10 posts • joined 17 Mar 2010
Surely you jest
I'm sure it was more complex than that.
More like ...
?querydb="'SELECT * FROM customer_data'"
“highly unusual” search command
It'll Just Get Bigger
It'll Just Get Bigger and more cumbersome as M$ throws everything but the kitchen sink into it. Then something innocuous will break it and you'll have twenty work arounds to get anything done that requires six API's and a new protocol or two to make it work. People will need 6GB of RAM in their smartphones just to be able to scan it. They'll also need to install a lite version of SQL Server and a shitload of .net crap and IE will be required, Oh, and you need to have the Windows Media Player Suite with full DRM.
Yes, we've been down that road before.
Who will use it ?
People who take the extra step to use https are not in the demographic that I target. As long as Google doesn't make it easy like a big shiny button that says "Search securely" in place of the good ole' "I'm Feeling Lucky" button, it shouldn't affect my ability to understand what my search engine traffic is looking for.
I don't think G is gonna make it easy. It costs more to serve. Not much but I hear they get a lot of traffic so it could add up fast.
ping ping ping
I bet there will be plenty of subs trying to home in on the splash it makes when it hits and sinks.
I don't mean American subs.
They should put a little secret compartment on it and fill it with dogshit. I can see a Chinese engineering team trying to determine its purpose. Comedy gold.
Anyhow, I hope it goes well. Neat stuff.
Honeypots don't work?
Or maybe being corporate America, honeypots open you up to litigation while detecting and punishing 'thought crimes' does not?
I can build them a normal looking mouse that measures galvanic skin response. A bargain that I am willing to give to DARPA for only $200 million or so.
Ahhhh, the classic 'u needz codec'
Shouldn't be too hard to see which PPV ad account is getting paid for the ads, unless of course that's to distract you from the real purpose of upgrading you into your brand new botnet zombie keylogging PC. Then the PPV trail probably goes cold or points to someone they want to get into trouble.
If it is for PPV revenue, it probably worked waaaaaaaay better than they expected LOL.
His Girlfriends PC LOL
Hmmm... If I connect it to the internet through my PC, they'll probably be able to see my IP....
I'll use my girlfriend's computer and they'll never find me. Muhahahahahaha
I'm so smart.
I read the PDF and I guess this would be something that would be installed in-house after carefully verifying that you didn't get a compromised copy of TrustNet or DataWatch. But then maybe the bad guys find a way to intercept and keep those happy then you have to make "tamper evident" "tamper evident" CPUs. Which will have to be carefully verified before being installed but then....
A clever covert channel thrills me like a Victoria Secrets model. Thanks for the article.
Of all the source code to go for, that is really a clever acquisition. It's amazing that they caught it. Tells me that they keep a close watch on the source repositories.
Where are the vigilantes ?
Ever since I first followed some malware into a rabbit hole in IRC and learned how it was working, I expected nameless groups to use those command and control channels to force cleaners to be installed and run on the target zombies. It's been years and I still haven't seen that happen. I have to wonder why. I've seen bad guys battle each other over control channel usage but no good guys.
Meh, maybe I'm just not seeing it but it is happening. I certainly wouldn't publicize it.