Have you ever done data forensics? The first thing you learn is that it's not the same data if it's not on the original storage medium.
Of course, what they SHOULD be able to do is shut the server down, clone the drive, pull the drive that has the warrant, and drop in the cloned drive. Of course, this requires cooperation with the victim, which obviously wasn't available in this case.
To put it another way: they weren't after the hardware OR the data, they were after the incriminating evidence. Data by itself is hearsay (no way to prove beyond a shadow of a doubt that it was preserved in the same state and context).
If we dont let them send bomb threats, we're undermining free speech and the Internet"
To which I reply "They need to find a different way to discourage or stop them from sending bomb threats. Inflicting me with collateral damage in the quest for better law enforcement is unacceptable, and so is removing my ability to speak with anonymity."
Given the choice, I think I'd rather deal with the occasional bomb threat than not be able to speak anonymously.
Or, to totally mangle a famous quote:
"First they came for the anonymous, but I was not anonymous, so I did nothing." That's probably true to life for most people actually....
This myth started during the days of CRT. I remember when LCD laptops became popular, suddenly everyone started making "white" screensavers etc. to conserve energy -- as the backlight isn't affected by the colors, but a charge is needed for each non-white pixel on the screen.
As such, these days, sites like "blackle.com" are actually WASTING energy by the same logic they claim is saving it. The amount of energy saved is likely minimal, but I DO remember adding some "whitening" CSS to my pages a decade or so ago that did give me ever-so-slightly-more battery life on my laptop. I believe that my CSS probably did this more to the markup it automatically repressed from getting interpreted though, more than from the amount of charged pixels cluttering up the screen real-estate.
...new passenger motor vehicles sold in the United States be equipped with an event data recorder that meets the requirements under that part.
This means that a) personal imports wouldn't be required to have them and b) kit cars you build yourself wouldn't be required to have them. It's only a requirement that cars built for the purpose of first sale within the US have them.
Of course, there will likely be amendments to cover the other angles over time.
Are you sure these reasonable religious people are not just dressing up their faith in the trappings of reason to make it sound better?
I think you'll find they're dressing up their faith in trappings of faith, while failing to neglect the application of reason. Since you can't prove God exists and you can't prove God doesn't exist, why not apply reasoning skills to things empirical, and if this reasoning collides with something faith-based, question the roots of that article of faith? Hey... that's even biblical.
Apple hasn't provided the fix because they detect and block most variants with XProtect (soon to be Gatekeeper). However, some variants got through before they pushed out their detection update -- and so now they've got a cleanup issue and no tools to perform automated cleanup. Added to this, static cleanup is non-trivial as the infection changes a bit depending on which version it was and how the victim's computer was configured.
Before the variant that leveraged the Java exploit, infection numbers were low, and protection was high. Within a week, that changed. Also worth noting that Apple blocks the malicious sites that serve up the malware too, as it finds them (via code analysis and in-the-wild reports).
I've run Bard's Tale on the old Apple ][ emulator on my Mac Plus emulator on my 68K Mac emulator on my PPC Mac emulator on my VirtualBox install of 10.4.11 on 10.7.
Interestingly, it actually runs at speed. Too bad there was no decent IIgs emulator for the Plus, or I'd run Dark Castle on it:)
I've also had every major version of the Mac OS (except 10.0 and 10.1, for obvious reasons) running in parallel on the same hardware (from the original Macintosh System 0.3 through to 10.7). Of course THAT tends to slow some of the more recent versions down.
Of course, the reason for this is that Mac malware authors DON'T NEED to write stuff on that level, as they're getting conficker-levels of infection with the current version of Flashback. Remember: it's not about the elegance of the code, it's about the results... and Flashback is giving them GREAT results.
Of course, last year people were saying that we wouldn't see multi-vector attacks with runtime decryption in Mac malware any time soon.
The moral of the story is that programmers are lazy, and only do as much as they have to do to get the job done.
OSX has not had a single virus in the wild since its introduction.
You should have bolded "in the wild" as well -- the MachoMan virus has been around for years -- although it likely wouldn't work on modern Intel macs under OS X 10.7.
The first person to get a virus to spread from machine to machine on OSX will be world famous.
Surprisingly, they liked being anonymous even though they were a researcher -- likely because releasing such a piece of malware would make them extraditable to most developed western countries.
And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
Actually, it's really simple: you can either create an installer package (like last year's Mac FakeAV did) that automatically sets +x, or you can just drop and run shellcode that does chmod +x. Flashback, which we're talking about now, just takes advantage of launch services. In any case, a virus, under the most limited of definitions, wouldn't need to set +x, as it would already have attached itself to an existing process that is already executable.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf/*
This wasn't a trojan; it started off as a trojan, but has morphed into a piece of spyware installed via a third party plugin exploit.
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf.wine.
Or, you could do what these guys did, and exploit Java. Or, you could exploit Flash. Or one of a myriad of other executable platforms common to multiple platforms.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program.
This is overly simplistic. Did you miss the piece of software that made it into the app store that was created by a threat researcher a few months back? It captured user data and sent it back to him. He did it to show how easy it was to bypass Apple's vetting process.
The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
No, there's another difference too: All self-respecting Linux repos vet and compile their own source code; Apple vets the compiled binaries. This means it's MUCH easier to slip something by, as it's not sitting there for the world to see -- just in an obfuscated form for a small number of Apple reviewers to possibly catch.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
To give him credit, I HAVE heard this from Mac users... usually Mac users who call themselves MAC users, and switched to MAC because they got fed up with paying AV subscriptions for the bundleware that came with their previous PC. Why do they say this? Because they misunderstood what long-time Mac users were telling them to convince them to switch platforms.
...only problem is that this is perfectly happy to run in userland with no admin priveleges, and so doesn't need admin rights to snarf your online account usernames and passwords and send them back to the collection point.
As an exercise, try installing software in ~/Applications/ -- you'll find you don't need admin privs, and it will run just fine as long as it doesn't require access to restricted resources.
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
This was closed by Apple on Tuesday, April 3. A month after the exploit was patched by Microsoft. A week after Metasploit stated that it was trivial to gain a shell on OS X using this exploit, and at least that long since the Flashback variant using it started spreading.
Aside from this, the general public does not seem vulnerable:
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.
Um? I think you copy/pasted the wrong thing here. The Java exploit allows drive-by download and execute as privileged user on OS X. The Flashback malware started taking advantage of this over a week ago, reportedly infecting over 600,000 Macs in that short an amount of time. The trojanized GraphicConverter torrent was for the DevilRobber backdoor, and that took place last fall. Of course, that spate of trojanized installers (not just GraphicConverter) is probably still being recirculated today.
The real issue with this thinning of content is that it disrupts society -- people get to the point where not everyone can watch the same content, which means society itself becomes stratified along the lines of the content providers.
It used to be that someone could just sing you the song/tell you the story they heard somewhere else, but with this new method, you get "Oh, there was this funny scene from show X on network Y I saw the other night... it went something like this... but my access expired and it's exclusive to that network. They're planning to show it again in ten years."
They do this to create demand for their NETWORK, but lose the social continuity of the CONTENT.
Why not just boycott movies and spend your money at the local (live) theater? It's 3-D, interactive, surround-sound, and you can often talk to the actors after the show (and sometimes watch a repeat performance with a different take on the characters being played).
I started my movie theater boycott over a decade ago, and haven't missed THAT experience at all. I'll admit I do watch the odd netflix movie to keep myself culturally relevant, but live acting/performance is where it's really at. Gets you out of the house more, too.
I worked on a farm. It doesn't take a high IQ. If it did, most of humanity would have starved during the last 10,000 years of agrarianism. It's actually very simple (though time intensive). Which is why they propose crockpot theories like "Windmills make un's sick! I've got lists I downloaded off the conspiracy sites."
Are you really saying that working on a farm means you don't have a high IQ, including you, and 10,000 years of agrarians? Are you truly implying that choosing to work the land somehow implies that your ability to reason is stunted? Is this due to your low IQ?
Just asking....
Also important to know that "working on a farm" and "being a farmer" are not the same thing. You could easily substitute "for McDonald's" for "on a farm" -- the 14-yo working the till is probably bright, even though the job doesn't require a high IQ. The guy who's the CEO of McDonald's definitely has to have some smarts about him however... and a "farm" by today's standards, unless it's a hobby farm, is NOTHING like farms of 50 years ago, let alone 10,000 years ago.
(spoken as someone who has also worked on a farm, and met some of the most intelligent people I know there).
Why not investigate their complaints before dismissing the people making them as mentally challenged?
And as long as the teacher is sober during the day, I don't think it's any of my business what they're doing after hours. That line of reasoning is how companies feel justified in demanding passwords. Hell, if I ran into my kid's teacher after hours at a bar I'd *buy* her a drink as a thank-you. (If it's one of my old teachers, it'd be an apology beer for having to put up with me.)
Teachers are people too, and we certainly don't pay them enough to demand particular behaviors after hours.
I think this proves my point -- being someone who might run into your kid's teacher in a bar after hours means you likely have no problems with your kids knowing you frequent bars -- and so you also have no problems with your kids' teachers frequenting bars.
Now, if said teacher was flagged as being a vocal advocate for creation science, and had been filmed participating in book burnings and anti-gay protests, would you feel the same way? After all, these are also after-hours activities, and reflect on their moral and ethical codes while not necessarily affecting how they care for your children during school hours.
If you are truly fine with your kids' teachers doing things you find morally repugnant (whatever that may be for you), you've got a point, and it's one I personally agree with. If I have an issue, I should be at most pulling my child from the class (more likely just talking to my child about the related issues), not asking the teacher to leave. If your attitude changes to "but there's no way they can keep that out of how they train my children in the classroom!" then my observation about why teachers get singled out stands.
Have you ever done data forensics? The first thing you learn is that it's not the same data if it's not on the original storage medium.
Of course, what they SHOULD be able to do is shut the server down, clone the drive, pull the drive that has the warrant, and drop in the cloned drive. Of course, this requires cooperation with the victim, which obviously wasn't available in this case.
To put it another way: they weren't after the hardware OR the data, they were after the incriminating evidence. Data by itself is hearsay (no way to prove beyond a shadow of a doubt that it was preserved in the same state and context).
To which I reply "They need to find a different way to discourage or stop them from sending bomb threats. Inflicting me with collateral damage in the quest for better law enforcement is unacceptable, and so is removing my ability to speak with anonymity."
Given the choice, I think I'd rather deal with the occasional bomb threat than not be able to speak anonymously.
Or, to totally mangle a famous quote:
"First they came for the anonymous, but I was not anonymous, so I did nothing." That's probably true to life for most people actually....
Argh! s/pages/browsers/
This myth started during the days of CRT. I remember when LCD laptops became popular, suddenly everyone started making "white" screensavers etc. to conserve energy -- as the backlight isn't affected by the colors, but a charge is needed for each non-white pixel on the screen.
As such, these days, sites like "blackle.com" are actually WASTING energy by the same logic they claim is saving it. The amount of energy saved is likely minimal, but I DO remember adding some "whitening" CSS to my pages a decade or so ago that did give me ever-so-slightly-more battery life on my laptop. I believe that my CSS probably did this more to the markup it automatically repressed from getting interpreted though, more than from the amount of charged pixels cluttering up the screen real-estate.
...new passenger motor vehicles sold in the United States be equipped with an event data recorder that meets the requirements under that part.
This means that a) personal imports wouldn't be required to have them and b) kit cars you build yourself wouldn't be required to have them. It's only a requirement that cars built for the purpose of first sale within the US have them.
Of course, there will likely be amendments to cover the other angles over time.
Are you sure these reasonable religious people are not just dressing up their faith in the trappings of reason to make it sound better?
I think you'll find they're dressing up their faith in trappings of faith, while failing to neglect the application of reason. Since you can't prove God exists and you can't prove God doesn't exist, why not apply reasoning skills to things empirical, and if this reasoning collides with something faith-based, question the roots of that article of faith? Hey... that's even biblical.
Right... because "extra" viewing isn't wanted if it's not monitored and paid for appropriately by the advertisers....
Apple hasn't provided the fix because they detect and block most variants with XProtect (soon to be Gatekeeper). However, some variants got through before they pushed out their detection update -- and so now they've got a cleanup issue and no tools to perform automated cleanup. Added to this, static cleanup is non-trivial as the infection changes a bit depending on which version it was and how the victim's computer was configured.
Before the variant that leveraged the Java exploit, infection numbers were low, and protection was high. Within a week, that changed.
Also worth noting that Apple blocks the malicious sites that serve up the malware too, as it finds them (via code analysis and in-the-wild reports).
If Xcode is installed, that means gdb is installed (and vice versa).
I've run Bard's Tale on the old Apple ][ emulator on my Mac Plus emulator on my 68K Mac emulator on my PPC Mac emulator on my VirtualBox install of 10.4.11 on 10.7.
Interestingly, it actually runs at speed. Too bad there was no decent IIgs emulator for the Plus, or I'd run Dark Castle on it :)
I've also had every major version of the Mac OS (except 10.0 and 10.1, for obvious reasons) running in parallel on the same hardware (from the original Macintosh System 0.3 through to 10.7). Of course THAT tends to slow some of the more recent versions down.
Of course, the reason for this is that Mac malware authors DON'T NEED to write stuff on that level, as they're getting conficker-levels of infection with the current version of Flashback. Remember: it's not about the elegance of the code, it's about the results... and Flashback is giving them GREAT results.
Of course, last year people were saying that we wouldn't see multi-vector attacks with runtime decryption in Mac malware any time soon.
The moral of the story is that programmers are lazy, and only do as much as they have to do to get the job done.
OSX has not had a single virus in the wild since its introduction.
You should have bolded "in the wild" as well -- the MachoMan virus has been around for years -- although it likely wouldn't work on modern Intel macs under OS X 10.7.
The first person to get a virus to spread from machine to machine on OSX will be world famous.
Surprisingly, they liked being anonymous even though they were a researcher -- likely because releasing such a piece of malware would make them extraditable to most developed western countries.
And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
Actually, it's really simple: you can either create an installer package (like last year's Mac FakeAV did) that automatically sets +x, or you can just drop and run shellcode that does chmod +x. Flashback, which we're talking about now, just takes advantage of launch services. In any case, a virus, under the most limited of definitions, wouldn't need to set +x, as it would already have attached itself to an existing process that is already executable.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*
This wasn't a trojan; it started off as a trojan, but has morphed into a piece of spyware installed via a third party plugin exploit.
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.
Or, you could do what these guys did, and exploit Java. Or, you could exploit Flash. Or one of a myriad of other executable platforms common to multiple platforms.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program.
This is overly simplistic. Did you miss the piece of software that made it into the app store that was created by a threat researcher a few months back? It captured user data and sent it back to him. He did it to show how easy it was to bypass Apple's vetting process.
The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
No, there's another difference too: All self-respecting Linux repos vet and compile their own source code; Apple vets the compiled binaries. This means it's MUCH easier to slip something by, as it's not sitting there for the world to see -- just in an obfuscated form for a small number of Apple reviewers to possibly catch.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
To give him credit, I HAVE heard this from Mac users... usually Mac users who call themselves MAC users, and switched to MAC because they got fed up with paying AV subscriptions for the bundleware that came with their previous PC. Why do they say this? Because they misunderstood what long-time Mac users were telling them to convince them to switch platforms.
...only problem is that this is perfectly happy to run in userland with no admin priveleges, and so doesn't need admin rights to snarf your online account usernames and passwords and send them back to the collection point.
As an exercise, try installing software in ~/Applications/ -- you'll find you don't need admin privs, and it will run just fine as long as it doesn't require access to restricted resources.
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
This was closed by Apple on Tuesday, April 3. A month after the exploit was patched by Microsoft. A week after Metasploit stated that it was trivial to gain a shell on OS X using this exploit, and at least that long since the Flashback variant using it started spreading.
Aside from this, the general public does not seem vulnerable:
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.
Um? I think you copy/pasted the wrong thing here. The Java exploit allows drive-by download and execute as privileged user on OS X. The Flashback malware started taking advantage of this over a week ago, reportedly infecting over 600,000 Macs in that short an amount of time. The trojanized GraphicConverter torrent was for the DevilRobber backdoor, and that took place last fall. Of course, that spate of trojanized installers (not just GraphicConverter) is probably still being recirculated today.
The real issue with this thinning of content is that it disrupts society -- people get to the point where not everyone can watch the same content, which means society itself becomes stratified along the lines of the content providers.
It used to be that someone could just sing you the song/tell you the story they heard somewhere else, but with this new method, you get "Oh, there was this funny scene from show X on network Y I saw the other night... it went something like this... but my access expired and it's exclusive to that network. They're planning to show it again in ten years."
They do this to create demand for their NETWORK, but lose the social continuity of the CONTENT.
Why not just boycott movies and spend your money at the local (live) theater? It's 3-D, interactive, surround-sound, and you can often talk to the actors after the show (and sometimes watch a repeat performance with a different take on the characters being played).
I started my movie theater boycott over a decade ago, and haven't missed THAT experience at all. I'll admit I do watch the odd netflix movie to keep myself culturally relevant, but live acting/performance is where it's really at. Gets you out of the house more, too.
...Paramount retaliates by enforcing a lockout.
Where does that author think that zoologists keep their specimens after retrieving them? Do they really need to take the extra steppe?
Everybody knows that communists and witches are plotting together to steal america's freedom!
What would communists, witches and terrorists want with a bunch of fried potatoes?
Wait... don't answer that one....
How dare you! That's where I stored my complete works of Shakespeare!
I worked on a farm. It doesn't take a high IQ. If it did, most of humanity would have starved during the last 10,000 years of agrarianism. It's actually very simple (though time intensive). Which is why they propose crockpot theories like "Windmills make un's sick! I've got lists I downloaded off the conspiracy sites."
Are you really saying that working on a farm means you don't have a high IQ, including you, and 10,000 years of agrarians? Are you truly implying that choosing to work the land somehow implies that your ability to reason is stunted? Is this due to your low IQ?
Just asking....
Also important to know that "working on a farm" and "being a farmer" are not the same thing. You could easily substitute "for McDonald's" for "on a farm" -- the 14-yo working the till is probably bright, even though the job doesn't require a high IQ. The guy who's the CEO of McDonald's definitely has to have some smarts about him however... and a "farm" by today's standards, unless it's a hobby farm, is NOTHING like farms of 50 years ago, let alone 10,000 years ago.
(spoken as someone who has also worked on a farm, and met some of the most intelligent people I know there).
Why not investigate their complaints before dismissing the people making them as mentally challenged?
and tabletop role playing game issues
I put on my robe and wizard hat...
Sing with me: "A Wizard's staff has a knob on the end...."
And as long as the teacher is sober during the day, I don't think it's any of my business what they're doing after hours. That line of reasoning is how companies feel justified in demanding passwords. Hell, if I ran into my kid's teacher after hours at a bar I'd *buy* her a drink as a thank-you. (If it's one of my old teachers, it'd be an apology beer for having to put up with me.)
Teachers are people too, and we certainly don't pay them enough to demand particular behaviors after hours.
I think this proves my point -- being someone who might run into your kid's teacher in a bar after hours means you likely have no problems with your kids knowing you frequent bars -- and so you also have no problems with your kids' teachers frequenting bars.
Now, if said teacher was flagged as being a vocal advocate for creation science, and had been filmed participating in book burnings and anti-gay protests, would you feel the same way? After all, these are also after-hours activities, and reflect on their moral and ethical codes while not necessarily affecting how they care for your children during school hours.
If you are truly fine with your kids' teachers doing things you find morally repugnant (whatever that may be for you), you've got a point, and it's one I personally agree with. If I have an issue, I should be at most pulling my child from the class (more likely just talking to my child about the related issues), not asking the teacher to leave. If your attitude changes to "but there's no way they can keep that out of how they train my children in the classroom!" then my observation about why teachers get singled out stands.
Why do you think there are so few privacy advocates left?