.
Downloaders can pull more code than is stored by using sources found outside the NIC, such as sources on the internet.
the hacked firmware could remove standard features like Wake on Lan, and use that space to implement features the malware author wants, like "Flood on LAN".
Most NICs nowadays support things like PXE boot.
Either that part of the option ROM could be completely hijacked, OR in fact the PXE boot function could be used as a way of booting the system to a 'boot sector infection' routine next boot after the NIC is infested.
Think about it... Phase 1, your NIC gets infected,
Phase 2, next boot a vulnerability will be opened in your system, thanks to the ability of every PCI card to include an option ROM in the BIOS, or code will run to use blue pill against your OS and introduce malicious code, the hypervisor above your OS downloads code from the attacker.
Depending on the payload downloaded, the malware could be anything from a keylogger to a spam node
An attacker would then be able to communicate remotely with the rootkit in the network card and get access to the underlying operating system thanks to DMA."
Not if the CPU had IOMMU hardware that was configured to only allow the network card to write to the proper memory area.
However, this still would not protect against the network card forging data, manipulating packets before passing them to the OS,
for example manipulating packets to be malformed so to exploit an OS security vulnerability,
emitting packets the OS did not generate (such as ICMP pings, or other packets for a hardware-based DDoS emitted without assistance from host OS.. or connecting to a P2P network of compromised NICs
to form a spam-sending botnet, without host involvement.
The possibility also exists of capturing packets crossing the NIC and forwarding samples to an outside address, or manipulating aspects of packets
to create an "open proxy" the host does not know about, enabling IP spoofing, cache poisoning, or opening other vulnerabilities that don't require manipulation of the host itself.
One could envision a method for retrieving the so-called "latent image" via chemical means.
It has a problem that if you capture an image of something tyrants don't want you to capture, they tend to quietly push a little button on your camera, and open it up, fully illuminating the plastic, causing all the silver hadride to react, and destroying the latent image.
At least with electronic storage, your image is not so volatile, and you can easily and subtly swap the flash card, hiding the important one, so the tyrants don't destroy your image of their treachery..
Why? Seriously, what benefit is there banning DSLRs over other cameras? It can't be the existence of telephoto lenses, because there are lots of compacts that have large zooms. Maybe it's a war on artful, quality photos?
Not only that... but there are non-SLRs that have Telephoto lenses you can attach, I am pretty sure. Some of the compacts with Zoom capabilities are probably SLRs, technically
There are some "SLR-LIKE" cameras that are not SLRs, because they have a separate viewfinder which does not look through the main lens though.
By definition a SLR is a camera that has a single lens, and a mirror, the viewfinder looks through the LENS
a Prism is used to restore the orientation of the image, in a manner, that when you look through the viewfinder, you see the photo will be taken.
Any camera that has a single lens and uses this method reflection, so that the viewfinder and the image sensor both utilize the same lens is called SLR.
A DSLR just refers to digital technology.
So this should be easily circumvented by using any camera that is not a SLR, I guess, i.e. any Camera that has a viewfinder which that its own lens on the front of the
camera and does not look through a single lens, OR uses a mechanism other than reflection to duplicate the image in the LENS to the viewfinder.
For example, a camera that electronically displays a rendition of the image hitting the image sensor using an electronic backlit display, without any reflection,
instead of passing the image straight to the person viewing.
I suppose viewfinders that incorporate an electronic display, will, however, be more expensive than the reflection technique,
and the image appearing on the display will be less true in quality than the actual picture.
Periodically stepping your clock is pretty bad, will break a number of applications, especially when NTP steps your clock backwards, it does not erase fingerprints. And 'ntpdate' is only really meant to set your clock initially when it is still too far off to sync, once your clock is accurate, you should start the NTP daemon.
Anyways, NTP and ntpdate will not be able to hide the signature.
There are sub-second timing methods available to Javascript that do not rely on the time reflected by the system clock.
Stepping the clock directly may even reduce the noise, making the fingerprint clearer after it has been stepped.
Note the Javascript Date objects have millisecond resolution, and some sites and javascript pages, particularly games, rely on fairly precise timekeeping.
Note the abstract linked stated "Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall, and also when the device’s system time is maintained via NTP or SNTP”
"
The radiation from the backscatter xray is only equivalent to 4 minutes of flight time for the typical scan time
You are claiming an equivalency that is only based on one raw measure of the exposure, one of the least important measures of exposure (thermal energy), and misses important points.
The higher the energy of the radiation, the deeper into the body it will penetrate before it is absorbed.
The lower energy radiation you experience in flight is reflected by the skin.
The higher energy of backscatter machines is absorbed inside the body and can potentially effect the brain and the genitals.
It might lead to sterilization or cancer.
The ionizing radiation you are exposed to on a backscatter machine is different and more harmful than the radiation you would be exposed to when flying, it is a different kind of radiation in magnitude.
The mere total exposure amount hides important factors such as the proportion absorbed VS the proportion harmlessly reflected.
Yes. Roll it out as part of a web browser software update for Firefox, kind of messy, involves manual work.
For Internet Explorer users, one group policy will update the Workstation's Trusted CA certificates store to include your custom certificate. And IE will use that to validate trust of the cert.
Indeed, if you have a "centrally controlled" provisioning system, you can even add the certificate to your default system build. Then the scary warnings go away completely.
If using Microsoft Internet Explorer, one group policy entry will distribute the CA certificate to all domain computers.
It's one of the things Firefox users have a hard time with, since there's no central management, they have to put up with SSL warnings on the intranet sites. Which is one of the unfortunate reasons Internet Explorer use is required in some organizations.
Enterprise CA is a standard part of modern enterprises that have intranets
If X-ray backscatter machines could sterilize you, you'd be sterile ten times over already from background radiation.
No, because the magnitude of background radiation is much much lower, disorganized, diffused by the Earth's atmosphere and electromagnetic field, non-directional, and not pointed in an organized fashion directly at your body, and doesn't reach nearly the energy levels of the backscatter machine. Especially when operators make mistakes with the machine that cause people to get even more exposure than they are supposed to,
or to be exposed longer than the 2 seconds they are supposed to, that all the numbers validating its safety are based on --
when they make someone stand in the scanner for a few minutes with it running, the person is getting massive amounts of harmful radiation exposure, way beyond what is safe or indicated.
I'll hope either you're making that up, or the person who told you was making it up.
As it is, 911 gets more calls than they can deal with in many areas, and a lot of clueless people, or people without phone books call in non-emergencies, and there are plenty of calls at any particular time where the person does make contact. They have to prioritize the calls, and they address calls where life is reported to be in immediate danger first.
The girl down the street's broken nail can wait, so can the guy caught shoplifting, unless he's armed or posing an immediate threat. Your silent call to 911 might get answered hours later, if at all.
Check out this link in regards to 911 call screening
Some Sprint Nextel customers reported trouble reaching a live 911 operator in Clackamas, Washington and Multnomah counties in Oregon. When Sprint investigated the cause of these complaints, we learned that these counties had implemented an Interactive Voice Response System (IVR) to screen 911 calls. Sprint Nextel learned that IVRs also are used in Reno, Nevada, and by the California Highway Patrol (CHP) to validate emergency situations. When dialing 911, callers in these areas must either press 1 or state "emergency" to be connected to a 911 operator. When the “1” is pressed, a special tone, referred to as dual tone multi-frequency (DTMF), typically transmits information over the voice circuit.
There are cell phones that cannot access, or have a limited ability to access, DTMF when a 911 call is made. Certain Motorola-manufactured iDEN handsets have had DTMF tones block to avoid over-dialing when placing a 911 call. This safety feature was incorporated by Motorola prior to learning that automated response systems were being used to respond to 911 calls.
Dial 911, simply do not SAY anything but do not hang up. cops will be on the way.
In many areas, simply dialing 911 does not connect you to an operator, you go to an IVR,
and to get a responder you re prompted to "Press 1" or shout "Emergency" into the handset.
911 misdials are too frequent.
This caused problems a couple years ago, because certain Motorola and other phones disable all DTMF when a call was made to 911, so the person answering the IVR would "Press 1" when prompted to press 1, but since DTMF was disabled by their phone,
it was impossible to answer the IVR prompt and get to the responder.
As for 911 no-contact / hangup calls, a police officer might come by in a few hours to investigate/figure out why 911 was dialed,
and scold / fine the perp who dialed in
why you should text a 911 responder instead of just calling them?
Because there's an insane guy with a gun in a large room, and if he sees you on the phone, he will shoot.
A covert way of calling in the emergency services could be useful.
As long as cell carriers are required to provide 911 with the GPS coordinates the phone was located at when the text was sent.
Your system's clock skew fingerprint will give you away, with a tiny bit of Javascript.
Who needs cookies, when your computer has intrinsic characteristics / artifacts from manufacturing that uniquely identify it?
To be perfectly pedantic, the whole concept of race is flawed.
The word
race in reference to humans refers to minor genetic variations held by certain groups within the same species or subspecies, resulting from them coming from the same breed.
These can definitely be detected -- for example, there is (or was) a breed of humans that tends to have a certain skin tone, a certain hair color, a certain eye color, etc.
It is independent of culture; people can be of a certain race, but not the culture, and people can be of the culture but not the race -- with the exception of discriminatory cultures whose members specifically exclude people based on appearance, aka breed/race.
Basically, the same meaning the word race (or breed) has with regards to other species, for example Dogs.
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians... are able to do' "
No racism there, except for extremely expansive gratuitously warped definitions of racism.
There are well-known large hacking rings in Russia and China. It is not difficult to imagine that many hackers working together are obviously a potentially larger threat than one hacker, assuming individuals of comparable skill and knowledge; the conclusions are obvious and have nothing to do with race.
There are some Malaysian hacking rings, but less well known to the public and the popular media.
Even if the more adept hackers happened to be in China, and it was stated, it wouldn't imply anything about race.
As there are other factors involved, such as government being involved and promoting hacking, or there being stronger penalties for hackers in a country.
The amount of technology available in a country, and the state of its economy and culture also effect such things.
In any event, Racism is defined as using power, for example, force, government authority, business decisions, or threat of violence/harm to promote the superiority of one race or to marginilize another.
Besides race there are a lot of differences between the culture and environment in Malaysia VS Chinese/Russian countries,
ability to hide, and access to certain resources.
There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.
Nice episode in german law: If you leave your car unlocked and it gets (or might get) stolen, you can get fined for assisting crime.
Hm... is the crime against you in that case, or is the crime against your insurance company, when you try to make the loss claim that someone broke into your (unlocked) car? <G>
However, there is law and social conventions that say your car that you own is your private property, even when left unattended on a public street, and even if left unlocked.
The expectation is you left the car temporarily to go about your business and have not abandoned it or invited the public to take their pick from your stuff.
However, if you brought your car to a junkyard, and left your car unlocked, in a pile of other thrown-away cars, the expectation is completely different
However, video streams are not like cars, and are more like publications.
Making 'video streams' publicly accessible is much like broadcasting something on TV, and trying to sue the channel guide people for reporting that program X is running so you can watch it on Tv instead of buying.
And then suing viewers who watched on TV but didn't buy the home video version
Generally, if someone has a news stand up with magazines, you are allowed to pick up a magazine and thumb through it, without opting to buy, should you decide you are not interested.
At this rate, next thing iwll be publishers suing bookstore patrons for reading parts of books in the store.
That sounds more like a feature than a bug to me. If you get busted by a tyrannical authority on suspicion of spying, your concern will tend to have more to do with labor camps than lost photographs
I'm referring to tyrants whose primary object is to harass photographers with no legal basis. In other words, you did nothing wrong, but these officers are illegally harassing you anyways.
In other words, they would ruin your film, because they can get away with it, even though they have no legal right to do so.
I'm not suggesting they would accuse you of spying. If you actually are breaking the law in a way legally punishable with labor camp, then yeah, easily destructible media benefits you, and you can probably easily just drop the piece of flash on the ground and smash it, if you want.
But there will be more evidence you did that
The only thing that might come close would be a DIP switch toggle to allow for unsigned images to be flashed (which is shipped off), and all updates signed.
How about a special cable?
Have say a USB port with an extra 'notch' at the bottom.
When a special proprietary flash drive is plugged in that has an extra plastic notch attached to the bottom, the 'button' will be pushed and held down while it is plugged in, enabling a "hardware maintenance" signal line.
When the system is rebooted with the 'maintenance' button pushed down, the BIOS boots in maintenance mode, IDE/SATA controllers will be disconnected, USB ports except the maintenance port physical disconnect, the system will zero all RAM and load an image from the flash drive into RAM.
Once the drive is removed, it will jump to code in RAM containing any firmware upgrades. In maintenance mode, flashing is enabled and SATA controllers are disabled. In non-maintenance mode, flashing is disabled and SATA controllers are enabled.
And the manufacturer can sell proprietary flash drives to make up for the extra expense.
and i've seen a lot of mysterious reboots and other problems thought to be MS's fault fixed by HP firmware/driver upgrades
The real question is... if you didn't upgrade it, would the problem still have gone away?
How many firmware fixes are genuine hardware issues VS workarounds for buggy Microsoft drivers? :)
and with all the security appliances that everyone runs these days it's going to be hard to hide the malicious network traffic
Security appliances need NICs too
Perhaps version 1 of the 'hack' is to obscure traffic that would be emitted by version 2
run your in house tools to verify that the code on the card is the same as your in house code you developed
And a properly hacked card outputs to the in-house tool the exact code it's supposed to, because the hack contains a bit of code to remove all the patches and return itself to pristine state, when a debug connection is detected
say you're a front for the chinese military making these things. you install the rootkit. broadcom or whoever will do an audit of retail boxes to make sure the cards are being produced to spec. how do you hide what you did?
One way is to operate completely within spec. The 'retail box audit' normally includes hardware components, not the actual firmware, so an audit is not likely to detect. It is not like they're going to audit NICs with a $100,000 logic analyzer, and spend thousands of skilled man hours verifying every bit on the programmable chip service matches their master. Hacked firmware can be designed to lie about its own contents when inquired, and these things can be designed to lie dormat for months on average.
The hacked firmware might open a backdoor only periodically, not every time. Each box will probably be audited once, not 50 times. When an end user gets the thing, they will eventually trigger the malicious code, because they'll use their machine for a long time.
Isolating the NIC as a cause would be extremely difficult, if the malicious code is sensitive to network activity, and specific kinds of network activity, for example keywords.
Perhaps the hack is configured only to activate if the computer sends something to an IP address in certain ranges, or containing a certain keyword. There are innumerable criteria that auditing won't detect
the code+data will have to fit in whatever RAM or EEPROM capacity the network card has.
Or a downloader/backdoor will have to fit on the card to allow a remote load of any code that can't be stored on the PROM.
It could be a simple stub, executing exactly instructions carried in magic data packets. Downloaders can pull more code than is stored by using sources found outside the NIC, such as sources on the internet.
the hacked firmware could remove standard features like Wake on Lan, and use that space to implement features the malware author wants, like "Flood on LAN".
Most NICs nowadays support things like PXE boot. Either that part of the option ROM could be completely hijacked, OR in fact the PXE boot function could be used as a way of booting the system to a 'boot sector infection' routine next boot after the NIC is infested.
Think about it... Phase 1, your NIC gets infected, Phase 2, next boot a vulnerability will be opened in your system, thanks to the ability of every PCI card to include an option ROM in the BIOS, or code will run to use blue pill against your OS and introduce malicious code, the hypervisor above your OS downloads code from the attacker.
Depending on the payload downloaded, the malware could be anything from a keylogger to a spam node
An attacker would then be able to communicate remotely with the rootkit in the network card and get access to the underlying operating system thanks to DMA."
Not if the CPU had IOMMU hardware that was configured to only allow the network card to write to the proper memory area.
However, this still would not protect against the network card forging data, manipulating packets before passing them to the OS, for example manipulating packets to be malformed so to exploit an OS security vulnerability, emitting packets the OS did not generate (such as ICMP pings, or other packets for a hardware-based DDoS emitted without assistance from host OS.. or connecting to a P2P network of compromised NICs to form a spam-sending botnet, without host involvement.
The possibility also exists of capturing packets crossing the NIC and forwarding samples to an outside address, or manipulating aspects of packets to create an "open proxy" the host does not know about, enabling IP spoofing, cache poisoning, or opening other vulnerabilities that don't require manipulation of the host itself.
One could envision a method for retrieving the so-called "latent image" via chemical means.
It has a problem that if you capture an image of something tyrants don't want you to capture, they tend to quietly push a little button on your camera, and open it up, fully illuminating the plastic, causing all the silver hadride to react, and destroying the latent image.
At least with electronic storage, your image is not so volatile, and you can easily and subtly swap the flash card, hiding the important one, so the tyrants don't destroy your image of their treachery..
Why? Seriously, what benefit is there banning DSLRs over other cameras? It can't be the existence of telephoto lenses, because there are lots of compacts that have large zooms. Maybe it's a war on artful, quality photos?
Not only that... but there are non-SLRs that have Telephoto lenses you can attach, I am pretty sure. Some of the compacts with Zoom capabilities are probably SLRs, technically
There are some "SLR-LIKE" cameras that are not SLRs, because they have a separate viewfinder which does not look through the main lens though.
By definition a SLR is a camera that has a single lens, and a mirror, the viewfinder looks through the LENS a Prism is used to restore the orientation of the image, in a manner, that when you look through the viewfinder, you see the photo will be taken. Any camera that has a single lens and uses this method reflection, so that the viewfinder and the image sensor both utilize the same lens is called SLR.
A DSLR just refers to digital technology.
So this should be easily circumvented by using any camera that is not a SLR, I guess, i.e. any Camera that has a viewfinder which that its own lens on the front of the camera and does not look through a single lens, OR uses a mechanism other than reflection to duplicate the image in the LENS to the viewfinder.
For example, a camera that electronically displays a rendition of the image hitting the image sensor using an electronic backlit display, without any reflection, instead of passing the image straight to the person viewing.
I suppose viewfinders that incorporate an electronic display, will, however, be more expensive than the reflection technique, and the image appearing on the display will be less true in quality than the actual picture.
Hm... I wonder if a technology ANALOG SLRs that don't use film would be effected by this?
For example, using a CMOS analog sensor instead of a digital image sensor.
And instead of storing bits, store voltages on some kind of media.
I suppose the Kuwaiti photography market might not be large enough to support such a device being created [if it does not exist already], however
Periodically stepping your clock is pretty bad, will break a number of applications, especially when NTP steps your clock backwards, it does not erase fingerprints. And 'ntpdate' is only really meant to set your clock initially when it is still too far off to sync, once your clock is accurate, you should start the NTP daemon.
Anyways, NTP and ntpdate will not be able to hide the signature. There are sub-second timing methods available to Javascript that do not rely on the time reflected by the system clock.
Stepping the clock directly may even reduce the noise, making the fingerprint clearer after it has been stepped. Note the Javascript Date objects have millisecond resolution, and some sites and javascript pages, particularly games, rely on fairly precise timekeeping.
Note the abstract linked stated "Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall, and also when the device’s system time is maintained via NTP or SNTP” "
The radiation from the backscatter xray is only equivalent to 4 minutes of flight time for the typical scan time
You are claiming an equivalency that is only based on one raw measure of the exposure, one of the least important measures of exposure (thermal energy), and misses important points.
The higher the energy of the radiation, the deeper into the body it will penetrate before it is absorbed. The lower energy radiation you experience in flight is reflected by the skin. The higher energy of backscatter machines is absorbed inside the body and can potentially effect the brain and the genitals. It might lead to sterilization or cancer.
The ionizing radiation you are exposed to on a backscatter machine is different and more harmful than the radiation you would be exposed to when flying, it is a different kind of radiation in magnitude.
The mere total exposure amount hides important factors such as the proportion absorbed VS the proportion harmlessly reflected.
Yes. Roll it out as part of a web browser software update for Firefox, kind of messy, involves manual work.
For Internet Explorer users, one group policy will update the Workstation's Trusted CA certificates store to include your custom certificate. And IE will use that to validate trust of the cert.
Indeed, if you have a "centrally controlled" provisioning system, you can even add the certificate to your default system build. Then the scary warnings go away completely.
If using Microsoft Internet Explorer, one group policy entry will distribute the CA certificate to all domain computers.
It's one of the things Firefox users have a hard time with, since there's no central management, they have to put up with SSL warnings on the intranet sites. Which is one of the unfortunate reasons Internet Explorer use is required in some organizations.
Enterprise CA is a standard part of modern enterprises that have intranets
If X-ray backscatter machines could sterilize you, you'd be sterile ten times over already from background radiation.
No, because the magnitude of background radiation is much much lower, disorganized, diffused by the Earth's atmosphere and electromagnetic field, non-directional, and not pointed in an organized fashion directly at your body, and doesn't reach nearly the energy levels of the backscatter machine. Especially when operators make mistakes with the machine that cause people to get even more exposure than they are supposed to, or to be exposed longer than the 2 seconds they are supposed to, that all the numbers validating its safety are based on -- when they make someone stand in the scanner for a few minutes with it running, the person is getting massive amounts of harmful radiation exposure, way beyond what is safe or indicated.
I'll hope either you're making that up, or the person who told you was making it up.
As it is, 911 gets more calls than they can deal with in many areas, and a lot of clueless people, or people without phone books call in non-emergencies, and there are plenty of calls at any particular time where the person does make contact. They have to prioritize the calls, and they address calls where life is reported to be in immediate danger first. The girl down the street's broken nail can wait, so can the guy caught shoplifting, unless he's armed or posing an immediate threat. Your silent call to 911 might get answered hours later, if at all.
Check out this link in regards to 911 call screening
Dial 911, simply do not SAY anything but do not hang up. cops will be on the way.
In many areas, simply dialing 911 does not connect you to an operator, you go to an IVR, and to get a responder you re prompted to "Press 1" or shout "Emergency" into the handset. 911 misdials are too frequent.
This caused problems a couple years ago, because certain Motorola and other phones disable all DTMF when a call was made to 911, so the person answering the IVR would "Press 1" when prompted to press 1, but since DTMF was disabled by their phone, it was impossible to answer the IVR prompt and get to the responder.
As for 911 no-contact / hangup calls, a police officer might come by in a few hours to investigate/figure out why 911 was dialed, and scold / fine the perp who dialed in
why you should text a 911 responder instead of just calling them?
Because there's an insane guy with a gun in a large room, and if he sees you on the phone, he will shoot. A covert way of calling in the emergency services could be useful.
As long as cell carriers are required to provide 911 with the GPS coordinates the phone was located at when the text was sent.
Disabling TCP timestamps doesn't remove the underlying problem, or prevent a Javascript from discovering the local system clock's fingerprint.
You would need to modify the Javascript interpreter for that and somehow introduce unpredictable amounts of 'error' in timing operations.
And modifying the Flash interpreter would be nigh impossible, since only Adobe has the source code
Your system's clock skew fingerprint will give you away, with a tiny bit of Javascript. Who needs cookies, when your computer has intrinsic characteristics / artifacts from manufacturing that uniquely identify it?
To be perfectly pedantic, the whole concept of race is flawed.
The word race in reference to humans refers to minor genetic variations held by certain groups within the same species or subspecies, resulting from them coming from the same breed. These can definitely be detected -- for example, there is (or was) a breed of humans that tends to have a certain skin tone, a certain hair color, a certain eye color, etc.
It is independent of culture; people can be of a certain race, but not the culture, and people can be of the culture but not the race -- with the exception of discriminatory cultures whose members specifically exclude people based on appearance, aka breed/race.
Basically, the same meaning the word race (or breed) has with regards to other species, for example Dogs.
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians ... are able to do' "
No racism there, except for extremely expansive gratuitously warped definitions of racism.
There are well-known large hacking rings in Russia and China. It is not difficult to imagine that many hackers working together are obviously a potentially larger threat than one hacker, assuming individuals of comparable skill and knowledge; the conclusions are obvious and have nothing to do with race.
There are some Malaysian hacking rings, but less well known to the public and the popular media.
Even if the more adept hackers happened to be in China, and it was stated, it wouldn't imply anything about race. As there are other factors involved, such as government being involved and promoting hacking, or there being stronger penalties for hackers in a country. The amount of technology available in a country, and the state of its economy and culture also effect such things.
In any event, Racism is defined as using power, for example, force, government authority, business decisions, or threat of violence/harm to promote the superiority of one race or to marginilize another.
Besides race there are a lot of differences between the culture and environment in Malaysia VS Chinese/Russian countries, ability to hide, and access to certain resources.
There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.
Nice episode in german law: If you leave your car unlocked and it gets (or might get) stolen, you can get fined for assisting crime.
Hm... is the crime against you in that case, or is the crime against your insurance company, when you try to make the loss claim that someone broke into your (unlocked) car? <G>
However, there is law and social conventions that say your car that you own is your private property, even when left unattended on a public street, and even if left unlocked.
The expectation is you left the car temporarily to go about your business and have not abandoned it or invited the public to take their pick from your stuff.
However, if you brought your car to a junkyard, and left your car unlocked, in a pile of other thrown-away cars, the expectation is completely different
However, video streams are not like cars, and are more like publications. Making 'video streams' publicly accessible is much like broadcasting something on TV, and trying to sue the channel guide people for reporting that program X is running so you can watch it on Tv instead of buying.
And then suing viewers who watched on TV but didn't buy the home video version
Generally, if someone has a news stand up with magazines, you are allowed to pick up a magazine and thumb through it, without opting to buy, should you decide you are not interested.
At this rate, next thing iwll be publishers suing bookstore patrons for reading parts of books in the store.
Ice that doesn't melt at room temperature.
Otherwise, this product could have a very short lifetime after purchase.....