The item is agruable being purchased within state boundries. This was already challended with mail order, and the state CAN collect taxes on items purchased via mail order or the internet. this is not an interstate transaction as only 1 state is collecting taxes, not a state collecting taxes from another.
besides, congress would likey approve this measure as they;re already working on a national internet state-to-state tax system.
Now, why waste all this money teaching kids about basic internet safety on social netowrking sites and such when we should be requiring by law that these sites police their own clients, eductate their own users, and have liabaility when a predator does manage to pose as a 15 year old...
Also, we need to start mandating basic computer SECURITY, which is a MUCH bigger problem and affects many more people than the few dozen active child predators operating on the net do. Sure, there's not a comparisson for the viciousness of the crime, but a few billion dollars to save a few hundred kids vs. the same few billion dollars to secure all the PCs in america and save hundreds of billions in identity theft costs for hundreds of thousands of americans? Priorities people... It's the government's job to protect "the people" it's your job to protect "your kids."
How about a law simply requiring that: 1) every PC with an ISP connection must have current model year legally licensed AV and AS spyware (pick a vendor as long as it passes independent security testing). 2) every PC used by a 15 year old or yougher person can only access a whitelist of site presented by a national comittee or registration system (which can be added to by the parent) 3) every site in the USA that permits users to interact with each other, permits user submited unfiltered content, or displays content unfit for children must have a process in place to guarantee that clildren under 18 can not connect without 3rd party authentication and parental signatures, and can not directly interact with adults. Activation of any account should require postal mail confirmation to validate physical addresses and user identities.
If junior wants a facebook account, Mom and/or dad have to confirm his account, Facebook would send a letter to the parent's address which would comtain an activation code to be entered on the site. Facebook also confirms the SSN of both the parent and the child with state or federal records to prove said child exists. Facebook would be legally responsible to make sure an adult never gets a child account label (poses as a kid) and all chat between teen accounts should be scanned for innapropriate content by software, and upon certain triggers, facebook moderators should review the chat logs and if they deem necessary contact the parents.
Let me quote you a few things from our constitution:
Section 8 Clause 1: "The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;"
10th Ammendment: "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
It has been rules that "the Congress" is both inclusive of the Congress of the USA as well as individually those of the states. This is further backed up by the statement that "Imposts and Excises shall be uniform throughout the United States" where it also in the constitution specifically denies the states from passing imposts, excises, and duties.
The idea is that states may pass taxes basically as they see fit. For virtually any reason. There are some implied protections from unfair taxation, but those loop back to race, creed, poll taxes, etc.
The only protections you have from tax is that you can elect replacement congressmen to change the laws you think are unfair, you can demonstrate in public to get your word heard, and you can challenge the law in court.
Fact is, an item, regardless of what it is, if bought can be taxed based on a percentage of the cost of the item, or based on a fixed doller per item ammount. They can add this tax in ADDITION to sales tax if they see fit, and if the language of that tax does not descriminate against any protected group (race, creed, military service record, etc)
Also, someone else argued that the government owns no part of the internet, has no costs associated with it, and that this tax would not have a specific collections purpose. Well, 1) the tax doesn't require a purpose, it could sumplement the general fund. 2) the government DOES have a cost, and they DO own a part of the internet. 3) you can also factor in public education, school computer training, county library systems, infrastructure upkeep (underground pathways that lines are buried in are owned by the city, not the telco). I could go on...
California is looking to pass this law to help raise money to educate people about fair use, legal use, copyright infringment, and more. The additional revenue will also go into other programs and the general state fund if enough is raised.
Currently, you are ALREADY required to pay tax on songs purchased from iTunes. Since iTunes does not support direct taxing by zip code, there's a line item in your Califirnia state tax return for internet purchases, and you're required to sum up the total of all your online purchases that you didn't already pay sales tax on and state the ammount so you can deduct the taxes from your return (or pay extra if not getting a return). this law would simply require Apple (and others) to collect this tax for you.
Actually, Zombie Alice inside the corp network would try to spam outgoing on its own, if that failed, it would collect a list of e-mail addresses from the corporate network (or just Alice's machine if that's all it can get to) and it would connect to the bot cloud, and distribute the e-amils to not only bob, but a few dozen other bots that were connected at the same time.
I do know how these bots work. I've used ethereal to trace their activity, and MANY bots don't just have a single mode of operation, they can fill multiple tasks, and the bot network has control over what priority each bot's activity is set to and helps determine if a bot does anything at all, just waits for instructions, performs DDoS, spam, collect data, infect other PCs, etc.
Remember, bots make money. If an infection is made, the bot needs to evaluate what it can and can't do from that point. it's then able to do only those things (unless something changes, which they periodically check for).
No, not all bots are this inteligent. Some of them don't even do all these things on their own (few have more than a couple of tricks), but once an infection is made, some bots do nothing more than download other bots... actually, that's how the bot network eveolves. The controller makes a new, better bot, and all the existing bots can connect and dowload improved versions of themselves. This is why they're so damned problematic. There were over a hundred versions of Storm out there (some original, others hacked copies redistributed by others).
um, it's not like there's a "search for pics including kiddies" link in Google's map system. You have to know an address, then search for it, or at least in a vicinity of it, then zoom in and look at street view in tiny increments.
Since the images are primarily shot between 9 and 4 on weekdays, the chance of their even being a kiddie in your yard is slim, more over when you factor the chance of one actually getting snapped at that moment the google van passes, once every year or two.
Also, child predators hunt in their own back yards. (the small handful of them that currently exist in the USA). They already KNOW where your kiddie is. They don't need google. All they have to do is follow a school bus...
This is NOT a concern... Besides, who's to say the surveyor didn't snap a pic with your kiddie in it, and you can allways ASK FOR IT TO BE REMOVED.
Better yet, if your kiddie is outside,m you should be FUCKING SUPERVISING!
Where I agree that cataloging certain types of information for the use by other people may not make sense, fact is, that information, pictures and all, is already cataloged... Google is just making it easier to get from a map to a landmark without having to look in multiple databases.
Granted, I'm not thrilled my home is out there for everyone to look at, but then there's the question, who's looking?
Do you know of anyone who simply types random street addresses into search engines to see what might have been going on at that spot sometime between 3 and 36 months ago by looking at a grainy image, and you don't even get a date to corelate the image to? The only people looking at google street view are people who have an interest in going to an address very close to yours... Even if some bozo in alabama looks up your pretty home in PA, what's he gonna do with that knowledge? he doesn't know you, likely will never enter your town, and likely you're not in the picture anyway...
I might suggest google stick to pointing their cameras forward only, except where there's a sign, landmark, public structure, or some other worthwhile landmark to record. They don't need to run down every random street and have perfect images of each house. The view looking forward usually provides all the landmarks one needs in rural areas. I coul dunderstand taking a shot of an intersection from every direction, but if all there are are houses on a street, I don't need a pic of each one... If I'm going to someone's house, they can describe it to me...
Although it could spam another zombie, the idea it the bot net would know which zombies could and could not forward SMTP directly, and would forward messages to those bots for retransmit upstream. They send on port 80 or whatever to get outside the network. From their, redirect servers (other bots) can filter the messages out to poty 25 relay servers or anonymous relay hosts and spam anyone in the world.
The idea is port 25 is blocked by almost every firewall, except for the local mail server. The mail server does not accept incoming relay on port 25 from internal hosts (unless it;s exchange 5.5 and the admin didn't know to turn off relaying, which was a default on setting).
To spam someone, port 25 has to be open somewhere....or, you have to be able to send information somewhere that CAN forward on port 25. The bot nets have a very limited, but yet inteleigent central reporting system in place. Each bot can connect to a central node (usually hundreds of redundant nodes in IRC chanels). They can not only recieve comands (who to DDoS for instance), but they also recieve a listing of bots that have been able to open port 25 successfully, and they send to these bots their lists of e-mails they've collected.
It's not really this simple, but it is basically how it works.
They use common ports to communicate. Some of the more sophisticated bots are actually a set of different viruses working in concert, some to infect mail and web servers and open ports appropriately, others to collect date, others to spam.
SMTP doesn't even have to be the default protocol. They can send e-mail content through a telnet session, or SSH. They could even FTP e-mails. All they need is somewhere to send it, and that information they get from the bot network.
The fact that I can send an e-mail on port 80 to a system outside my firewall and receive that e-mail in a gmal account is NOT irelevent. It's exactly what a bot would do. Mask port 80 traffic, connect to a mail relay that accepts incoming on port 80, give it a destination address and the relay sends it. The outgoing SMTP from the relay would be 25, so the next server in the chain on the wai to gmail passes it on...
This would be caught by a packet filtering technology. However, if the recieving bot was not in fact a mail relay, but an application on a server that accepted incoming text, formatted to look like HTML traffic, then converted that text to an e-mail and handed it off internaly to an outbox on either an infected or purpose built server, then packet filtering would NOT catch it.
Not every bot sends data directly to it's target. Many bots simply relay information around to each other, building lists, and infecting when possible other machines. The more infections, the more powerful the network, and the faster it can grow.
Basic memory protection yes, but that's not really what I'm refering to. I'm talking about noexecute memory spaces, which prior to SP2 in XP, an application inside a file (say jpg) could launch. In Unix, this has been forbidden since day 1, and requires no hardware level support. This is one of Windows critical flaws.
Also, Even Vista just now has launched Protected Memory Programs, a special program with a certificate that allows the OS to prevent other applications for seeing inside that application'as memory at all, or watching what it's doing. unfortunately, this also PREVENTS virus scanners from seeing inside this memory. There's a certificate needed to ruin the program, but if that could be forged, or if a protected app can under a buffer overrun vulnerability, then we'd be screwed.
In OS X, one application can not access another application's memory space, not even for read operations, unless that application places its data in a shared memory space. Even the kernel copies portions of itself into these emory spaces instead of using a shared memory resource so if a program crashes, onlt that copy dies, the core is uneffected. Vista and XP do this for a lot of applications processes, but it's still possible to kill the kernel by killing a program badly. OS X only goes down if there's actual bad data in the kernel (an actual kernel bug, or more likely, faulty RAM chips).
Also, because of the way memory is assigned, and the walls drawn around programs, most traditional viruses are simply impossible.
There are ways to hack a mac, and rain root permissions, but a human needs to do this (though a web page might open the door if a dumjb user is on the other end) Once in, they could change passwords, mess with stuff, install applications, but anyt background services, like a bot, that they might wish to install, could be easily discovered by a virus scanner, and may even be readily obvious to a user.
Actually, a piece of code authorised to run can open a port, provided it's tied into the appropriate systems, and could very well send SPMT traffic over a telnet connection disquised inside HTML packets on port 80. The point is, the program can't run as a background application and interface with those ports unless it reports itself appropraitely to the operating system. If it does that, any definition based virus scanner could quite easily identify it and remove it.
Applications in BSD and most other unix systems need special permissions to fork other code or interact with other files or system level priveledges not explicitly permitted to them. If a file is associated with Microsoft Entourage, then a virus would not be permitted to interact with that file unless it was granted the proper aditional associations. It similarly can't open a port outgoing from the mac at all unless it's been added to an IPtables or mac firewall exception list. Any of these require user activity to allow, and most require the launching of an apple installer package (who's job is to control this type of thing directly since applications don't have rights to modify these settings poersonally). Thus, you open a pic in an e-mail, and suddenly the apple installer launches, and presents a "we're about to install X, after entering your keychain password, click next to continue" I think most people understand iPhoto is already installed....
the only way to look at behavior is to look inside the packet. Of course, I'll let this other poster give you further information:
They don't even need an SMTP relay agent. Just a script that telnets to specific domains. The DNS settings on the box will get the resolution needed and if there is a mail server at the target domain they pretty much always listen on 25 (Unless they are purposely non-standard)
It is stupidly easy to send out spam with our current E-mail technology.
The point is not to pay the 25K and be done with it. once they do, it sets a legal precenedt, and then 300 million americans can also sue and expect payment...
Besudes, it's the principal of the thing. Even if it was for a buck, I'd counter sue myself just to help stem the flow of frivilous lawsuits from trolls.
It's not the resolution, it's scope of the image, and what the image was intended to capture... Google certainly doesn't care to have 12MP images that someone might be able to xoom in on enough and see naked people, it's not their intent so why would they waste the bandwidth and disk space... Other people, that's for a judge to decide.
Actually, the Borings only own a small portion of the road, not the whole road, acording to their lot record. They only have 1.86 acres, and from the satelite overview and scale, they can't possibly own the whole thing. Because it's owned by more than one person, it's simply a privately maintained road, but not private property, and thus open to Google and the public.
There have been cases brought and lost about the secrecy of individuals (celebrities) going to places they want kept secret. Fact is, they lost those cases except in those which personal health information was released. The fact they went to a rehab is public knowledge if they took public roads to get there, and the front door was in plain sight of a public street... What they're in there for, that's private.
However, for sensitive places, it's not impossible for google to stop in front, and wait for an op to snap a picture when no one is in frame. If they make a mistake, a takedown request can easily be made...
What they're doing is certinaly not unethical. Anyone can walk or drive by and see you no differently that they can on google, except on google, the image only updates every few months or years, and the chance anyone is actually even in the image is slim. They're also blurring faces on request in public places, not just removing private images.
The intent of this system is to be able to see signage and landmarks that can not be seen from satelite. It;s a great convenience, and any complaints about not keeping your shades closed, well, what are you doing inside your house that's so prvate, but yet the shades are open?
So what's different about port 80 gouing through a proxy server vs traffic on port 80 from a known internal IP from DHCP or a static host? Unless the proxy is using a whitelist, it's going out anyway...
I just powered up my linix box, which is outside my firewall in a DMZ, did a port redirect from port 80 to 25 internally for sendmail to listen on port 80 for communication, edited the settings in outlook to use SMTP port 80 instead of port 25, turned my firewall to only allow port 80 outgoing and no incoming traffic, and I just sent an e-mail to myself through what copuld essentially simulate a receive and forward bot on someone elses PC, and my client used port 80 to do it, which would not be blocked...
Almost every bot in the cloud does exactly this. The ones that don't already use your local mail server to forward mail (the cheap easy to spot bots) use their own SMTP engine on custom ports. Some of them even encapsulate that further into HTML traffic to further mask the activity, and have the information filtered through other bots via IRC or other known infected servers in the network.
Firewalls, even those with packet sniffing, can't stop this activity.
And unless that firewall supports packet sniffing and protocol discovers (starting cost about $20,000, for with I've seen one single company in my career posess such a device) then how exactly do you tell the differnece between web traffic on port 80 and SMTP traffic e-mailing through a relay bot on port 80?
You can filter port specific or IP specific outgoing traffic, but every virus writer knows how to get around this...
Well, since DEP is integrated first into Windows XP SP2, and did not exist in prior versions of Windows, than that means every peice of code running in an older version of that OS (exclusing some server editions) was not executed in protected memory. Further, DEP in Windows requires the presences of supported CPUs and chipset technologies. If you run even Vista on a PC and have DEP disabled in the Bios, then applications can escape protected memory.
When you write code for the mac and compile it, the COMPILER inserts the code that allows it to integrate into the OS, with the exception of code that runs in protected memory spaces. Yes, you can write a simple app and run it, but getting that app to access system level resources, protocols, APIs, and data from other applications requires SPECIFIC code and tight controls, and it's the OS that handles those interactions, not application to application as can happen in Windows OS. The OS kernel has all the power in Mac OS X. Nothing can happen without it's permission. Executing simple code inside protected memory is allways permitted. That code attmepting to access anything else, allways denied, unless it follwes specific rules. Viruses can't follow those rules and still be considered viruses.
In OS X, file system access is controlled by the kernel. The things viruses do in Wondpws to avoid deletion violate kernel rules in unix. Rootkits can only be created in OS X by an application launched with root permission by a usewr logged in as root. Since in OS X you can't log in as root, you can only su- to root, and even that can only be done at the comand line, this means nothing in an e-mail or web page could ever get that permission. The user would have to dowload the application(virus) and run it, then grant it that permission by entering their keychain. Mac users know the keychain is a very precious thing, and should not every be requested to use it on a web page or e-mail, it;s reserved for key system level changes and for installing programs. e-mail doens't do that...
Windows does not have this level of protection, or obviousness of malicious activity. Since e-mail can open a web page that activates an active-x or java script, and those scripts can edit registry permissions when logged in as admin and then further allow disk activity with those changes, a user running as the default login can't protect themselevs from this type of action without 3rd party integrated software that does what the OS should have done all by itself from day 1.
tresspassing, maybe, if in that state law specifically labled the road as private property, and unlike most other staets, had no provision for access otherwise.
In this stae (SC) as well as most others a private road is still open to public to walk or drive down, they just can't stop there, loiter, get a permit for a public event, etc. Even if it's a driveway, people have a right to pull into it to turn around, and that's not considdered tresspassing. If it's private property, but an easment was granted to someone who own or leases a small portion of the bigger land, then that road is still considered to be open to public use in most places. (In this case, the owner of the house does NOT own the land the road occupies. They have 1.86 acres, but the road clearly occupies more land than that, so it's not event "their" road)
As for privacy? A photo of their house is already on file in the local surveyor's office, and another posted has a link to it. It's already publically available for free to everyone.
What's even funnier is now that this is a public case, and it's printed in the papers, their property and images of their home fall under journalistic protections as it's considdered a "celebrity" site, and now ANYONE can photo it and actually get PAID for the images, without needing permission. That just makes me laugh harder at these idiots.
sure, but those technologies are not intended to see the outside of your home casually. They're intended to be invasive. Current laws support this as you may be abl;e to take a pucture, but doing so with a zoom lense or image enhancement is still illegal... If the intent is to picture the structure, and you get something inside in an open window that's fine. Framing the picture specifically to see inside through it (the window takes up most of the framed shot) is considdered at best vourism.
These x-ray style devices will also be highly guarded by the FCC, and I doubt that regardless of how cheap they get for military use (hahaha, right, I know...) they'll not be common consumer components. Anyone posessing one snapping shots in a residnetial neaigborhood will be at risk of prosecution.
Not at all. I can see out just fine with the angle of my blinds, and I get lots of sun. The polarizing film on my windows (that also acts as hurricane protection) lets sunlight in fine, but gives my windows a tinted sheen from eye level that makes them hard to see through from outside, especially when I have lights on inside at night. It's cheap stuff too (actually cost less than the curtains my wife insisted on for decorative appeal)
Every time a family member or co-worker sends me an e-mail containing the text of some article, some warning, some factiod, the first thing I do is reference it vs a bunch of hoax sites. I'll typically find out that haox started circulation more than 5 years ago, forward them a link to the site listing the hoax (or more than 1), and succest the 1) check for themselves next time and 2) stop sending me that crap. After 10 years of e-mail, neither has happened.
Many viruses are spread from e-amil you get from people you know (lovebug anyone?). Trying to train people what to look for in e-amil that could be a hoax or virus is like trying to teach a 2 year old not to touch something they want. It's not going to happen without strict discipline and predictable conscequences.
Yes, i'm talking about mandating by law the use of current AV and AS technology, stiff penalties for spammers (far in excess of their profitability, which current can-spam legislation does not do), and power of the ISP to cut you off if your system is not up to date or if they detect and confirm active and specific virueses coming from your IP address.
We also need a blacklist of know bad net addresses, those run by phishing scammers and such, and we need to implement either challenge response e-mail or some other back traceable e-mail technology so that address spoofing an e-mail becomes impossible. As for international addresses, they should be blacklisted automatically unless they register with an international body created to confirm the site is for a legitimate business.
Another neat trick? make web server code read-only and put it on a flash based read-only OS platform. You can't hack it if you can't modify it... Data presented by that web server should be on a back-end server behind a firewall and only writeable by administrators. That allows the data to be flexible, but remain secure.
Slashdot Mirror
The item is agruable being purchased within state boundries. This was already challended with mail order, and the state CAN collect taxes on items purchased via mail order or the internet. this is not an interstate transaction as only 1 state is collecting taxes, not a state collecting taxes from another.
besides, congress would likey approve this measure as they;re already working on a national internet state-to-state tax system.
Now, why waste all this money teaching kids about basic internet safety on social netowrking sites and such when we should be requiring by law that these sites police their own clients, eductate their own users, and have liabaility when a predator does manage to pose as a 15 year old...
Also, we need to start mandating basic computer SECURITY, which is a MUCH bigger problem and affects many more people than the few dozen active child predators operating on the net do. Sure, there's not a comparisson for the viciousness of the crime, but a few billion dollars to save a few hundred kids vs. the same few billion dollars to secure all the PCs in america and save hundreds of billions in identity theft costs for hundreds of thousands of americans? Priorities people... It's the government's job to protect "the people" it's your job to protect "your kids."
How about a law simply requiring that: 1) every PC with an ISP connection must have current model year legally licensed AV and AS spyware (pick a vendor as long as it passes independent security testing). 2) every PC used by a 15 year old or yougher person can only access a whitelist of site presented by a national comittee or registration system (which can be added to by the parent) 3) every site in the USA that permits users to interact with each other, permits user submited unfiltered content, or displays content unfit for children must have a process in place to guarantee that clildren under 18 can not connect without 3rd party authentication and parental signatures, and can not directly interact with adults. Activation of any account should require postal mail confirmation to validate physical addresses and user identities.
If junior wants a facebook account, Mom and/or dad have to confirm his account, Facebook would send a letter to the parent's address which would comtain an activation code to be entered on the site. Facebook also confirms the SSN of both the parent and the child with state or federal records to prove said child exists. Facebook would be legally responsible to make sure an adult never gets a child account label (poses as a kid) and all chat between teen accounts should be scanned for innapropriate content by software, and upon certain triggers, facebook moderators should review the chat logs and if they deem necessary contact the parents.
No part of Tangible infers resalability. You can't legally resel a Big Mac, but you still pay tax on it...
Let me quote you a few things from our constitution:
Section 8 Clause 1: "The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;"
10th Ammendment: "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
It has been rules that "the Congress" is both inclusive of the Congress of the USA as well as individually those of the states. This is further backed up by the statement that "Imposts and Excises shall be uniform throughout the United States" where it also in the constitution specifically denies the states from passing imposts, excises, and duties.
The idea is that states may pass taxes basically as they see fit. For virtually any reason. There are some implied protections from unfair taxation, but those loop back to race, creed, poll taxes, etc.
The only protections you have from tax is that you can elect replacement congressmen to change the laws you think are unfair, you can demonstrate in public to get your word heard, and you can challenge the law in court.
Fact is, an item, regardless of what it is, if bought can be taxed based on a percentage of the cost of the item, or based on a fixed doller per item ammount. They can add this tax in ADDITION to sales tax if they see fit, and if the language of that tax does not descriminate against any protected group (race, creed, military service record, etc)
Also, someone else argued that the government owns no part of the internet, has no costs associated with it, and that this tax would not have a specific collections purpose. Well, 1) the tax doesn't require a purpose, it could sumplement the general fund. 2) the government DOES have a cost, and they DO own a part of the internet. 3) you can also factor in public education, school computer training, county library systems, infrastructure upkeep (underground pathways that lines are buried in are owned by the city, not the telco). I could go on...
California is looking to pass this law to help raise money to educate people about fair use, legal use, copyright infringment, and more. The additional revenue will also go into other programs and the general state fund if enough is raised.
Currently, you are ALREADY required to pay tax on songs purchased from iTunes. Since iTunes does not support direct taxing by zip code, there's a line item in your Califirnia state tax return for internet purchases, and you're required to sum up the total of all your online purchases that you didn't already pay sales tax on and state the ammount so you can deduct the taxes from your return (or pay extra if not getting a return). this law would simply require Apple (and others) to collect this tax for you.
Actually, Zombie Alice inside the corp network would try to spam outgoing on its own, if that failed, it would collect a list of e-mail addresses from the corporate network (or just Alice's machine if that's all it can get to) and it would connect to the bot cloud, and distribute the e-amils to not only bob, but a few dozen other bots that were connected at the same time.
I do know how these bots work. I've used ethereal to trace their activity, and MANY bots don't just have a single mode of operation, they can fill multiple tasks, and the bot network has control over what priority each bot's activity is set to and helps determine if a bot does anything at all, just waits for instructions, performs DDoS, spam, collect data, infect other PCs, etc.
Remember, bots make money. If an infection is made, the bot needs to evaluate what it can and can't do from that point. it's then able to do only those things (unless something changes, which they periodically check for).
No, not all bots are this inteligent. Some of them don't even do all these things on their own (few have more than a couple of tricks), but once an infection is made, some bots do nothing more than download other bots... actually, that's how the bot network eveolves. The controller makes a new, better bot, and all the existing bots can connect and dowload improved versions of themselves. This is why they're so damned problematic. There were over a hundred versions of Storm out there (some original, others hacked copies redistributed by others).
um, it's not like there's a "search for pics including kiddies" link in Google's map system. You have to know an address, then search for it, or at least in a vicinity of it, then zoom in and look at street view in tiny increments.
Since the images are primarily shot between 9 and 4 on weekdays, the chance of their even being a kiddie in your yard is slim, more over when you factor the chance of one actually getting snapped at that moment the google van passes, once every year or two.
Also, child predators hunt in their own back yards. (the small handful of them that currently exist in the USA). They already KNOW where your kiddie is. They don't need google. All they have to do is follow a school bus...
This is NOT a concern...
Besides, who's to say the surveyor didn't snap a pic with your kiddie in it, and you can allways ASK FOR IT TO BE REMOVED.
Better yet, if your kiddie is outside,m you should be FUCKING SUPERVISING!
Where I agree that cataloging certain types of information for the use by other people may not make sense, fact is, that information, pictures and all, is already cataloged... Google is just making it easier to get from a map to a landmark without having to look in multiple databases.
Granted, I'm not thrilled my home is out there for everyone to look at, but then there's the question, who's looking?
Do you know of anyone who simply types random street addresses into search engines to see what might have been going on at that spot sometime between 3 and 36 months ago by looking at a grainy image, and you don't even get a date to corelate the image to? The only people looking at google street view are people who have an interest in going to an address very close to yours... Even if some bozo in alabama looks up your pretty home in PA, what's he gonna do with that knowledge? he doesn't know you, likely will never enter your town, and likely you're not in the picture anyway...
I might suggest google stick to pointing their cameras forward only, except where there's a sign, landmark, public structure, or some other worthwhile landmark to record. They don't need to run down every random street and have perfect images of each house. The view looking forward usually provides all the landmarks one needs in rural areas. I coul dunderstand taking a shot of an intersection from every direction, but if all there are are houses on a street, I don't need a pic of each one... If I'm going to someone's house, they can describe it to me...
LOL. giant, hard coded, unthinking, gun toting robots to the rescue!
I love the pig idea, but goats are better... they'll eat the clothes, belt buckles, even the spent ammo too!
Although it could spam another zombie, the idea it the bot net would know which zombies could and could not forward SMTP directly, and would forward messages to those bots for retransmit upstream. They send on port 80 or whatever to get outside the network. From their, redirect servers (other bots) can filter the messages out to poty 25 relay servers or anonymous relay hosts and spam anyone in the world.
...or, you have to be able to send information somewhere that CAN forward on port 25. The bot nets have a very limited, but yet inteleigent central reporting system in place. Each bot can connect to a central node (usually hundreds of redundant nodes in IRC chanels). They can not only recieve comands (who to DDoS for instance), but they also recieve a listing of bots that have been able to open port 25 successfully, and they send to these bots their lists of e-mails they've collected.
The idea is port 25 is blocked by almost every firewall, except for the local mail server. The mail server does not accept incoming relay on port 25 from internal hosts (unless it;s exchange 5.5 and the admin didn't know to turn off relaying, which was a default on setting).
To spam someone, port 25 has to be open somewhere.
It's not really this simple, but it is basically how it works.
They use common ports to communicate. Some of the more sophisticated bots are actually a set of different viruses working in concert, some to infect mail and web servers and open ports appropriately, others to collect date, others to spam.
SMTP doesn't even have to be the default protocol. They can send e-mail content through a telnet session, or SSH. They could even FTP e-mails. All they need is somewhere to send it, and that information they get from the bot network.
The fact that I can send an e-mail on port 80 to a system outside my firewall and receive that e-mail in a gmal account is NOT irelevent. It's exactly what a bot would do. Mask port 80 traffic, connect to a mail relay that accepts incoming on port 80, give it a destination address and the relay sends it. The outgoing SMTP from the relay would be 25, so the next server in the chain on the wai to gmail passes it on...
This would be caught by a packet filtering technology. However, if the recieving bot was not in fact a mail relay, but an application on a server that accepted incoming text, formatted to look like HTML traffic, then converted that text to an e-mail and handed it off internaly to an outbox on either an infected or purpose built server, then packet filtering would NOT catch it.
Not every bot sends data directly to it's target. Many bots simply relay information around to each other, building lists, and infecting when possible other machines. The more infections, the more powerful the network, and the faster it can grow.
Basic memory protection yes, but that's not really what I'm refering to. I'm talking about noexecute memory spaces, which prior to SP2 in XP, an application inside a file (say jpg) could launch. In Unix, this has been forbidden since day 1, and requires no hardware level support. This is one of Windows critical flaws.
Also, Even Vista just now has launched Protected Memory Programs, a special program with a certificate that allows the OS to prevent other applications for seeing inside that application'as memory at all, or watching what it's doing. unfortunately, this also PREVENTS virus scanners from seeing inside this memory. There's a certificate needed to ruin the program, but if that could be forged, or if a protected app can under a buffer overrun vulnerability, then we'd be screwed.
In OS X, one application can not access another application's memory space, not even for read operations, unless that application places its data in a shared memory space. Even the kernel copies portions of itself into these emory spaces instead of using a shared memory resource so if a program crashes, onlt that copy dies, the core is uneffected. Vista and XP do this for a lot of applications processes, but it's still possible to kill the kernel by killing a program badly. OS X only goes down if there's actual bad data in the kernel (an actual kernel bug, or more likely, faulty RAM chips).
Also, because of the way memory is assigned, and the walls drawn around programs, most traditional viruses are simply impossible.
There are ways to hack a mac, and rain root permissions, but a human needs to do this (though a web page might open the door if a dumjb user is on the other end) Once in, they could change passwords, mess with stuff, install applications, but anyt background services, like a bot, that they might wish to install, could be easily discovered by a virus scanner, and may even be readily obvious to a user.
Actually, a piece of code authorised to run can open a port, provided it's tied into the appropriate systems, and could very well send SPMT traffic over a telnet connection disquised inside HTML packets on port 80. The point is, the program can't run as a background application and interface with those ports unless it reports itself appropraitely to the operating system. If it does that, any definition based virus scanner could quite easily identify it and remove it.
Applications in BSD and most other unix systems need special permissions to fork other code or interact with other files or system level priveledges not explicitly permitted to them. If a file is associated with Microsoft Entourage, then a virus would not be permitted to interact with that file unless it was granted the proper aditional associations. It similarly can't open a port outgoing from the mac at all unless it's been added to an IPtables or mac firewall exception list. Any of these require user activity to allow, and most require the launching of an apple installer package (who's job is to control this type of thing directly since applications don't have rights to modify these settings poersonally). Thus, you open a pic in an e-mail, and suddenly the apple installer launches, and presents a "we're about to install X, after entering your keychain password, click next to continue" I think most people understand iPhoto is already installed....
It is stupidly easy to send out spam with our current E-mail technology.
The point is not to pay the 25K and be done with it. once they do, it sets a legal precenedt, and then 300 million americans can also sue and expect payment...
Besudes, it's the principal of the thing. Even if it was for a buck, I'd counter sue myself just to help stem the flow of frivilous lawsuits from trolls.
It's not the resolution, it's scope of the image, and what the image was intended to capture... Google certainly doesn't care to have 12MP images that someone might be able to xoom in on enough and see naked people, it's not their intent so why would they waste the bandwidth and disk space... Other people, that's for a judge to decide.
Actually, the Borings only own a small portion of the road, not the whole road, acording to their lot record. They only have 1.86 acres, and from the satelite overview and scale, they can't possibly own the whole thing. Because it's owned by more than one person, it's simply a privately maintained road, but not private property, and thus open to Google and the public.
There have been cases brought and lost about the secrecy of individuals (celebrities) going to places they want kept secret. Fact is, they lost those cases except in those which personal health information was released. The fact they went to a rehab is public knowledge if they took public roads to get there, and the front door was in plain sight of a public street... What they're in there for, that's private.
However, for sensitive places, it's not impossible for google to stop in front, and wait for an op to snap a picture when no one is in frame. If they make a mistake, a takedown request can easily be made...
What they're doing is certinaly not unethical. Anyone can walk or drive by and see you no differently that they can on google, except on google, the image only updates every few months or years, and the chance anyone is actually even in the image is slim. They're also blurring faces on request in public places, not just removing private images.
The intent of this system is to be able to see signage and landmarks that can not be seen from satelite. It;s a great convenience, and any complaints about not keeping your shades closed, well, what are you doing inside your house that's so prvate, but yet the shades are open?
So what's different about port 80 gouing through a proxy server vs traffic on port 80 from a known internal IP from DHCP or a static host? Unless the proxy is using a whitelist, it's going out anyway...
I just powered up my linix box, which is outside my firewall in a DMZ, did a port redirect from port 80 to 25 internally for sendmail to listen on port 80 for communication, edited the settings in outlook to use SMTP port 80 instead of port 25, turned my firewall to only allow port 80 outgoing and no incoming traffic, and I just sent an e-mail to myself through what copuld essentially simulate a receive and forward bot on someone elses PC, and my client used port 80 to do it, which would not be blocked...
Almost every bot in the cloud does exactly this. The ones that don't already use your local mail server to forward mail (the cheap easy to spot bots) use their own SMTP engine on custom ports. Some of them even encapsulate that further into HTML traffic to further mask the activity, and have the information filtered through other bots via IRC or other known infected servers in the network.
Firewalls, even those with packet sniffing, can't stop this activity.
And unless that firewall supports packet sniffing and protocol discovers (starting cost about $20,000, for with I've seen one single company in my career posess such a device) then how exactly do you tell the differnece between web traffic on port 80 and SMTP traffic e-mailing through a relay bot on port 80?
You can filter port specific or IP specific outgoing traffic, but every virus writer knows how to get around this...
Well, since DEP is integrated first into Windows XP SP2, and did not exist in prior versions of Windows, than that means every peice of code running in an older version of that OS (exclusing some server editions) was not executed in protected memory. Further, DEP in Windows requires the presences of supported CPUs and chipset technologies. If you run even Vista on a PC and have DEP disabled in the Bios, then applications can escape protected memory.
When you write code for the mac and compile it, the COMPILER inserts the code that allows it to integrate into the OS, with the exception of code that runs in protected memory spaces. Yes, you can write a simple app and run it, but getting that app to access system level resources, protocols, APIs, and data from other applications requires SPECIFIC code and tight controls, and it's the OS that handles those interactions, not application to application as can happen in Windows OS. The OS kernel has all the power in Mac OS X. Nothing can happen without it's permission. Executing simple code inside protected memory is allways permitted. That code attmepting to access anything else, allways denied, unless it follwes specific rules. Viruses can't follow those rules and still be considered viruses.
In OS X, file system access is controlled by the kernel. The things viruses do in Wondpws to avoid deletion violate kernel rules in unix. Rootkits can only be created in OS X by an application launched with root permission by a usewr logged in as root. Since in OS X you can't log in as root, you can only su- to root, and even that can only be done at the comand line, this means nothing in an e-mail or web page could ever get that permission. The user would have to dowload the application(virus) and run it, then grant it that permission by entering their keychain. Mac users know the keychain is a very precious thing, and should not every be requested to use it on a web page or e-mail, it;s reserved for key system level changes and for installing programs. e-mail doens't do that...
Windows does not have this level of protection, or obviousness of malicious activity. Since e-mail can open a web page that activates an active-x or java script, and those scripts can edit registry permissions when logged in as admin and then further allow disk activity with those changes, a user running as the default login can't protect themselevs from this type of action without 3rd party integrated software that does what the OS should have done all by itself from day 1.
tresspassing, maybe, if in that state law specifically labled the road as private property, and unlike most other staets, had no provision for access otherwise.
In this stae (SC) as well as most others a private road is still open to public to walk or drive down, they just can't stop there, loiter, get a permit for a public event, etc. Even if it's a driveway, people have a right to pull into it to turn around, and that's not considdered tresspassing. If it's private property, but an easment was granted to someone who own or leases a small portion of the bigger land, then that road is still considered to be open to public use in most places. (In this case, the owner of the house does NOT own the land the road occupies. They have 1.86 acres, but the road clearly occupies more land than that, so it's not event "their" road)
As for privacy? A photo of their house is already on file in the local surveyor's office, and another posted has a link to it. It's already publically available for free to everyone.
What's even funnier is now that this is a public case, and it's printed in the papers, their property and images of their home fall under journalistic protections as it's considdered a "celebrity" site, and now ANYONE can photo it and actually get PAID for the images, without needing permission. That just makes me laugh harder at these idiots.
sure, but those technologies are not intended to see the outside of your home casually. They're intended to be invasive. Current laws support this as you may be abl;e to take a pucture, but doing so with a zoom lense or image enhancement is still illegal... If the intent is to picture the structure, and you get something inside in an open window that's fine. Framing the picture specifically to see inside through it (the window takes up most of the framed shot) is considdered at best vourism.
These x-ray style devices will also be highly guarded by the FCC, and I doubt that regardless of how cheap they get for military use (hahaha, right, I know...) they'll not be common consumer components. Anyone posessing one snapping shots in a residnetial neaigborhood will be at risk of prosecution.
Not at all. I can see out just fine with the angle of my blinds, and I get lots of sun. The polarizing film on my windows (that also acts as hurricane protection) lets sunlight in fine, but gives my windows a tinted sheen from eye level that makes them hard to see through from outside, especially when I have lights on inside at night. It's cheap stuff too (actually cost less than the curtains my wife insisted on for decorative appeal)
Every time a family member or co-worker sends me an e-mail containing the text of some article, some warning, some factiod, the first thing I do is reference it vs a bunch of hoax sites. I'll typically find out that haox started circulation more than 5 years ago, forward them a link to the site listing the hoax (or more than 1), and succest the 1) check for themselves next time and 2) stop sending me that crap. After 10 years of e-mail, neither has happened.
Many viruses are spread from e-amil you get from people you know (lovebug anyone?). Trying to train people what to look for in e-amil that could be a hoax or virus is like trying to teach a 2 year old not to touch something they want. It's not going to happen without strict discipline and predictable conscequences.
Yes, i'm talking about mandating by law the use of current AV and AS technology, stiff penalties for spammers (far in excess of their profitability, which current can-spam legislation does not do), and power of the ISP to cut you off if your system is not up to date or if they detect and confirm active and specific virueses coming from your IP address.
We also need a blacklist of know bad net addresses, those run by phishing scammers and such, and we need to implement either challenge response e-mail or some other back traceable e-mail technology so that address spoofing an e-mail becomes impossible. As for international addresses, they should be blacklisted automatically unless they register with an international body created to confirm the site is for a legitimate business.
Another neat trick? make web server code read-only and put it on a flash based read-only OS platform. You can't hack it if you can't modify it... Data presented by that web server should be on a back-end server behind a firewall and only writeable by administrators. That allows the data to be flexible, but remain secure.