This can be seen easily using a transparent proxy and man in the middle techniques.
Or from the hard drive of the computer browsing, if the person is using Internet Explorer with its default settings. Last I checked, Internet Explorer caches SSL encrypted web pages to disk, by default, when you browse "secure" sites. In Firefox, SSL pages are never cached by default, but nothing stops an employer from enabling that feature in Firefox.
1) Installing a plugin requires more than just a space bar press. More like, type in a string or sign it with your name.
Or they could make the least dangerous of all actions be selected by default in dialogs. So instead of having "Install" selected by default when the plugin install pops up, have "Cancel" selected. That way if you hit the spacebar or enter key accidentally, you merely cancel out of something instead of having a potentially dangerous plugin installed.
Actually, Knoppix does touch the drive if you have any swap partitions around. For any kind of forensics usage of Knoppix, pass it the "noswap" option.
Are you sure about this? I burned The Open CD with k3b and it never tested the CD using any embedded checksum, and this is with k3b 0.11.18 in KDE 3.3.2. All k3b did was report to me the md5sum of the iso, but again the only way to verify the md5sum was to go to a mirror and compare the md5sum to what k3b reports.
Also, it is unwise to grab md5sums from the same mirror you downloaded a file from since if the mirror is hacked, someone can also change the md5sums on the same server.
One thing that amuses me is sites that include the MD5 checksum on the download page. Yes, because if someone got in and changed the tarball, they sure wouldn't even bother updating that MD5 string at the same time!;)
How would that help if a spammer is using a compromised windows machine to do their spamming from that can't accept emails? Are you assuming spammers actually put their real from address on emails?
and you can plop Mozilla right onto a flash drive from the zip file builds available from the Mozilla.org Foundation.
Mozilla Firefox also has a zip version, but that doesn't mean you can just plop it on removable media and expect it to store its settings there automatically. It still loads and saves its settings right on your hard drive. Can Mozilla store settings on the same drive that its zip was extracted to when regular Mozilla Firefox builds don't, even if the drive letter changes between machines you load it on?
The main problem with scanning for viruses with an infected machine is that the antivirus program may be infected with a virus itself and that may interfere with its ability to find or disinfect that same virus it is also infected with. It is always best to scan for viruses using a known clean setup, such as a bootable floppy or bootable CDROM, to do the scanning.
Wouldn't it also be better to add a bit of "salt" to those email addresses? Otherwise, someone who knows your technique, could just guess a few other addresses to spam you on.
Bug ID 217527 (copy the URL and paste it into a new window to visit), explains the bug. I also have experienced it very often in both their Windows and Linux builds.
The IP blockers most likely do give a false sense of security. The people searching for p2p downloaders don't wave signs saying "hey! I am looking for you! My IP is...." They could very well be a normal peer in the swarm that just logs all IP addresses that give valid chunks of a file.
You could also stick in Darik's Boot and Nuke, provided you want to wipe ALL drives connected to your system and don't have anything you need to backup on them.
I think the original poster is talking about a script that failed to escape the filenames or failed to use, what I call, "end of command line options" (or "what is after this is a non-option") command line option (two dashes) before passing the filenames straight to that command. If a file name or folder name is "-r" (at least in SuSE Linux 9.0 with bash 2.05b), and you do rm -f * without using "--" before the asterisks or without properly escaping the filename list, rm indeed does process it as if you wanted it to wipe all directories recursively.
In Linux, if you're running as a user, the heart of the OS is protected from damage.
Ah. I guess my personal documents aren't important as long as the O/S itself is safe. Afterall, only the heart of the O/S is being protected.
I think linux's strong point is that different daemons typically run as separate non-root users and that limits damage that a compromised daemon could do to other services or other users on the same machine (provided that it can't gain root privileges).
However, one thing I didn't mention, that also speeds up the whole process, is that the ext3 file system will also handle large files with lots of nulls by NOT recording the large chunks of null bytes, just a marker. I tested this by creating a 1.7T (that's terabyte) file on a 40 gig partition. Lots of space left over.
Even funnier is putting that 1.7 terabyte file onto a floppy formatted with ext2 and giving it to someone who uses linux (that didn't know about "sparse" files) and seeing the look on their face when they see the file's size.
Slashdot Mirror
You don't need a credit card to buy from the places I mentioned. They both accept mailed checks for payment.
Why not order your distros on CDs from various companies that download it for you then burn it to CDRs?
Yes.
Could this RSA secureID stuff be in little programs that run on existing cellphones out there?
Or they could make the least dangerous of all actions be selected by default in dialogs. So instead of having "Install" selected by default when the plugin install pops up, have "Cancel" selected. That way if you hit the spacebar or enter key accidentally, you merely cancel out of something instead of having a potentially dangerous plugin installed.
Actually, Knoppix does touch the drive if you have any swap partitions around. For any kind of forensics usage of Knoppix, pass it the "noswap" option.
Also, it is unwise to grab md5sums from the same mirror you downloaded a file from since if the mirror is hacked, someone can also change the md5sums on the same server.
One such site is TheOpenCD's download page. See any md5sums for their iso's on anything but the mirrors themself? While projects like OpenOffice gets things done right.
Maybe some spyware can run in wine?
<data>
AAAAAAAAAAABBBBBBBBBBBBB
</data>
Someone could wrap a binary file with XML tags. Is it suddenly more readable than before?
Assuming spammers even put their real from address on emails they send you instead of putting someone else's valid email address...
How would that help if a spammer is using a compromised windows machine to do their spamming from that can't accept emails? Are you assuming spammers actually put their real from address on emails?
Mozilla Firefox also has a zip version, but that doesn't mean you can just plop it on removable media and expect it to store its settings there automatically. It still loads and saves its settings right on your hard drive. Can Mozilla store settings on the same drive that its zip was extracted to when regular Mozilla Firefox builds don't, even if the drive letter changes between machines you load it on?
The main problem with scanning for viruses with an infected machine is that the antivirus program may be infected with a virus itself and that may interfere with its ability to find or disinfect that same virus it is also infected with. It is always best to scan for viruses using a known clean setup, such as a bootable floppy or bootable CDROM, to do the scanning.
Does this mean there will be an upgrade to the current atomic clock wristwatch?
What filesystem did this work on?
Wouldn't it also be better to add a bit of "salt" to those email addresses? Otherwise, someone who knows your technique, could just guess a few other addresses to spam you on.
Bug ID 217527 (copy the URL and paste it into a new window to visit), explains the bug. I also have experienced it very often in both their Windows and Linux builds.
The IP blockers most likely do give a false sense of security. The people searching for p2p downloaders don't wave signs saying "hey! I am looking for you! My IP is...." They could very well be a normal peer in the swarm that just logs all IP addresses that give valid chunks of a file.
You could also stick in Darik's Boot and Nuke, provided you want to wipe ALL drives connected to your system and don't have anything you need to backup on them.
I think the original poster is talking about a script that failed to escape the filenames or failed to use, what I call, "end of command line options" (or "what is after this is a non-option") command line option (two dashes) before passing the filenames straight to that command. If a file name or folder name is "-r" (at least in SuSE Linux 9.0 with bash 2.05b), and you do rm -f * without using "--" before the asterisks or without properly escaping the filename list, rm indeed does process it as if you wanted it to wipe all directories recursively.
What is a firewall for when you've got no services running by default anyways?
Ah. I guess my personal documents aren't important as long as the O/S itself is safe. Afterall, only the heart of the O/S is being protected.
I think linux's strong point is that different daemons typically run as separate non-root users and that limits damage that a compromised daemon could do to other services or other users on the same machine (provided that it can't gain root privileges).
Even funnier is putting that 1.7 terabyte file onto a floppy formatted with ext2 and giving it to someone who uses linux (that didn't know about "sparse" files) and seeing the look on their face when they see the file's size.