12 posts • joined Wednesday 3rd October 2007 14:59 GMT
What inquiring minds really need to know from WikiLeaks is the precise brand of prophylactic that failed; sort of a "Consumer Reports" function.
Gaming the web 2.0 crowd...
This should be taught in schools...
Speaking of that...
RT@Ofsted: "Primary schools to teach Twitter and Wikipedia"
Pretty much gave up on Yahoo! when they acquired Claria's "database that should have been destroyed."
Here's a good read:
What Microsoft wants from Yahoo
But if you actually want to find something your best bet hands-down IMHO is
The Software Vendor License Agreement
The Software Vendor License Agreement - a counter-agreement for those shrink-wrap or "clickwrap" EULAs (End User License Agreements) software companies make you agree to. Highly recommended reading:
@Rich: Scroogle for "malware for Macs"
First rogue application for Macintosh system
Opener Malware, October 2004 (aka SH.Renepo.A / SH.Renepo.B)
Hackers debut Mac OS X adware
Mac OS X malware latches onto Bluetooth vulnerability
Good read: "Detecting and avoiding malware and spyware"
They provide links to learn more about:
The OSX.Macarena virus
The kernel extensions of the Sony rootkit
OSX.Exploit.Launched (Trojan horse)
OSX.Inqtana.A, which propagates via Bluetooth®
OSX.Leap.A deletes, infects, or corrupts files and attempts to spread through iChat.
Spector commercial spyware
The devil IS the detail
Next it will be that your GPS can be used to unlock your car doors, or your X-Box can disable your home security system, or your pacemaker can be used to give you nightmares, or that RFID tag in your toothpaste tube can give you ED.
"We really must be able to depend on shrink-wrapped products to be malware-free."
Quite a few outfits have been shipping shrink-wrapped malware for years. Complete with EULAs that state that it is unfit for any purpose and limiting your legal recourse.
So far as I know, no malware to date is capable of causing real physical harm. That would be next. That ringtone synched to your theta waves. That subliminal message in that spam that makes you "buy our stuff" and then "assassinate this political figure."
Remember Queensryche's - Operation Mindcrime (1988)?
Precisely what is that image at the bottom of
Coming soon to a toaster near you...
"Consumers will have to be careful with any device that can be connected to a PC, including USB thumb drives, GPS devices, mobile phones, video players, set top boxes, portable hard drives, memory card readers, and eventually even microwave ovens and other appliances, he said."
"Kodak works very closely with our suppliers to see that they have the latest version of antivirus software on the manufacturing systems," Landry said. "We also ask that any PCs in the factory are not connected to the Internet."
Kodak is not among the manufacturers whose products were allegedly compromised by the Trojan horse program.
This appears to be BS ("Business-Speak" :)
The local CVS Pharmacy has a Kodak photo development kiosk. I use it because it accepts USB thumbdrives. When I first used it it was glacial slow, and the storeperson said it had become infected. Another issue was that it was out of a special paper it used in one bin, and I got to observe the boot process. Win2k with NO anti-virus!
My general comment at the time was to always scan your media (memory card, thumbdrive, whatever) when returning from a public kiosk. (I didn't consider Trojan Horses, actually. But that was before the Sony rootkit incident and most people didn't know what a rootkit was.)
I suppose microwaves, toaster ovens, coffee machines and even the lowly toaster will soon have "recipe cards" that can piggyback something that could give you a $30,000 phone bill. Imagine trying to explain that it was your toaster that made all those calls to AnalCreamPieCumFartCocktailAssault.com...
WinXP SP3 ≠ WinVista
Like that "random number generator Microsoft is bundling with (Fistula) SP1 with the backdoor exploitable by the National Security Agency?
Or more "Digital Consumer Enablement?"
Actually, this is completely backwards. It should be
Review: Windows XP
"I have finally decided to take the plunge. Last night I upgraded my Vista desktop machine to Windows XP, and this afternoon I will be doing the same to my laptop..."
I've no idea how LinkScanner does it, but I think there should be a big bat handle toggle switch on the front of the computer. Up - red light - network connected. Down - green light - ethernet clock pulse only; no external connection.
One switch for every NIC in the box. (Remember the reset switch? And how invaluable it was for software debugging? Sometimes the mobo circuitry is there but the box builder omitted the switch/wires/connector to cut costs.)
Anyway, LinkScanner could use multiple NICs paired with multiple web connections and multiple browser instances (even dial-up) to accomplish scanning in a honeypot. One issue is malware targeting specific countries that wouldn't be triggered if you were coming from the wrong country code, and I'm sure there are additional issues because several people think the current trend of these "safe site" apps are rather worthless.
This should be an opportunity
One of our boxes got struck by lightning so we had to enter the new hardware fray. New (cheap & fast) business desktops are Vista preinstalled with maybe no XP drivers available anywhere. Things have gotten real ugly..
1) Use Truecrypt to make multiple levels of encrypted drives WITHIN encrypted drives, that are invisible unless you attempt to open them with the right password. http://www.truecrypt.org/docs/plausible-deniability.php
2) As encryption is supposed to make encrypted data indistinguishable from random noise, claim that the media full of encrypted goodies is actually just a one-time encryption pad made for an exercise. Argument mode engage:
Monty Python Sketch - The Argument http://www.infidels.org/library/modern/mathew/sn-python.html
3) Encrypt the data with multi-part keys with the other key holders outside of jurisdictional reach... and these key holders are children. (Children are classified differently than adults in criminal proceedings because they don't have the capability to reason or understand the repercussions of their actions.)
4) Use AACS / DeCSS to encrypt the keys, dragging the DMCA into the mire...
For extra credit/fun: (Convict someone for non-possession of something!)
Construct an email from an IP-spoofed public access point to someone you wish to accuse of witchcraft, encrypt it, imply that the encrypted part contains state secrets and/or a terrorist plot. Then, construct a reply. Report said persons to the police. They will then demand the keys from the implicated people, but neither party will have access to the encrypted data since neither has ever had the key, however, they will still be guilty under the law for failing to disclose something that they never had, but cannot prove it. (Sink=Drown, Float=Burn-at-stake)
"Thank you for self-identifying yourself and those around you as Freedom Suspects. Rest assured, we are now forwarding your IP information and shoe size profile to a team of black hat pros at HQ. The 414s say hi."