The things that the FBI have done over the years just boggle the mind.
Have you read the letters they sent to suspected mafia leaders posing a activists...and vice versa? FBI has the docs here https://vault.fbi.gov/cointel-...
Funny how all the good bits are buried and really bad copy....very hard to read. Not like the crisp version of the same you can find elsewhere (didn't find a text copy): http://www.thesmokinggun.com/f...
"Dear Hoodlum Leader: Ever since I read in our paper the Worker..."
tbh, I hit comments to basically say what you did.
This is a true hack deserving of the most venerable and Holy use of the term. I don my hat as Discordian Pope to call forth the name of Saint Utku Sen, Poisoner of Rats.
I am cloning the repo myself the moment I finish typing this. This is wonderful, I hope he "pays" the ransom. I hope him "paying" the ransom ends up everywhere. I hope CNN carries the fucking story and does a 20 minute piece on it.
Only good can come of this....Ransomware Authors are now getting dick slapped by the very apathy and greedy corner cutting that has had security guys ripping their hair out trying to get people to understand the dangers of.
You mean.... idiot criminals with moderate to no coding skills are going to think they can make this work and are going to try to.... fix the crypto themselves! LOL! OMG this is wonderful. What is your beautiful secure code worth when some fucktart puts out some shit claiming to do the same thing for free? HA! Your secure code is worth dick now because your target audience is greedy fucks who don't even understand how they are fucking themselves.
I bet their profits have gone through the fucking floor since this came out. And the beauty of git is....who gives a shit if the original gets taken down? The Streisand has called the lawyer now.
Every 3 minutes, have someone walk out with a stack of cards with pictures on them, and quickly flip through the pictures fast enough that they will certainly have to pause and rewind a whole bunch of times.
Make sure to randomize the number of cards, contents of the cards, and interval between showings. Make sure lots of them contain pictures of people in skimpy clothing or body suits. Include pictures of scantily dressed hairy men.
For maximum effect, each card should have 4 pictures on it, and be shown for less than 2 seconds max. Better yet, change the speed of flips with pauses of up to 5 or 6 seconds on one card, then flip rapidly through 5 or 6 cards....repeat.
Then, copy the whole film, and spice the whole copy on the end, backwards.
Yes but its not brute force. Some of these things are orthogonal to each other. You can not understand magnetism and thermodynamics to the point that you think your crazy idea works, yet still not reject all of modern physics well enough to contribute to other fields in your mad quest.
I was going to make up a fake example....but I realize I have one.
A while back I had a passing interest in water torches. What is a water torch? It is an oxy-hydrogen torch which uses electrical current to produce its input gasses via electrolysis. The real upside (for me) is that there is no need to store dangerous gasses, as they can be produced and used as needed. These are actually produced commercially, and have been for many years, you can buy one off craigslist for a few hundred bucks.
Problem comes in.... some people believe that they can produce some sort of free energy device by feeding oxyhydrogen gas into their car that they make from their alternator.... stupid....I know.... but, if you want to do this, a very natural first step is to make an oxyhydrogen torch to test your oxyhydrogen generator.
In fact, if you wanted to look at this as a DIY project....good luck finding many people doing it who are NOT these special car free energy crazies. However, they really have produced a lot of good info....in spite of their own stupidity.
So its not brute fore, because the problems they are solving are real, its just the problem they are trying so solve isn't....which means.... they will never stop solving problems trying to solve it....
> My second thought is, "do they know that managing a private cloud configuration is harder than managing a workstation, and generally requires sysadmin skills?"
But that is the whole point....since its offered to you as a service, you don't need any of that. They want to lock you in to trusting them to do all that work competently and to respect the privacy of your data, and trusting them to not go under/shut their servers off tomorrow.
Its all about lock-in, in the name of providing convenience.
> But to me, there is no killer feature here. The closest thing to killer feature is nearly instant developer environment replacement.
Exactly, and....big whoop. Oh wow you saved time...um on average once every couple of years per dev? 90% of this issue is already solved by using revision control with a remote repository. Now all you need is to reinstall your dev tools and clone a repo....at most you lost back to your last push.
The sad part is, you could probably accomplish the same thing by requiring them to implement data access fire walling, since most will probably buy the canned 'solution' that comes to market cheapest and fastest, with the least amount of code review or thoughtful design.
When it ain't broke, why "fix" it? What boggles me is that everyone sees something new and thinks "improvement". If what you have does 90% of what you need 99% of the time..... how much change and overhead is justified to fill that gap?
I want my code on local storage, doesn't matter what I am doing. I want the tools I use to update my code on local storage as well. I care less about whether I can fully test locally. I care a lot less about wiz-bang editor features.
IDEs are nice, but, syntax hilighting and code folding can both be done by VIM, along with all the features of VI.
I am not a web developer, I moved from shell code to ruby. I still do it all in vim. If I do something in Java, I might install eclipse or something again.
I would never even consider a web based editor for anything because, it violates the requirement of all local storage for both data and tools. Cloud storage is fine for backups and storing git repositories.
> I approve of his actions. Why would I want to inflict upon him pics of a large, nude, hairy man?
1. Because even large hairy men are sexy to someone? 2. More importantly: Its being monitored.
I want to encourage every person out there.... if you approve of Snowden, then fight asymetrically!
Every hairy dick pic you send him is one hairy manpole for ed snowden sure, but how many spy agencies monitor his communications and must ALSO see your cock?
Think of the big picture.....send hairy cock to snowden for great justice!
I would bet dollars to donuts that some portion of them are traps. I would, in fact, bet that all of the following statements are each individually true:
1. Some portion of them are spys trying to get close to him 2. Some portion of them are gold diggers hoping to get spy agencies or media trolls to pay them 3. Some portion are girls who are drunk political nerds showing appreciation 4. Some portion who just want to troll him and may or may not be women or men themselves.
For protecting us from these dangerous spelling errors and ensuring fat paychecks for the private swat teams, security services, and cheesy gadget manufacturers who rely on your steadfast gaurd to line their pockets.
Is anyone else reminded of the old Playboy spread from the mid 90s that featured a model inside a DIGITAL data center? As I recall there was some butthurt about this at the time because there were supposed to be no cameras in that DC (and apparently there had been no permission given).
Though, in that case, it was just some pictures of server racks (and hers, of course) but its funny to cameras in datacenters coming up as (possibly) a real issue all these years later.
who would make it is hardly relevant. We are already seeing the effects of this.
Legal aids are my favorite example. Its used to be that Laywers would hire an auditorium full of aids just to help with a single high profile case. Any big case had many people working on it. Now? That entire room of people is replaced with a handful of people on computers.
30 years ago you could graduate from college with any old degree and get a job. The majority of those jobs are just gone. Either made so unskilled that no degree is needed, or so centralized that very few people actually are needed to scale.
I don't have to think the Luddites answer was correct, or really anything but stupid to recognize that the problem they identified was visionary and so far ahead of its time that it was ridiculous, when they proposed it.
When I worked at a local University, I had been browsing Phrack Archives and noticed a list of all known VMS nodes. It included some of ours, and, as I remember, one of them was still in use. Since I left in 2005, and the machine was not decommed until a few years after that (or so I heard), it could have been going 18 years or more.
For as much of a technophile as I really am; for as ready as I tend to be to adopt new technologies and connect things to the internet.... there really are a few things I am perfectly happy to use older tech for....and my home heating is one of them.
A bit back I needed to shop for a new water heater and saw some with an optional feature to wifi enable the water heater....all I could think was..... NOPE!
This, in fact, even as a non-shareholder, as an American Citizen I feel endangered by their reckless law abiding and feel they should be liable for damage resulting from not doing their due diligence to oppose abusive power.
> Aha. That's going to go over really well after both Google and Apple have already long purchased some prime Manhattan real estate
If that is there price then that is their price. If they can't walk away from that investment, then they are owned by that investment. What is better for the long term good? Caving? Or publically walking away and telling Manhatten to suck an egg, they are not more important than liberty?
Its their investment to do what they want with, but its better to own your investment than let it own you.
You know, back before 9/11, when websites were "cool". I remember the gaffaws we had looking at the FBIs infamous "10 most wanted" list. Remember that? Seems like a lifetime ago doesn't it? A whole 15-20 years.
They couldn't even come up with a top 10 list that was the least bit scary. The only "terrorist" on there set off a bomb...at night... when nobody was around. The rest were mostly various drug dealers, including some dude with really wild hair who was (big shock) the one acid dealer.
So basically, the threat was a joke then, and well... I don't see many bombs going off. I see a large increase claims of plots, but they can't be real because, there arn't enough real ones that ever happened as to justify the ones they catch now.
The point produced a depressing recognition. There's a logic to P2P threats that we as a society don't yet get. Like the record companies against the Internet, our first response is war. But like the record companies, that response will be either futile or self-destructive. If you can't control the supply of IDDs, then the right response is to reduce the demand for IDDs. Yet as everyone in the class understood, in the four years since Joy wrote his Wired piece, we've done precisely the opposite.
This wasn't very hard to figure out that when you look at how easy it is to make weapons. The technicalities of terrorism are easy. You can learn most everything you need at the library and always could. You can build bombs, and you can do it without anyone knowing. Its technical work but its nothing compared to some people's hobbies.
The real question is, why doesn't something so easy happen every day? The problem isn't what is easy, the problem is why would anyone do it. The real enemy is the perception that there is a goal that it can accomplish, and you can't fight that away.
Of course, everything depends on use case. Just being able to find collisions doesn't break all potential uses. It breaks specific use cases where the attacker has a known target and time to work.
It doesn't break use cases where the attacker has an unknown target and little time. It wouldn't break an authentication protocol based on a hash challenge response, since the attacker is asked to offer up his hash, which is checked.
Doesn't matter if he can generate arbitrary collisions then, because he has no target to collide with. If he had the password, he could answer the challenge before it expires.
lol I think 2005 was about when I started getting most of my games through steam. However, I still go to stores and see box software and games, so I assume someone buys it and....I dunno, do they still do that?
I thought the rage now was to sell the DVD with only partial content so an internet connection is required anyway. The DVD is essentially little more than a partial installer cache to speed up the install.
Slashdot Mirror
The things that the FBI have done over the years just boggle the mind.
Have you read the letters they sent to suspected mafia leaders posing a activists...and vice versa?
FBI has the docs here
https://vault.fbi.gov/cointel-...
Funny how all the good bits are buried and really bad copy....very hard to read. Not like the crisp version of the same you can find elsewhere (didn't find a text copy): http://www.thesmokinggun.com/f...
"Dear Hoodlum Leader:
Ever since I read in our paper the Worker..."
Words just fail me. Its so far beyond the pale.
tbh, I hit comments to basically say what you did.
This is a true hack deserving of the most venerable and Holy use of the term. I don my hat as Discordian Pope to call forth the name of Saint Utku Sen, Poisoner of Rats.
I am cloning the repo myself the moment I finish typing this. This is wonderful, I hope he "pays" the ransom. I hope him "paying" the ransom ends up everywhere. I hope CNN carries the fucking story and does a 20 minute piece on it.
Only good can come of this....Ransomware Authors are now getting dick slapped by the very apathy and greedy corner cutting that has had security guys ripping their hair out trying to get people to understand the dangers of.
You mean.... idiot criminals with moderate to no coding skills are going to think they can make this work and are going to try to.... fix the crypto themselves! LOL! OMG this is wonderful. What is your beautiful secure code worth when some fucktart puts out some shit claiming to do the same thing for free? HA! Your secure code is worth dick now because your target audience is greedy fucks who don't even understand how they are fucking themselves.
I bet their profits have gone through the fucking floor since this came out. And the beauty of git is....who gives a shit if the original gets taken down? The Streisand has called the lawyer now.
Agreed, I read the whole thing and I am still looking for the threat. all this is is proof that the FBI pays its agents by the hour.
Every 3 minutes, have someone walk out with a stack of cards with pictures on them, and quickly flip through the pictures fast enough that they will certainly have to pause and rewind a whole bunch of times.
Make sure to randomize the number of cards, contents of the cards, and interval between showings. Make sure lots of them contain pictures of people in skimpy clothing or body suits. Include pictures of scantily dressed hairy men.
For maximum effect, each card should have 4 pictures on it, and be shown for less than 2 seconds max. Better yet, change the speed of flips with pauses of up to 5 or 6 seconds on one card, then flip rapidly through 5 or 6 cards....repeat.
Then, copy the whole film, and spice the whole copy on the end, backwards.
But, if you save that for the directors cut, then they will be the ones who really look like boobs.
Yes but its not brute force. Some of these things are orthogonal to each other. You can not understand magnetism and thermodynamics to the point that you think your crazy idea works, yet still not reject all of modern physics well enough to contribute to other fields in your mad quest.
I was going to make up a fake example....but I realize I have one.
A while back I had a passing interest in water torches. What is a water torch? It is an oxy-hydrogen torch which uses electrical current to produce its input gasses via electrolysis. The real upside (for me) is that there is no need to store dangerous gasses, as they can be produced and used as needed. These are actually produced commercially, and have been for many years, you can buy one off craigslist for a few hundred bucks.
Problem comes in.... some people believe that they can produce some sort of free energy device by feeding oxyhydrogen gas into their car that they make from their alternator.... stupid....I know.... but, if you want to do this, a very natural first step is to make an oxyhydrogen torch to test your oxyhydrogen generator.
In fact, if you wanted to look at this as a DIY project....good luck finding many people doing it who are NOT these special car free energy crazies. However, they really have produced a lot of good info....in spite of their own stupidity.
So its not brute fore, because the problems they are solving are real, its just the problem they are trying so solve isn't....which means.... they will never stop solving problems trying to solve it....
> My second thought is, "do they know that managing a private cloud configuration is harder than managing a workstation, and generally requires sysadmin skills?"
But that is the whole point....since its offered to you as a service, you don't need any of that. They want to lock you in to trusting them to do all that work competently and to respect the privacy of your data, and trusting them to not go under/shut their servers off tomorrow.
Its all about lock-in, in the name of providing convenience.
> But to me, there is no killer feature here. The closest thing to killer feature is nearly instant developer environment replacement.
Exactly, and....big whoop. Oh wow you saved time...um on average once every couple of years per dev?
90% of this issue is already solved by using revision control with a remote repository. Now all you need is to reinstall your dev tools and clone a repo....at most you lost back to your last push.
The sad part is, you could probably accomplish the same thing by requiring them to implement data access fire walling, since most will probably buy the canned 'solution' that comes to market cheapest and fastest, with the least amount of code review or thoughtful design.
When it ain't broke, why "fix" it? What boggles me is that everyone sees something new and thinks "improvement". If what you have does 90% of what you need 99% of the time..... how much change and overhead is justified to fill that gap?
I want my code on local storage, doesn't matter what I am doing. I want the tools I use to update my code on local storage as well. I care less about whether I can fully test locally. I care a lot less about wiz-bang editor features.
IDEs are nice, but, syntax hilighting and code folding can both be done by VIM, along with all the features of VI.
I am not a web developer, I moved from shell code to ruby. I still do it all in vim. If I do something in Java, I might install eclipse or something again.
I would never even consider a web based editor for anything because, it violates the requirement of all local storage for both data and tools. Cloud storage is fine for backups and storing git repositories.
> I approve of his actions. Why would I want to inflict upon him pics of a large, nude, hairy man?
1. Because even large hairy men are sexy to someone?
2. More importantly: Its being monitored.
I want to encourage every person out there.... if you approve of Snowden, then fight asymetrically!
Every hairy dick pic you send him is one hairy manpole for ed snowden sure, but how many spy agencies monitor his communications and must ALSO see your cock?
Think of the big picture.....send hairy cock to snowden for great justice!
I would bet dollars to donuts that some portion of them are traps. I would, in fact, bet that all of the following statements are each individually true:
1. Some portion of them are spys trying to get close to him
2. Some portion of them are gold diggers hoping to get spy agencies or media trolls to pay them
3. Some portion are girls who are drunk political nerds showing appreciation
4. Some portion who just want to troll him and may or may not be women or men themselves.
All of them.
For protecting us from these dangerous spelling errors and ensuring fat paychecks for the private swat teams, security services, and cheesy gadget manufacturers who rely on your steadfast gaurd to line their pockets.
Is anyone else reminded of the old Playboy spread from the mid 90s that featured a model inside a DIGITAL data center? As I recall there was some butthurt about this at the time because there were supposed to be no cameras in that DC (and apparently there had been no permission given).
Though, in that case, it was just some pictures of server racks (and hers, of course) but its funny to cameras in datacenters coming up as (possibly) a real issue all these years later.
who would make it is hardly relevant. We are already seeing the effects of this.
Legal aids are my favorite example. Its used to be that Laywers would hire an auditorium full of aids just to help with a single high profile case. Any big case had many people working on it. Now? That entire room of people is replaced with a handful of people on computers.
30 years ago you could graduate from college with any old degree and get a job. The majority of those jobs are just gone. Either made so unskilled that no degree is needed, or so centralized that very few people actually are needed to scale.
I don't have to think the Luddites answer was correct, or really anything but stupid to recognize that the problem they identified was visionary and so far ahead of its time that it was ridiculous, when they proposed it.
Um maybe....
When I worked at a local University, I had been browsing Phrack Archives and noticed a list of all known VMS nodes. It included some of ours, and, as I remember, one of them was still in use. Since I left in 2005, and the machine was not decommed until a few years after that (or so I heard), it could have been going 18 years or more.
For as much of a technophile as I really am; for as ready as I tend to be to adopt new technologies and connect things to the internet.... there really are a few things I am perfectly happy to use older tech for....and my home heating is one of them.
A bit back I needed to shop for a new water heater and saw some with an optional feature to wifi enable the water heater....all I could think was..... NOPE!
This, in fact, even as a non-shareholder, as an American Citizen I feel endangered by their reckless law abiding and feel they should be liable for damage resulting from not doing their due diligence to oppose abusive power.
> Aha. That's going to go over really well after both Google and Apple have already long purchased some prime Manhattan real estate
If that is there price then that is their price. If they can't walk away from that investment, then they are owned by that investment. What is better for the long term good? Caving? Or publically walking away and telling Manhatten to suck an egg, they are not more important than liberty?
Its their investment to do what they want with, but its better to own your investment than let it own you.
"Military Grade" as in "Got a Grade of A by military intelligence for sale to the public"
You know, back before 9/11, when websites were "cool". I remember the gaffaws we had looking at the FBIs infamous "10 most wanted" list. Remember that? Seems like a lifetime ago doesn't it? A whole 15-20 years.
They couldn't even come up with a top 10 list that was the least bit scary. The only "terrorist" on there set off a bomb...at night... when nobody was around. The rest were mostly various drug dealers, including some dude with really wild hair who was (big shock) the one acid dealer.
So basically, the threat was a joke then, and well... I don't see many bombs going off. I see a large increase claims of plots, but they can't be real because, there arn't enough real ones that ever happened as to justify the ones they catch now.
Seriously, more than a decade ago: http://www.wired.com/2004/04/i...
This wasn't very hard to figure out that when you look at how easy it is to make weapons. The technicalities of terrorism are easy. You can learn most everything you need at the library and always could. You can build bombs, and you can do it without anyone knowing. Its technical work but its nothing compared to some people's hobbies.
The real question is, why doesn't something so easy happen every day? The problem isn't what is easy, the problem is why would anyone do it. The real enemy is the perception that there is a goal that it can accomplish, and you can't fight that away.
Of course, everything depends on use case. Just being able to find collisions doesn't break all potential uses. It breaks specific use cases where the attacker has a known target and time to work.
It doesn't break use cases where the attacker has an unknown target and little time. It wouldn't break an authentication protocol based on a hash challenge response, since the attacker is asked to offer up his hash, which is checked.
Doesn't matter if he can generate arbitrary collisions then, because he has no target to collide with. If he had the password, he could answer the challenge before it expires.
lol I think 2005 was about when I started getting most of my games through steam. However, I still go to stores and see box software and games, so I assume someone buys it and....I dunno, do they still do that?
I thought the rage now was to sell the DVD with only partial content so an internet connection is required anyway. The DVD is essentially little more than a partial installer cache to speed up the install.
> Drones are often deployed in support roles
Is that what bombing weddings is being called now? Support roles, like supporting paid informant's careeers of lies maybe.