Yeah right. If someone goes around with pictures of child porn taped to their car, everyone who sees the car drive by is a criminal. If you think that is how it works you are a dumbass.
Unfortunately, in many places, this is indeed how it works. But fortunately, the car owner goes to jail too (and will get a higher penalty for being a distributor), discouraging any such "pranks".
But beware of cases where the owner of the metaphorical "car" cannot be easily determined. MAFIAA supporters has been know to booby trap music and movie files in peer-to-peer networks to contain child porn just in order to get downloaders into bigger trouble than mere copyright infringment...
Remember, potential jurors: no mens rea (guilty mind) no conviction, no matter what the law says. Just vote Not Guilty.
Not in Luxembourg. Even if the law explicitly says that it is only an offence if done "knowingly and deliberately" (sciemment), a crooked judge may disregard that requirement if she feels that just by being a computer professional, you know in intricate detail what goes on on all your computers.
And sometimes even the "deliberate" part is stricken from the law if the judge fells like it... or if she has another reason to hate you (such as having successfully contributed to derailing a huge construction project to be developed by one of her good friends)
Case in point, I know a guy who ended up with "something" on his computer (he never actually was officially informed about what exactly that "something" was supposed to be, even after the trial). He ended up being convicted, despite our child porn law saying that it is an offence only if you knowingly and deliberately possess it, which was not the case. As proof for the "knowing and deliberate" part, the judge simply used the fact that the guy was a computer professional, and a professional just knows whatever is going on in his computer...
I was under the impression that it was wrong to dig through a customer's files without reason, and possibly in-itself illegal to do so, even if it is a widespread practice.
... and in this particular case, it would not only be against privacy protection laws but also against other parts of child pornography laws.
Indeed, while digging through customer's files for this reason would be knowingly searching for child pornography which is itself illegal...
So, do that to a customer who knows the judge better than you, and it would be you, the PC repair technician, that would be doing jailtime for child pornography, and "they" sure as hell would make sure that your jailmates would know about your fondness for child pornography.
Maybe for the same reason why they wouldn't want to report evidence of witchcraft if they encountered that?
Personally, I'd only report it if the owner was a right-wing politician, a judge in bed with shady building contractors, or a forensic expert bragging on facebook about his fondness for the Microsoft Digital Crimes Unit.
Why does the kernel need to store login info, certificates, and the like?
While the question is legit, it has nothing to do with the bug.
The bug is a reference counting issue, where an attacker can trick the kernel to release a buffer and reallocate it to another purpose, while the original process still holds a reference to it. That process can then abuse its reference (from the old purpose) to mess with the buffer (in its new purpose) in such a way that it obtains root privileges.
It just happens that the original purpose was indeed about key management. But the bug would work just the same way if that purpose was something else. And the vulnerability even exists if this kernel feature is not used at all. It is not about disclosure of keys or anything like this.
Assuming he was using the web in the normal manner, it isn't that hard. IP address to ISP to name to email.
I know, but for that you would need:
Access to the web server's (or a proxy's) log to get the IP
Access to the victim's ISP server's log to go from the IP to a name
This is indeed a trivial exercise for the NSA, but usually far beyond the reach of a random "do-gooder".
Its usually a law enforcement thing for people to bother, but never underestimate do-gooders ability to turn something simple like surfing some pages into a life and death situation.
I know. Especially if it's do-gooders within law enforcement. But it's rather unlikely that they would troll visitors of alcoholism websites. Unless they were targeting your friend specifically already for other reasons...
A good experiment for someone would be to post some messages on some suicide sites and see what happens.
But in your case, your friend was merely reading those pages, not participating in the forum discussions, or was he?
That being said, it's a cultural thing. Here in Europe, you wouldn't get into trouble for posting on suicide boards even with your real name... (general questions, of course, specific plans would be another matter, but even that would be rather unlikely to get sb into trouble here)
All you can eat buffets clearly understand that they need to feed people all they can eat, if that turns out to not be a profitable stance they charge FUTURE customers more or offer less, but they don't kick out people who took them up on the offer.
No, but they can tell all customers in the room "sorry, we're out of grilled pork". Customers are still free to stay (... and partake in the other foods, that may still be left). And they still need to pay full price, even those that look like Miss Piggy:-)
While most are probably avoidable, saying that they are "in no way" unavoidable is somewhat over the top. Consider abortions for medical reasons, for instance (in cases where both the mother and child would die if the pregnancy came to term).
I had the same experience when moving from the USA to North Korea. Really, people complaining about the US turning into a police state don't know how good they actually have it...
StartsWithABang isn't enough???
Oh, of course, everyone else has to change the way they do things, since you, delicate flower, are simply incapable of doing the same.
In that, why not accept all submissions, without any editorial oversight whatsoever. Or even have monkeys type them up...
Slashdot is getting more and more worthless by the day:-(
Slashdot Mirror
The recorded conversation with your buddy on your tapped cell phone where you brag about it.
So, just don't brag about it.
Yeah right. If someone goes around with pictures of child porn taped to their car, everyone who sees the car drive by is a criminal. If you think that is how it works you are a dumbass.
Unfortunately, in many places, this is indeed how it works. But fortunately, the car owner goes to jail too (and will get a higher penalty for being a distributor), discouraging any such "pranks".
But beware of cases where the owner of the metaphorical "car" cannot be easily determined. MAFIAA supporters has been know to booby trap music and movie files in peer-to-peer networks to contain child porn just in order to get downloaders into bigger trouble than mere copyright infringment...
Remember, potential jurors: no mens rea (guilty mind) no conviction, no matter what the law says. Just vote Not Guilty.
Not in Luxembourg. Even if the law explicitly says that it is only an offence if done "knowingly and deliberately" (sciemment), a crooked judge may disregard that requirement if she feels that just by being a computer professional, you know in intricate detail what goes on on all your computers.
Case in point, I know a guy who ended up with "something" on his computer (he never actually was officially informed about what exactly that "something" was supposed to be, even after the trial). He ended up being convicted, despite our child porn law saying that it is an offence only if you knowingly and deliberately possess it, which was not the case. As proof for the "knowing and deliberate" part, the judge simply used the fact that the guy was a computer professional, and a professional just knows whatever is going on in his computer...
That being said, time flies like an arrow but fruit flies like a banana :-)
Does witchcraft involve the rape of children? If not then shut the fuck up...
No, but it does involve throwing children into a vat of boiling chese. Now you shut up.
I was under the impression that it was wrong to dig through a customer's files without reason, and possibly in-itself illegal to do so, even if it is a widespread practice.
... and in this particular case, it would not only be against privacy protection laws but also against other parts of child pornography laws.
Indeed, while digging through customer's files for this reason would be knowingly searching for child pornography which is itself illegal...
So, do that to a customer who knows the judge better than you, and it would be you, the PC repair technician, that would be doing jailtime for child pornography, and "they" sure as hell would make sure that your jailmates would know about your fondness for child pornography.
why would anyone NOT want to report it?
Maybe for the same reason why they wouldn't want to report evidence of witchcraft if they encountered that?
Personally, I'd only report it if the owner was a right-wing politician, a judge in bed with shady building contractors, or a forensic expert bragging on facebook about his fondness for the Microsoft Digital Crimes Unit.
Why does the kernel need to store login info, certificates, and the like?
While the question is legit, it has nothing to do with the bug.
The bug is a reference counting issue, where an attacker can trick the kernel to release a buffer and reallocate it to another purpose, while the original process still holds a reference to it. That process can then abuse its reference (from the old purpose) to mess with the buffer (in its new purpose) in such a way that it obtains root privileges.
It just happens that the original purpose was indeed about key management. But the bug would work just the same way if that purpose was something else. And the vulnerability even exists if this kernel feature is not used at all. It is not about disclosure of keys or anything like this.
Assuming he was using the web in the normal manner, it isn't that hard. IP address to ISP to name to email.
I know, but for that you would need:
This is indeed a trivial exercise for the NSA, but usually far beyond the reach of a random "do-gooder".
Its usually a law enforcement thing for people to bother, but never underestimate do-gooders ability to turn something simple like surfing some pages into a life and death situation.
I know. Especially if it's do-gooders within law enforcement. But it's rather unlikely that they would troll visitors of alcoholism websites. Unless they were targeting your friend specifically already for other reasons...
A good experiment for someone would be to post some messages on some suicide sites and see what happens.
But in your case, your friend was merely reading those pages, not participating in the forum discussions, or was he?
That being said, it's a cultural thing. Here in Europe, you wouldn't get into trouble for posting on suicide boards even with your real name... (general questions, of course, specific plans would be another matter, but even that would be rather unlikely to get sb into trouble here)
Now I'm curious: how did those "well meaning" people find out? Or did he actually browse these sites from his work computer, rather than from home?
The Maginot line ...
... and, most importantly, it was not yet finished. The parts along the Belgian border were still missing (but planned).
But anyways, feel free to post your Paypal here, I'm sure plenty of people around here would be able to make good use of it :-)
So stop visiting those sites.
Sure, I'll just remove Zendesk and Cisco from the list of companies I occasionally have to do work with. I'm sure that will work out well.
Why not? Grow a pair, and the world will be a better place.
All you can eat buffets clearly understand that they need to feed people all they can eat, if that turns out to not be a profitable stance they charge FUTURE customers more or offer less, but they don't kick out people who took them up on the offer.
No, but they can tell all customers in the room "sorry, we're out of grilled pork". Customers are still free to stay (... and partake in the other foods, that may still be left). And they still need to pay full price, even those that look like Miss Piggy :-)
That's akin to saying "you can always say no" even if someone has a gun pointed to your head... Technically true, but you'd end up shot.
I've never seen picketers accosting people outside of gun shops
Yeah, I really wonder why that is....
but abortions are in no way unavoidable.
While most are probably avoidable, saying that they are "in no way" unavoidable is somewhat over the top. Consider abortions for medical reasons, for instance (in cases where both the mother and child would die if the pregnancy came to term).
Vigil-antis.
ROTFL.
Exactly!
I had the same experience when moving from the USA to North Korea. Really, people complaining about the US turning into a police state don't know how good they actually have it...
StartsWithABang isn't enough???
Oh, of course, everyone else has to change the way they do things, since you, delicate flower, are simply incapable of doing the same.
In that, why not accept all submissions, without any editorial oversight whatsoever. Or even have monkeys type them up...
Slashdot is getting more and more worthless by the day :-(
Contents matching the summary can be found at wikipedia
... please at least check whether the links in the submission are going anywhere...
A good point for data protection laws as in the EU. Here companies can be held criminally responsible if they breach their duty of care.