maybe start looking for the builder on hacker forums like HF and opensc. There are many, and this is such big news it shouldn't take you long to find it.
I'd run it in a VM or sandboxed or on a "disposable" computer. You are playing with fire, watch out so you don't get burned. 50-50 odds get owned by DLing someone ELSES deployment of SpyEye. lol.
To truly deploy this is actually sorta involved, I know for Zeus you hafta run a web server to gather all the data and do C+C. A simple RAT with a few dozen bots is easy peasy, that's just messing with noIP and opening some ports, these crimeware tools are a CAMPAIGN. With Zeus and SE you are intending on stealing people's money on a large scale.
Remember kids, don't hack from your own IP address, your dad will get pissed when the FBI comes.
...does any of this mean? Can we get summaries that aren't the first paragraph of TFA? Can we get an explanation of what the hell TFA is talking about and why we should care?
Sheesh.
Spy Eye is a pretty well known and powerful RAT/Bot tool on level with the venerable Zeus. The real non-backdoored copies are (generally) all for-pay.
This is a licensed for-pay malware/crimeware toolkit. The source code is leaked and there is a CRACK for the builder. This is key. Now it's easier for the freeloaders and skiddies to get at and CUSTOMIZE this high level malware tool, making it harder to detect.
This means things are going to get more interesting (re: worse) before they get better.
The 'hacker" scene is like.001% real coder and 99.999% script kiddie and leach. This makes powerful tools available to many more people than before.
It takes my work PC about ten minutes to get to a working desktop. Probably two minutes to actually boot to windows, three or four to get to the Windows logon (anyone who works Windows domains has learned that if you don't have some wait times built in, policies may not load and you get support calls), then another three to five after I log in for all the scripts, antivirus, citrix, and other crap to run before my desktop is fully functional.
50 weeks a year, (assuming you are in the US and not some slacker euro country where everyone gets off 6 weeks a year) times 5 days a week, times 10 minutes a day, divide by 60, that's more than 40 hours a year watching the computer grind away.
That's assuming you turn it off every day, which you would do, of course, because you need to conserve electricity and not waste the company dime.
If a SSD would massively reduce boot time, and the cost of the SSD and the time to build the comp is less than what the employee wastes in a year watching it boot, why not deploy SSD?
Factor it as a two year payoff - even easier to justify it.
Not quite the same thing, but if you're sitting for 10 minutes watching the hourglass spin it's about as productive as using the toilet. You probably do that on the clock too.
Client of mine was having bad internet problems on Comcast. Investigated and solved by putting openDNS into the router config and making sure all machines were on DHCP. It wasn't redirecting search results, at least not that I saw, the comcast DNS were just unresponsive.
Step #1 to have good internet is not to use the ISP's dns servers. EVER. Just sayin.
Step 1: Invent some plausibly useful technology applicable to a given sector
Step 2: Bribe... I mean "lobby".... for the tech to be mandated by law in the given sector
Step 3: ????
Step 4: Profit
Troll comments and +5 funny rating aside, many scientists would agree (either publicly or anonymously due to fear) that human caused global warming IS a hoax.
Especially after the emails were released exposing the hoax. Remember?
I for one would like to keep up on REAL science, not pseudoscience fraud.
As for the answersingenesis site... I know what I believe.
Noscript functionality is in Chrome and IE, just not enabled by default.
In Chrome go to Options > Under the hood > Content Settings and disable then add your white-listed domains.
In IE its a little more complicated, Internet Options > Security > Set Internet to HIGH then go to Trusted Sites and add your white-listed domains. Then go to Internet Options > Programs > Manage Addons > Toolbars and Extensions > Disable any addons you will not use, for addons you do use right click them > More Information > Remove all sites and add only white-listed domains.
99.999999% of the people getting malware like this don't know what a script IS, let alone anything you just typed there. Believe it or not, there are people who when you ask them what browser they use they will say "I gots the Winders XP". Those are the people who are targeted by malware writers. People running no-script and adblock and sandboxes are simply such a small percentage of the masses on the internet it's a drop in the bucket.
However dell and hp and lenovo and the other OEM ship out their boxes and laptops - that is how the people use them. They take them out of the box and plug them in and use them.
Realistically how many people out there know what google chrome is, except that they get it along with maybe their PDF reader or some other bundle? How many typical users know what firefox is? How many know that you can have a different browser- PERIOD?
There is an article about bing right now on slashdot. The ONLY reason ANYONE would use bing is because microsoft makes that the default search on the browser which is how it comes out of the box from walmart. How many people who use bing know it isn't google, or that there is a difference between them? Seriously, it is THAT BAD - the way people use their computer is purely random chance after random chance. Think about it, that's why you see comps with 16 toolbars on the browser. "why do you have 16 toolbars? Do you want all of them?" "No, I don't know how they got there, can you get rid of them?" "Why do you have 3 registry defraggers installed and running all the time, do you want that?" "I have no idea what you are talking about"
My point is, people need a no-brainer solution to malware because that is the type of user you need to protect. Otherwise you can't waste the emotional overhead to worry about them - it's simply too hard for them otherwise and there are too many of them. It's as if superman is trying to save 2 BILLION Lois Lanes with diarrhea who are blindfolded and running around a mine field the size of the earth with clown shoes on looking for the one port-o-potty.
I think part of the facebook hating is because subconsciously people "know" that Zuckerberg is a jerk because of the movie.
For me, I erased my FB account because it was pointless, lacked privacy, and I didn't care what people were thinking about having for supper and when they were eating supper and whether it was really good after they were done. Few of my real friends were on there either, a lot of it was people I knew in high school who whine a lot.
I did get a g+ account tho. Haven't done much with it yet. Seems cool, I like the drag and drop stuff. Seems more professional and utilitarian, less farmville and redneck back road casino.
Heres something funny: Like most people I made some thoughtful posts on facebook. Never got many replies or likes. Oh well. Once on a whim I posted "I just ate some ice cream". Wouldn't you know, I got more replies and likes to that post than any other post I ever made on FB.
If the agency has to do it "right" in order to get paid, that is incentive to do it right. Again and again, more and more efficiently.
The problem with the public sector is that it is incredibly hard to get fired and in order to get paid, you pretty much just have to show up.
The motivation to do a good job in the public sector just because it is the honorable "serve the people" thing to do is long past. Now, workin' fer da guv'mint is a ticket to coast until retirement.
The above, of course, doesn't necessarily take into account the likes of Halliburton and Blackwater. They may or may not do what they do very well, but they don't exactly have to compete.
I'm confused. Is this a "Ack, nuclear stuff is expensive and dangerous!" article or a "Wow, large engineering projects are cool!" article. Should I be AFRAID or IMPRESSED? I don't know!
Makes me think - wow, we need a better way to make electricity.
If it's just you, and just one computer, why not carbonite (or another reputable online storage service) AND ALSO 1 or two external usb hard drives, keeping one off site and periodically rotating them. Like, weekly.
If carbonite implodes, you have the hard drives. If you lose one hard drive, you have the other. If you lose both hard drives you have carbonite.
If you never lose the working data, then you aren't out TOO much, as carbonite is not TOO expensive and external usb hard drives are also reasonable.
No, I don't work for carbonite, just using them as a ubiquitous brand name like kleenex. I could have just as easily said dropbox. Oh, wait, no, not dropbox. Nevermind.
And disable the microphone. People always forget the microphone.
I think the law is that you can't record audio in a room unless someone in the room knows it is being recorded. Recording video (such as the webcam) is not "illegal" especially given the legal precedence this judge just created.
Of course, this spyware the rental company was using probably wasn't TOO concerned with the finer nuances of the law... I'm sure there were disclaimers and whatnot - "customer ensures all use of this software is legal, blah blah blah, we're not liable if you use it illegally, blah blah"
Oh, I get it. Check the site, it's a Apple only thing. That actually makes sense in a lot of ways.
Because Apple users never do anything confidential or top secret? And they anthropomorphify their data and don't want to "kill it" and this will let the nice little bits and bytes "live on"?
Then encrypt with PGP (the backdoor free, one), or develop an app that does.
As they say, necessity is the motherfucker of an inventor.
Is there a droid and/or iOS app that is un-backdoored to encrypt a smartphone? I'm thinking of something like truecrypt whole disk encryption for smartphones. Turn it on - bam, password please. Can't even dial the thing without a password. It's a brick. Can't usb it, can't pull the flash card, the whole thing is encrypted.
What about an inbound and outbound firewall to prevent undesired communications?
Agreed. A server OS will log the purpose of an intentional shutdown. The only way a server can know it was shut down improperly is if it gets turned on and there is no entry for why it was off. Then, it can say that the system was brought up after an unexpected shutdown.
Sorta doubt cell phones get to that level of logging.
I mean, that would be like logging a person's location continuously, and all open wifi access points the phone is near and then hiding that in a file on the phone that no-one knows about and they don't tell you about. If they are at that point, then it might be time to break out the tinfoil hat on principle.
Slashdot Mirror
maybe start looking for the builder on hacker forums like HF and opensc. There are many, and this is such big news it shouldn't take you long to find it.
I'd run it in a VM or sandboxed or on a "disposable" computer. You are playing with fire, watch out so you don't get burned. 50-50 odds get owned by DLing someone ELSES deployment of SpyEye. lol.
To truly deploy this is actually sorta involved, I know for Zeus you hafta run a web server to gather all the data and do C+C. A simple RAT with a few dozen bots is easy peasy, that's just messing with noIP and opening some ports, these crimeware tools are a CAMPAIGN. With Zeus and SE you are intending on stealing people's money on a large scale.
Remember kids, don't hack from your own IP address, your dad will get pissed when the FBI comes.
...does any of this mean? Can we get summaries that aren't the first paragraph of TFA? Can we get an explanation of what the hell TFA is talking about and why we should care?
Sheesh.
Spy Eye is a pretty well known and powerful RAT/Bot tool on level with the venerable Zeus. The real non-backdoored copies are (generally) all for-pay.
.001% real coder and 99.999% script kiddie and leach. This makes powerful tools available to many more people than before.
This is a licensed for-pay malware/crimeware toolkit. The source code is leaked and there is a CRACK for the builder. This is key. Now it's easier for the freeloaders and skiddies to get at and CUSTOMIZE this high level malware tool, making it harder to detect.
This means things are going to get more interesting (re: worse) before they get better.
The 'hacker" scene is like
It takes my work PC about ten minutes to get to a working desktop. Probably two minutes to actually boot to windows, three or four to get to the Windows logon (anyone who works Windows domains has learned that if you don't have some wait times built in, policies may not load and you get support calls), then another three to five after I log in for all the scripts, antivirus, citrix, and other crap to run before my desktop is fully functional.
50 weeks a year, (assuming you are in the US and not some slacker euro country where everyone gets off 6 weeks a year) times 5 days a week, times 10 minutes a day, divide by 60, that's more than 40 hours a year watching the computer grind away.
That's assuming you turn it off every day, which you would do, of course, because you need to conserve electricity and not waste the company dime.
If a SSD would massively reduce boot time, and the cost of the SSD and the time to build the comp is less than what the employee wastes in a year watching it boot, why not deploy SSD?
Factor it as a two year payoff - even easier to justify it.
Here is a calculator: http://paidtopoop.com/
Not quite the same thing, but if you're sitting for 10 minutes watching the hourglass spin it's about as productive as using the toilet. You probably do that on the clock too.
Client of mine was having bad internet problems on Comcast. Investigated and solved by putting openDNS into the router config and making sure all machines were on DHCP. It wasn't redirecting search results, at least not that I saw, the comcast DNS were just unresponsive.
Step #1 to have good internet is not to use the ISP's dns servers. EVER. Just sayin.
.. unless you think its just going to run on sunshine and rainbows?
Next week on slashdot - "Military investing in rainbow powered lasers!"
And where exactly is Apple's iPhone made?
Foxconn, right? What do I win?
Step 1: Invent some plausibly useful technology applicable to a given sector ... I mean "lobby" .... for the tech to be mandated by law in the given sector
Step 2: Bribe
Step 3: ????
Step 4: Profit
I think step 3 may be optional.
Nobody expects Facebook's level of creepiness. Until it's too late.
I noticed the creepiness as well. Can't put my finger on it. You?
what the hell does anybody need a six-acre lawn for? Can you honestly say that it provides you with more enjoyment than, say, a half-acre lawn?
Yes, it would. Except for the mowing part.
how long did his mouth hurt then? Surely you laid him out and subdued him until the police came, since you eluded to his incarceration?
I don't use twitter. /. complained a link was "too long" or something so I thought I'd try out google's new link shortener. So neat and tidy!
One of the links I posted caused slashdot to complain that it was "too long", so I shortened them. Sorry I offended you.
I remember emails being released. I don't remember exposing any hoaxes though... Perhaps you're confused.
http://goo.gl/ocYqZ
another link re: global warming
http://goo.gl/wb6nZ
many scientists would agree (either publicly or anonymously due to fear) that human caused global warming IS a hoax.
[citation needed]
Let me google that for you.
http://goo.gl/4jCmQ
http://goo.gl/hCTQK
http://goo.gl/RyfZf
http://goo.gl/GWcP9
And another: http://goo.gl/PN8mU
Troll comments and +5 funny rating aside, many scientists would agree (either publicly or anonymously due to fear) that human caused global warming IS a hoax.
... I know what I believe.
Especially after the emails were released exposing the hoax. Remember?
I for one would like to keep up on REAL science, not pseudoscience fraud.
As for the answersingenesis site
Noscript functionality is in Chrome and IE, just not enabled by default. In Chrome go to Options > Under the hood > Content Settings and disable then add your white-listed domains. In IE its a little more complicated, Internet Options > Security > Set Internet to HIGH then go to Trusted Sites and add your white-listed domains. Then go to Internet Options > Programs > Manage Addons > Toolbars and Extensions > Disable any addons you will not use, for addons you do use right click them > More Information > Remove all sites and add only white-listed domains.
99.999999% of the people getting malware like this don't know what a script IS, let alone anything you just typed there. Believe it or not, there are people who when you ask them what browser they use they will say "I gots the Winders XP". Those are the people who are targeted by malware writers. People running no-script and adblock and sandboxes are simply such a small percentage of the masses on the internet it's a drop in the bucket.
However dell and hp and lenovo and the other OEM ship out their boxes and laptops - that is how the people use them. They take them out of the box and plug them in and use them.
Realistically how many people out there know what google chrome is, except that they get it along with maybe their PDF reader or some other bundle? How many typical users know what firefox is? How many know that you can have a different browser- PERIOD?
There is an article about bing right now on slashdot. The ONLY reason ANYONE would use bing is because microsoft makes that the default search on the browser which is how it comes out of the box from walmart. How many people who use bing know it isn't google, or that there is a difference between them? Seriously, it is THAT BAD - the way people use their computer is purely random chance after random chance. Think about it, that's why you see comps with 16 toolbars on the browser. "why do you have 16 toolbars? Do you want all of them?" "No, I don't know how they got there, can you get rid of them?" "Why do you have 3 registry defraggers installed and running all the time, do you want that?" "I have no idea what you are talking about"
My point is, people need a no-brainer solution to malware because that is the type of user you need to protect. Otherwise you can't waste the emotional overhead to worry about them - it's simply too hard for them otherwise and there are too many of them. It's as if superman is trying to save 2 BILLION Lois Lanes with diarrhea who are blindfolded and running around a mine field the size of the earth with clown shoes on looking for the one port-o-potty.
I think part of the facebook hating is because subconsciously people "know" that Zuckerberg is a jerk because of the movie.
For me, I erased my FB account because it was pointless, lacked privacy, and I didn't care what people were thinking about having for supper and when they were eating supper and whether it was really good after they were done. Few of my real friends were on there either, a lot of it was people I knew in high school who whine a lot.
I did get a g+ account tho. Haven't done much with it yet. Seems cool, I like the drag and drop stuff. Seems more professional and utilitarian, less farmville and redneck back road casino.
Heres something funny: Like most people I made some thoughtful posts on facebook. Never got many replies or likes. Oh well. Once on a whim I posted "I just ate some ice cream". Wouldn't you know, I got more replies and likes to that post than any other post I ever made on FB.
If the agency has to do it "right" in order to get paid, that is incentive to do it right. Again and again, more and more efficiently.
The problem with the public sector is that it is incredibly hard to get fired and in order to get paid, you pretty much just have to show up.
The motivation to do a good job in the public sector just because it is the honorable "serve the people" thing to do is long past. Now, workin' fer da guv'mint is a ticket to coast until retirement.
The above, of course, doesn't necessarily take into account the likes of Halliburton and Blackwater. They may or may not do what they do very well, but they don't exactly have to compete.
I'm confused. Is this a "Ack, nuclear stuff is expensive and dangerous!" article or a "Wow, large engineering projects are cool!" article. Should I be AFRAID or IMPRESSED? I don't know!
Makes me think - wow, we need a better way to make electricity.
If it's just you, and just one computer, why not carbonite (or another reputable online storage service) AND ALSO 1 or two external usb hard drives, keeping one off site and periodically rotating them. Like, weekly.
If carbonite implodes, you have the hard drives. If you lose one hard drive, you have the other. If you lose both hard drives you have carbonite.
If you never lose the working data, then you aren't out TOO much, as carbonite is not TOO expensive and external usb hard drives are also reasonable.
No, I don't work for carbonite, just using them as a ubiquitous brand name like kleenex. I could have just as easily said dropbox. Oh, wait, no, not dropbox. Nevermind.
And disable the microphone. People always forget the microphone.
I think the law is that you can't record audio in a room unless someone in the room knows it is being recorded. Recording video (such as the webcam) is not "illegal" especially given the legal precedence this judge just created.
Of course, this spyware the rental company was using probably wasn't TOO concerned with the finer nuances of the law... I'm sure there were disclaimers and whatnot - "customer ensures all use of this software is legal, blah blah blah, we're not liable if you use it illegally, blah blah"
Oh, I get it. Check the site, it's a Apple only thing. That actually makes sense in a lot of ways.
Because Apple users never do anything confidential or top secret? And they anthropomorphify their data and don't want to "kill it" and this will let the nice little bits and bytes "live on"?
Then encrypt with PGP (the backdoor free, one), or develop an app that does.
As they say, necessity is the motherfucker of an inventor.
Is there a droid and/or iOS app that is un-backdoored to encrypt a smartphone? I'm thinking of something like truecrypt whole disk encryption for smartphones. Turn it on - bam, password please. Can't even dial the thing without a password. It's a brick. Can't usb it, can't pull the flash card, the whole thing is encrypted.
What about an inbound and outbound firewall to prevent undesired communications?
Agreed. A server OS will log the purpose of an intentional shutdown. The only way a server can know it was shut down improperly is if it gets turned on and there is no entry for why it was off. Then, it can say that the system was brought up after an unexpected shutdown.
Sorta doubt cell phones get to that level of logging.
I mean, that would be like logging a person's location continuously, and all open wifi access points the phone is near and then hiding that in a file on the phone that no-one knows about and they don't tell you about. If they are at that point, then it might be time to break out the tinfoil hat on principle.
oh wait...