When did things change? The same time everything else did.... When somebody figured out that there was a buck to be made. It seems to me that other age old traditions have changed in order to make a profit. Christmas used to be about giving...now it's about buying, Thanksgiving used to be about celebrating our bounty (in the US)...now it's about buying...
Take war for example. Wars used to be declared for merely crappy reasons, now they're declared so Halliburton can get in on the looting and pillaging.
The world changed to reflect a new philosophy: 1. buy off politicians to gain beneficial legislation 2. ???? 3. profit
The official count shows that 66 representatives voted 'nay', Representative Paul is among them. Perhaps you were only counting republicans though, in which case Mr Paul was the only one to vote 'nay'
Interestingly enough, he's also a candidate for the 2008 presidential election. Congressman Paul ran for president once before as a libertarian candidate, but was defeated (no suprise, since only republicrats are allowed to win) He has since aligned himself as a Republican congressman, but maintains libertarian values and has consistently voted against bad policy (he voted against the Patriot act, against Iraq, against the Military Commissions act, and against the John Warner Defense Authorization Act)
As far as I've read, Ron Paul has never made a campaign promise that he didn't keep. If he makes it onto the presidential ballot, he has my vote.
...It scares the hell out of me that you would trust the logs on a compromised system. It's not a matter of trust, it's a matter of collecting the evidence and coming to conclusions based on what is found. Trust isn't part of the equation. I'm not one to jump to conclusions without good proof.
When I speak of system logs, that includes all logs found on the system, not just what is found in the MS Event Viewer. Many applications leave their own logs in various locations that may not be apparent when the system is examined. That is, of course, the point of my original post...
All prosecutors are more interested in the conviction than the truth. Every single one. I can't say that I disagree, but I can still be disturbed that this is the norm. It would be nice to see some ethics introducted into the justice system...
I can't say definitively (because I have no first hand knowledge), as I understand it, the reason for the kapcha verification phrases/passwords (image based words) getting more and more unreadable because the optical character recognition that is used gets better every day.
It wouldn't be difficult to determine if the user had visited the site by visiting the typedurl history in the registry, or the recent history in internet explorer, the cookie folder, and browser history. There are ways to clear those locations.
I'd be suprised if the judge changed his mind based on a speculation by an examiner. There must have been some compelling evidence to show that the boy was not responsible.
It's not that, exactly. It's not easy to commit time to a project that the client didn't authorize. When offering services to a client, they will choose the services they wish to pay for, or that which they believe fits the order to produce evidence. An order may be simply, return all email messages between 1/04 and 1/07 present on the computer.
I can't speak for examiners who actually work child-porn cases....I haven't and hope I never work one of those cases.....but, I can imagine an order to produce all images on a computer. This may or may not account the method in which the messages arrived on the computer. The examiner may follow the order and produce X number of messages with full paths and some metadata about the messages (creation and last accessed dates, EXIF data, etc) Those images would be reviewed and the ones not responsive would not be submitted as evidence. A good examiner might say "hey, this message was in c:\ \hackers-den\hidden-photos\, it might not really belong to the computer owner", but I have little faith in humanity, so I don't think there are many good examiners.
I would imagine that if the boys computer was being used by a hacker, those images were in a location not normally accessed by the general users of the system, or perhaps there was evidence that the system was being remote controlled....but if the examiner was ordered to produce only images, he may have done just that. Think of an auto mechanic who was told that the car wasn't shifting....he may discover that the transmission had a problem and fixed it without knowing that the driver was driving the car in second gear exclusively. He did what he was asked, but if he'd been given the opportunity to investigate, he'd have found that the real problem existed between the seat and steering wheel.
There is an opportunity for justice to occur, if the defendant has an examiner to investigate the evidence, but again the examiner may perform only the tasks he's asked to perform (what the client can afford). Most examiners aren't cheap.
In my business, we deal with corporate clients. One corporation accuses another of something and the evidence preservation order is issued. We arrive to collect and produce the evidence. Email is most common, so we're asked to retrieve all messages for a particular date range and a set of custodians. Those messages are reviewed by the law firm and we move on to the next job.
Our clients don't always choose to use all of the services we suggest. We may offer de-duplication (removal of identical or near-identical messages..like a single message to many recipients would result in a recovered message for all custodians who were recipients, would be reduced to a single message), content filtering (production of messages containing certain keywords), spam filtering, statistics, among others.... The client doesn't always want to spend the extra money for these services.... As with everything else, it's always about money.
this wouldn't be an issue. There are ways to determine (using system logs, install logs, and the vast information available in the system registry) when content arrived and by what method. When it was determined that the system was being remote-controlled, the boy was spared a lifetime of embarrassment.
It' sad to think that the prosecutor was more interested in the conviction than the truth.
As a forensic computer examiner, I'm not always given the opportunity to come to the correct conclusions based on evidence because that's not what I'm asked to do (and if I go beyond what I was asked to do, the client just won't pay for the extra work.) The legal system in this country rewards those who win, who are not always those who tell the truth.
Imagine that you dump a handful of these coins on a single person. You could reliably track that person until he got rid of all but a few of the coins. Use this information to determine the location of a person for kidnapping, assassination, reliable location information during a hotel room search (i.e. "Subject is still in the coffee shop talking to our blonde decoy, make an image of his hard drive")
RFID technology in money isn't a new concept. EETimes reported that the European Central Bank announced in 2001 that by 2005 their money would contain RFID technology.
It's not about having something to hide, it's about protecting the info present within. How many gov't laptops containing personal information of citizens or groups have been stolen in recent history?
Large corporations that deal with private data from their customers should also be required to use full-disk encryption as well. In fact, I recommend some form of encryption for sensitive data to everyone.
Another company "Cyveillance" already does this for major corporations and the government. I've used htaccess rules to disallow all from their assigned netblocks after they racked up almost 20,000 hits to my personal site in one day. As you mentioned, they didn't follow robots.txt and attempted to index parts of my site that are password protected as well as content names that did not exist (music and videos and such), all the while identifying their bot as a variant of IE.
Here's how to block two subnets using htaccess and mod_rewrite on apache:
Line 1 activates the rewrite engine Line 2 sets the condition to include remote addresses 63.148.99.224-255 and includes [OR] to allow further processing Line 3 sets the condition to include remote addresses 63.146.13.64-95 Line 4 sets the rule that any url be forbidden
So, save your bandwidth by denying access to your content from unauthorized viewers (bots)
Believe you me, Microsoft makes money on support. Maybe not consumer releases when covered by warranty, but corporate customers pay dearly for support, as do shops that run older versions of Windows and are willing to pay for it. Custom development is a source of income as well as those stupid microsoft branded hardware devices (keyboards, mice, personal castration devices, etc...)
The old OS doesn't die, it just continues to draw support revenue. Just because Microsoft announces end-of-life status on a product, doesn't mean they're not willing to take money to support the people still running it (and that have pockets deep enough to pay for that support)
The gov abandoned the idea of a state regulated militia in favor of a federally regulated national guard. If the right to bear arms only applies to a state regulated militia, then we lost our right to bear arms many years ago. If the DoJ interpretation of the 2nd amendment stands, then we still have it.
What we should be asking is "WHY?" Why does the government want an unarmed population? The founding fathers made it clear that the purpose of our government was to protect rights. They also warn about modifications to the 2nd amendment.
"A free people [claim] their rights as derived from the laws of nature, and not as the gift of their chief magistrate." - Thomas Jefferson
"[H]owever weak our country may be, I hope we shall never sacrifice our liberties." - Alexander Hamilton
"A strong body makes the mind strong. As to the species of exercises, I advise the gun. While this gives moderate exercise to the body, it gives boldness, enterprise and independence to the mind. Games played with the ball, and others of that nature, are too violent for the body and stamp no character on the mind. Let your gun therefore be your constant companion of your walks." - Thomas Jefferson
"No freeman shall ever be debarred the use of arms." -Thomas Jefferson: Draft Virginia Constitution, 1776.
"[The Constitution preserves] the advantage of being armed which Americans possess over the people of almost every other nation...(where) the governments are afraid to trust the people with arms." -James Madison,The Federalist Papers, No. 46.
"I ask, Sir, what is the militia? It is the whole people. To disarm the people is the best and most effectual way to enslave them." -George Mason, Co-author of the Second Amendment
"The constitutions of most of our States assert that all power is inherent in the people; that... it is their right and duty to be at all times armed;... " -Thomas Jefferson
"The greatest danger to American freedom is a government that ignores the Constitution." -Thomas Jefferson
Gun confiscation leads to a loss of freedom, increased crime, and the government moving to the left. This has already happened in England and Australia. After Great Britain banned most guns in 1997, making armed self-defense punishable as murder, violence skyrocketed because criminals know that law abiding citizens have been disarmed. Armed crime rose 10% in 1998. The Sunday Times of London reported on the new black market in guns: "Up to 3 million illegal guns are in circulation in Britain, leading to a rise in drive-by shootings and gangland-style execution." There has been such a heavy increase in the use of knives for violent attacks that new laws have been passed giving police the power to search anyone for knives in designated areas.
Where are we going? Who is taking us there? Should we be kicking and screaming?
My company servers are also under constant attack. On top of that, I've had two users succumb to spyware keyloggers and had two separate accounts compromised. Email is under constant attack, web servers, ssh and ftp servers, the firewall, the routers..... Dictionary attacks abound, script kiddies run amok...
Passwords work great for me. I, however, use them with care.
Any site that uses financial information (my bank, eBay, PayPal, Amazon, or whatever I'm buying, my own servers, etc.) doesn't get the password stored in any form of password manager. On the other hand, inconsequential services like news sites, LUG sites, aquarium discussion groups and the like may have the passwords stored. If it's important, don't store it, don't write it on a post-it note, don't tell your friends.....people cannot be trusted.
It seems that any security protocol can be circumvented by exploiting the end users who use them poorly or rely on something other than common sense for security.
It took all of about 5 minutes to explain phishing to my girlfriend. Now, she's almost 1/104358506th as paranoid as I am, which is a good start.
I do value my time. Unfortunately, I do not have a large bank account to draw from. I can afford to invest time into my company, while I can't afford to invest the thousands necessary to support an Oracle infrastructure. Time I have.
For those of us who can't afford to run a commercial database package, and have been running open source databases from the beginning, this isn't news. MySQL and Postgres are your friends.
With my bro, it's more of an issue of "I want to run Gentoo because you're running it wish such success."
There are many distros out there for many different purposes. I have a suse system (virtual machine) acting as an LDAP server for development, and another FC5 machine (again, virtual) running jboss, also for development (by my customers request). There are lots of distros out there that all work in their own....er.....unique..way.
Some of the live distros are even pretty cool. There are several that I use for forensics which are non-Gentoo.
Anyway, it takes some dedication to run a system that is user-hostile compared to windows. Some people have what it takes to run these systems, and some don't and shouldn't attempt it.
I must agree that "it isn't that difficult," but my brother had the same issues (which seem to be an inability to read instructions.) I can progress completely through a stage one install in only a few hours when using distcc.
I, personally, don't care for the gui installation method of modern gentoo live cd's because they are not geared toward complex installations (doesn't use LVM, no raid options, etc.)
I found myself helping my brother with EVERY step of the installation process. The only part he was able to do on his own was burn the live cd and boot the system from cdrom. I've been kicking myself ever since because he refuses to go back to windows (which is where I believe he belongs) and I'm asked to fix his system every time he decides to use emerge (kicking myself for telling him how portage works)
Anyway, It's my firm belief that Linux isn't for everyone, and that Gentoo is for fewer still. RTFM is more than a suggestion when Gentoo is involved. Many users are baffled when they must read anything other than "OK" or "Cancel"
My mom recently asked (because she's constantly having virus and spyware issues) if I would set her system up running Linux. I very quickly said "NO." If I've learned anything from my experience with my brother, it's that Linux is for the patient, resourceful and knowledgeable few.
I must agree with you. As a forensic examiner, I would hesitate to say that any data is 'difficult to process without loss.' This begs the defense to go over the forensic procedures with a fine toothed comb and their own expert in order to throw doubt on the validity of the data. They'd have been better off to keep their mouths shut and find a commidore expert.
It's been a while since I touched a commidore, but it occurs to me that they could use serial and z-modem and upload the files. No direct disk copying necessary. Port MD5SUM to commidore and sum the disk contents, then sum the contents uploaded - done.
There are far too many people involved in computer crime investigation that shouldn't be allowed to touch a computer. This evidence will probably be tainted by the time they're done with it.
Slashdot Mirror
Take war for example. Wars used to be declared for merely crappy reasons, now they're declared so Halliburton can get in on the looting and pillaging.
The world changed to reflect a new philosophy:
1. buy off politicians to gain beneficial legislation
2. ????
3. profit
The official count shows that 66 representatives voted 'nay', Representative Paul is among them. Perhaps you were only counting republicans though, in which case Mr Paul was the only one to vote 'nay'
Interestingly enough, he's also a candidate for the 2008 presidential election. Congressman Paul ran for president once before as a libertarian candidate, but was defeated (no suprise, since only republicrats are allowed to win) He has since aligned himself as a Republican congressman, but maintains libertarian values and has consistently voted against bad policy (he voted against the Patriot act, against Iraq, against the Military Commissions act, and against the John Warner Defense Authorization Act)
As far as I've read, Ron Paul has never made a campaign promise that he didn't keep. If he makes it onto the presidential ballot, he has my vote.
...It scares the hell out of me that you would trust the logs on a compromised system. It's not a matter of trust, it's a matter of collecting the evidence and coming to conclusions based on what is found. Trust isn't part of the equation. I'm not one to jump to conclusions without good proof.When I speak of system logs, that includes all logs found on the system, not just what is found in the MS Event Viewer. Many applications leave their own logs in various locations that may not be apparent when the system is examined. That is, of course, the point of my original post...
I can't say definitively (because I have no first hand knowledge), as I understand it, the reason for the kapcha verification phrases/passwords (image based words) getting more and more unreadable because the optical character recognition that is used gets better every day.
It wouldn't be difficult to determine if the user had visited the site by visiting the typedurl history in the registry, or the recent history in internet explorer, the cookie folder, and browser history. There are ways to clear those locations.
I'd be suprised if the judge changed his mind based on a speculation by an examiner. There must have been some compelling evidence to show that the boy was not responsible.
It's not that, exactly. It's not easy to commit time to a project that the client didn't authorize. When offering services to a client, they will choose the services they wish to pay for, or that which they believe fits the order to produce evidence. An order may be simply, return all email messages between 1/04 and 1/07 present on the computer.
I can't speak for examiners who actually work child-porn cases....I haven't and hope I never work one of those cases.....but, I can imagine an order to produce all images on a computer. This may or may not account the method in which the messages arrived on the computer. The examiner may follow the order and produce X number of messages with full paths and some metadata about the messages (creation and last accessed dates, EXIF data, etc) Those images would be reviewed and the ones not responsive would not be submitted as evidence. A good examiner might say "hey, this message was in c:\ \hackers-den\hidden-photos\, it might not really belong to the computer owner", but I have little faith in humanity, so I don't think there are many good examiners.
I would imagine that if the boys computer was being used by a hacker, those images were in a location not normally accessed by the general users of the system, or perhaps there was evidence that the system was being remote controlled....but if the examiner was ordered to produce only images, he may have done just that. Think of an auto mechanic who was told that the car wasn't shifting....he may discover that the transmission had a problem and fixed it without knowing that the driver was driving the car in second gear exclusively. He did what he was asked, but if he'd been given the opportunity to investigate, he'd have found that the real problem existed between the seat and steering wheel.
There is an opportunity for justice to occur, if the defendant has an examiner to investigate the evidence, but again the examiner may perform only the tasks he's asked to perform (what the client can afford). Most examiners aren't cheap.
In my business, we deal with corporate clients. One corporation accuses another of something and the evidence preservation order is issued. We arrive to collect and produce the evidence. Email is most common, so we're asked to retrieve all messages for a particular date range and a set of custodians. Those messages are reviewed by the law firm and we move on to the next job.
Our clients don't always choose to use all of the services we suggest. We may offer de-duplication (removal of identical or near-identical messages..like a single message to many recipients would result in a recovered message for all custodians who were recipients, would be reduced to a single message), content filtering (production of messages containing certain keywords), spam filtering, statistics, among others.... The client doesn't always want to spend the extra money for these services.... As with everything else, it's always about money.
this wouldn't be an issue. There are ways to determine (using system logs, install logs, and the vast information available in the system registry) when content arrived and by what method. When it was determined that the system was being remote-controlled, the boy was spared a lifetime of embarrassment.
It' sad to think that the prosecutor was more interested in the conviction than the truth.
As a forensic computer examiner, I'm not always given the opportunity to come to the correct conclusions based on evidence because that's not what I'm asked to do (and if I go beyond what I was asked to do, the client just won't pay for the extra work.) The legal system in this country rewards those who win, who are not always those who tell the truth.
If you RTFA, they present a kidnapping scenario.
Imagine that you dump a handful of these coins on a single person. You could reliably track that person until he got rid of all but a few of the coins. Use this information to determine the location of a person for kidnapping, assassination, reliable location information during a hotel room search (i.e. "Subject is still in the coffee shop talking to our blonde decoy, make an image of his hard drive")
RFID technology in money isn't a new concept. EETimes reported that the European Central Bank announced in 2001 that by 2005 their money would contain RFID technology.
if the government introduced legislation that protected its citizens as well as it protects its data.
It's not about having something to hide, it's about protecting the info present within. How many gov't laptops containing personal information of citizens or groups have been stolen in recent history?
Large corporations that deal with private data from their customers should also be required to use full-disk encryption as well. In fact, I recommend some form of encryption for sensitive data to everyone.
Here's how to block two subnets using htaccess and mod_rewrite on apache: Line 1 activates the rewrite engine
Line 2 sets the condition to include remote addresses 63.148.99.224-255 and includes [OR] to allow further processing
Line 3 sets the condition to include remote addresses 63.146.13.64-95
Line 4 sets the rule that any url be forbidden
So, save your bandwidth by denying access to your content from unauthorized viewers (bots)
I can't seem to find hard numbers on the chips, but USB Flash being able to obtain upwards of 13MB/s now puts it faster than U320 SCSI
Believe you me, Microsoft makes money on support. Maybe not consumer releases when covered by warranty, but corporate customers pay dearly for support, as do shops that run older versions of Windows and are willing to pay for it. Custom development is a source of income as well as those stupid microsoft branded hardware devices (keyboards, mice, personal castration devices, etc...)
The old OS doesn't die, it just continues to draw support revenue. Just because Microsoft announces end-of-life status on a product, doesn't mean they're not willing to take money to support the people still running it (and that have pockets deep enough to pay for that support)
Iraq is free? When did that happen?
Last I checked, they were hosting an occupying army and that up to 650,000 Iraqis were dead.
The gov abandoned the idea of a state regulated militia in favor of a federally regulated national guard. If the right to bear arms only applies to a state regulated militia, then we lost our right to bear arms many years ago. If the DoJ interpretation of the 2nd amendment stands, then we still have it.
... it is their right and duty to be at all times armed; ... " -Thomas Jefferson
What we should be asking is "WHY?" Why does the government want an unarmed population? The founding fathers made it clear that the purpose of our government was to protect rights. They also warn about modifications to the 2nd amendment.
"A free people [claim] their rights as derived from the laws of nature, and not as the gift of their chief magistrate." - Thomas Jefferson
"[H]owever weak our country may be, I hope we shall never sacrifice our liberties." - Alexander Hamilton
"A strong body makes the mind strong. As to the species of exercises, I advise the gun. While this gives moderate exercise to the body, it gives boldness, enterprise and independence to the mind. Games played with the ball, and others of that nature, are too violent for the body and stamp no character on the mind. Let your gun therefore be your constant companion of your walks." - Thomas Jefferson
"No freeman shall ever be debarred the use of arms." -Thomas Jefferson: Draft Virginia Constitution, 1776.
"[The Constitution preserves] the advantage of being armed which Americans possess over the people of almost every other nation...(where) the governments are afraid to trust the people with arms." -James Madison,The Federalist Papers, No. 46.
"I ask, Sir, what is the militia? It is the whole people. To disarm the people is the best and most effectual way to enslave them." -George Mason, Co-author of the Second Amendment
"The constitutions of most of our States assert that all power is inherent in the people; that
"The greatest danger to American freedom is a government that ignores the Constitution." -Thomas Jefferson
Gun confiscation leads to a loss of freedom, increased crime, and the government moving to the left. This has already happened in England and Australia. After Great Britain banned most guns in 1997, making armed self-defense punishable as murder, violence skyrocketed because criminals know that law abiding citizens have been disarmed. Armed crime rose 10% in 1998. The Sunday Times of London reported on the new black market in guns: "Up to 3 million illegal guns are in circulation in Britain, leading to a rise in drive-by shootings and gangland-style execution." There has been such a heavy increase in the use of knives for violent attacks that new laws have been passed giving police the power to search anyone for knives in designated areas.
Where are we going? Who is taking us there? Should we be kicking and screaming?
My company servers are also under constant attack. On top of that, I've had two users succumb to spyware keyloggers and had two separate accounts compromised. Email is under constant attack, web servers, ssh and ftp servers, the firewall, the routers..... Dictionary attacks abound, script kiddies run amok...
"Land Of The Fee"
Isn't it nice to know that justice is affordable, only $14.5 million
Why does the National Institute of Standards and Technology hate trees?
Because trees don't believe in democratic elections.
Passwords work great for me. I, however, use them with care.
Any site that uses financial information (my bank, eBay, PayPal, Amazon, or whatever I'm buying, my own servers, etc.) doesn't get the password stored in any form of password manager. On the other hand, inconsequential services like news sites, LUG sites, aquarium discussion groups and the like may have the passwords stored. If it's important, don't store it, don't write it on a post-it note, don't tell your friends.....people cannot be trusted.
It seems that any security protocol can be circumvented by exploiting the end users who use them poorly or rely on something other than common sense for security.
It took all of about 5 minutes to explain phishing to my girlfriend. Now, she's almost 1/104358506th as paranoid as I am, which is a good start.
Now, I'm out of tinfoil......off to the store.
only free if you don't value your time
I do value my time. Unfortunately, I do not have a large bank account to draw from. I can afford to invest time into my company, while I can't afford to invest the thousands necessary to support an Oracle infrastructure. Time I have.
For those of us who can't afford to run a commercial database package, and have been running open source databases from the beginning, this isn't news. MySQL and Postgres are your friends.
With my bro, it's more of an issue of "I want to run Gentoo because you're running it wish such success."
....er.....unique..way.
There are many distros out there for many different purposes. I have a suse system (virtual machine) acting as an LDAP server for development, and another FC5 machine (again, virtual) running jboss, also for development (by my customers request). There are lots of distros out there that all work in their own
Some of the live distros are even pretty cool. There are several that I use for forensics which are non-Gentoo.
Anyway, it takes some dedication to run a system that is user-hostile compared to windows. Some people have what it takes to run these systems, and some don't and shouldn't attempt it.
I must agree that "it isn't that difficult," but my brother had the same issues (which seem to be an inability to read instructions.) I can progress completely through a stage one install in only a few hours when using distcc.
I, personally, don't care for the gui installation method of modern gentoo live cd's because they are not geared toward complex installations (doesn't use LVM, no raid options, etc.)
I found myself helping my brother with EVERY step of the installation process. The only part he was able to do on his own was burn the live cd and boot the system from cdrom. I've been kicking myself ever since because he refuses to go back to windows (which is where I believe he belongs) and I'm asked to fix his system every time he decides to use emerge (kicking myself for telling him how portage works)
Anyway, It's my firm belief that Linux isn't for everyone, and that Gentoo is for fewer still. RTFM is more than a suggestion when Gentoo is involved. Many users are baffled when they must read anything other than "OK" or "Cancel"
My mom recently asked (because she's constantly having virus and spyware issues) if I would set her system up running Linux. I very quickly said "NO." If I've learned anything from my experience with my brother, it's that Linux is for the patient, resourceful and knowledgeable few.
I've been accused of being elitist before....
I must agree with you. As a forensic examiner, I would hesitate to say that any data is 'difficult to process without loss.' This begs the defense to go over the forensic procedures with a fine toothed comb and their own expert in order to throw doubt on the validity of the data. They'd have been better off to keep their mouths shut and find a commidore expert.
It's been a while since I touched a commidore, but it occurs to me that they could use serial and z-modem and upload the files. No direct disk copying necessary. Port MD5SUM to commidore and sum the disk contents, then sum the contents uploaded - done.
There are far too many people involved in computer crime investigation that shouldn't be allowed to touch a computer. This evidence will probably be tainted by the time they're done with it.