A million internet points for the person who commercializes this in to a faster than light inter-planatary communication network and calls it subspace.
The file is erased and rewritten after everything outside of ring 0 has been terminated. So the only way to infect the hyberfil.sys would be have ring 0 write the infected file.
They say "supports" because it is up to the developer to have the application that uses the GovCloud be certified. All they are saying is "Our services will not prevent you from writing applications that can fulfill these certifications"
Guessing from my experience to the situation of GP, they will probably end up with B), at least for some time. Maybe they can get away with it, because for a computer that is not on a network a lot of security issues go away.
That may used to be true, however modem day malware frequently will spread via laptops moved in and out of the network (see Conficker) or via usb drives (see Stuxnet). Computers with no network access can still be easily infected.
When I say "will gladly decrypt" I mean files you sent to them in plain-text and they encrypt on their servers, there is no way for them to decrypt the files you send them pre-encrypted
Yes they reworded it to make it friendlier and everyone loves the quote
To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.
however their privacy agreement still says they will gladly decrypt and give your data to law enforcement
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox's Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
Have you tried to remove a server from a rack without accidentally detaching the power cable? They went with the option that had the lest chance of failure.
They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.
As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.
If I keep all of my data in a strongly encrypted container (that does not have a password that is brute force able in a reasonable amount of time), how do you expect to gain anything meaningful "dealing with it as mere data" without the decryption key which was stored in ram till you shut the machine off to clone the drive?
... is they did not want to power down the server.
Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.
It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.
Slashdot Mirror
The doctor looking at X-Rays while sterile was a perfect example of "Why didn't someone think of this sooner?"
A million internet points for the person who commercializes this in to a faster than light inter-planatary communication network and calls it subspace.
The file is erased and rewritten after everything outside of ring 0 has been terminated. So the only way to infect the hyberfil.sys would be have ring 0 write the infected file.
Heck, I think Brother's press release saying they are releasing the first commercial VRD is a lot bigger news than Sony's
Sony releases a Head mounted display and acts like it invented it...
Call me when they release a VRD
They say "supports" because it is up to the developer to have the application that uses the GovCloud be certified. All they are saying is "Our services will not prevent you from writing applications that can fulfill these certifications"
I am surprised no one suggested the Extra Credits video on Gamifaction
They also did a followup on Gamifying education
I download gpg4win, I was wrong :(
Be sure to drink your ovaltine?
Guessing from my experience to the situation of GP, they will probably end up with B), at least for some time. Maybe they can get away with it, because for a computer that is not on a network a lot of security issues go away.
That may used to be true, however modem day malware frequently will spread via laptops moved in and out of the network (see Conficker) or via usb drives (see Stuxnet). Computers with no network access can still be easily infected.
When I say "will gladly decrypt" I mean files you sent to them in plain-text and they encrypt on their servers, there is no way for them to decrypt the files you send them pre-encrypted
To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.
however their privacy agreement still says they will gladly decrypt and give your data to law enforcement
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox's Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
Thanks, i was looking for that, I wanted to include that in with my OP but I could not find it.
Have you tried to remove a server from a rack without accidentally detaching the power cable? They went with the option that had the lest chance of failure.
They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.
As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.
If I keep all of my data in a strongly encrypted container (that does not have a password that is brute force able in a reasonable amount of time), how do you expect to gain anything meaningful "dealing with it as mere data" without the decryption key which was stored in ram till you shut the machine off to clone the drive?
... is they did not want to power down the server.
Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.
It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.
<@insomni> it only takes three commands to install Gentoo /dev/hda && mkfs.xfs /dev/hda1 && mount /dev/hda1 /mnt/gentoo/ && chroot /mnt/gentoo/ && env-update && . /etc/profile && emerge sync && cd /usr/portage && scripts/bootsrap.sh && emerge system && emerge vim && vi /etc/fstab && emerge gentoo-dev-sources && cd /usr/src/linux && make menuconfig && make install modules_install && emerge gnome mozilla-firefox openoffice && emerge grub && cp /boot/grub/grub.conf.sample /boot/grub/grub.conf && vi /boot/grub/grub.conf && grub && init 6
<@insomnia> cfdisk
<@insomnia> that's the first one
No, but it was probably just a rookie mistake. You know, like an assignment instead of compare.
Or like not noticing something is VB where they use = as a comparator.
I think the cable guys have their knickers in a twist because soon the only thing their cable will carry is TCP/IP.
This is why we need internet regulation! I need to use UDP for some apps!
Obligatory XKCD
Excellent Troll good sir. I I tip my hat to you.
This is the exact reason there is no burger king (the chain) in Mattoon, Illinois
You are not RSA's customer, people like Blizzard and PayPal are their customers. You are a customer of their customers.
Brain of Britain, World Cup, and one penalty from a change of possession in rugby