The Enterprise does not move without actually moving but the Futurama spaceship does.
As far as I can remember (and I read the Enterprise technical manual over 15 years ago), the warp gondola create a field in which space-time is bended and thus much smaller. So, this vastly decreases the length of the space surrounded by the enterprise and thus it can fly through the shortened space with "normal" means in much less time, therefore creating the possibility to travel faster than light: light has to travel the "long way", outside of the shortened space whereas the enterprise can take "the shortcut" while traveling with nearly light speed, thereby going faster than light.
Why this will never work IRL is left as an exercise to the reader. (Hint: even in a shortened space-time, a mile is still a mile and a second is still a second when measured from within that space)
Now, the Futurama spaceship in contrast works by moving the universe aroud itself. Way cooler, isn't it?
The correct solution to limiting power is to require openness, not to limit their tools. We already place enormous trust in them by allowing them to have guns, make arrests, etc. Adding a DNA database adds little to these already scary powers. Which is why we need to be able to watch what they do and make sure it doesn't get out of hand. Current lack of openness in the government is by far the most serious problem right now (in the US, I can't speak for your country).
I can consent that argumentation. Now, as you pointed out, we currently lack that openness in the government that could prevent power abuses - therefore I do not like the idea of putting even more power in their hands, especially if it is a power that every dictator has wet dreams about.
Those in power have time and time again shown that they are more than willing to exchange the peoples rights against their personal power. PATRIOT Act, European Cybercrime Convention, Data retention laws, G.W.Bushs torture approvals, idiotic TSA measures like no-flight lists and tha ban of liquids on planes, ubiquitous survaillance, domestic spying,... The list is horrifyingly long.
Apart from that, even if you had a perfectly open government there still would be no guarantee that a populist like another Adolf Hitler would get empowered by the people and either withdraw that openness or even start killing millions of people with the consent of the majority of the people! (especially in economically tough times and when under appropriate "guidance" of the mass media and a ministry of propaganda, probably in a strongly regulated information society)
Your argument was that "Investigators know that a hit in a DNA database isn't as good as other evidence". This was an example where exorbitant ressources were wasted although everything indicated that there went something wrong: no investigator ever thought about the possibility that eventually the DNA evidence might be void. So, your point is moot, investagtors obviously take a DNA sample for as the perfect evidence and stop every logical reasoning as soon as DNA evidence is present.
Now, apart from that I worry about the power of the government. You might assume that the government and its institutions like the police or the FBI, CIA, NSA, etc. always play fair and nice. However, I find this to be a very big assumption. On the one hand side, power corrupts. Those in power are always tempted to abuse that power in order to stay in power or increase their power. On the other hand, there were things like NAZI-germany and the DDR with its Stasi in the recent history in my vicinity. And I would like to reserve the possibility to fight such institutions, should one spontanously form in my country. You know, like, the only thing that we have learned from history is that it repeats iteself.
Now, I can imagine taking part in a meeting of political dissidents and being detained shortly after because a Stasi-like organisation found the place of the meeting, found DNA evidence of my activites and subsequently ordered my detention.
There are more arguments against this but I have to go now, maybe I will try to convince you later on... (e.g. the right to bear arms in order to protect or fight against a government gone cracy is moot if you have a global DNA database which lets the government prevent that organized resitance could ever form)
Cotton Swabs are the Prime Suspect In 8-Year Phantom Chase
Posted by samzenpus on Thursday March 26, @12:10AM
from the mom-always-said-to-wash-your-hands dept.
Biotech
matt4077 writes "For eight years, several hundred police officers across multiple European countries have been chasing a phantom woman whose DNA had been found in almost 20 crimes (including two murders) across central Europe. It now turns out that contaminated cotton swabs might be responsible for this highly unusual investigation. After being puzzled by the apparent randomness of the crimes, investigators noticed that all cotton swabs had been sourced from the same company. They also noted that the DNA was never found in crimes in Bavaria, a German state located at the center of the crimes' locations. It turns out that Bavaria buys its swabs from a different supplier."
biotech slashdotted csi weird swabdotted science biotech story
In Germany, a phantom serial killer was chased for years just because they found DNA samples.
The Phantom's list of accomplices showed no pattern, ranging from Slovaks to Serbs, Albanians to Romanians, and her territory stretched throughout Germany and into Austria and France. No one had ever seen her, no security camera had ever captured her image. But when witnesses described her, they sometimes said she looked like a man.
Yeah, sure as hell police knows that you can't trust DNA samples right? Which is why dozens of police officers searched for the phantom for years despite these obvious contradictions. Even a 100.000 Euro bounty was offered...
It turned out to be some DNA pollution on the q-tips the police used: the DNA came from an employee of the cotton-wool tip manufacturer the police used. By the way, the q-tips (which are German polices standard DNA evidence seizure tips) were never supposed to be used for collecting DNA evidence by the manufacturer.
Anonymous
A "loose coalition of Internet denizens", Anonymous consists largely of users from multiple internet
sites such as 4chan, 711chan, 420chan, Something Awful, Fark, Encyclopedia Dramatica,
Slashdot, IRC channels, and YouTube. Other social networking sites are also utilized to mobilize
physical protests. Anonymous has no leader and is reliant on the collective power of individuals
acting in such a way that benefits the movement. Actions attributed to Anonymous include:
Habbo raids - Unwanted and prohibited behaviors in the Habbo
online community
Internet vigilantism reports - Self-identified Anonymous members
tracked down and helped authorities capture an online sexual
predator
Epilepsy Foundation forum invasion - Hackers changed the
coding of the website to random flashing patterns in an apparent
attempt to induce headaches and seizure. Anonymous denies
responsibility for this and has claimed that the Church of
Scientology actually staged the attack as Anonymous in an effort
to discredit the movement.
Project Chanology - an ongoing electronic and physical protest
campaign against the Church of Scientology
Speaking about drugs, I am about to travel to New York, so can anybody tell me what useful drugs I should stockpile while beeing there that I can't get here in Europe?
Last time I was in the US I saw a tooth painkiller in a store (some *caine), bought it and when the time came that I had a toothache and later when my girlfriend got her braces it got us some serious pain reliev.
This time I'd like to buy some melatonin. What else can you recommend?
So, you say, 12% lower risk of dying at all? Since everybody dies from some cause, there really is no such thing as 'natural death' - this just means that the coroner was too lazy to ascertain the cause of death (like a stroke or a heart attack).
Back when I was in the european equivalent of high school I used to drink lots of milk with cocoa. Then some day they switched to environment friendly glass packings and of course I was to lazy to clean them and turn them in again, so the empty glass bottles started getting sour in the back of my class. My classmates started to complain and so I switched to Coke. From then on I drank about 2-3 liters of Coke a day, later I substituted some of the coke for coffee and added some red bull.
Then I got problems with my stomach. So I had to stop drinking coke and red bull and coffee and so I had to abandon it all. I just switched to black tea since then (earl grey, hot, of course) and I do not miss the coffee or the coke at all. But now I drink about 4 liters of early grey a day, each cup (1/4 liter) with two sugar cubes.
I am quite confident that I am much more addicted to the constant supply of sugar than the caffein and actually worried about that one a bit.
And don't try to recommend me sweeteners as if I only drink a bit of diet coke or anything other containing saccharine (and I swear I can tell in an instant although it has been scientifically proven that the sense of taste can not distinguish them), my body craves for sugar and I need to compensate it with dozens the time of sweetener.
First let's make sure that every admin in charge of a network understands and has acted accordingly on the "traditional" ways of infection. Conficker/Downadup spreads currently via three methods:
It exploits the MS08-067 vulnerability to infect via the network.
It uses the Autostart mechanisms for spreading via network shares and removable devices (except for media that identify themselves as removable media such as USB sticks on WindowsXP and later)
It tries to bruteforce shares as user Administrator and with a known precompiled list of quite trivial passwords.
Of course this could all get changed or enhanced with an update that could occur on April 1st.
Now, what I want to point out with this comment is that you can end up with a complete infected LAN by only having overlooked or spared out just one system that remained unpatched and here is why:
If you happen to end up with an infection of a system and you log in as domain admin to it the virus has got everything it needs to spread to every system, particularly to the central file server. And if you do not happen to run an AV client for real-time monitoring there or if an updated version is not detected by the systems AV client signatures, you can get infected pretty badly.
When Conficker has domain admin privileges, it creates scheduled processes to execute a copy of itself on remote systems. In order to prevent this, you can either disable the scheduling process or you can write-protect the Root folder on your central file server.
So you might want to CYA and make sure that:
Every Windows box is patched
Autostart from anything but CDs is disabled
No system has admin accounts with trivial passwords
The systems which host mapped SMB shares have local AV real-time scans and the Root folders of these shares are write protected.
Okaaay, first I laughted at this part: WTF, an ape alpha male is upset when he can not control every bit of his sourrundings!... Do I realy need to say it?
Okaaay, first I laughted at the post: WTF, an ape alpha male is upset when he can not control every bit of his sourrundings!... Do I really need to say it?
Yup, idiots are kind of protected here. We have comparable strong laws protecting the privacy of the workplace, especially when it could be used against a worker. Like, video surveillance is not allowed to be used for evaluating things like when a worker makes a break or similar. Therefore, if the employer wants to access their own video surveillance tapes, he has to specify the exact reason, exact camera and a narrow timeframe and the "Betriebsrat" (workers' council) has to be involved in order to protect the privacy of individual workers shown and in order to oversee the employers actions.
I once wanted to do such a thing for my employer: sending out fake "Enter your login credentials here to win xxx" emails to our staff and invite those that responded with submitting their true credentials to security awareness trainings. However, it turned out that this would have been a violation of privacy rights here in Austria, Europe.
The employer could have been able to discriminate people for falling for the scam and thus it is illegal for my company to do such a thing.
So, if I get you right, you say that you will not act or even stop trying to convince other people that everything is just fine until the poles are molten, the gulf stream redirected, the climate drastically changed and with it the world economy ruined, mass extinctions going on, the oxygen in the air becoming scarce etc.?
I mean, WTF?
I do notw know which scientist got the best model for the climate but here are some facts:
Due to an improved understanding of anthropogenic warming and cooling influences on climate has improved the IPCC's Fourth Assessment Report states with very high confidence that the globally averaged net effect of human activities since 1750 has been one of warming, with a radiative forcing of +1.6 [+0.6 to +2.4] Watts per square metre (W/m^2).
Note 1: Radiative forcing is the change in the balance between radiation coming into the atmosphere and radiation going out. A positive radiative forcing tends on average to warm the surface of the Earth, and negative forcing tends on average to cool the surface.
Note 2: At the Equator, the Sun provides approximately 1,000 W/m^2 on the Earth's surface.
Annual average Arctic sea ice extent shrunk by 2.7 per cent per decade. Sea-ice decreases overall in summer by 7.4 per cent.
Temperatures at the top of permafrost layer have generally increased since the 1980s by up to 3C.
The maximum area covered by seasonally frozen ground has decreased by about 7% in the Northern Hemisphere since 1900 - in spring by up to 15 per cent.
Paleoclimate information supports the interpretation that the warmth of the last half century is unusual in at least the previous 1300 years. The last time the polar regions were significantly warmer than present for an extended period (about 125,000 years ago), reductions in polar ice volume led to 4 to 6 metres of sea level rise.
Annual fossil CO2 emissions increased from an average of 6.4 gigatons of carbon (GtC) per year in the 1990s, to 7.2 GtC per year in 2000-2005.
CO2 radiative forcing increased by 20 per cent from 1995 to 2005, the largest in any decade in at least the last 200 years.
For the next two decades a warming of about 0.2C per decade is projected for a range of emission scenarios.
Even if the concentrations of all greenhouse gases and aerosols had been kept constant at year 2000 levels, a further warming of about 0.1C per decade would be expected.
Temperatures in excess of 1.9 to 4.6C warmer than pre-industrial sustained for millennia will lead to eventual melt of the Greenland ice sheet. This would raise sea level by 7 metres - comparable to 125,000 years ago.
I mean, does this not sound plausible? I mean, to me it seems to be highly likely that our process of changing the composition of our atmosphere by releasing gigatons of previously absorbed CO2 would yield some big disturbing change.
So, here you are, not wanting to "believe" this "myth". Okey, so what? What if it turns out to be a real myth? And what if it turns out not to be a myth?
By the time that you will find yourself convinced of this immanent threat to humanity, it will be to late. To late for you, your children, your grandchildren, humanity. As the article tells, in a way it is already to late. Which by no means should be read as: "It is to late to act.". No, like, if you are a smoker, you might already have done some irreversible damage to your body. Which does not mean there would be no purpose in giving up smoking, right?
And what the hell do you think is convenient about your lacy ignorant "I-am-such-a-great-doubter" attitude? You get to drive your SUV without a bad conscience while ruining the planet you have borrowed from your children with it. Oh, how inconvenient that is.
Not generally. When you see a run of the mill buffer-overflow-execute-anything-you-want exploit, it usually only takes changing values of a few variables to get it to deliver your payload vs. what the example was doing.
Well, you can arm a PoC Exploit and crack a few PCs that way. Then you have only access to the box. Typically this might get detected quite fast by AV vendors, so you better have to obfuscate that code some more.
So by then you have a working sploit but you are not somewhere near to a botnet. First, you need code that stays on the box meaning it should start itself when the machine gets booted up. And if you want to be successful you should not choose HKLM/local...entVersion/run/ but something more subtle. The easy way to go here would be another less known registry value but this means executing a process that can be seen and thus be dealt with in your task manager. So, ideally you inject a dll into another process. Now that already takes quite some knowledge.
Now you still do not have a botnet, still far from it but closer.
No, you need a mechanism to distribute that code. That could be using the armed PoC exploit, brute forcing shares in the net, infecting files, copying to other devices or inclusion in Zip files etc. or just emailing itself in a combination with social engineering techniques so the recipient will execute that malware of yours.
And writing your own SMTP engine in assembly might not be that easy anymore. But for the sake of the argument, let's say you want to exploit a Windows SMB vulnerability. Then you have to think about algorithms for finding an IP address in an effective manner. And you have to make sure that it does not spread to fast because then you create a lot of noise that will get peoples attention and you even might cause enough scanning/exploitation attempts to clog the very pipes you need to spread.
That having said, you will want to disturb the work of antivirus companies. That means you have to identify the net ranges used by these AV companies and design your spreaing algorythm in a way that excludes those ranges. Then you will want to block AV software on infected hosts from getting signature updates, so you have to identify those IPs/DNS names as well in order to block the hosts access to them. As you can enter your victims through an exploit you even have the chance to avoid AV detection as a whole which means that you have to cleverly hide your presence form the AV or you (try to) disable the AV software altogether without the user and the host OS noticing. Not so easy at all! And you want to avoid to be dissected all to fast, so will want to implement some more obfuscation: assembly level anti-debugging features, self written executable packers, maybe virtual machine detection etc.
Congratulations, you now have written a worm. Of course you better test it with various OSses, languages, releases and AV systems, right?
Now, you still do not have a botnet!
For a botnet, you need some command and control structures. You need to communicate with your victims. Now that makes you easily traceable, so you might want to make your botnet a double-fast flux peer-to-peer network. Easy, isn't it?
And then you just have to find a way so that the money you are trying to make off of that botnet does not get easily traced back to you.
But yes, I agree, all it needs is a script kiddie that can exchange some NOP and 0xEB 0xFE code with a working payload, right? As easy as winking.
Clearly that guy neither must have any real knowledge about IT security nor can he be intelligent or skilled in any way.
Which, BTW, does not mean that I do not condone this, in fact I do. But if you happen to have those skills and you probably have invested significant time into learning everything about it and you are being paid just a bit over minimum wage (e.g. because you were on parole or for some other reason) and you are told every second day that your skills are
Although it is definitely a good idea to install the patch it will neither guarantee that no host in your environment gets infected nor does it guarantee that it will not spread within your network.
The worm propagates not only via the SMB vulnerability but also via autostart.inf on removeable media and network shares and tries to brute force your Admin$ shares with the Administrator account.
So, disabling autostart is indeed a very good idea additionally to patching the SMB vulnerability.
Well, it's not only corporate interests. There are also strong interests of the governments themselves to control the people, for obvious reasons. See my comment above on how what used to be "child porn" as the justification for the withdrawal of rights and liberties was replaced by "terrorism" and now seems to be replaced by the "child porn" argument again.
Slashdot Mirror
The Enterprise does not move without actually moving but the Futurama spaceship does.
As far as I can remember (and I read the Enterprise technical manual over 15 years ago), the warp gondola create a field in which space-time is bended and thus much smaller. So, this vastly decreases the length of the space surrounded by the enterprise and thus it can fly through the shortened space with "normal" means in much less time, therefore creating the possibility to travel faster than light: light has to travel the "long way", outside of the shortened space whereas the enterprise can take "the shortcut" while traveling with nearly light speed, thereby going faster than light.
Why this will never work IRL is left as an exercise to the reader. (Hint: even in a shortened space-time, a mile is still a mile and a second is still a second when measured from within that space)
Now, the Futurama spaceship in contrast works by moving the universe aroud itself. Way cooler, isn't it?
FYI, they also happen to have a Disaster and Emergency AlertMap.
And on a related note, this is why I actually use the Preview function instead of blindly inserting multiple 's into the text.
Why the hell are quotations not shown in the preview line of comments?
That having said, please excuse the reply to my own posting.
If user education was going to work, it would have worked by now.
~ Anti-virus researcher Vesselin Bontchev
The correct solution to limiting power is to require openness, not to limit their tools. We already place enormous trust in them by allowing them to have guns, make arrests, etc. Adding a DNA database adds little to these already scary powers. Which is why we need to be able to watch what they do and make sure it doesn't get out of hand. Current lack of openness in the government is by far the most serious problem right now (in the US, I can't speak for your country).
I can consent that argumentation. Now, as you pointed out, we currently lack that openness in the government that could prevent power abuses - therefore I do not like the idea of putting even more power in their hands, especially if it is a power that every dictator has wet dreams about.
Those in power have time and time again shown that they are more than willing to exchange the peoples rights against their personal power. PATRIOT Act, European Cybercrime Convention, Data retention laws, G.W.Bushs torture approvals, idiotic TSA measures like no-flight lists and tha ban of liquids on planes, ubiquitous survaillance, domestic spying, ... The list is horrifyingly long.
Apart from that, even if you had a perfectly open government there still would be no guarantee that a populist like another Adolf Hitler would get empowered by the people and either withdraw that openness or even start killing millions of people with the consent of the majority of the people! (especially in economically tough times and when under appropriate "guidance" of the mass media and a ministry of propaganda, probably in a strongly regulated information society)
Now, apart from that I worry about the power of the government. You might assume that the government and its institutions like the police or the FBI, CIA, NSA, etc. always play fair and nice. However, I find this to be a very big assumption. On the one hand side, power corrupts. Those in power are always tempted to abuse that power in order to stay in power or increase their power. On the other hand, there were things like NAZI-germany and the DDR with its Stasi in the recent history in my vicinity. And I would like to reserve the possibility to fight such institutions, should one spontanously form in my country. You know, like, the only thing that we have learned from history is that it repeats iteself.
Now, I can imagine taking part in a meeting of political dissidents and being detained shortly after because a Stasi-like organisation found the place of the meeting, found DNA evidence of my activites and subsequently ordered my detention.
There are more arguments against this but I have to go now, maybe I will try to convince you later on... (e.g. the right to bear arms in order to protect or fight against a government gone cracy is moot if you have a global DNA database which lets the government prevent that organized resitance could ever form)
Cotton Swabs are the Prime Suspect In 8-Year Phantom Chase
Posted by samzenpus on Thursday March 26, @12:10AM from the mom-always-said-to-wash-your-hands dept. Biotech
matt4077 writes "For eight years, several hundred police officers across multiple European countries have been chasing a phantom woman whose DNA had been found in almost 20 crimes (including two murders) across central Europe. It now turns out that contaminated cotton swabs might be responsible for this highly unusual investigation. After being puzzled by the apparent randomness of the crimes, investigators noticed that all cotton swabs had been sourced from the same company. They also noted that the DNA was never found in crimes in Bavaria, a German state located at the center of the crimes' locations. It turns out that Bavaria buys its swabs from a different supplier." biotech slashdotted csi weird swabdotted science biotech story
The Phantom's list of accomplices showed no pattern, ranging from Slovaks to Serbs, Albanians to Romanians, and her territory stretched throughout Germany and into Austria and France. No one had ever seen her, no security camera had ever captured her image. But when witnesses described her, they sometimes said she looked like a man.
Yeah, sure as hell police knows that you can't trust DNA samples right? Which is why dozens of police officers searched for the phantom for years despite these obvious contradictions. Even a 100.000 Euro bounty was offered...
It turned out to be some DNA pollution on the q-tips the police used: the DNA came from an employee of the cotton-wool tip manufacturer the police used. By the way, the q-tips (which are German polices standard DNA evidence seizure tips) were never supposed to be used for collecting DNA evidence by the manufacturer.
Anonymous A "loose coalition of Internet denizens", Anonymous consists largely of users from multiple internet sites such as 4chan, 711chan, 420chan, Something Awful, Fark, Encyclopedia Dramatica, Slashdot, IRC channels, and YouTube. Other social networking sites are also utilized to mobilize physical protests. Anonymous has no leader and is reliant on the collective power of individuals acting in such a way that benefits the movement. Actions attributed to Anonymous include: Habbo raids - Unwanted and prohibited behaviors in the Habbo online community Internet vigilantism reports - Self-identified Anonymous members tracked down and helped authorities capture an online sexual predator Epilepsy Foundation forum invasion - Hackers changed the coding of the website to random flashing patterns in an apparent attempt to induce headaches and seizure. Anonymous denies responsibility for this and has claimed that the Church of Scientology actually staged the attack as Anonymous in an effort to discredit the movement. Project Chanology - an ongoing electronic and physical protest campaign against the Church of Scientology
Sometimes I'll drink caffeine-free diet coke
Uuuwww, yikes, why whould anybody do that?
Last time I was in the US I saw a tooth painkiller in a store (some *caine), bought it and when the time came that I had a toothache and later when my girlfriend got her braces it got us some serious pain reliev.
This time I'd like to buy some melatonin. What else can you recommend?
Why, thank you. I almost had to look up that Excedrin on wikipedia. :-)
12% lower risk of dying from any cause
So, you say, 12% lower risk of dying at all? Since everybody dies from some cause, there really is no such thing as 'natural death' - this just means that the coroner was too lazy to ascertain the cause of death (like a stroke or a heart attack).
Back when I was in the european equivalent of high school I used to drink lots of milk with cocoa. Then some day they switched to environment friendly glass packings and of course I was to lazy to clean them and turn them in again, so the empty glass bottles started getting sour in the back of my class. My classmates started to complain and so I switched to Coke. From then on I drank about 2-3 liters of Coke a day, later I substituted some of the coke for coffee and added some red bull.
Then I got problems with my stomach. So I had to stop drinking coke and red bull and coffee and so I had to abandon it all. I just switched to black tea since then (earl grey, hot, of course) and I do not miss the coffee or the coke at all. But now I drink about 4 liters of early grey a day, each cup (1/4 liter) with two sugar cubes.
I am quite confident that I am much more addicted to the constant supply of sugar than the caffein and actually worried about that one a bit.
And don't try to recommend me sweeteners as if I only drink a bit of diet coke or anything other containing saccharine (and I swear I can tell in an instant although it has been scientifically proven that the sense of taste can not distinguish them), my body craves for sugar and I need to compensate it with dozens the time of sweetener.
Of course this could all get changed or enhanced with an update that could occur on April 1st.
Now, what I want to point out with this comment is that you can end up with a complete infected LAN by only having overlooked or spared out just one system that remained unpatched and here is why:
If you happen to end up with an infection of a system and you log in as domain admin to it the virus has got everything it needs to spread to every system, particularly to the central file server. And if you do not happen to run an AV client for real-time monitoring there or if an updated version is not detected by the systems AV client signatures, you can get infected pretty badly.
When Conficker has domain admin privileges, it creates scheduled processes to execute a copy of itself on remote systems. In order to prevent this, you can either disable the scheduling process or you can write-protect the Root folder on your central file server.
So you might want to CYA and make sure that:
Okaaay, first I laughted at this part: WTF, an ape alpha male is upset when he can not control every bit of his sourrundings! ... Do I realy need to say it?
Okaaay, first I laughted at the post: WTF, an ape alpha male is upset when he can not control every bit of his sourrundings! ... Do I really need to say it?
PRIVACY IS DEAD - GET OVER IT Pt 01, with Steve Rambam. on the last Hope conference.
Yup, idiots are kind of protected here. We have comparable strong laws protecting the privacy of the workplace, especially when it could be used against a worker. Like, video surveillance is not allowed to be used for evaluating things like when a worker makes a break or similar. Therefore, if the employer wants to access their own video surveillance tapes, he has to specify the exact reason, exact camera and a narrow timeframe and the "Betriebsrat" (workers' council) has to be involved in order to protect the privacy of individual workers shown and in order to oversee the employers actions.
I once wanted to do such a thing for my employer: sending out fake "Enter your login credentials here to win xxx" emails to our staff and invite those that responded with submitting their true credentials to security awareness trainings. However, it turned out that this would have been a violation of privacy rights here in Austria, Europe.
The employer could have been able to discriminate people for falling for the scam and thus it is illegal for my company to do such a thing.
So, if I get you right, you say that you will not act or even stop trying to convince other people that everything is just fine until the poles are molten, the gulf stream redirected, the climate drastically changed and with it the world economy ruined, mass extinctions going on, the oxygen in the air becoming scarce etc.?
I mean, WTF?
I do notw know which scientist got the best model for the climate but here are some facts:
Source.
WTF?
I mean, does this not sound plausible? I mean, to me it seems to be highly likely that our process of changing the composition of our atmosphere by releasing gigatons of previously absorbed CO2 would yield some big disturbing change.
So, here you are, not wanting to "believe" this "myth". Okey, so what? What if it turns out to be a real myth? And what if it turns out not to be a myth?
By the time that you will find yourself convinced of this immanent threat to humanity, it will be to late. To late for you, your children, your grandchildren, humanity. As the article tells, in a way it is already to late. Which by no means should be read as: "It is to late to act.". No, like, if you are a smoker, you might already have done some irreversible damage to your body. Which does not mean there would be no purpose in giving up smoking, right?
And what the hell do you think is convenient about your lacy ignorant "I-am-such-a-great-doubter" attitude? You get to drive your SUV without a bad conscience while ruining the planet you have borrowed from your children with it. Oh, how inconvenient that is.
You know
Not generally. When you see a run of the mill buffer-overflow-execute-anything-you-want exploit, it usually only takes changing values of a few variables to get it to deliver your payload vs. what the example was doing.
Well, you can arm a PoC Exploit and crack a few PCs that way. Then you have only access to the box. Typically this might get detected quite fast by AV vendors, so you better have to obfuscate that code some more.
So by then you have a working sploit but you are not somewhere near to a botnet. First, you need code that stays on the box meaning it should start itself when the machine gets booted up. And if you want to be successful you should not choose HKLM/local...entVersion/run/ but something more subtle. The easy way to go here would be another less known registry value but this means executing a process that can be seen and thus be dealt with in your task manager. So, ideally you inject a dll into another process. Now that already takes quite some knowledge.
Now you still do not have a botnet, still far from it but closer.
No, you need a mechanism to distribute that code. That could be using the armed PoC exploit, brute forcing shares in the net, infecting files, copying to other devices or inclusion in Zip files etc. or just emailing itself in a combination with social engineering techniques so the recipient will execute that malware of yours.
And writing your own SMTP engine in assembly might not be that easy anymore. But for the sake of the argument, let's say you want to exploit a Windows SMB vulnerability. Then you have to think about algorithms for finding an IP address in an effective manner. And you have to make sure that it does not spread to fast because then you create a lot of noise that will get peoples attention and you even might cause enough scanning/exploitation attempts to clog the very pipes you need to spread.
That having said, you will want to disturb the work of antivirus companies. That means you have to identify the net ranges used by these AV companies and design your spreaing algorythm in a way that excludes those ranges. Then you will want to block AV software on infected hosts from getting signature updates, so you have to identify those IPs/DNS names as well in order to block the hosts access to them. As you can enter your victims through an exploit you even have the chance to avoid AV detection as a whole which means that you have to cleverly hide your presence form the AV or you (try to) disable the AV software altogether without the user and the host OS noticing. Not so easy at all! And you want to avoid to be dissected all to fast, so will want to implement some more obfuscation: assembly level anti-debugging features, self written executable packers, maybe virtual machine detection etc.
Congratulations, you now have written a worm. Of course you better test it with various OSses, languages, releases and AV systems, right?
Now, you still do not have a botnet!
For a botnet, you need some command and control structures. You need to communicate with your victims. Now that makes you easily traceable, so you might want to make your botnet a double-fast flux peer-to-peer network. Easy, isn't it?
And then you just have to find a way so that the money you are trying to make off of that botnet does not get easily traced back to you.
But yes, I agree, all it needs is a script kiddie that can exchange some NOP and 0xEB 0xFE code with a working payload, right? As easy as winking.
Clearly that guy neither must have any real knowledge about IT security nor can he be intelligent or skilled in any way.
Which, BTW, does not mean that I do not condone this, in fact I do. But if you happen to have those skills and you probably have invested significant time into learning everything about it and you are being paid just a bit over minimum wage (e.g. because you were on parole or for some other reason) and you are told every second day that your skills are
Although it is definitely a good idea to install the patch it will neither guarantee that no host in your environment gets infected nor does it guarantee that it will not spread within your network.
The worm propagates not only via the SMB vulnerability but also via autostart.inf on removeable media and network shares and tries to brute force your Admin$ shares with the Administrator account.
So, disabling autostart is indeed a very good idea additionally to patching the SMB vulnerability.
Well, it's not only corporate interests. There are also strong interests of the governments themselves to control the people, for obvious reasons. See my comment above on how what used to be "child porn" as the justification for the withdrawal of rights and liberties was replaced by "terrorism" and now seems to be replaced
by the "child porn" argument again.