but no one wants to do that. Doing it would mean to be responsible for subsequent takedowns, and what is seen as illegal in one country may be the opposite in another country, and you would need to establish a system for takedown, which can be misused for censorship.
To bring this back to the original topic: you know what a command and control is? I hope so. My posts only have covered the time the malware already was installed on the device. Not before. Of course you won't get the virus when you click a link "download here" which leads into nothingness. And yes, you are true, single ips are easier to fight than dns entries in remote countries, spread over the world. I just said that IPs cannot be blocked by a host file, and I say that it makes no sense to give a DNS server a DNS entry, which would have to be resolved first using a dns server, but the only one available needs a dns lookup before working, and so on and so on.
The only cause that justifies this/. story is that this malware was the first ransomware that used an onion address for C&C, not just only "tor alone". It would gain almost no advantage when it then exited the tor network again through an exit node. It would still have needed some DNS entry somewhere. onion addresses are almost impossible to take down.
Please explain: what are hardcodes?
TOR isn't slow anymore. try it. today. then come back and tell me your opinion about the speed of tor but don't yell tor *is* slow while not having tried it recently (you may yell tor *was* slow though).
Blocking ips using a hosts file... I'm sorry but I don't know of any way of doing this. Even it it were possible, there tor uses no "rogue DNS" servers, and not using any DNS directly, the DNS is tunneled to the exit relay which then invokes the DNS request. Any block by any firewall or ISP DNS fails here -- not just DNS request blocks like the hosts files, but also IP level blocks. This is what TOR was invented for.
As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects). The russians could only say "this is too secure, design something that can be broken more easily".
That might be true if the application is using the OS provided network stack, e.g. with DnsQuery. However AFAIK nothing prevents an application to bring its own DNS stack which queries external DNS, ignoring the host file. Does the OS block outgoing requests on port 53? And, as I've said before, the DNS in TOR doesn't use the OS provided DNS. It uses its own one. Blocking the C&C perhaps stops communication to the hq, but that doesn't help when the virus is written to first encrypt the HDD and then wait for further commands from C&C.
The ldpreload attack is not a problem of the compositor, but the configuration of apparmor or SELinux: http://mupuf.org/blog/2014/02/... http://blog.siphos.be/2011/04/... The transparent window attack doesn't work, does it? It seems that it is possible to make a transparent window, but then I doubt the events will be passed on onto the below applications. The keylogger would need to fake user input, which isn't possible AFAIK.
I haven't reviewed the source code for every single application and update I install. Nor have my distro's packagers. And the software is compiled on some server I don't know, and the server is a single point of failure. But still I trust this model more as randomly installing blobs from various websites. When I randomly install software from my package repo no ads pop up from the taskbar, and I don't see CPU constantly at 100%. Don't have tried it for randomly downloading windows software from the internet.
The C&C Servers are what is communicated back against (as well as serving up exploits payloads etc. @ times also & IF they don't? Blocking out the payloads servers does the job... which hosts CAN do) - IF/WHEN I block that, should it NOT be disabled for communication, even via TOR?
blocking C&C can at least stop the bad guys from integrating your computer into a botnet. correct me if I'm wrong, but hosts only changes the host file? The host file blocks a website only when the OS' DNS is used, but tor has its own DNS, not even using the usual DNS port, but tunneling everything through a https-like connection.
* Fill me in...
(As far as "porting" it to Linux? I've thought about it... wouldn't be hard - & I WISH Borland didn't KILL Kylix (was Delphi for Linux for the most part) - however - there IS FreePascal & it's "Lazarus" IDE, which is VERY CLOSE to the Delphi IDE, & from what I understand, an ALMOST clone of its compiler commandset too! Thus, it IS, doable...)
APK
P.S.=> See - I guess I don't *fully* understand TOR (as I don't use it myself, tried it once - TOO damned slow, just like anonymous proxies are, same idea iirc for the most part afaik - correct me IF I am wrong/off here too... I can stand to learn by it as I *admit* I do NOT "know it all" & can learn as much as the next guy since this field changes so fast & dynamically)
... apk
The first time I've tried tor it was also very slow, but after some years I've tried again and now its usually fast enough even for videos. Sometimes (seldom) a relay is slow, then wait 10 minutes or choose another circuit.
I guess your host file program is very superior (it uses 64 bit, that is very future-proof) and so on and so on, but even *if* the C&C servers were known, they could only be defeated if your host program were installed on the tor exit relays. As I guess most run linux, you should port your host program to linux, and encourage its installation on the tor mailing list. Tor doesn't use "normal" DNS -- it uses its own which is routed through the tor network also. The exit relays do the DNS request for you. Otherwise it would be too simple to trace the traffic from the DNS usage.
No, not at all. What you are referring to is that X server doesn't need uid 0 to run. But still there is, amongst others, the problem that every x application can keylog you: http://hamsterbaum.de/index.ph... And taking screenshots from the whole screen or faking user input (also for the whole screen) is also possible for every X application.
Most linux distros have software repositories, and when you only use them (no ppas) to install stuff, you are on the safe side. Windows store only includes metro apps. The lack of a proper software repository mechanism is nothing else than an invitation from microsoft to surf the web for software and download it from there. Another part of this problem is dice, which agrees to display "download here" ads on sourceforge, and google, which doesn't want to disable the "download here" ads.
Dice and Google make money from being used to spread malware, and tor is blamed for routing C&C? This is just stupid. Of course, i've read this, but somehow their efforts were in vain, as I've tried today and got a "free trial windows drivers download now" ad on the vlc download page.
Getting elite people and good publicity sound like good reasons for me. Their business doesn't rely on lock-in as heavily as microsoft's, they need publicity.
privacy extensions only rotate the local host part of the address, the subnet prefix (which is unique but neither static nor regularly changing for your router box) stays untouched. my post was about the subnet prefix. It would be great for the providers to assign a static one and a dynamic one.
It is going away when: 1.( a) one guy implements it in open source (likely) and it has the neccessary features (less likely) and usability (least likely), and which will get popular (rather unlikely) OR b) people become less greedy and companies get popular which get money by selling the devices and not the data or ads on the devices. ) AND 2. Internet providers assign static ipv6 subnets (perhaps additionally to the dynamic privacy-friendly ones) (hey they could use this for lock-in: change your provider, change your bookmarks)
It took a long time since cyanogenmod came out, and even CM isn't fully respecting the user in its default setup, and CM still lacks some drivers.
Yeah, but as its sponsored by google nest, you will get ads for the last thing you googled for while being shocked. And if you took the facebook sponsored seat, your insurance knows you have an heart attack even before it is over.
Only the submissions have to be in english, not the names. OP was wrong in this point, I find no hint in the rules that forbid an arabic name. On the contrary:
Proposed names should be:
16 characters or less in length.
Preferably one word.
Pronounceable (in some language)
I think they can address the astronomic organisations in english only, but would do better (nice gesture of being global) if they offered at least the most used languages. You can argue that (?amateur) Scientific organisations, particularly in astronomy, which is highly international (the european(!) telescopes are in chile), usually have the needed knowledge of english. But when the vote is for the public, it would be a great sign of arrogance if the website won't be language localized.
No undocumented, untaxed, under-the-radar transactions will be tolerated.
You are joking, aren't you? Cashless money only forces the small people to pay taxes. Those who can afford a monaco citizenship will still go away untaxed. The governments should hunt the big money instead. But they know, that if they do, big money moves off, like in france (which did a far too exagerated tax), as it lives from and lives for its money (nothing bad, I would do the same). So instead they tax those for whom money doesn't have this big priority. No average rich person will leave a country only because they raised taxes.
Slashdot Mirror
https://www.youtube.com/watch?...
but no one wants to do that. Doing it would mean to be responsible for subsequent takedowns, and what is seen as illegal in one country may be the opposite in another country, and you would need to establish a system for takedown, which can be misused for censorship.
To bring this back to the original topic: you know what a command and control is? I hope so. My posts only have covered the time the malware already was installed on the device. Not before. Of course you won't get the virus when you click a link "download here" which leads into nothingness. And yes, you are true, single ips are easier to fight than dns entries in remote countries, spread over the world. I just said that IPs cannot be blocked by a host file, and I say that it makes no sense to give a DNS server a DNS entry, which would have to be resolved first using a dns server, but the only one available needs a dns lookup before working, and so on and so on.
The only cause that justifies this /. story is that this malware was the first ransomware that used an onion address for C&C, not just only "tor alone". It would gain almost no advantage when it then exited the tor network again through an exit node. It would still have needed some DNS entry somewhere. onion addresses are almost impossible to take down.
Please explain: what are hardcodes?
TOR isn't slow anymore. try it. today. then come back and tell me your opinion about the speed of tor but don't yell tor *is* slow while not having tried it recently (you may yell tor *was* slow though).
Blocking ips using a hosts file... I'm sorry but I don't know of any way of doing this.
Even it it were possible, there tor uses no "rogue DNS" servers, and not using any DNS directly, the DNS is tunneled to the exit relay which then invokes the DNS request. Any block by any firewall or ISP DNS fails here -- not just DNS request blocks like the hosts files, but also IP level blocks. This is what TOR was invented for.
As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".
That might be true if the application is using the OS provided network stack, e.g. with DnsQuery. However AFAIK nothing prevents an application to bring its own DNS stack which queries external DNS, ignoring the host file. Does the OS block outgoing requests on port 53?
And, as I've said before, the DNS in TOR doesn't use the OS provided DNS. It uses its own one.
Blocking the C&C perhaps stops communication to the hq, but that doesn't help when the virus is written to first encrypt the HDD and then wait for further commands from C&C.
The ldpreload attack is not a problem of the compositor, but the configuration of apparmor or SELinux:
http://mupuf.org/blog/2014/02/...
http://blog.siphos.be/2011/04/...
The transparent window attack doesn't work, does it? It seems that it is possible to make a transparent window, but then I doubt the events will be passed on onto the below applications. The keylogger would need to fake user input, which isn't possible AFAIK.
I haven't reviewed the source code for every single application and update I install. Nor have my distro's packagers. And the software is compiled on some server I don't know, and the server is a single point of failure.
But still I trust this model more as randomly installing blobs from various websites.
When I randomly install software from my package repo no ads pop up from the taskbar, and I don't see CPU constantly at 100%. Don't have tried it for randomly downloading windows software from the internet.
The C&C Servers are what is communicated back against (as well as serving up exploits payloads etc. @ times also & IF they don't? Blocking out the payloads servers does the job... which hosts CAN do) - IF/WHEN I block that, should it NOT be disabled for communication, even via TOR?
blocking C&C can at least stop the bad guys from integrating your computer into a botnet. correct me if I'm wrong, but hosts only changes the host file? The host file blocks a website only when the OS' DNS is used, but tor has its own DNS, not even using the usual DNS port, but tunneling everything through a https-like connection.
* Fill me in...
(As far as "porting" it to Linux? I've thought about it... wouldn't be hard - & I WISH Borland didn't KILL Kylix (was Delphi for Linux for the most part) - however - there IS FreePascal & it's "Lazarus" IDE, which is VERY CLOSE to the Delphi IDE, & from what I understand, an ALMOST clone of its compiler commandset too! Thus, it IS, doable...)
APK
P.S.=> See - I guess I don't *fully* understand TOR (as I don't use it myself, tried it once - TOO damned slow, just like anonymous proxies are, same idea iirc for the most part afaik - correct me IF I am wrong/off here too... I can stand to learn by it as I *admit* I do NOT "know it all" & can learn as much as the next guy since this field changes so fast & dynamically)
... apk
The first time I've tried tor it was also very slow, but after some years I've tried again and now its usually fast enough even for videos. Sometimes (seldom) a relay is slow, then wait 10 minutes or choose another circuit.
I guess your host file program is very superior (it uses 64 bit, that is very future-proof) and so on and so on, but even *if* the C&C servers were known, they could only be defeated if your host program were installed on the tor exit relays. As I guess most run linux, you should port your host program to linux, and encourage its installation on the tor mailing list. Tor doesn't use "normal" DNS -- it uses its own which is routed through the tor network also. The exit relays do the DNS request for you. Otherwise it would be too simple to trace the traffic from the DNS usage.
No, not at all. What you are referring to is that X server doesn't need uid 0 to run. But still there is, amongst others, the problem that every x application can keylog you: http://hamsterbaum.de/index.ph...
And taking screenshots from the whole screen or faking user input (also for the whole screen) is also possible for every X application.
And desktop linux is unfortunately less secure than windows to 0day attacks. I hope wayland fixes this through isolation and privilege separation.
Most linux distros have software repositories, and when you only use them (no ppas) to install stuff, you are on the safe side. Windows store only includes metro apps. The lack of a proper software repository mechanism is nothing else than an invitation from microsoft to surf the web for software and download it from there. Another part of this problem is dice, which agrees to display "download here" ads on sourceforge, and google, which doesn't want to disable the "download here" ads.
Dice and Google make money from being used to spread malware, and tor is blamed for routing C&C? This is just stupid.
Of course, i've read this, but somehow their efforts were in vain, as I've tried today and got a "free trial windows drivers download now" ad on the vlc download page.
Beta has them too. Instead of symols for the buttons I get hex codes, the default replacement in firefox when the font has no symbol for that char.
I suppose phones are forbidden in jails, so... As long as you are in jail...
Getting elite people and good publicity sound like good reasons for me. Their business doesn't rely on lock-in as heavily as microsoft's, they need publicity.
privacy extensions only rotate the local host part of the address, the subnet prefix (which is unique but neither static nor regularly changing for your router box) stays untouched. my post was about the subnet prefix. It would be great for the providers to assign a static one and a dynamic one.
It is going away when:
1.(
a) one guy implements it in open source (likely) and it has the neccessary features (less likely) and usability (least likely), and which will get popular (rather unlikely)
OR
b) people become less greedy and companies get popular which get money by selling the devices and not the data or ads on the devices.
)
AND
2. Internet providers assign static ipv6 subnets (perhaps additionally to the dynamic privacy-friendly ones) (hey they could use this for lock-in: change your provider, change your bookmarks)
It took a long time since cyanogenmod came out, and even CM isn't fully respecting the user in its default setup, and CM still lacks some drivers.
I'm actually happy about fox doing this, as it creates hatred for DRM and such.
Yeah, but as its sponsored by google nest, you will get ads for the last thing you googled for while being shocked. And if you took the facebook sponsored seat, your insurance knows you have an heart attack even before it is over.
Only the submissions have to be in english, not the names. OP was wrong in this point, I find no hint in the rules that forbid an arabic name. On the contrary:
Proposed names should be:
16 characters or less in length.
Preferably one word.
Pronounceable (in some language)
I think they can address the astronomic organisations in english only, but would do better (nice gesture of being global) if they offered at least the most used languages. You can argue that (?amateur) Scientific organisations, particularly in astronomy, which is highly international (the european(!) telescopes are in chile), usually have the needed knowledge of english.
But when the vote is for the public, it would be a great sign of arrogance if the website won't be language localized.
The problem is that wikipedia, just like almost every non-darknet site in the world, doesn't allow users with tor ips to edit it.
Of course, cash isn't insured... once it is stolen, it is stolen. However, there are risks with all decisions.
I'd rather like my purse taken away from me than my eye cut out because it gave biometric access to my account.
No undocumented, untaxed, under-the-radar transactions will be tolerated.
You are joking, aren't you? Cashless money only forces the small people to pay taxes. Those who can afford a monaco citizenship will still go away untaxed.
The governments should hunt the big money instead. But they know, that if they do, big money moves off, like in france (which did a far too exagerated tax), as it lives from and lives for its money (nothing bad, I would do the same). So instead they tax those for whom money doesn't have this big priority. No average rich person will leave a country only because they raised taxes.
If they hope to join the rest of the developed world, they need to get their shit together.
so, you suggest, USA ain't developed?
http://tech.slashdot.org/story/14/04/22/001239/intentional-backdoor-in-consumer-routers-found