There are dozens of commercial keyloggers and remote admin type apps out there. "Firewalls do not present a problem" to any of these, nor most of the other tools. I'm assuming here that they mean incoming firewalls, not restrictive bidirectional firewalls which block unknown outbound connections. The fact that this makes use of webcams and microphones is nothing new, Back Orifice did this a decade or so ago. None of the antispyware or antivirus vendors mark the commercial tools as malicious, because they assume (wrongly) that whoever put the tool there had a right to do so. I guess the only thing that is new here is that the company is distributing only to law enforcement. That might not even be new, since I'm sure the espionage community has some exclusively licensed tools at its disposal. If you want to get paranoid about something, be worried that your credit card info is in the hands of somebody in former Soviet countries or that some ransomware has taken over your PC. Trust me, the Swiss are not your biggest problem out there.
Alright, so now we have an admin who blames all his problems on being hacked, and the story is posted on/. I wonder how many script kiddies are running their proggies against the site right now. I give it another hour or two before that page gets replaced with "I pwzn j00!" or some other unintelligible leet speek.
So this old guy can't hear the thing, huh? Unplug it! He'll never know and you can get back to being a hoodlum with no fear of reprisals. Or you could light his social security checks on fire.
I was a Psychology major and ended up getting a job as a Field Tech at a hospital, because I knew a lot about how to fix computers. I was always more interested in the security side of computers and data, so I applied for a position in Information Security when one was available. I'm living proof that you can use a Psychology (or any college degree, really) degree to get into IT. Get established somewhere and be ambitious and you'll be able to thrive.
I suspect another reason to do this would be to prevent theft. Certain Cisco WAPs can pick up RFID so that you'd know how much of that overpriced equipment is walking out the door and can catch the hospital staff doing it. Unless, of course, they'd had an operation there before.
I'm in Information Security and have often thought about hitting up our web guy to put a set of watching eyes on the intranet homepage. I also have been trying to find a nice poster of watching eyes to put in my office. I think I'll give that a try and see if the visits to "not-for-work" sites goes down.
Let's look at the things which Microsoft claims are "significantly and positively impact[ed]" by trying to protect their Intellectual Property:
economic growth
The only economic growth impacted is the upward growth of the modchip makers -- an industry Microsoft can't dominate and bully. What happenned to the economic growh of Netscape when Microsoft integrated IE into Windows -- a design flaw that has not been corrected even in Vista! How about all of the patents illegally used by Microsoft over the years? Why was their "economic growh" and Intellectual Property not worth protecting?
technological innovation
The modchip industry is pretty damn innovative! You have a huge multi-billion dollar company in a huge multi-billion dollar industry designing these consoles to be hackproof, yet a few guys in a garage can hack them in under a year. That is technological innovation, too, it's just not in a way that Microsoft can stifle and control. It is open innovation, published and available to all.
and most importantly, the confidence of customers who count on the integrity and quality of their products.
Integrity like scratching discs to unpreadability? Quality like overheating and frequent crashes? Correct me if I'm wrong, but wasn't it the modders and makers who designed ways to cool the power supplies and devices? From strings to hang the power brick to watercooling for the processors, the hardware hackers have been improving on the designs of the XBOX 360. It seems to me like these problems should have been fixed BEFORE shipping by highly paid designers, not AFTER shipping by fans who didn't want to feel cheated out of their money.
When I worked at a hotel (65 rooms, no restaurant), we used a product called Check-Inn. It had all of the features you mentioned, and was fairly decent. It wasn't awesome, but it wasn't too expensive, either. IIRC, they could do internet reservations in the latest release (which we weren't running).
I was just looking for something to do this same thing. I haven't solved the problem yet, but Netgear and Linksys have some inexpensive stuff. I ordered the Linksys RV042 and it should arrive today. I'm anxiously awaiting setting it up and testing it because of the Dual WAN functionality. My second internet connection should arrive on Thursday:)
Last time I heard, Steve Jobs said something like "We are, and always will be, a hardware company." Now I'm not saying that Boot Camp will sell more hardware, but I don't think anybody expects Boot Camp to help sell more copies of OS X. Can you even buy an Intel Mac without OS X? I doubt it.
If the BOFH were running the server, he'd just take all obviously non-Danish IP addresses and return a really strange time. Maybe he could even stumble on a buffer overflow in their client and brick the router. Then d-link would have a lot of pissed off customers and drive support costs way up. This might not solve the immediate problem that the NTP server has, but at least it would piss off a lot of people, and that's more important to the BOFH, anyway.
Nice writeup. I had meant to say a couple of the things you did, but didn't because I was throwing the post together before I left for work. I use FreeBSD fairly often, and usually I rebuild my kernel and install only the bare minimum needed to function. If I'm not building a web box, no Apache. I rarely use SQL, so I almost never install it. But I typically stick with a command line, because I usually use BSD in servers (although FreeSBIE is a nice live CD to use). The main reason that I do these things is for security -- if you're not running a service or daemon, then its vulnerabilities can't bite you in the ass. Of course, just about the first thing I ever do on a Windows system is to disable the crap that isn't needed (yes, even before patching -- in fact, even before connecting to the network).
If you check out the benchmarks of XP running on Apple hardware, they are generally better than what runs on dedicated PC hardware, even with the extra layer of EFI-BIOS translation. Why is that? I suspect that it has something to do with the fact that the only drivers which exist are the drivers needed to run on that platform. Therefore, the drivers loaded are minimal, and are only what are needed to run on that system. Likewise, the only services running are those which are needed. I'd guess that these builds, they have some.dlls and other things tweaked for the build in order to keep things simple. This also makes things faster and more secure.
So why can't PC manufacturers tweak their builds to do these things? Do computers come with PS2 and serial ports anymore? Is there a point in loading 50 SCSI drivers in a SATA system? Nope. For that matter, some of the larger companies like Dell, Compaq, IBM, etc. might could get Microsoft to make a custom kernel for their hardware, leaving out support for things that clearly aren't needed. But I would guess that the Windows XP kernel isn't modular enough to do this. My guess is that the major PC manufacturers don't really CARE how fast things run on their hardware. In fact, if things run slowly, they like it because it fuels consumers to upgrade their hardware sooner. Of course brands like Alienware and VooDoo probably do tweak their builds, because their business models are different -- quality over quantity.
These things are exactly what happens when Apple makes a computer, or when a Linux geek tweaks out his builds. As a Windows guy, I can tweak my build out so that it runs faster (and MUCH more securely) by disabling services, dlls, etc. I've never gone so far as to take out drivers, but it wouldn't be that hard (use Autoruns from Sysinternals.com if you want to do it).
A couple of people play solitare all day long instead of doing productive things. They don't have any immediate work to do, but they could sure as hell stand to improve themselves in things other than playing solitare. A couple of people even have FPSes installed on their computers.
It's always a shocker to see what kind of data is collected by keyloggers. With 20+ pieces of malware on the average PC, how many do you think are in places where you do have personal information. Your company has all of your personal information, somebody had to enter that in by hand. How about banks? They're frequently the target of even nastier things than the article mentions. Remember that the credit card and check scanning devices that are attached to computers input data in the same way that keyboards do. In fact, most of them are daisy-chained to keyboard plugs to get power. This means that if your local florist, butcher, dry cleaner, etc. does transactions on the computer, all of your credit card or check information could be in Russia within the hour! Scary.
There are different requirements for enterprise use than for personal use. I will try to help out a bit for those in the corporate world. For example, SpyBot and Ad-Aware are only free for personal use. Because of this, IT shops are not supposed to use this without buying a license. So what should an underfunded IT department use?
Anti-Virus: Yeah, it's usually not great for catching spyware, but the latest versions of all vendors should at least slow down some of it. In our organization, we have several different versions of Norton Anti-Virus, from 7.x to 10.0. So if one PC has lots of problems with spyware, putting version 10.0 on there helps fight it automatically.
Microsoft Anti-Spyware: This is a pretty good tool for unmanaged environments. It is better than Ad-Aware or SpyBot, from my experience. I am not sure of the licensing, however, since we don't use it here.
Autoruns and Process Explorer: These are fantastic products that you can use at work for free, as long as you always download it from www.sysinternals.com when you put them on a PC. Autoruns will give way too much information about what starts up and what has hooks into the OS. To the average user, this can be overwhelming and even dangerous, so make sure you know what you're doing when you remove something. Process Explorer is a great tool for seeing what is running. It is miles better than Task Manager that ships with Windows. It shows you what hooks into what processes and will even allow you to pause a running application!
StartupList and HijackThis: These two programs will help you figure out what kind of nasty stuff you might have running. I am not aware of the licensing issues with these, as I usually use Autoruns instead.
APT, APM, and TaskMan+: These three tools are process explorer type utilities. However, with APT and APM, you can unload a certain DLL file. This is very useful if you have a dll that you can't delete and that keeps regenerating all of the other junk you just removed. Simply unload the DLL from anything it is hooked into and then you can delete everything. TaskMan+ lets you kill almost any process, including services. Best of all, these products are licensed without restriction.
I hope these help. Sorry I can't write more but I'm at work fighting off the bad stuff myself;)
Just remember that the same goes for everyone. When you have made up your mind on something, you are much more likely to rationalize that decision in the face of conflicting facts than to change your mind. This has been "known" for a long time in Psychology. All in all, not a totally useless science as some people believe.
IIRC, there are some viruses/worms that specifically target dialup IPs because the computers connected to them are usually less secure. Being on dialup usually means that you don't download the latest updates. Therefore these types of viruses are able to exploit a wider variety of vulnerabilities. I'd advise going with DSL-Lite or something like it. These services are little more than dialup and usually include a firewall in the modem. All things being equal, I'd trust a PC with a hardware firewall on DSL over a modem with no hardware firewall. As long as you use best practices (installing all patches as they become available, using at least a software firewall, running anti-virus software, keeping a watch on what runs), though, you should be fine. Also remember that while you are downloading an update, you could be getting a virus. This applies to dialup as well as high speed.
Slashdot Mirror
There are dozens of commercial keyloggers and remote admin type apps out there. "Firewalls do not present a problem" to any of these, nor most of the other tools. I'm assuming here that they mean incoming firewalls, not restrictive bidirectional firewalls which block unknown outbound connections. The fact that this makes use of webcams and microphones is nothing new, Back Orifice did this a decade or so ago. None of the antispyware or antivirus vendors mark the commercial tools as malicious, because they assume (wrongly) that whoever put the tool there had a right to do so. I guess the only thing that is new here is that the company is distributing only to law enforcement. That might not even be new, since I'm sure the espionage community has some exclusively licensed tools at its disposal. If you want to get paranoid about something, be worried that your credit card info is in the hands of somebody in former Soviet countries or that some ransomware has taken over your PC. Trust me, the Swiss are not your biggest problem out there.
Hardware keyloggers and screenshot captures would totally defeat this.
Alice: You mean impossible?
Doorknob: No, impassible. Nothing's impossible.
-- Alice in Wonderland, 1951
Does anybody else think of Napoleon Dynamite when they read about defects? What if you're on a Gateway that's painted like a cow?
Alright, so now we have an admin who blames all his problems on being hacked, and the story is posted on /. I wonder how many script kiddies are running their proggies against the site right now. I give it another hour or two before that page gets replaced with "I pwzn j00!" or some other unintelligible leet speek.
So this old guy can't hear the thing, huh? Unplug it! He'll never know and you can get back to being a hoodlum with no fear of reprisals. Or you could light his social security checks on fire.
I was a Psychology major and ended up getting a job as a Field Tech at a hospital, because I knew a lot about how to fix computers. I was always more interested in the security side of computers and data, so I applied for a position in Information Security when one was available. I'm living proof that you can use a Psychology (or any college degree, really) degree to get into IT. Get established somewhere and be ambitious and you'll be able to thrive.
I suspect another reason to do this would be to prevent theft. Certain Cisco WAPs can pick up RFID so that you'd know how much of that overpriced equipment is walking out the door and can catch the hospital staff doing it. Unless, of course, they'd had an operation there before.
I'm in Information Security and have often thought about hitting up our web guy to put a set of watching eyes on the intranet homepage. I also have been trying to find a nice poster of watching eyes to put in my office. I think I'll give that a try and see if the visits to "not-for-work" sites goes down.
Maybe it's all the MacBook Pro batteries http://apple.slashdot.org/article.pl?sid=06/06/22/ 1828232 and Dell laptops exploding http://hardware.slashdot.org/article.pl?sid=06/06/ 21/1448207.
Let's look at the things which Microsoft claims are "significantly and positively impact[ed]" by trying to protect their Intellectual Property:
economic growth
The only economic growth impacted is the upward growth of the modchip makers -- an industry Microsoft can't dominate and bully. What happenned to the economic growh of Netscape when Microsoft integrated IE into Windows -- a design flaw that has not been corrected even in Vista! How about all of the patents illegally used by Microsoft over the years? Why was their "economic growh" and Intellectual Property not worth protecting?
technological innovation
The modchip industry is pretty damn innovative! You have a huge multi-billion dollar company in a huge multi-billion dollar industry designing these consoles to be hackproof, yet a few guys in a garage can hack them in under a year. That is technological innovation, too, it's just not in a way that Microsoft can stifle and control. It is open innovation, published and available to all.
and most importantly, the confidence of customers who count on the integrity and quality of their products.
Integrity like scratching discs to unpreadability? Quality like overheating and frequent crashes? Correct me if I'm wrong, but wasn't it the modders and makers who designed ways to cool the power supplies and devices? From strings to hang the power brick to watercooling for the processors, the hardware hackers have been improving on the designs of the XBOX 360. It seems to me like these problems should have been fixed BEFORE shipping by highly paid designers, not AFTER shipping by fans who didn't want to feel cheated out of their money.
And the stampede begins as pedophiles leave myspace.com for The Sims.
When I worked at a hotel (65 rooms, no restaurant), we used a product called Check-Inn. It had all of the features you mentioned, and was fairly decent. It wasn't awesome, but it wasn't too expensive, either. IIRC, they could do internet reservations in the latest release (which we weren't running).
I was just looking for something to do this same thing. I haven't solved the problem yet, but Netgear and Linksys have some inexpensive stuff. I ordered the Linksys RV042 and it should arrive today. I'm anxiously awaiting setting it up and testing it because of the Dual WAN functionality. My second internet connection should arrive on Thursday :)
r outer_wired_security_sb.php u ct_C1&childpagename=US%2FLayout&cid=1117775454480& pagename=Linksys%2FCommon%2FVisitorWrapper
http://www.netgear.com/products/business/prod_vpn
http://www.linksys.com/servlet/Satellite?c=L_Prod
Mod parent up, please. Logging in as yourself provides both accountability and another layer of defense against hacking.
Last time I heard, Steve Jobs said something like "We are, and always will be, a hardware company." Now I'm not saying that Boot Camp will sell more hardware, but I don't think anybody expects Boot Camp to help sell more copies of OS X. Can you even buy an Intel Mac without OS X? I doubt it.
Does this $100 laptop make my code look fat?
If the BOFH were running the server, he'd just take all obviously non-Danish IP addresses and return a really strange time. Maybe he could even stumble on a buffer overflow in their client and brick the router. Then d-link would have a lot of pissed off customers and drive support costs way up. This might not solve the immediate problem that the NTP server has, but at least it would piss off a lot of people, and that's more important to the BOFH, anyway.
Nice writeup. I had meant to say a couple of the things you did, but didn't because I was throwing the post together before I left for work. I use FreeBSD fairly often, and usually I rebuild my kernel and install only the bare minimum needed to function. If I'm not building a web box, no Apache. I rarely use SQL, so I almost never install it. But I typically stick with a command line, because I usually use BSD in servers (although FreeSBIE is a nice live CD to use). The main reason that I do these things is for security -- if you're not running a service or daemon, then its vulnerabilities can't bite you in the ass. Of course, just about the first thing I ever do on a Windows system is to disable the crap that isn't needed (yes, even before patching -- in fact, even before connecting to the network).
If you check out the benchmarks of XP running on Apple hardware, they are generally better than what runs on dedicated PC hardware, even with the extra layer of EFI-BIOS translation. Why is that? I suspect that it has something to do with the fact that the only drivers which exist are the drivers needed to run on that platform. Therefore, the drivers loaded are minimal, and are only what are needed to run on that system. Likewise, the only services running are those which are needed. I'd guess that these builds, they have some .dlls and other things tweaked for the build in order to keep things simple. This also makes things faster and more secure.
So why can't PC manufacturers tweak their builds to do these things? Do computers come with PS2 and serial ports anymore? Is there a point in loading 50 SCSI drivers in a SATA system? Nope. For that matter, some of the larger companies like Dell, Compaq, IBM, etc. might could get Microsoft to make a custom kernel for their hardware, leaving out support for things that clearly aren't needed. But I would guess that the Windows XP kernel isn't modular enough to do this. My guess is that the major PC manufacturers don't really CARE how fast things run on their hardware. In fact, if things run slowly, they like it because it fuels consumers to upgrade their hardware sooner. Of course brands like Alienware and VooDoo probably do tweak their builds, because their business models are different -- quality over quantity.
These things are exactly what happens when Apple makes a computer, or when a Linux geek tweaks out his builds. As a Windows guy, I can tweak my build out so that it runs faster (and MUCH more securely) by disabling services, dlls, etc. I've never gone so far as to take out drivers, but it wouldn't be that hard (use Autoruns from Sysinternals.com if you want to do it).
Just my $0.02.
A couple of people play solitare all day long instead of doing productive things. They don't have any immediate work to do, but they could sure as hell stand to improve themselves in things other than playing solitare. A couple of people even have FPSes installed on their computers.
It's always a shocker to see what kind of data is collected by keyloggers. With 20+ pieces of malware on the average PC, how many do you think are in places where you do have personal information. Your company has all of your personal information, somebody had to enter that in by hand. How about banks? They're frequently the target of even nastier things than the article mentions. Remember that the credit card and check scanning devices that are attached to computers input data in the same way that keyboards do. In fact, most of them are daisy-chained to keyboard plugs to get power. This means that if your local florist, butcher, dry cleaner, etc. does transactions on the computer, all of your credit card or check information could be in Russia within the hour! Scary.
There are different requirements for enterprise use than for personal use. I will try to help out a bit for those in the corporate world. For example, SpyBot and Ad-Aware are only free for personal use. Because of this, IT shops are not supposed to use this without buying a license. So what should an underfunded IT department use?
;)
Anti-Virus: Yeah, it's usually not great for catching spyware, but the latest versions of all vendors should at least slow down some of it. In our organization, we have several different versions of Norton Anti-Virus, from 7.x to 10.0. So if one PC has lots of problems with spyware, putting version 10.0 on there helps fight it automatically.
Microsoft Anti-Spyware: This is a pretty good tool for unmanaged environments. It is better than Ad-Aware or SpyBot, from my experience. I am not sure of the licensing, however, since we don't use it here.
Autoruns and Process Explorer: These are fantastic products that you can use at work for free, as long as you always download it from www.sysinternals.com when you put them on a PC. Autoruns will give way too much information about what starts up and what has hooks into the OS. To the average user, this can be overwhelming and even dangerous, so make sure you know what you're doing when you remove something. Process Explorer is a great tool for seeing what is running. It is miles better than Task Manager that ships with Windows. It shows you what hooks into what processes and will even allow you to pause a running application!
StartupList and HijackThis: These two programs will help you figure out what kind of nasty stuff you might have running. I am not aware of the licensing issues with these, as I usually use Autoruns instead.
APT, APM, and TaskMan+: These three tools are process explorer type utilities. However, with APT and APM, you can unload a certain DLL file. This is very useful if you have a dll that you can't delete and that keeps regenerating all of the other junk you just removed. Simply unload the DLL from anything it is hooked into and then you can delete everything. TaskMan+ lets you kill almost any process, including services. Best of all, these products are licensed without restriction.
I hope these help. Sorry I can't write more but I'm at work fighting off the bad stuff myself
Just remember that the same goes for everyone. When you have made up your mind on something, you are much more likely to rationalize that decision in the face of conflicting facts than to change your mind. This has been "known" for a long time in Psychology. All in all, not a totally useless science as some people believe.
In American politics there are rarely any "good" points made by either sides. Only "bad" points made by both sides. [/sarcasm]
IIRC, there are some viruses/worms that specifically target dialup IPs because the computers connected to them are usually less secure. Being on dialup usually means that you don't download the latest updates. Therefore these types of viruses are able to exploit a wider variety of vulnerabilities. I'd advise going with DSL-Lite or something like it. These services are little more than dialup and usually include a firewall in the modem. All things being equal, I'd trust a PC with a hardware firewall on DSL over a modem with no hardware firewall. As long as you use best practices (installing all patches as they become available, using at least a software firewall, running anti-virus software, keeping a watch on what runs), though, you should be fine. Also remember that while you are downloading an update, you could be getting a virus. This applies to dialup as well as high speed.