How about you start prosecuting nations actively participating in cyber attacks on your countries? Surely it's more of a threat!
The 'Anonymous' name gives crackers that already were hacking before a name to go under. Basically anyone who can quote "We are legion" and is already hacking can now put up a sweet little front.
So NATO: stop chasing ghosts. Sure they could make a few arrests but I imagine there are more sects of anonymous than there are nations. The terrible truth to this situation is that once they start openly prosecuting who they think is "Anonymous" every blackhat will be given an excuse to start their campaigns on them. "Provoking the wrath of anonymous" actually means "painting targets on hackers and paying the price". Anonymous wants to stay anonymous they shouldn't go provoking an enemy they don't know or understand.
The quintessential example is HBGary; learn from history.
Does anyone remember how to plan ahead before we had smartphones? Bring a netbook, connect to a local hotspot and search from there. If really need be use your cellphone to access said searched data by sending it over via bluetooth. The point of a vacation is disconnection for most people you will be doing yourself a great disservice complicating your time there.
This is great. I have no problem with the citizens of China (I actually have a particular fondness for Eastern philosophy and the martial arts like wushu) but I have MANY issues with their government. Any aggression they can show against their suppressors is a good thing in my book, violent or otherwise. Sometimes peaceful protest just _doesn't work_. Gandhi would've "dissappeared" in modern China. Be pissed China! Go overthrow your government one shoe at a time until they can't possibly cover the information/press from the revolt!
Only when the idea of liberty spreads that it can manifest into a powerful force against its enemies.
It's the US govt just putting shit on terrorist leaders' reputations. The tactic isn't uncommon but it might be more effective against religious extremists. I say good move, fake or not! Wars aren't just fought with bullets (like the one going thru Bin Landin's brain, hohoho)
It calls back more than I would think necessary... I was doing some malware analysis last night and I mistook an outbound connection from explorer.exe to be the trojan launching a remote thread inside the process. I whois'd the IP to find it was a Microsoft block, completely unrelated to what I was doing, but it made me wonder why is explorer.exe calling back? and with what??
IMHO:
Microsoft has been failing at mobile markets, it has openly stated that it doesn't see value in *pad/*tablet because it can't see it as being an irreplaceable entity. Well they jumped on the bandwagon too little and too late and now they have a real chance to gain power in new markets to make up for it. It's not news that the desktop market is still widely dominated by them but what will become evident (if isn't already blaringly obvious) is that the desktop is soon to see extinction. I don't mean that desktops will stop being used I'm saying you will be reading your slashdot from your tv, your phone, your pad, or perhaps another interface that has yet to be imagined/developed much more than that bulky thing under your desk. Anyway the new interfaces are being made now and if they have any sense they will make this tech cheaper (mass production) and start licensing with the next DVR installed in your house. I'm no fan of microsoft, but as a passive observer and a speculative commentator it seems almost too simple to me.
No actually if we weren't clicking the ads they wouldn't be giving us said ads. Some dumbass is clicking it, that's why they put it up there.
Anyway, I think this guy has a great point: so much brain has towards goals that don't push the world further but perhaps hold us back. Finally some good material on slashdot to think over.
The trick to being a successful criminal (or so i've read) is to assume that you will be caught and plan ahead: don't brag, have your harddrives encrypted and off when not in use, never use a handle associated with one you box from home, etc. But most importantly don't break anymore laws than you absolutely have to to gain your objective because each one furthers your sentencing. These just seem obvious but as the parent says people let their guard down when they think that no one will ever catch them.
Try reliably exploiting thousands of browsers on several different platforms and different environments to get at info. Or just send one well crafted email to a low-level employee of a company that controls the targeted information on a cloud and start a spear phishing campaign. Hrm.. Which is harder to do?
Sure you could do binary analysis and network traffic capturing but both of these things can be veiled in obscurity. Binary analysis is often extremely time consuming (especially if the author of said (spy|mal)ware is using anti-debugging tricks and self encryption which prevents normal strings from being extracted). As for the network monitoring it's possible to use stenography to pipe out information in things as obscure as DNS requests and outgoing TCP headers. But there is nothing that says keylogger quite like a hook seen from a kernel debugger. Gotta go to the source. Can't say this StarKeylogger would employ any of these techniques tho. I'm feeling just as lazy as the person who pointed said keylogger out in the first place.
We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one
I love how all this ruckus was caused by one "security researcher" who couldn't even confirm an actual keylogger was on the system produced by a second rate antivirus. It was a false positive as we find out but it's a big slap in the face to the guy who called it without verifying. All the Antivirus did afterall was spot a suspicious directory. A responsible security researcher would have gone further to confirm the issue rather than try to plaster his name against Samsung. If you've got a kernel debugger USE IT!
Slashdot Mirror
Is it just me or is creating "buzz"words nowadays an actual career path? (a lucrative one at that).
The 'Anonymous' name gives crackers that already were hacking before a name to go under. Basically anyone who can quote "We are legion" and is already hacking can now put up a sweet little front.
So NATO: stop chasing ghosts. Sure they could make a few arrests but I imagine there are more sects of anonymous than there are nations. The terrible truth to this situation is that once they start openly prosecuting who they think is "Anonymous" every blackhat will be given an excuse to start their campaigns on them. "Provoking the wrath of anonymous" actually means "painting targets on hackers and paying the price". Anonymous wants to stay anonymous they shouldn't go provoking an enemy they don't know or understand.
The quintessential example is HBGary; learn from history.
Does anyone remember how to plan ahead before we had smartphones? Bring a netbook, connect to a local hotspot and search from there. If really need be use your cellphone to access said searched data by sending it over via bluetooth. The point of a vacation is disconnection for most people you will be doing yourself a great disservice complicating your time there.
way to expand the waist AC
I like big butts and I cannot lie.
Then you should start suing someone. It's all the rage these days ;)
This is great. I have no problem with the citizens of China (I actually have a particular fondness for Eastern philosophy and the martial arts like wushu) but I have MANY issues with their government. Any aggression they can show against their suppressors is a good thing in my book, violent or otherwise. Sometimes peaceful protest just _doesn't work_. Gandhi would've "dissappeared" in modern China. Be pissed China! Go overthrow your government one shoe at a time until they can't possibly cover the information/press from the revolt! Only when the idea of liberty spreads that it can manifest into a powerful force against its enemies.
It's the US govt just putting shit on terrorist leaders' reputations. The tactic isn't uncommon but it might be more effective against religious extremists. I say good move, fake or not! Wars aren't just fought with bullets (like the one going thru Bin Landin's brain, hohoho)
Makes damn good sense.
It calls back more than I would think necessary... I was doing some malware analysis last night and I mistook an outbound connection from explorer.exe to be the trojan launching a remote thread inside the process. I whois'd the IP to find it was a Microsoft block, completely unrelated to what I was doing, but it made me wonder why is explorer.exe calling back? and with what??
Great another vector. *fingers crossed* I hope they're sandboxing.
IMHO: Microsoft has been failing at mobile markets, it has openly stated that it doesn't see value in *pad/*tablet because it can't see it as being an irreplaceable entity. Well they jumped on the bandwagon too little and too late and now they have a real chance to gain power in new markets to make up for it. It's not news that the desktop market is still widely dominated by them but what will become evident (if isn't already blaringly obvious) is that the desktop is soon to see extinction. I don't mean that desktops will stop being used I'm saying you will be reading your slashdot from your tv, your phone, your pad, or perhaps another interface that has yet to be imagined/developed much more than that bulky thing under your desk. Anyway the new interfaces are being made now and if they have any sense they will make this tech cheaper (mass production) and start licensing with the next DVR installed in your house. I'm no fan of microsoft, but as a passive observer and a speculative commentator it seems almost too simple to me.
You wanna see my spaceship?
Wind Turbine Firm hack confirmed: "Oh wait, never mind. We found his rootkit on port 31337 going out from our webserver! D'oh!"
No actually if we weren't clicking the ads they wouldn't be giving us said ads. Some dumbass is clicking it, that's why they put it up there. Anyway, I think this guy has a great point: so much brain has towards goals that don't push the world further but perhaps hold us back. Finally some good material on slashdot to think over.
Now I'll have to watch Interstella 5555 now in 5+ parts with advertisements rather than in 1 medium quality Google Video stream :-(
I'm not a criminal. I'm just an observer of crimes and I find them interesting. These are only my observations. Nothing more.
The trick to being a successful criminal (or so i've read) is to assume that you will be caught and plan ahead: don't brag, have your harddrives encrypted and off when not in use, never use a handle associated with one you box from home, etc. But most importantly don't break anymore laws than you absolutely have to to gain your objective because each one furthers your sentencing. These just seem obvious but as the parent says people let their guard down when they think that no one will ever catch them.
Try reliably exploiting thousands of browsers on several different platforms and different environments to get at info. Or just send one well crafted email to a low-level employee of a company that controls the targeted information on a cloud and start a spear phishing campaign. Hrm.. Which is harder to do?
Made my day hearing this!
To boldly go where no man has gone before...
If you can read English then please replace then with than in the last sentence. Ok thanks bye
Sure you could do binary analysis and network traffic capturing but both of these things can be veiled in obscurity. Binary analysis is often extremely time consuming (especially if the author of said (spy|mal)ware is using anti-debugging tricks and self encryption which prevents normal strings from being extracted). As for the network monitoring it's possible to use stenography to pipe out information in things as obscure as DNS requests and outgoing TCP headers. But there is nothing that says keylogger quite like a hook seen from a kernel debugger. Gotta go to the source. Can't say this StarKeylogger would employ any of these techniques tho. I'm feeling just as lazy as the person who pointed said keylogger out in the first place.
We believed someone who used a 3rd rate antivirus and didnt verify with a kernel debugger? FAIL on all our parts especially the "security researcher" who so thoroughly researched this one
I love how all this ruckus was caused by one "security researcher" who couldn't even confirm an actual keylogger was on the system produced by a second rate antivirus. It was a false positive as we find out but it's a big slap in the face to the guy who called it without verifying. All the Antivirus did afterall was spot a suspicious directory. A responsible security researcher would have gone further to confirm the issue rather than try to plaster his name against Samsung. If you've got a kernel debugger USE IT!