> First of all, there's really no legitimate reason why you can't use the usual garage door remote.
Wrong. Maybe mine slipped off the visor and out the window while I was driving. Maybe I prefer my own. Maybe it opens my own door as well as my mother's. One opener instead of two clipped to the visor. Maybe I don't like the color of the original.
> And second, I've had someone break into my garage by using one of these things. > I, for one, would like to see these devices outlawed.
Someone stole my girl friend's purse from my car by throwing a ball bearing at the window and grabbing it. The thought of calling for a ban on ball bearings never crossed my mind.
> Nothing of any value was stolen, thankfully, but it leads me to believe the only added benefits of these devices are to theives [sic].
Allow me to dispell this belief. That is incorrect.
> It's too bad the courts got this wrong.
The courts got it right. Chamberlain was attempting to enforce a monopoly by misapplying a law that doesn't apply.
> There's no legitimate uses for reverse engineering these devices.
I direct your attention to 17 USC(annotated) 1201(f). You may reverse engineer a technology for purposes of interoperability.
Representatives Rick Boucher and John Doolittle recently introduced the Digital Media Consumers' Rights Act to amend the DMCA to stop the most outrageous abuses of it.
Lexmark recently failed in their attempt misuse the DMCA to force out aftermarket ink cartridges that compete with their own overpriced products.
Now this case where a garage door opener maker wanted to abuse the law to force out a universal remote control maker.
I hope the failure of these companies to abuse the DMCA to enforce their monopolies is a sign that the courts and the legislature are waking up.
The DMCA is a dirty word, both online and in meatspace. The DMCA is a flawed piece of law.
The DMCA is being used to stifle competition and to gag disclosures of security flaws. It is worded so broadly that it is invoked in many situations to which it logically should not apply. At the same time, it is worded so narrowly that things which should be exempted are not.
Material that is copyrighted becomes public domain after a certain period of time. When that time period is up, the material belongs to the public. This is a fact that is not mentioned often enough these days. We should not destroy rights and freedoms meant to be permanent in the name of protecting a copyright that is meant to be temporary.
The DMCA must be withdrawn or amended before it causes irreparable harm to our society. Whatever replaces it should acknowledge that our permanent Fair Use rights and our permanent right to free speech are far more important than a corporation's right to protect its temporary copyright.
God I wish I could use Bit Torrent. My ISP has me behind NAT and no one can connect to me, so Bit Torrent is slower than dialup in my case. The ultimate leech control.
I guess I'll just wait for the FTP servers to cool off.
I don't think analogies are the best way to consider this. They can cut both ways.
If I leave home and forget to lock the door, I am not responsible for someone breaking in and taking potshots at pedestrians from the upstairs window. In a sane world anyway. Who knows about some of the laws in my country (usa) these days.
For a real world example, there was a man in England who lost custody of his child and nearly went to prison as a pedophile recently. Someone called the cops and they found images of child porn in his browser cache and arrested him. He wasn't surfing for child porn, his computer was infected with a browser hijacker that was popping up porn pop-ups.
He could have done some things to prevent being hijacked, but it doesn't make him a pedophile because his computer was infected.
Indeed. You really must wonder about those people who INSIST on having their rights respected and who hold that funny little view that "Innocent until proven guilty" should be honored. Why it's downright SEDITIOUS! Everyone knows that anyone who complains that their privacy has disappeared is just a terrorist whose evil plan has been frustrated by all the attention.
These people really need to looosen their tin foil beanies and GET WITH THE PROGRAM! Everyone knows our overlords at Homeland Security and the DoJ respect the rights they've graciously allowed us to keep.
Perhaps those people should be rounded up and kept somewhere for safekeeping and let us HONEST, PATRIOT ACT COMPLIANT citizens get on with our lives without worrying about such potentially dangerous persons.
*hides his outlawed copy of the old US Constitution under the loose floorboard in the kitchen and looks around warily...*
I once had nearly an entire 25 pack of Memorex CDRW's that were crap right out of the store. I burned 10 goddamned coasters before I realized it wasn't Nero or the burner.
They were so bad they locked up Windows in 3 different machines when I put them in the drives after burning something to them. Eventually I had to toss every one of them and reburn that data on Imation discs.
As for labeling, I use a Sharpie and am very careful to write lightly.
Apple says iTunes is "better than free" because it's "fair to the artists and record labels." That's simply not true. First of all, Apple gets 3 times as much money as musicians from each sale. Apple takes a 35% cut from every song and every album sold, a huge amount considering how little they have to do.
Record labels receive the other 65% of each sale. Of this, major label artists will end up with only 8 to 14 cents per song, depending on their contract. Many of them will never even see this paltry share because they have to pay for producers and recording costs, both of which can be enormous.
Until the musician "recoups" these costs, when you buy an iTunes song, the label gives them nothing.
About an hour ago I compared 27 songs that I had queued up in my iTunes "shopping cart" against the RIAA Radar search engine. Every single song was from an album produced by an RIAA member. So I dumped my queue and iTunes lost a $26.73 sale. That is my protest against the RIAA's campaign to save themselves and other buggy whip industries.
Wouldn't work. As the Belkin Router is hijacking it at the router, not the PC. It would hijack the highjack and still go to the Belkin site.
That makes sense. I've never used a router before, so I don't where it would look up the DNS info.
I guess it depends on how the router does the hijack. If it is sending a command back to the browser (or indirectly to the OS) to load that URL, the computer would still check the HOSTS file for the server's IP before loading the page. If it is hardcoded every 8 hours to pull data from belkin's IP address no matter what URL is requested, then you are right and it won't work.
Agreed on point 1, but then Belkin is a very popular product.
As for point 2, you would be surprised. When someone exploits that flaw, the number of people that become infected is staggering.
Tweakxp.com was taken down a couple of months ago because someone did this. The attacker's web host pulled their account and replaced the content of the page with a link to a page at tweakxp that explained how to handle the HOSTS file. TweakXP's server couldn't handle all that traffic.
Totally theoretical, yet based on a hundred browser hijackers we've discovered at my site.
1.) Send a spam mailing which loads a java applet when opened.
2.) The java applet exploits the ByteVerify hole in an older version of M$ Java VM to drop a bad HOSTS file on the now-infected machine.
3.) Belkin router hijacks an HTTP request to their site, but the HOSTS file redirects that hijack to the second hijacker's site.
4.) The new hijacker's site can either be a pay-per-click search portal, or it can host more trojans to exploit a machine already proven to be out of date on its security patches.
This is not an extreme example at all and could be done very easily. I see this shit every day at my site's support forums.
When Verisign hijacked all mis-typed domain name queries, we started seeing a large number of trojans dropping bad HOSTS files that redirected sitfinder.verisign.com to their own sites.
If you can highlight the 50 spams waiting on you in your inbox in the morning, press delete, and whisk them off to/dev/null/, is spam really a big deal?
Yes in both cases, because in both cases unwanted marketing has hijacked your use of your private property to display unwanted advertisements. It is unethical, unwanted, and it is on the other side of a line that companies GODDAMNED WELL BETTER UNDERSTAND they are not to cross.
I didn't look to see if it left any files behind (I probably should have), but it did leave at least two registry entries that clearly should have been removed when it uninstalled: HKLM\software\Symantec and HKCU\software\Symantec\
I restored the image of the hard drive afterward and apologized to my poor labrat computer. I'll be sure to give that hard drive a good bath tonight.
It is mainly true. I found that with the default settings, the content filter blocked nra.org, nraila.org, as well as peacefire.org (categorized as "crime"-related).
Despite what is in the story, Handguncontrol.org was not blocked, nor was any other anti-gun/pro gun control web site. nrahq.org also was not blocked for whatever reason.
Blocking the NRA is questionable. Although I personally believe it's foolish to categorize it as "weapons" instead of "political", it is debatable.
On the other hand, nraila.org is nothing but political commentary and mentions weapons only as news items and as the subject of commentary. To block that site while allowing other sites dealing with the exact same subject from an opposite viewpoint is nothing but politically-motivated censorship.
<Offtopic>
The damned thing installed so many registry entries (4,300+) that it locked up Inctrl5 for a full hour while it compiled the installation report. The log is an unbelievable two megabytes! I've seen a lot of spyware, trojans, and other crap, but I've NEVER seen anything install so much crap.
</Offtopic>
One hour, one reboot and 50 megabytes later, I'm still getting it set up. Lord help anyone on dialup with this thing.
Interesting (if offtopic) is the fact that even the trial mode contains DRM. Glad I made that image first and glad I installed it on the lab rat, not this PC.
I have to agree. If it were a site discussing how to use a firearm to wreak havoc,shoot people on street corners or wage a guerilla war, that would be one thing. According to the headline they are blocking purely political web sites and that is unacceptable. This being slashdot, I know better than to take that at face value, so I'm creating a disk image of my hard drive right now so I can test it myself.
If this is true, I will be advocating a boycott of Symantec on my site. Slashdot it ain't, but it has a considerable number of readers and it's in Symantec's industry, security and privacy.
With Demi Moore (mmmmmmmm) and Michael Douglas. If you look at the scene where she logs in and starts nuking files, she's clearly at a *nix command prompt.
New.Net is not spyware, although it is commonly believed that it is because it is targeted by antispyware software. The closest appropriate term would be "Unsolicited Commercial Software" or perhaps "Foistware" because it comes bundled with unrelated software. It does no tracking of the user and doesnt' even display advertisements.
As for removing it, they took a lot of shit a couple of years ago because their uninstaller didn't work, so they fixed it. It works perfectly from add/remove and this has been verified by myself and by other members of our message board. If it doesn't for some reason, official and accurate manual instructions are located at http://www.newdotnet.com/#remove
Please do not use HijackThis to remove any part of New.Net. It is a powerful tool, but it is not an antispyware program and not designed to uninstall software. It's purpose is to list anything that is not a default setting so that we can track down brand new spyware. If you don't know for an absolute fact that an entry absolutely should go, leave it and ask for advice first. You can hose Windows pretty good if you are not careful.
Any method of munging the address must still be clickable within the visitor's browser. If it is clickable, it can be harvested. Javascript and html encoding may stop most of the bots, but bots exist that can slurp the address no matter how much javascript you wrap it in.
I use a PHP email form that never sends the address to the to client accessing it. Short of hacking the server and looking at the php script in plain text, there is no way to harvest the address. I have no need to let the public know my address. If they want to email me, use the form or use my site's message board.
I don't want the guy getting slashdotted, so I won't link his site. If you really want the script I use (available in PHP or ASP), go to hotscripts.com and search for dbmaster's mail form.
Well. In that case all they have to do is make the ad pop-up when you click a link on their site.
The difference being, a pop-up/pop-under is unrequested and unwanted. On the other hand, if I want an ad, because maybe I'm actually looking for to buy something on that site, then that is something I want. Otherwise why would I click the link?
By refusing to buy music from any source, you are simply fueling their fire.
Not all artists are RIAA members. There is no reason to boycott a third party who has nothing to do with this or who may not be a member because the RIAA disgusts them just as much as it disgusts you.
I replied to that X10 ad... and actually got a good deal. Lot's of stuff, neat, for a fair price.
It is my secret shame - responding to a pop under (it was a popup at the time I seem to remember).
"Spammers exist because people buy from them.
It typically takes from 1,000 to 10,000 spams to make one sale. If you buy from a spammer, you are PERSONALLY responsible for the next 1,000 to 10,000 spams sent...
Including the porn spam sent to your kids."
I imagine the same goes for pop ads. I would like your address so I can break your legs on behalf of the 10,000 people who saw an X-10 pop under that you personally financed.
Many of them(solutions) have been extensively covered recently, including plans to force users to patch automatically.
Yea, I don't forsee any potential problems with that plan.
I think the original post is misleading. Gates didn't say anything about forcing updates. He said that by default they would be installed automatically. There was no mention of forcing that.
From the article:
Microsoft is also going to make sure that people install firewalls and updates by default. "None of the security problems recently affected people who had their software up to date," Gates said. "But we made it too complex for most people. Critical security patches should be applied with the speed of the internet."
From now on, Microsoft will install these patches automatically. And it will bring the size of the patches down to satisfactory portions. "We used to send megabytes of software to fix a 20 byte file," Gates said.
That's fine by me. Make it the default but leave a way to turn it off for those who wish to. Microsoft has a habit of puting out buggy patches that create worse problems than whatever they are fixing.
I wouldn't even mind if they made the off switch hard to find. If someone can't figure out on your own how to turn the thing off, most likely they are exactly the type that needs it turned on.
Hmm... I thought it was just me and this sorry ass proxy software my ISP uses. I've been having these problems for about a week on MSIE, Opera, and Firebird on Win2K. It's been driving me nuts (not a long trip).
Slashdot Mirror
> First of all, there's really no legitimate reason why you can't use the usual garage door remote.
Wrong. Maybe mine slipped off the visor and out the window while I was driving. Maybe I prefer my own. Maybe it opens my own door as well as my mother's. One opener instead of two clipped to the visor. Maybe I don't like the color of the original.
> And second, I've had someone break into my garage by using one of these things.
> I, for one, would like to see these devices outlawed.
Someone stole my girl friend's purse from my car by throwing a ball bearing at the window and grabbing it. The thought of calling for a ban on ball bearings never crossed my mind.
> Nothing of any value was stolen, thankfully, but it leads me to believe the only added benefits of these devices are to theives [sic].
Allow me to dispell this belief. That is incorrect.
> It's too bad the courts got this wrong.
The courts got it right. Chamberlain was attempting to enforce a monopoly by misapplying a law that doesn't apply.
> There's no legitimate uses for reverse engineering these devices.
I direct your attention to 17 USC(annotated) 1201(f). You may reverse engineer a technology for purposes of interoperability.
PS. Who the hell modded this guy funny?
Representatives Rick Boucher and John Doolittle recently introduced the Digital Media Consumers' Rights Act to amend the DMCA to stop the most outrageous abuses of it.
Lexmark recently failed in their attempt misuse the DMCA to force out aftermarket ink cartridges that compete with their own overpriced products.
Now this case where a garage door opener maker wanted to abuse the law to force out a universal remote control maker.
I hope the failure of these companies to abuse the DMCA to enforce their monopolies is a sign that the courts and the legislature are waking up.The DMCA is a dirty word, both online and in meatspace. The DMCA is a flawed piece of law.
The DMCA is being used to stifle competition and to gag disclosures of security flaws. It is worded so broadly that it is invoked in many situations to which it logically should not apply. At the same time, it is worded so narrowly that things which should be exempted are not.
Material that is copyrighted becomes public domain after a certain period of time. When that time period is up, the material belongs to the public. This is a fact that is not mentioned often enough these days. We should not destroy rights and freedoms meant to be permanent in the name of protecting a copyright that is meant to be temporary.
The DMCA must be withdrawn or amended before it causes irreparable harm to our society. Whatever replaces it should acknowledge that our permanent Fair Use rights and our permanent right to free speech are far more important than a corporation's right to protect its temporary copyright.
God I wish I could use Bit Torrent. My ISP has me behind NAT and no one can connect to me, so Bit Torrent is slower than dialup in my case. The ultimate leech control.
I guess I'll just wait for the FTP servers to cool off.
Bah...... Guilty... Didn't RTFA. It mentions that exact case in England.
I don't think analogies are the best way to consider this. They can cut both ways.
If I leave home and forget to lock the door, I am not responsible for someone breaking in and taking potshots at pedestrians from the upstairs window. In a sane world anyway. Who knows about some of the laws in my country (usa) these days.
For a real world example, there was a man in England who lost custody of his child and nearly went to prison as a pedophile recently. Someone called the cops and they found images of child porn in his browser cache and arrested him. He wasn't surfing for child porn, his computer was infected with a browser hijacker that was popping up porn pop-ups.
He could have done some things to prevent being hijacked, but it doesn't make him a pedophile because his computer was infected.
Indeed. You really must wonder about those people who INSIST on having their rights respected and who hold that funny little view that "Innocent until proven guilty" should be honored. Why it's downright SEDITIOUS! Everyone knows that anyone who complains that their privacy has disappeared is just a terrorist whose evil plan has been frustrated by all the attention.
These people really need to looosen their tin foil beanies and GET WITH THE PROGRAM! Everyone knows our overlords at Homeland Security and the DoJ respect the rights they've graciously allowed us to keep.
Perhaps those people should be rounded up and kept somewhere for safekeeping and let us HONEST, PATRIOT ACT COMPLIANT citizens get on with our lives without worrying about such potentially dangerous persons.
*hides his outlawed copy of the old US Constitution under the loose floorboard in the kitchen and looks around warily...*
I once had nearly an entire 25 pack of Memorex CDRW's that were crap right out of the store. I burned 10 goddamned coasters before I realized it wasn't Nero or the burner.
They were so bad they locked up Windows in 3 different machines when I put them in the drives after burning something to them. Eventually I had to toss every one of them and reburn that data on Imation discs.
As for labeling, I use a Sharpie and am very careful to write lightly.
No guarantee that this is accurate.
Source
About an hour ago I compared 27 songs that I had queued up in my iTunes "shopping cart" against the RIAA Radar search engine. Every single song was from an album produced by an RIAA member. So I dumped my queue and iTunes lost a $26.73 sale. That is my protest against the RIAA's campaign to save themselves and other buggy whip industries.
Wouldn't work. As the Belkin Router is hijacking it at the router, not the PC. It would hijack the highjack and still go to the Belkin site.
That makes sense. I've never used a router before, so I don't where it would look up the DNS info.
I guess it depends on how the router does the hijack. If it is sending a command back to the browser (or indirectly to the OS) to load that URL, the computer would still check the HOSTS file for the server's IP before loading the page. If it is hardcoded every 8 hours to pull data from belkin's IP address no matter what URL is requested, then you are right and it won't work.
Agreed on point 1, but then Belkin is a very popular product.
As for point 2, you would be surprised. When someone exploits that flaw, the number of people that become infected is staggering.
Tweakxp.com was taken down a couple of months ago because someone did this. The attacker's web host pulled their account and replaced the content of the page with a link to a page at tweakxp that explained how to handle the HOSTS file. TweakXP's server couldn't handle all that traffic.
Read this for the whole story of that.
Totally theoretical, yet based on a hundred browser hijackers we've discovered at my site.
1.) Send a spam mailing which loads a java applet when opened.
2.) The java applet exploits the ByteVerify hole in an older version of M$ Java VM to drop a bad HOSTS file on the now-infected machine.
3.) Belkin router hijacks an HTTP request to their site, but the HOSTS file redirects that hijack to the second hijacker's site.
4.) The new hijacker's site can either be a pay-per-click search portal, or it can host more trojans to exploit a machine already proven to be out of date on its security patches.
This is not an extreme example at all and could be done very easily. I see this shit every day at my site's support forums.
When Verisign hijacked all mis-typed domain name queries, we started seeing a large number of trojans dropping bad HOSTS files that redirected sitfinder.verisign.com to their own sites.
If you can highlight the 50 spams waiting on you in your inbox in the morning, press delete, and whisk them off to /dev/null/, is spam really a big deal?
Yes in both cases, because in both cases unwanted marketing has hijacked your use of your private property to display unwanted advertisements. It is unethical, unwanted, and it is on the other side of a line that companies GODDAMNED WELL BETTER UNDERSTAND they are not to cross.
I didn't look to see if it left any files behind (I probably should have), but it did leave at least two registry entries that clearly should have been removed when it uninstalled: HKLM\software\Symantec and HKCU\software\Symantec\
I restored the image of the hard drive afterward and apologized to my poor labrat computer. I'll be sure to give that hard drive a good bath tonight.
It is mainly true. I found that with the default settings, the content filter blocked nra.org, nraila.org, as well as peacefire.org (categorized as "crime"-related).
Despite what is in the story, Handguncontrol.org was not blocked, nor was any other anti-gun/pro gun control web site. nrahq.org also was not blocked for whatever reason.
Blocking the NRA is questionable. Although I personally believe it's foolish to categorize it as "weapons" instead of "political", it is debatable.
On the other hand, nraila.org is nothing but political commentary and mentions weapons only as news items and as the subject of commentary. To block that site while allowing other sites dealing with the exact same subject from an opposite viewpoint is nothing but politically-motivated censorship.
<Offtopic> The damned thing installed so many registry entries (4,300+) that it locked up Inctrl5 for a full hour while it compiled the installation report. The log is an unbelievable two megabytes! I've seen a lot of spyware, trojans, and other crap, but I've NEVER seen anything install so much crap. </Offtopic>One hour, one reboot and 50 megabytes later, I'm still getting it set up. Lord help anyone on dialup with this thing.
Interesting (if offtopic) is the fact that even the trial mode contains DRM. Glad I made that image first and glad I installed it on the lab rat, not this PC.
I have to agree. If it were a site discussing how to use a firearm to wreak havoc,shoot people on street corners or wage a guerilla war, that would be one thing. According to the headline they are blocking purely political web sites and that is unacceptable. This being slashdot, I know better than to take that at face value, so I'm creating a disk image of my hard drive right now so I can test it myself.
If this is true, I will be advocating a boycott of Symantec on my site. Slashdot it ain't, but it has a considerable number of readers and it's in Symantec's industry, security and privacy.
About your firewall, try Kerio or Sygate.
With Demi Moore (mmmmmmmm) and Michael Douglas. If you look at the scene where she logs in and starts nuking files, she's clearly at a *nix command prompt.
New.Net is not spyware, although it is commonly believed that it is because it is targeted by antispyware software. The closest appropriate term would be "Unsolicited Commercial Software" or perhaps "Foistware" because it comes bundled with unrelated software. It does no tracking of the user and doesnt' even display advertisements.
As for removing it, they took a lot of shit a couple of years ago because their uninstaller didn't work, so they fixed it. It works perfectly from add/remove and this has been verified by myself and by other members of our message board. If it doesn't for some reason, official and accurate manual instructions are located at http://www.newdotnet.com/#remove
Please do not use HijackThis to remove any part of New.Net. It is a powerful tool, but it is not an antispyware program and not designed to uninstall software. It's purpose is to list anything that is not a default setting so that we can track down brand new spyware. If you don't know for an absolute fact that an entry absolutely should go, leave it and ask for advice first. You can hose Windows pretty good if you are not careful.
Any method of munging the address must still be clickable within the visitor's browser. If it is clickable, it can be harvested. Javascript and html encoding may stop most of the bots, but bots exist that can slurp the address no matter how much javascript you wrap it in.
I use a PHP email form that never sends the address to the to client accessing it. Short of hacking the server and looking at the php script in plain text, there is no way to harvest the address. I have no need to let the public know my address. If they want to email me, use the form or use my site's message board.
I don't want the guy getting slashdotted, so I won't link his site. If you really want the script I use (available in PHP or ASP), go to hotscripts.com and search for dbmaster's mail form.
AOL is not hacking anything. It's an update to their software that does this, not some 1337 a0l h4x0r tech blowing past the firewall.
Jesus, even for slashdot this is too much FUD.
Granted, AOL should at least prompt the damn user. Turning off a service without asking is unacceptable.
DISABLE MESSENGER SERVICE? MESSENGER SERVICE
CAN BE USED TO DELIVER UNWANTED POP UP ADS.
[*YES*] [NO]
Oh wait, my bad. This is a multi-billion dollar corporation. Why should they give a shit what their customers want?
Well. In that case all they have to do is make the ad pop-up when you click a link on their site.
The difference being, a pop-up/pop-under is unrequested and unwanted. On the other hand, if I want an ad, because maybe I'm actually looking for to buy something on that site, then that is something I want. Otherwise why would I click the link?
By refusing to buy music from any source, you are simply fueling their fire.
Not all artists are RIAA members. There is no reason to boycott a third party who has nothing to do with this or who may not be a member because the RIAA disgusts them just as much as it disgusts you.
"Spammers exist because people buy from them. It typically takes from 1,000 to 10,000 spams to make one sale. If you buy from a spammer, you are PERSONALLY responsible for the next 1,000 to 10,000 spams sent... Including the porn spam sent to your kids."
I imagine the same goes for pop ads. I would like your address so I can break your legs on behalf of the 10,000 people who saw an X-10 pop under that you personally financed.
I think the original post is misleading. Gates didn't say anything about forcing updates. He said that by default they would be installed automatically. There was no mention of forcing that.
From the article:
That's fine by me. Make it the default but leave a way to turn it off for those who wish to. Microsoft has a habit of puting out buggy patches that create worse problems than whatever they are fixing.
I wouldn't even mind if they made the off switch hard to find. If someone can't figure out on your own how to turn the thing off, most likely they are exactly the type that needs it turned on.
Hmm... I thought it was just me and this sorry ass proxy software my ISP uses. I've been having these problems for about a week on MSIE, Opera, and Firebird on Win2K. It's been driving me nuts (not a long trip).