I know it's bad form to RTFA, but here's the part where they talk about their current inability to properly decrypt the payload:
The malware uses that configuration to generate a key to unlock the payload and unleash it. Once it finds the configuration itâ(TM)s looking for, it uses that configuration data to perform 10,000 iterations of MD5 to generate a 128-bit RC4 key, which is then used to decrypt the payload.
âoeUnless you meet these specific requirements, youâ(TM)re not going to generate the right key to decrypt it,â Schoewenberg says.
What actually happened was that the State Department purchased some anti-Al-Qaeda ads to run when certain key terms were also on the screen, similar to how AdWords works. It's a pretty interesting concept, really - the necessity of displaying advertising on a site can open the door for alternative messages/realities to reach the viewer.
What I used to love about slashdot was the discussions that would result from articles and questions. But now everyone just jumps down the submitter's throat (though part of that is deserved in this case, especially coming from a brand-new account) if the question isn't phrased properly. Yes, censorship is bad, clandestine monitoring is bad, we should all trust each other, etc. but we all know that isn't the case. Only by offering solutions can we help improve our collective level of problem-solving.
For example, I'm already thinking about several ways around this: is there any way to stop a user from using a VPN (or use your monitoring solution to impersonate one), and how are you going to deal with SSL traffic?
The program in question is wicd, which is a wireless network manager. And it's not like BT is a particularly secure distro - it's for pentesting, so most of it's functionality is only useful if you run as root...
Yes, it's too simple to actually work, but after data breaches like this, Epsilon should be required to publish all the data that was compromised. It devalues the data held by the malicious entity (a deterrent against future attacks), and allows security personnel to more accurately gauge the risk and present additional strategies for mitigation. Any action that reduces the value of these databases is a step in the right direction.
I wouldn't trust any site to purposefully ignore information that could be logged. Best option is to make that data worthless (via proxies, Tor, etc.).
I don't think it's a matter of being "well-intentioned" software. One nice feature to add to publishing software would be a "redact metadata" option for publishers. Also, the type of metadata in this case is laughably easy to spoof and cannot be relied upon - why wouldn't I register my desktop publishing software with the name of an enemy?
So Comcast offers ultra-fast speeds at a ridiculous price. Rich p2p pirates purchase this service, get tracked, and get sued.
This could also lead to "harder" GB caps at lower tiers, encouraging users to bump up to a more expensive service.
While I think better last-mile speeds are important, I can't see many "residential" customers willing to pay $100 more per month for increased bandwidth - if you really need that much, you probably already have a business account. There just aren't existing net applications which gain significant performance advantages at these speeds (though I'm sure they're coming).
Correct me if I'm wrong, but I'm under the assumption that the parties would settle confidentially, allowing the RIAA to try out another bellwether while depriving future defendants' from access to documents pertaining to this case. IANAL, hence I'm not entirely clear on what documents are sealed under confidentiality agreements.
If you're interested in the topic, I highly recommend John Robb's Global Guerrillas blog. He's got a good book out too, but the blog is more up-to-the-minute analysis. It won't come as a surprise to folks on slashdot that the insurgency is heavily reliant on an open-source model (and more specifically, exploiting our inability to change tactics on-the-fly). Good reading.
It's certainly not that no one cares. Technology is capable of doing some great things, but entrenched industries have no interest in undermining their existing business model. You know, the one they've spent billions of dollars to protect through politicians, patents, lawyers, etc.
My prediction? We're not going to see true innovation until people outwardly reject the whole notion of legal-based market protection. Some non-US engineer is going to design a brilliant new cell phone and say "wait, I owe Qualcomm money? How about instead I just get these manufactured, ship them everywhere, and see if anyone buys them"
The rule of law will be rejected if it does not serve the public interest and an alternative makes itself available.
Not trolling, that's just the unfortunate reality. Merchants and business owners are obviously getting the raw end of the deal in this scenario, while CC companies are not hit in the pocketbook very hard. I know it's an added cost to bear, but if a merchant googles the CC number of every purchase made and rejects the transaction for any number found online, at least they wouldn't get screwed. Yes, the "legit" customer is going to take his business elsewhere, but wouldn't it be worth it to not lose thousands of dollars in merch? Companies who accept forged CC info are going to become even greater targets for fraud, shrinking their margins in the long run.
Alternatively, business owners could "unionize" against this and create uniform practices for testing CC#'s against obvious fraud (#'s exposed via the web). Reject any card they easily find, and say "Your CC information is exposed, complain to your bank." CC companies would almost have to respond to that...
Myspace and Youtube? Puhleeze! Everyone knows that web portals are the wave of the future, not this flashy user-generated videospace nonsense. If you don't know what I'm talking about, type webcrawler.com into Mosaic and dogpile it!
Just so that everyone is aware, MIT's OCW program has been offering the lectures, course materials, etc. for almost all of their undergrad courses. They only provide the bibliographic info for copyrighted reading materials though (not links to the actual text) - you'll have to find that yourself.
Re:Parallels with the advent of print
on
DRM and Democracy
·
· Score: 1
Here's an article that draws parallels between regulation of the internet and regulation of the printing press. I don't like to throw out links without reading them first, but I'm at work and don't have the time to read the entire article - looks like this entire issue is dedicated to information flow:
Re:Parallels with the advent of print
on
DRM and Democracy
·
· Score: 1
While the parallels between the advent of the printing press and networked computing are many, it's important to note that the site you reference hasn't updated in 5 years. While many of the core ideas may be the same, I'd like to see some more recent writings on the subject - anyone know of any good peer-reviewed journals or articles?
This is where I think most people miss the boat when discussing net neturality. Most/. readers are going to agree that net neutrality is what has allowed the itnernet to really take off. But I think most/. readers would also agree that involving Congress in such technical issues is the kiss of death. Laws like this inevitably will have riders attached that we won't like, and lobbyists will submit slight changes to the bill to favor their client's position.
Seriously, can you name a bill in the last few years that made you think, "Gee whiz, Congress is really doing a great jorb"? The DMCA? The recent bankruptcy bill? The upcoming broadcast flag? What makes anyone think they won't botch this too?
Thank you for stepping away from the health-care debate and into the real issue. Is there a possiblity that the quality of our air has led to the asthma which is an epidemic in urban centers? Perhaps chemicals being dumped into our drinking water might have negative health consequences across the board? Or maybe the food that we eat over in the states is processed from animals that have been fed massive amounts of antibiotics?
I know I'm sounding like a hippie now, but it dumbfounds me that the article didn't make one mention of any of these seemingly obvious correlations. Instead we stay focused on finding a "cure" for the symptoms, when any doctor worth his salt will tell you that preventative medicine is the cheapest and most effective solution in the long run.
The laptop might not be ready in January 2006? Haven't we already learned that if you start basing your actions upon "timetables" then the terrorists have already won?
Seriously though, it's a lofty goal, I honestly wouldn't expect to see this technology real soon, but it's good that someone is working on it.
And to preempt the coming "don't they need food, water, and medicine in the third world more than technology" debate, the answer is yes, the third world could really use those things. Unfortunately, no solution to these problems has been applied through conventional means (read: first world countries dictate "solutions" to the third world). And often the best solutions come out of the countries that live with the problem firsthand - why not give them access to knowledge and technology and see what they can do with it?
Slashdot Mirror
What actually happened was that the State Department purchased some anti-Al-Qaeda ads to run when certain key terms were also on the screen, similar to how AdWords works. It's a pretty interesting concept, really - the necessity of displaying advertising on a site can open the door for alternative messages/realities to reach the viewer.
What I used to love about slashdot was the discussions that would result from articles and questions. But now everyone just jumps down the submitter's throat (though part of that is deserved in this case, especially coming from a brand-new account) if the question isn't phrased properly. Yes, censorship is bad, clandestine monitoring is bad, we should all trust each other, etc. but we all know that isn't the case. Only by offering solutions can we help improve our collective level of problem-solving. For example, I'm already thinking about several ways around this: is there any way to stop a user from using a VPN (or use your monitoring solution to impersonate one), and how are you going to deal with SSL traffic?
The program in question is wicd, which is a wireless network manager. And it's not like BT is a particularly secure distro - it's for pentesting, so most of it's functionality is only useful if you run as root...
Yes, it's too simple to actually work, but after data breaches like this, Epsilon should be required to publish all the data that was compromised. It devalues the data held by the malicious entity (a deterrent against future attacks), and allows security personnel to more accurately gauge the risk and present additional strategies for mitigation. Any action that reduces the value of these databases is a step in the right direction.
I wouldn't trust any site to purposefully ignore information that could be logged. Best option is to make that data worthless (via proxies, Tor, etc.).
I don't think it's a matter of being "well-intentioned" software. One nice feature to add to publishing software would be a "redact metadata" option for publishers. Also, the type of metadata in this case is laughably easy to spoof and cannot be relied upon - why wouldn't I register my desktop publishing software with the name of an enemy?
The case was Kyllo v. United States - the ruling was that use of a thermal imaging device is considered a "search."
So Comcast offers ultra-fast speeds at a ridiculous price. Rich p2p pirates purchase this service, get tracked, and get sued.
This could also lead to "harder" GB caps at lower tiers, encouraging users to bump up to a more expensive service.
While I think better last-mile speeds are important, I can't see many "residential" customers willing to pay $100 more per month for increased bandwidth - if you really need that much, you probably already have a business account. There just aren't existing net applications which gain significant performance advantages at these speeds (though I'm sure they're coming).
(C)
Correct me if I'm wrong, but I'm under the assumption that the parties would settle confidentially, allowing the RIAA to try out another bellwether while depriving future defendants' from access to documents pertaining to this case. IANAL, hence I'm not entirely clear on what documents are sealed under confidentiality agreements.
If you're interested in the topic, I highly recommend John Robb's Global Guerrillas blog. He's got a good book out too, but the blog is more up-to-the-minute analysis. It won't come as a surprise to folks on slashdot that the insurgency is heavily reliant on an open-source model (and more specifically, exploiting our inability to change tactics on-the-fly). Good reading.
This is exactly why I encrypt all my data with the secure ROT13 algorithm.
Twice.
It's certainly not that no one cares. Technology is capable of doing some great things, but entrenched industries have no interest in undermining their existing business model. You know, the one they've spent billions of dollars to protect through politicians, patents, lawyers, etc.
My prediction? We're not going to see true innovation until people outwardly reject the whole notion of legal-based market protection. Some non-US engineer is going to design a brilliant new cell phone and say "wait, I owe Qualcomm money? How about instead I just get these manufactured, ship them everywhere, and see if anyone buys them"
The rule of law will be rejected if it does not serve the public interest and an alternative makes itself available.
Wow, that was a close one...I thought these guys were taking it to the next level - suing me via slashdot!
Not trolling, that's just the unfortunate reality. Merchants and business owners are obviously getting the raw end of the deal in this scenario, while CC companies are not hit in the pocketbook very hard. I know it's an added cost to bear, but if a merchant googles the CC number of every purchase made and rejects the transaction for any number found online, at least they wouldn't get screwed. Yes, the "legit" customer is going to take his business elsewhere, but wouldn't it be worth it to not lose thousands of dollars in merch? Companies who accept forged CC info are going to become even greater targets for fraud, shrinking their margins in the long run.
Alternatively, business owners could "unionize" against this and create uniform practices for testing CC#'s against obvious fraud (#'s exposed via the web). Reject any card they easily find, and say "Your CC information is exposed, complain to your bank." CC companies would almost have to respond to that...
Myspace and Youtube? Puhleeze! Everyone knows that web portals are the wave of the future, not this flashy user-generated videospace nonsense. If you don't know what I'm talking about, type webcrawler.com into Mosaic and dogpile it!
Just so that everyone is aware, MIT's OCW program has been offering the lectures, course materials, etc. for almost all of their undergrad courses. They only provide the bibliographic info for copyrighted reading materials though (not links to the actual text) - you'll have to find that yourself.
Where's the MMORPGAA when you need it?? Something must be done to boost sales, and it's clearly the fault of those who purchase the games!
He's not a nobody anymore - didn't you know that he got interviewed by some popular/unfunny video blogger?
Here's an article that draws parallels between regulation of the internet and regulation of the printing press. I don't like to throw out links without reading them first, but I'm at work and don't have the time to read the entire article - looks like this entire issue is dedicated to information flow:
. pdf
http://www.ijclp.org/10_2005/pdf/ijclp_03_10_2005
While the parallels between the advent of the printing press and networked computing are many, it's important to note that the site you reference hasn't updated in 5 years. While many of the core ideas may be the same, I'd like to see some more recent writings on the subject - anyone know of any good peer-reviewed journals or articles?
This is where I think most people miss the boat when discussing net neturality. Most /. readers are going to agree that net neutrality is what has allowed the itnernet to really take off. But I think most /. readers would also agree that involving Congress in such technical issues is the kiss of death. Laws like this inevitably will have riders attached that we won't like, and lobbyists will submit slight changes to the bill to favor their client's position.
Seriously, can you name a bill in the last few years that made you think, "Gee whiz, Congress is really doing a great jorb"? The DMCA? The recent bankruptcy bill? The upcoming broadcast flag? What makes anyone think they won't botch this too?
Thank you for stepping away from the health-care debate and into the real issue. Is there a possiblity that the quality of our air has led to the asthma which is an epidemic in urban centers? Perhaps chemicals being dumped into our drinking water might have negative health consequences across the board? Or maybe the food that we eat over in the states is processed from animals that have been fed massive amounts of antibiotics?
I know I'm sounding like a hippie now, but it dumbfounds me that the article didn't make one mention of any of these seemingly obvious correlations. Instead we stay focused on finding a "cure" for the symptoms, when any doctor worth his salt will tell you that preventative medicine is the cheapest and most effective solution in the long run.
Is it just me or does consulting a dictionary sound like a really poor way of deciding an issue of law?
Yeah, they should just eliminate the controversy of using a dictionary and go with Wikipedia.
The laptop might not be ready in January 2006? Haven't we already learned that if you start basing your actions upon "timetables" then the terrorists have already won?
Seriously though, it's a lofty goal, I honestly wouldn't expect to see this technology real soon, but it's good that someone is working on it.
And to preempt the coming "don't they need food, water, and medicine in the third world more than technology" debate, the answer is yes, the third world could really use those things. Unfortunately, no solution to these problems has been applied through conventional means (read: first world countries dictate "solutions" to the third world). And often the best solutions come out of the countries that live with the problem firsthand - why not give them access to knowledge and technology and see what they can do with it?