How about you just let them leave? Preferably without frisking their person or luggage for any bits or pieces of gold / silver on the way out.
It's kind of like being thrown into a forced marriage, then getting a divorce where you lose your house. That the 'social contract' you were born into (read: in much the same way that slaves were born into a 'contract' with their masters) was foisted onto you is bad enough, but the part where the group you are leaving gets to take whatever of your property it wants on your way out is especially dark. I guess it's in any group's interest to 'banish' the troublemakers, and see to it that they make an 'example' of them if only to assert their dominance to the rest of their group. Can't let them go without some molestation, that's just not good slaving.
"Hey, I noticed you aren't a fan of austerity, so I am going to let you go, but on your way out, leave your money and your clothes because that's ours. I know, I know, we've been deciding what's good and bad for you since before you were born, and I know that we spent years forcing propaganda down your throat in a way that would melt the heart of even the most tight-fisted of repressive regimes. But we are going to need the 5 or 6 years worth of pittance you somehow managed to avoid giving us the last time we were looking for some money. You were our slave first, so we own the fruits of your labor until after we set you free, and even then, maybe. Mr. TSA officer over there is going to make sure you aren't smuggling any drugs, etc. out of our fair country, so bend over for old times sake. You know the position."
To put it another way, we are going to need your red stapler, and for you to move your stuff down to the basement.
Yeah, there in lies the problem. It inevitably will violate those human rights of others. It's called erosion, and like corruption, you start off without it, and end up with nothing but it.
Yes, provided you don't go with a light-water design.
You can have the best and brightest people working for you on your staff, it doesn't change the fact that the reactor design is 50 years old and alterations are done by backhoe.
Meh, it's usually just a prop. Like an FBI agent's badge, it serves as a symbol to override your innate defenses of what is almost certainly going to be a fishing expedition. The FBI agent is dealing with a problem, which is that he has some information, but not all of it. How much is anyone's guess, and differs on a case by case basis. The point is, he's going to bluff his way, showing a card every once in a while, until he has the entire pot. If you're hooked up to a polygraph machine, you're in pretty deep, but there's no reason you can't get back out.
The best bet when dealing these folks is to use an inverse strategy. Instead of trying to selectively tell the truth, lie about everything. If your name is "Mark Fitzgerald," employ a brief compartmentalization technique. Tell yourself that your name is "Mark C. Fitzgerald," when you know it isn't. Do this continuously, very rapidly, then when they ask you your name ("Is your name Mark Fitzgerald"), decompartmentalize, and realize the name you're thinking of is a lie. Employ this strategy to your heart's content, and their results will be all over the place, with plenty of false positives mixed in with false negatives. I wouldn't recommend using this technique without some training (at least practice in front of the mirror, like you're rehearsing a speech, only to realize that it's the wrong speech). Acquire a polygraph machine, and learn from it if you want. Remember, it's not important that you know the questions beforehand, nor that you use this technique on all of them, it's only important that you use it at least a few times during the session, and that you think of something you know of as kind of true, kind of false, before realizing it's false. Remember, the agents in question are bluffing, so whatever solid information they believe in going in, can be confirmed or shredded on exit.
If they are actually trained to use the machine, and care about the results, they will give up after a little while (they aren't going to give away any tells, just in case the psychological factors might work as well, but the session should be relatively short). If not (i.e. they're just using it as a prop, and the agent looking at the results isn't actually trained to read them), they will probably just keep chugging along, but at least you know that it's a ploy.
Reminds me of Babylon 5: [Bester surprises Garibaldi with some psychological, not psychic, interrogation skills.] Bester: Liars are always afraid that somebody's going to see through them. So I just provided him with a vehicle for his paranoia. Your captain's opinions notwithstanding, the badge and the uniform do have certainadvantages. Garibaldi: Like intimidation? Bester: Absolutely! Just likeyour badge, andyour uniform.
Which reminds me. The bar for satisfactory evidence in this country is kind of at a new low, so polygraphs will probably be phased out in third quarter, 2012, in favor of something like in traffic court: "He guilty?" "Yes sir, I saw him do it" "Off to jail with him then."
As long as it's cool that I do the same to them, totally.
Normally I don't care what FBI Agent #123132 and Agent #809823 are chatting about while watching surveillance videos, but the fact that they tend to do it in a dark room and only when their boss isn't around makes me suspicious that they might not have my best interests in mind.;-)
A law enforcement officer's method for finding out whether or not something is actually unreasonable is to go ahead and do it, and see if anyone sues them.
It's like this: the feds are kind of like a slow, plodding police inspector (of the Javert variety). They miss a lot of things every day, tons of crimes going on everywhere that never get solved. We all know this, but people are loathe to acknowledge it. To acknowledge it is to admit that something is wrong, and if something is wrong, you may feel some compulsion to do something about it.
So, when they finally do catch someone, they make sure to punish them extra brutally, supposedly to set an example to all the others. The reality is, they punish them extra brutally so the populace will feel that justice is being served, that something is being done about all the lawlessness. It's nothing more than politics, a classic misdirection, but it works so fr*cking well that it's become a law enforcement staple.
You're assuming that someone of any capability would want to work for them. Typically, the only people working for them are failures ("I got caught, so now I have to work for Uncle Sam, but I'm still a 1337 h@x0r!") or the wanna-bes ("I studied cryptography + network security, downloaded a few scripts / tools (I installed that hacker operating system "linux" and can use nmap), and while I could be a totally 'leet black hat, I've decided to fight for truth, justice, and the American way, because I am a good guy!").
All the money in the world can't buy talent if they don't want to work for you. See any large company where management has made their best programmers flee.
And the Egyptians knew that the earth was a sphere. Funny things happen with civilizations fall, and the idiots are free to destroy works of knowledge.
We don't know that. We should send some prospectors in there just to be sure. Maybe we will find some gold? I think the US Treasury is going to need some soon...
What if you aren't interested in applying, but just want to borrow their servers for the weekend? You know, for a Botnet or something really insane like.BitCoin generators on every server + client I can find on that subnet? If Congress can sell our national forests to foreigners, I call dibs on the NSA super-cluster.
Maybe. But they are running out of white elephants. They need a new enemy, and they need a new one NOW! How else are they going to justify the 2014 budget?
Crackers / Hackers / Hacktivists (bleh!) are one of those groups that people don't really understand (like Muslims, Chinese, etc.) that makes it easy to say "THEY CAN DO BAD THINGS, JUST LOOK AT THEM!" and no one really knows them well-enough to say otherwise. A little priming ("they might be working with drug dealers and arms smugglers...child pornography and human trafficking"), and the media will take to it the way cancer takes to a prostate gland. That civil rights are being strip-mined and purses looted to fuel these witch hunts does not matter; all that matters is that the Good Guys win in the end. And that the guys with guns and small brains get paid. We really haven't progressed from a feudal society, have we?
You can't make a typical Marine into a cyber security expert; the skill-sets for either are almost mutually exclusive. This, of course, does not prevent people from buying security certs and taking pointless low-level courses in basic networking, then declaring themselves security experts. Nor will it prevent the congress critters from lavishing their favorite security firms with outlandish contracts which provide no real security.
I'm not saying that you can't train a Marine into a cyber security expert; what I'm saying is that for every 1 Marine you manage to successfully train, you will have 40,000 hackers / crackers, with higher levels of expertise in the relevant fields, ready to bitch-slap him and his friends off the internet. I think the US government has more to fear from its own people here than foreign governments; and screwing around where it doesn't belong is only going to cause them to lose control that much faster.
Remember, you have lots of underemployed CS / IT people here in the US, because their jobs got sent overseas. Factor in a screwed up currency and a never-ending recession. You end up with down-trodden, under-payed, over-worked, and typically highly-trained in all that technology class of people. Now tell them that the US government is going to help make things more secure, by mandating that a bunch of ill-trained marines have backdoor access to every important system in the US. That they need to keep port 23423 open at all times, or they will be fined. That they need to configure their systems to use some officially sanctioned software for virus protection, because someone in DC managed to pass a law mandating it.
They will get a war, but it won't be the one they are preparing for.
GameStop believes is has found a source of instant karma with dedicated gamers. The loss by honoring ancient pre-orders may be less than the gain by pitching everything else at gamers in the checkout line.
Your assumption is that my post pertains 100% to the current incarnation of this attack, rather than it being a proof of concept.
If your users believe that they are immune to malware, and they aren't, they can become infected. That it requires a small amount of social engineering to game a user into installing the malware right now is immaterial.
To put another way, "Malware Defender for the Mac" may not work, but "iJailbreaker for the Mac" probably will.
Remember, Apple has been marketing their Macs to people as a way of avoiding malware. While some of the Mac population consists of intelligent people capable of spotting these threats, most of it does not. They think they are safe, forever, from malware.
Malware for a computer is like paparazzi for an actor. You need to pass a certain threshold in popularity, and then it doesn't matter who you are, it's a problem.
A Botnet, perhaps. But it would need to be a Botnet that was made up almost exclusively of machines with high-end video cards.
And who do we know buys $600-1000 video cards? Gamers, people doing video rendering, programmers and techs in general. Remember, your average person buys the cheapest @#^& that someone at Costco or BestBuy will sell them, with $600 for the entire machine, not just the video card. And you think most gamers, programmers, and video rendering people are not going to notice that their desktop is lagging? Wh00f! You are talking about people who brag about a 0.1 fps advantage over the competition. God help the person trying to help create a Botnet from these people's machines. When these techs find out, they'll probably take apart the bot, find out where this person lives, and drop a satellite on them. One tech? No. Five thousand techs, with injured pride for getting their personal machine infected with a bot? Death from above.
And yes, one machine with an ATI 5970 working on 700 Mhashes/sec is worth more than one hundred machines with an integrated Intel chipset working on 700 Mhashes/sec. Yes, the advantage for machines with expensive video cards is that bad. And you will want an ATI card over a Nvidia card.
You know what people with Botnets are really going to do? The same thing they've been doing for almost a week now. They attack the Bitcoin pools, trying to DDOS them off the internet, so the number of people working on blocks drops, as does the difficulty rate. Less people working on blocks = easier blocks = money in their pockets. Any machines which have real video cards in them are probably going to be in the operator's apartment.
Slashdot Mirror
How about you just let them leave? Preferably without frisking their person or luggage for any bits or pieces of gold / silver on the way out.
It's kind of like being thrown into a forced marriage, then getting a divorce where you lose your house. That the 'social contract' you were born into (read: in much the same way that slaves were born into a 'contract' with their masters) was foisted onto you is bad enough, but the part where the group you are leaving gets to take whatever of your property it wants on your way out is especially dark. I guess it's in any group's interest to 'banish' the troublemakers, and see to it that they make an 'example' of them if only to assert their dominance to the rest of their group. Can't let them go without some molestation, that's just not good slaving.
"Hey, I noticed you aren't a fan of austerity, so I am going to let you go, but on your way out, leave your money and your clothes because that's ours. I know, I know, we've been deciding what's good and bad for you since before you were born, and I know that we spent years forcing propaganda down your throat in a way that would melt the heart of even the most tight-fisted of repressive regimes. But we are going to need the 5 or 6 years worth of pittance you somehow managed to avoid giving us the last time we were looking for some money. You were our slave first, so we own the fruits of your labor until after we set you free, and even then, maybe. Mr. TSA officer over there is going to make sure you aren't smuggling any drugs, etc. out of our fair country, so bend over for old times sake. You know the position."
To put it another way, we are going to need your red stapler, and for you to move your stuff down to the basement.
Losing the USA isn't going to throw the rest of the planet into chaos.
^_^ . It's the NSA, they hack their own systems so they can boast about it.
Skynet has been delayed several weeks. The AI refuses to eat the kitten, so we are going back to the drawing board. ^_^
Russia has wanted Western Europe for some time. Nice to know it's going to finally fulfill its dream.
Yeah, there in lies the problem. It inevitably will violate those human rights of others. It's called erosion, and like corruption, you start off without it, and end up with nothing but it.
Yes, provided you don't go with a light-water design.
You can have the best and brightest people working for you on your staff, it doesn't change the fact that the reactor design is 50 years old and alterations are done by backhoe.
Meh, it's usually just a prop. Like an FBI agent's badge, it serves as a symbol to override your innate defenses of what is almost certainly going to be a fishing expedition. The FBI agent is dealing with a problem, which is that he has some information, but not all of it. How much is anyone's guess, and differs on a case by case basis. The point is, he's going to bluff his way, showing a card every once in a while, until he has the entire pot. If you're hooked up to a polygraph machine, you're in pretty deep, but there's no reason you can't get back out.
The best bet when dealing these folks is to use an inverse strategy. Instead of trying to selectively tell the truth, lie about everything. If your name is "Mark Fitzgerald," employ a brief compartmentalization technique. Tell yourself that your name is "Mark C. Fitzgerald," when you know it isn't. Do this continuously, very rapidly, then when they ask you your name ("Is your name Mark Fitzgerald"), decompartmentalize, and realize the name you're thinking of is a lie. Employ this strategy to your heart's content, and their results will be all over the place, with plenty of false positives mixed in with false negatives. I wouldn't recommend using this technique without some training (at least practice in front of the mirror, like you're rehearsing a speech, only to realize that it's the wrong speech). Acquire a polygraph machine, and learn from it if you want. Remember, it's not important that you know the questions beforehand, nor that you use this technique on all of them, it's only important that you use it at least a few times during the session, and that you think of something you know of as kind of true, kind of false, before realizing it's false. Remember, the agents in question are bluffing, so whatever solid information they believe in going in, can be confirmed or shredded on exit.
If they are actually trained to use the machine, and care about the results, they will give up after a little while (they aren't going to give away any tells, just in case the psychological factors might work as well, but the session should be relatively short). If not (i.e. they're just using it as a prop, and the agent looking at the results isn't actually trained to read them), they will probably just keep chugging along, but at least you know that it's a ploy.
Reminds me of Babylon 5:
[Bester surprises Garibaldi with some psychological, not psychic, interrogation skills.]
Bester: Liars are always afraid that somebody's going to see through them. So I just provided him with a vehicle for his paranoia. Your captain's opinions notwithstanding, the badge and the uniform do have certainadvantages.
Garibaldi: Like intimidation?
Bester: Absolutely! Just likeyour badge, andyour uniform.
Which reminds me. The bar for satisfactory evidence in this country is kind of at a new low, so polygraphs will probably be phased out in third quarter, 2012, in favor of something like in traffic court: "He guilty?" "Yes sir, I saw him do it" "Off to jail with him then."
Lol. Remind me again, if you don't spend money, does it just go into the trash can?
As long as it's cool that I do the same to them, totally.
Normally I don't care what FBI Agent #123132 and Agent #809823 are chatting about while watching surveillance videos, but the fact that they tend to do it in a dark room and only when their boss isn't around makes me suspicious that they might not have my best interests in mind. ;-)
A law enforcement officer's method for finding out whether or not something is actually unreasonable is to go ahead and do it, and see if anyone sues them.
To be honest, if you're using taxpayer money + FBI field agents to act as garbageman, I am not going to be too worried about anything you might find.
You're obviously too incompetent to be a threat to me.
They are both.
It's like this: the feds are kind of like a slow, plodding police inspector (of the Javert variety). They miss a lot of things every day, tons of crimes going on everywhere that never get solved. We all know this, but people are loathe to acknowledge it. To acknowledge it is to admit that something is wrong, and if something is wrong, you may feel some compulsion to do something about it.
So, when they finally do catch someone, they make sure to punish them extra brutally, supposedly to set an example to all the others. The reality is, they punish them extra brutally so the populace will feel that justice is being served, that something is being done about all the lawlessness. It's nothing more than politics, a classic misdirection, but it works so fr*cking well that it's become a law enforcement staple.
You're assuming that someone of any capability would want to work for them. Typically, the only people working for them are failures ("I got caught, so now I have to work for Uncle Sam, but I'm still a 1337 h@x0r!") or the wanna-bes ("I studied cryptography + network security, downloaded a few scripts / tools (I installed that hacker operating system "linux" and can use nmap), and while I could be a totally 'leet black hat, I've decided to fight for truth, justice, and the American way, because I am a good guy!").
All the money in the world can't buy talent if they don't want to work for you. See any large company where management has made their best programmers flee.
Excellent. So they'll leave him in peace until everyone has forgotten about him.
And the Egyptians knew that the earth was a sphere. Funny things happen with civilizations fall, and the idiots are free to destroy works of knowledge.
We don't know that. We should send some prospectors in there just to be sure. Maybe we will find some gold? I think the US Treasury is going to need some soon...
What if you aren't interested in applying, but just want to borrow their servers for the weekend? You know, for a Botnet or something really insane like.BitCoin generators on every server + client I can find on that subnet? If Congress can sell our national forests to foreigners, I call dibs on the NSA super-cluster.
Of course. The entrance exam is breaking into the relevant server, and adding your name to the list of applicants.
Maybe. But they are running out of white elephants. They need a new enemy, and they need a new one NOW! How else are they going to justify the 2014 budget?
Crackers / Hackers / Hacktivists (bleh!) are one of those groups that people don't really understand (like Muslims, Chinese, etc.) that makes it easy to say "THEY CAN DO BAD THINGS, JUST LOOK AT THEM!" and no one really knows them well-enough to say otherwise. A little priming ("they might be working with drug dealers and arms smugglers...child pornography and human trafficking"), and the media will take to it the way cancer takes to a prostate gland. That civil rights are being strip-mined and purses looted to fuel these witch hunts does not matter; all that matters is that the Good Guys win in the end. And that the guys with guns and small brains get paid. We really haven't progressed from a feudal society, have we?
You can't make a typical Marine into a cyber security expert; the skill-sets for either are almost mutually exclusive. This, of course, does not prevent people from buying security certs and taking pointless low-level courses in basic networking, then declaring themselves security experts. Nor will it prevent the congress critters from lavishing their favorite security firms with outlandish contracts which provide no real security.
I'm not saying that you can't train a Marine into a cyber security expert; what I'm saying is that for every 1 Marine you manage to successfully train, you will have 40,000 hackers / crackers, with higher levels of expertise in the relevant fields, ready to bitch-slap him and his friends off the internet. I think the US government has more to fear from its own people here than foreign governments; and screwing around where it doesn't belong is only going to cause them to lose control that much faster.
Remember, you have lots of underemployed CS / IT people here in the US, because their jobs got sent overseas. Factor in a screwed up currency and a never-ending recession. You end up with down-trodden, under-payed, over-worked, and typically highly-trained in all that technology class of people. Now tell them that the US government is going to help make things more secure, by mandating that a bunch of ill-trained marines have backdoor access to every important system in the US. That they need to keep port 23423 open at all times, or they will be fined. That they need to configure their systems to use some officially sanctioned software for virus protection, because someone in DC managed to pass a law mandating it.
They will get a war, but it won't be the one they are preparing for.
GameStop believes is has found a source of instant karma with dedicated gamers. The loss by honoring ancient pre-orders may be less than the gain by pitching everything else at gamers in the checkout line.
That's what we want you to think. ^_^
Your assumption is that my post pertains 100% to the current incarnation of this attack, rather than it being a proof of concept.
If your users believe that they are immune to malware, and they aren't, they can become infected. That it requires a small amount of social engineering to game a user into installing the malware right now is immaterial.
To put another way, "Malware Defender for the Mac" may not work, but "iJailbreaker for the Mac" probably will.
Lol. Only if the user is on the ball.
Remember, Apple has been marketing their Macs to people as a way of avoiding malware. While some of the Mac population consists of intelligent people capable of spotting these threats, most of it does not. They think they are safe, forever, from malware.
Malware for a computer is like paparazzi for an actor. You need to pass a certain threshold in popularity, and then it doesn't matter who you are, it's a problem.
A Botnet, perhaps. But it would need to be a Botnet that was made up almost exclusively of machines with high-end video cards.
And who do we know buys $600-1000 video cards? Gamers, people doing video rendering, programmers and techs in general. Remember, your average person buys the cheapest @#^& that someone at Costco or BestBuy will sell them, with $600 for the entire machine, not just the video card. And you think most gamers, programmers, and video rendering people are not going to notice that their desktop is lagging? Wh00f! You are talking about people who brag about a 0.1 fps advantage over the competition. God help the person trying to help create a Botnet from these people's machines. When these techs find out, they'll probably take apart the bot, find out where this person lives, and drop a satellite on them. One tech? No. Five thousand techs, with injured pride for getting their personal machine infected with a bot? Death from above.
And yes, one machine with an ATI 5970 working on 700 Mhashes/sec is worth more than one hundred machines with an integrated Intel chipset working on 700 Mhashes/sec. Yes, the advantage for machines with expensive video cards is that bad. And you will want an ATI card over a Nvidia card.
You know what people with Botnets are really going to do? The same thing they've been doing for almost a week now. They attack the Bitcoin pools, trying to DDOS them off the internet, so the number of people working on blocks drops, as does the difficulty rate. Less people working on blocks = easier blocks = money in their pockets. Any machines which have real video cards in them are probably going to be in the operator's apartment.