only expected viewing point is at the intended recipient's terminal
Obviously you've never run a BBS in the old days watching email being displayed as it was being typed up in the editor in real time. This was especially true when there was no such thing as multitasking and simply turning on the monitor showed the current state of the BBS and what someone was doing. Good fun watching people play "Legend of the Red Dragon" (LORD).
Even the ECPA recognizes the fact that operators along the way may view emails "in the course of their duty" to make sure the system is working.
The first edition of "Navigating the Internet" which even explains how to do FTP via email gateway, emphasizes the fact that an email is nothing more than a postcard.
Bob cannot go and post an email that Alice sent to him on Facebook
Huh? What?
Name a single court case where this was true in the US. Even those "this is confidential blah blah blah delete if received in error blah blah" "warnings" are nothing but attempts at intimidation with no basis in law.
I know I'm replying to a troll AC, but I feel I should put this here for completeness.
I am a "Unix On The Desktop" kinda guy, whether it be OSX, Solaris, or Linux (even though Linux really isn't Unix and you'd know this if you've ever used a real Unix).
There are a lot of things structurally wrong with Windows that are only now being addressed, and surprise, the solutions tend to be Unix concepts, reinvented poorly.
Lots of things happen within the context of displaying a web page that are potentially risky.
Which is why ActiveX needs to be nuked. Why such a thing is tied to a *web browser* is beyond me, especially because in certain situations it has permission to write to the system directories. Why? It boggles my mind.
If you prevent every risky action from executing
Is it really too much to ask that stuff be sandboxed? Even minimally? Microsoft sacrifices (it seems) even the smallest amount of security in the name of convenience. And on, UAC doesn't count because it wasn't developed for end users - it was made to browbeat developers into not doing stupid things.
If you practice unsafe sex every day because you can't be arsed to use a condom and pick good partners, it's only a matter of time you contract something bad.
The lack of which has led us to see the automatic propagation of badware without user input run rampant in the Windows "ecosystem."
There needs to be a way to stop automatic propagation, and requiring the user to set something as executable, even if it only requires a single click in a dialog box like in KDE, would go a long way to doing this.
comparing ActiveX to Firefox plugins and calling them roughly the same thing
They are not. ActiveX controls are typically dynamic and are one-offs per website. Users are more casual about these than FF plugins. They shouldn't but that's how Microsoft has conditioned them to think about it. Users think longer about whether they need a FF plugin or not, because it's "permanent" and affects the behavior of the whole browser. With regards to flash, I don't like it either, but flash doesn't have as much permission over the system as ActiveX does, which even has access to the system files. There is no way to give flash the permission to write into the system directories.
Internet Explorer already has security zones that apply restrictions based on where content is coming from. Users are prompted whether to run executables.
That's not the same thing *at all* as stripping execute permission.
And you only mention IE. IE is merely one way for a system to import a file. You can download through scp, ftp, gopher, irc, IM, etc. Files brought in from the network need to be stripped of execute permission if you want *any* hope of stopping the automated propagation of badware.
"DEP"
Does not address the issue of separating the type of file from the name of the file at all. If I have a text file and rename it as a.bat, suddenly I have an executable file *with* the permission to execute. It's 2010 and no computer is an island. It's about time we stop doing this in Windows.
I recently had to login to a customer's server remotely. The only method of remote access available was through logmein.com. I had to use ActiveX.
There is no reason to absolutely require ActiveX for such a task. Indeed, I put it to you that the same thing can be done in Java.
Lastly: educating users is infeasible? Really? Not even with a quickstart guide to security? Even automobile manufacturers give out an owner's manual for safe operation. I call bullshit on your assertion.
How about we change things in Windows so it actually prevents infection in the first place?
1. Educate users. Microsoft does a piss-poor job of this. 2. STOP DEPENDING ON 3 MAGIC LETTERS TO DETERMINE IF SOMETHING IS CODE OR DATA. COME ON, SERIOUSLY. THIS SHOULD HAVE DIED WITH CP/M. 3. Kill ActiveX - I know of no legitimate website besides Microsoft.com that requires ActiveX. 4. If a file comes in from the outside world - STRIP ITS PERMISSION TO EXECUTE. MAKE THE USER UNPACK IT FROM AN ARCHIVE OR SET ITS PERMISSION.
Really. Seriously.
No, the above won't cover every situation, but it's a pretty good start.
Motion control is a sub-field of automation, in which the position and/or velocity of machines are controlled using some type of device such as a hydraulic pump, linear actuator, or an electric motor, generally a servo. Motion control is an important part of robotics and CNC machine tools, however it is more complex than in the use of specialized machines, where the kinematics are usually simpler. The latter is often called General Motion Control (GMC). Motion control is widely used in the packaging, printing, textile, semiconductor production, and assembly industries.
I read the title of the summary and hoped that I could watch the comedy as Sony and Microsoft would try to compete against Siemens, GE Fanuc, Mitsubishi, etc, (you know, actual motion control vendors), but then I read it was about video games.
No, you don't get to monitor people through your network, unless it's for monitoring how the network is working. Not without notification to the users (who in this case can't sign a contract legally).
You *do not* get carte blanche to monitor users simply because you spent money and built a network. In order to do that, you need to get a waiver from the users of that network.
If you're going to secretly monitor minors using your network, you are a creepy fuck and you deserve to go to jail because you've just violated the ECPA.
*BMO throws a copy of the ECPA and a copy of Netlaw at your head*
Disabling DeepFreeze is silly, because it's far more effective at combating malware than any "close the barn door after the horse has bolted" anti-virus.
Maybe disabling DeepFreeze helps you get away from being net-nannied but then you become vulnerable to the likes of the Russian Business Network.
Enter DeepFreeze password Make your changes (like your VPN) Refreeze
Just make sure you put it back when you return the laptop, out of courtesy.
No, it's not incompetence. When they actually decide to go after someone, they are typically very competent. People actually go to jail for very long stretches of time.
It's just that it's terribly infrequent that they do their jobs and initiate actions against fraud.
As far as I know, you can opt out of having the school laptop. Even if they don't allow you to opt out on paper, you can still keep the thing in a closet and return it at the end of the school year.
The problem is monitoring software. This was likely illegal since these students *can't* agree to it legally (they can't sign contracts) and the parents didn't know it was there, either. At last check, the FBI was investigating the school for ECPA violation. I hope someone goes to jail over this.
Free software is not a panacea. There is nothing physically preventing the installation of monitoring software on a laptop running Free software. However, we *can* enforce laws already on the books that prevent things like this from happening.
It's a little too late to donate copies of Netlaw by Lance Rose to the school administration.
Bernie Madoff was pointed out repeatedly to the SEC and they did absolutely nothing.
If I have learned anything from the SCO case is that regulators are mostly lazy asses that only go after "high profile" celebrities (like Martha Stewart) to make it *look like* they're doing something. Nailing the Ivan Boeskys of the world comes once every 15 years. In between, it's business as usual.
Real thieves wear shiny suits and everyone looks the other way.
a lot of Zeus' victims lack any kind of working AV?
Have you seen a typical home Windows machine connected to the Internet?
You should get out more.
If the machine actually has AV, it's probably 6 months out of date at a minimum.
I could rant about Windows in general being the most insecure out of the box, but I'm no longer motivated to rant about legacy software anymore. Y'all get what ya get.
-- BMO
Re:Hiding in plain sight
on
Hollow Spy Coins
·
· Score: 2, Insightful
You don't even need a phone that actually uses micro SD cards.
You can tape a micro SD card in the back of a low-end ordinary cellphone. Since the phone isn't viewed even as a computing device, the only way the border agents are going to find anything is if they actually take the back off the phone.
The only way to keep data from entering/leaving the country would be to shut down travel entirely, shut down the mail, shut down the parcel services, and turn the US into North Korea.
I shouldn't say that too loud and give them ideas, should I?
This is late, but you replied to me late, so here goes:
If you don't run IE why do you even care about ActiveX then?
Because it affects people who come up to me and say "My computer is slow please fix it"
--
BMO
I forgot to address this, too:
since a non-trivial effort has to be made to read the contents
No, it's very trivial. Your definition of trivial is flawed.
--
BMO
only expected viewing point is at the intended recipient's terminal
Obviously you've never run a BBS in the old days watching email being displayed as it was being typed up in the editor in real time. This was especially true when there was no such thing as multitasking and simply turning on the monitor showed the current state of the BBS and what someone was doing. Good fun watching people play "Legend of the Red Dragon" (LORD).
Even the ECPA recognizes the fact that operators along the way may view emails "in the course of their duty" to make sure the system is working.
The first edition of "Navigating the Internet" which even explains how to do FTP via email gateway, emphasizes the fact that an email is nothing more than a postcard.
A good summation of email "privacy" is here:
http://www.tinhat.com/email/e_mail_privacy.html
"Email is a postcard" is not a new concept that someone pulled out of his ass one day. This is something going back more than two decades.
If you don't want anyone to see your email, encrypt it.
--
BMO
Bob cannot go and post an email that Alice sent to him on Facebook
Huh?
What?
Name a single court case where this was true in the US. Even those "this is confidential blah blah blah delete if received in error blah blah" "warnings" are nothing but attempts at intimidation with no basis in law.
--
BMO
I know I'm replying to a troll AC, but I feel I should put this here for completeness.
I am a "Unix On The Desktop" kinda guy, whether it be OSX, Solaris, or Linux (even though Linux really isn't Unix and you'd know this if you've ever used a real Unix).
There are a lot of things structurally wrong with Windows that are only now being addressed, and surprise, the solutions tend to be Unix concepts, reinvented poorly.
Have a nice day.
--
BMO
The "And on," doesn't need to be there. it was part of a sentence I deleted.
--
BMO
Lots of things happen within the context of displaying a web page that are potentially risky.
Which is why ActiveX needs to be nuked. Why such a thing is tied to a *web browser* is beyond me, especially because in certain situations it has permission to write to the system directories. Why? It boggles my mind.
If you prevent every risky action from executing
Is it really too much to ask that stuff be sandboxed? Even minimally? Microsoft sacrifices (it seems) even the smallest amount of security in the name of convenience. And on, UAC doesn't count because it wasn't developed for end users - it was made to browbeat developers into not doing stupid things.
If you practice unsafe sex every day because you can't be arsed to use a condom and pick good partners, it's only a matter of time you contract something bad.
I know, it's not a car analogy. Whatever.
--
BMO
So it takes one more click to execute something.
The lack of which has led us to see the automatic propagation of badware without user input run rampant in the Windows "ecosystem."
There needs to be a way to stop automatic propagation, and requiring the user to set something as executable, even if it only requires a single click in a dialog box like in KDE, would go a long way to doing this.
comparing ActiveX to Firefox plugins and calling them roughly the same thing
They are not. ActiveX controls are typically dynamic and are one-offs per website. Users are more casual about these than FF plugins. They shouldn't but that's how Microsoft has conditioned them to think about it. Users think longer about whether they need a FF plugin or not, because it's "permanent" and affects the behavior of the whole browser. With regards to flash, I don't like it either, but flash doesn't have as much permission over the system as ActiveX does, which even has access to the system files. There is no way to give flash the permission to write into the system directories.
--
BMO
Go to south korea, all there is based on ActiveX, so any user must use IE and thus be a Windows user.
So?
It doesn't mean it was a good idea to begin with. The only reason why this happened was an accident of history.
Currently windows shows warning when you try to execute things downloaded from internet.
Through any and all methods? Including mail, ftp, irc, IM, etc?
--
BMO
Internet Explorer already has security zones that apply restrictions based on where content is coming from. Users are prompted whether to run executables.
That's not the same thing *at all* as stripping execute permission.
And you only mention IE. IE is merely one way for a system to import a file. You can download through scp, ftp, gopher, irc, IM, etc. Files brought in from the network need to be stripped of execute permission if you want *any* hope of stopping the automated propagation of badware.
"DEP"
Does not address the issue of separating the type of file from the name of the file at all. If I have a text file and rename it as a .bat, suddenly I have an executable file *with* the permission to execute. It's 2010 and no computer is an island. It's about time we stop doing this in Windows.
I recently had to login to a customer's server remotely. The only method of remote access available was through logmein.com. I had to use ActiveX.
There is no reason to absolutely require ActiveX for such a task. Indeed, I put it to you that the same thing can be done in Java.
Lastly: educating users is infeasible? Really? Not even with a quickstart guide to security? Even automobile manufacturers give out an owner's manual for safe operation. I call bullshit on your assertion.
--
BMO
ActiveX is how your browser runs Flash, Silverlight, Acrobat, Java etc
No, it isn't.
I don't use IE. There is no reason, outside of Microsoft.com for ActiveX to exist.
How about we change things in Windows so it actually prevents infection in the first place?
1. Educate users. Microsoft does a piss-poor job of this.
2. STOP DEPENDING ON 3 MAGIC LETTERS TO DETERMINE IF SOMETHING IS CODE OR DATA. COME ON, SERIOUSLY. THIS SHOULD HAVE DIED WITH CP/M.
3. Kill ActiveX - I know of no legitimate website besides Microsoft.com that requires ActiveX.
4. If a file comes in from the outside world - STRIP ITS PERMISSION TO EXECUTE. MAKE THE USER UNPACK IT FROM AN ARCHIVE OR SET ITS PERMISSION.
Really. Seriously.
No, the above won't cover every situation, but it's a pretty good start.
--
BMO
Thus sayeth the Wikipedia:
That kind.
--
BMO
I read the title of the summary and hoped that I could watch the comedy as Sony and Microsoft would try to compete against Siemens, GE Fanuc, Mitsubishi, etc, (you know, actual motion control vendors), but then I read it was about video games.
Oh well. So much for "news for nerds"
--
BMO
You are now put on notice that you must rent "Breaker Morant" before the weekend is out.
--
BMO
No, you don't get to monitor people through your network, unless it's for monitoring how the network is working. Not without notification to the users (who in this case can't sign a contract legally).
You *do not* get carte blanche to monitor users simply because you spent money and built a network. In order to do that, you need to get a waiver from the users of that network.
If you're going to secretly monitor minors using your network, you are a creepy fuck and you deserve to go to jail because you've just violated the ECPA.
*BMO throws a copy of the ECPA and a copy of Netlaw at your head*
--
BMO
Some free tech advice. Take it or leave it.
Disabling DeepFreeze is silly, because it's far more effective at combating malware than any "close the barn door after the horse has bolted" anti-virus.
Maybe disabling DeepFreeze helps you get away from being net-nannied but then you become vulnerable to the likes of the Russian Business Network.
Enter DeepFreeze password
Make your changes (like your VPN)
Refreeze
Just make sure you put it back when you return the laptop, out of courtesy.
No, it's not incompetence. When they actually decide to go after someone, they are typically very competent. People actually go to jail for very long stretches of time.
It's just that it's terribly infrequent that they do their jobs and initiate actions against fraud.
That's laziness.
--
BMO
As far as I know, you can opt out of having the school laptop. Even if they don't allow you to opt out on paper, you can still keep the thing in a closet and return it at the end of the school year.
The problem is monitoring software. This was likely illegal since these students *can't* agree to it legally (they can't sign contracts) and the parents didn't know it was there, either. At last check, the FBI was investigating the school for ECPA violation. I hope someone goes to jail over this.
Free software is not a panacea. There is nothing physically preventing the installation of monitoring software on a laptop running Free software. However, we *can* enforce laws already on the books that prevent things like this from happening.
It's a little too late to donate copies of Netlaw by Lance Rose to the school administration.
--
BMO
Bernie Madoff was pointed out repeatedly to the SEC and they did absolutely nothing.
If I have learned anything from the SCO case is that regulators are mostly lazy asses that only go after "high profile" celebrities (like Martha Stewart) to make it *look like* they're doing something. Nailing the Ivan Boeskys of the world comes once every 15 years. In between, it's business as usual.
Real thieves wear shiny suits and everyone looks the other way.
--
BMO
I call BS.
How is that a felony? Explain using examples and US law.
I'll wait right here.
--
BMO
After 7 years, I invoke Rule 303.
Rule 303, to the head.
It's the only way to kill zombies.
--
BMO
"so that the FSF can campaign against mandatory, proprietary laptops."
As if Free Non Proprietary Laptops won't in any way be used to spy on students.
THIS IS THE WRONG BATTLE, FSF.
The battle should be for privacy, not against proprietary laptops.
I say this as a Free Software user.
--
BMO
a lot of Zeus' victims lack any kind of working AV?
Have you seen a typical home Windows machine connected to the Internet?
You should get out more.
If the machine actually has AV, it's probably 6 months out of date at a minimum.
I could rant about Windows in general being the most insecure out of the box, but I'm no longer motivated to rant about legacy software anymore. Y'all get what ya get.
--
BMO
You don't even need a phone that actually uses micro SD cards.
You can tape a micro SD card in the back of a low-end ordinary cellphone. Since the phone isn't viewed even as a computing device, the only way the border agents are going to find anything is if they actually take the back off the phone.
The only way to keep data from entering/leaving the country would be to shut down travel entirely, shut down the mail, shut down the parcel services, and turn the US into North Korea.
I shouldn't say that too loud and give them ideas, should I?
--
BMO