Sciencemadness Discussion Board - more frightening privacy stuff

more frightening privacy stuff

Waffles - 3-12-2006 at 16:00

http://news.zdnet.com/2100-1035_22-6140191.html

FBI taps cell phone mic as eavesdropping tool
12/01/06

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.
The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone."

Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.)

"If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

Check the link for the rest of the article. SCARY.

solo - 3-12-2006 at 16:54

It's time to go back to the pager for incoming messages and take the battery out of phone until needed or rig up a kill switch just like those put on cars but in a smaller scale to turn off all power off until manually turned on...............solo

The_Davster - 3-12-2006 at 17:14

Or wrap it in tinfoil. That should work too.

BromicAcid - 3-12-2006 at 17:27

Just conduct all of the major business in a Faraday cage.

enhzflep - 3-12-2006 at 22:07

And on a similar note, albeit a rather old but effective trick.

If any of you ever have the police conduct a raid/search on your premises, watch the sneaky fuckers with the phone. A long standing technique is to remove the reciever from the hook at the outset. Everything is then recorded.

This makes particular use of the fact that people often say more when they don't believe they're being recorded, relying on the simple principle that "It's my word against theirs, they can't prove it and I won't admit it"

Combined with the initial shock of seeing the boys in blue at the front door, followed by them going through all your treasures.

In short,

a) say nothing incriminating
b) check the phone
c) say nothing incriminating.
d) you can always use the trick agasinst them

Gee it's nice when you know people that used to be cops

chromium - 4-12-2006 at 00:04

I suppose that for mobile phones there is way to know if it is used to spy for you. My idea is based on the fact that mobile phone can not send anything without making strong high-frequency electromagnetic fileds.

Leave your phone near FM receiver and if it tries to send something you immediately hear specific noises from your receiver. Normally, if nobody is calling you, mobile phones connect itself to network once per hour or two and noise lasts only secund or two. If noises last much longer (or are more frequen) then you know that something weird is happening.

It should be rather easy to make electronic indicator that can be sticked to mobile phone and it will make sound or flash leds if phone sends anything out.

Edit: This might not work very well if phone is programmed to send your speech with very low power to special receiver thats placed near your flat...

[Edited on 4-12-2006 by chromium]

neutrino - 4-12-2006 at 03:13

This may be of some use:

How to Tell if Your Cell Phone is Bugged

edit: typo

[Edited on 4-12-2006 by neutrino]

_ P R O O F ! _ of conspiracy

franklyn - 4-12-2006 at 11:17

I LOVE IT ! .

Back in the heday of seruptitious bugging, before everyone got in on the act,
a small appliance that attached to a phone called an "infinity transmitter" or
"harmonica bug" allowed one to dial that phone and with the appropriate tone
disconnect the ringer " hookswtich bypass" so that one could eavesdrop on nearby conversation.

But wait that's not all _

_ P R O O F ! _ of conspiracy
.
So you think your pc is yours alone, well then try this.

In Windows XP open notepad and write this :

" bush hid the facts " ( without the quotes )

then name it and save it.

Now open it and you see that small squares have

replaced all of the text.

Need more proof , see the links in this text file below.

I cannot post these links normally because they will not parse correctly sooo ,
just copy and paste the url 's into the address bar of your browser.

A related post is here _
http://www.sciencemadness.org/talk/viewthread.php?tid=671#pi...

[Edited on 4-12-2006 by franklyn]

Attachment: Links.txt (289B)
This file has been downloaded 1512 times

Twospoons - 4-12-2006 at 14:04

You want a real scare? Go to your Temporary Internet Files directory. Add " \Content.IE5\" (no quotes) to the end of the address bar. See all those funny folder names? They contain records of your web surfing! Notice how you cannot delete them? See the file called index.dat? Thats got every URL you've ever visited.
You can get rid of all this stuff, though. There are some pricey bit of software out there that do this, but the one I like is cheap - called "PurgeIE". Seek and ye shall find ...

I only found out by accident when my virus scanner picked up a virus in one of these secret folders - and I couldn't see the folder in IE (show hidden files / folders was turned ON!).

Are you all aware that Outlook never actually deletes an email?

[Edited on 4-12-2006 by Twospoons]

enhzflep - 4-12-2006 at 20:23

Frankyln:
"So you think your pc is yours alone, well then try this.
In Windows XP open notepad and write this :
" bush hid the facts " ( without the quotes )"

"Pfft. Yeah Right", says enhzflep. Who nearly falls over when he tries it and it works as reported. WTF ?!?

Thanks for that one TwoSpoons. I've never once used IE to surf the web on this current installation of windows. Have only used firefox, yet when I went into the dir and tried to arj the file for quick and easy viewing, I was told that I couldn't since it was already open and in use by another program..... Fkn Hell!

Ha, and microsoft wants us to pay for this shit.....

I mentioned it in another thread somewhere, but you'd be amazed if you saw all the extra data that Word stores in a word doc. I personally refuse to use the format, but that's another story.

12AX7 - 4-12-2006 at 22:19

The markup in a word file must be horrendous. I've edited the refuse HTML produced by Frontpage. My work speaks for itself: I reduced a data table totalling 112kB or so to 7kB. Each table entry had complete STYLE data inside it, what the fuck!

As for "bush hid the facts", type it out, actually type it out. Doesn't do squat. I can't tell what formatting Franklyn added, but apparently it applies in Notepad when posted, but is not saved. At least, that seems to work for me.

http://www.hoax-slayer.com/bush-hid-the-facts-notepad.html seems to have some more information.

Edit: now it won't do it for me at all, whether typed or copied from anywhere. Curiouser and curiouser.

Tim

[Edited on 12-5-2006 by 12AX7]

Organikum - 5-12-2006 at 06:57

"bush hid the facts" is an old paranoia hoax - thats a simple MS programming bug.

Whoever uses IE and Outlook gets rightfully fucked, no problem with me here.

But the world needs cellphones with open source firmware for a long time.
Already years ago I was shocked when I found out that the feature on my old Bosch phone which provided the possibility to detect if the connection is actually encrypted (and such would have detected any IMSI catcher), that this firmware feature can be simply turned off by the service provider. And they did after IMSI catchers got introduced to LE.
Further investigation showed that a cellphone is not owned by oneself as one might think. Actually about all functions can be used remotely without notice. It´s scandalous but nobody seems to care.
I dont think this is going to change anytime. My hopes are on VOIP/WiFi taking hold soon and phones with open firmware and software including PGP encryption showing up.

good luck

Far more than you ever wanted to know

franklyn - 9-12-2006 at 19:21

http://www.sciencemadness.org/talk/viewthread.php?tid=7144#p...

Quote:

Originally posted by Twospoons
You want a real scare? Go to your Temporary Internet Files directory.
Add " \Content.IE5\" (no quotes) to the end of the address bar.
See all those funny folder names? They contain records of your web surfing!
Notice how you cannot delete them? See the file called index.dat?
Thats got every URL you've ever visited.You can get rid of all this stuff, though.
There are some pricey bit of software out there that do this,
but the one I like is cheap - called "PurgeIE". Seek and ye shall find ...

I only found out by accident when my virus scanner picked up a virus in one of
these secret folders - and I couldn't see the folder in IE
(show hidden files / folders was turned ON!).
Are you all aware that Outlook never actually deletes an email?

[Edited on 4-12-2006 by Twospoons]

You are not alone others feel your ire and have found a way
Read my post below these links first.

___________________________________________________

http://www.microsuck.com/content/ms-hidden-files.shtml
the same also here it takes time to download _
http://www.devhood.com/tutorials/tutorial_details.aspx?tutor...

Scroll down to post #4 by Anonymouse
About DW15.EXE & DW20.EXE
http://forums.slickdeals.net/showthread.php?t=191508

Of course these
can be deleted, the reason it is difficult is because although Internet Explorer
and Windows Explorer have a different focus they are the same application. You
cannot easily delete a file that is in use by a running program. Don't believe it ?
Do this, open Windows Explorer by clicking the recycle bin icon which is usually
handy on the desktop and click the next level up arrow of the toolbar. This puts
you on the desktop duh. Well anyway, hit ALT[/color] and D[/color] , and type into the address
bar something like www.google.com or www.sciencemadness.org
or whatever you like , and hit enter.
Suprise ! Internet Explorer opens up to that page.
Allright now do this, hit ALT[/color] and D , and type into the address bar of this new
window of Internet Explorer , C:\Documents and Settings\Administrator , and
again hit enter , behold you are now taken to that folder , neat huh.
This shows you the reason there are so many holes in the supposed security of
the Windows OS. It's also the reason an alternative browser means little to your
peace of mind. How's that ?
Your browser stores the content you visited in the cache right !
The cache is stored by and available through Windows Explorer right !
Windows Explorer and Internet Explorer are the same thing right !
I rest my case.

Index.dat files hidden on your computer contain all of the Web sites that
you have ever visited. Every URL, and every Web page is listed there. Not only
that but all of the email that has been sent or received through Outlook or
Outlook Express is also being logged
To obtain permission to access this and other locked directories and view the
contents or just delete what is in there , do this :
Open an Explorer window and click " Tools " at the top and select " Folder Options "
click the " View " tab and scroll down to " Hidden files and folders ",
uncheck " Do not show hidden files and folders ", just below also uncheck
" Hide extensions for known file types " and also
" Hide protected operating system files ( Recommended ) ",
also at the bottom, uncheck the box that says " Use simple file sharing "
click apply and OK.
Now, in your root disk (usually C:\) the hidden directories will show up. But you
will indeed find out that you cannot access them.
Here is what you do next in Windows XP Pro :
Right-click the folder, and click on " Sharing and security " go to the Security tab.
There you will see that the only user allowed to access that folder is "SYSTEM ".
Let's assume your username is " psYchotic ". <- actual author of this tip from here
http://www.geeknewz.com/board/lofiversion/index.php/t2949.ht...
Click the "Add" button, then type "psYchotic" ( without quotes ).
Click the Check Names button. That should change the username to
"OTACON\psYchotic" where otacon is the name of your computer and psYchotic
your username. Check the "Full access" box, then click OK.
Now you have full access to hidden system folders and directories, for
security reasons, on shared computers It's advisable to undo everything you
did and remove your username from the access list.
More details this site here _
http://www.theeldergeek.com/system_volume_information_folder...

In Windows XP Home Edition, you'll have to use cacls.exe, a command
line utility for modifying access control , and permissions , if you do not
have it in your system32 folder , place it there , it is available here _
http://www.computerperformance.co.uk/ScriptsGuy/cacls.zip
How to Gain Access to the System Volume Information Folder
Hit the Windows Key and R , type in " cmd.exe " without quotes and press enter
At the command prompt type the following with the quotes :
cacls.exe "C:\System Volume Information" /E /G username:F
The above command assumes that the current Windows installation is in C:\ If not,
change the drive-letter/Path accordingly.
Substitute for " username " your own account name, this is added to the ACL and
grants you Full Control.
After cleaning it out, the following command removes your username from the
access control list:
cacls.exe "C:\System Volume Information" /E /R username
In this case you D O use the quotes ( this allows DOS to recognize the spaces in
the folder name ) and " username " is your windows account without quotes.

or use this utility here that also will modify Permissions _
http://www.dougknox.com/xp/utils/xp_securityconsole.htm

Another way shown here _ http://www.nearlyclever.com/?p=4
To gain access to hidden areas of Windows XP and Windows 2000 - Part 1
Do you know that there are areas of Windows that the Adminstrator account
can’t access? Have you ever tried to see what is in the
“ C:\System Volume Information ” folder? Would you like to know?
Viruses are starting to hide inside areas of the files system that users can’t even
get into, such as the “ System Volume Information ” folders.
Here is a simple way to access these areas.
First, as an administrator, you have the rights to request that the system execute
commands on your behalf. One such request is of the scheduler service, which
runs under the SYSTEM account. By scheduling a interactive command session,
you run programs under the SYSTEM account.
1. Open a Command Prompt ( Windows Key and R , type in cmd.exe press enter )
2. Type the following: " at time /interactive C:\windows\system32\cmd.exe "
. (without quotes ) replace the word time with the time you want the
. command to execute. ( I usually just add one minute to the current time.)
3. After running the above command, a second cmd.exe window will appear.
. However, it will be running under local system authority. Notice the title bar
. " C:\WINDOWS\System32\svchost.exe " differs from the previous cmd.exe window.
* Note - If this new command prompt does not appear , go to Control Panel ,
System Tools , Scheduled Tasks , there you will see " At1 ", right click
this icon and select " Run " first on the pop up menu. Now you have it.

Continued here _ http://www.nearlyclever.com/?p=17
To gain access to hidden areas of Windows XP and Windows 2000 - Part 2
In part 1 of this Howto, I explained how to get windows to open a cmd.exe window
running under the SYSTEM account. This is the highest set of rights on a Windows
system, the system itself. Due to the dangerous nature of this state, please be
careful. Windows has many safety checks in place to protect even the vaunted
Administrator account. There are no safety nets with the SYSTEM account.
Ok. Let’s get started. Most of us like using a graphical shell, so let’s run explorer.
Type in explorer.exe at the cmd.exe window running under the SYSTEM account.
Hmm…. What happened? Well if your screen looks like mine, nothing happened.
Explorer has a built in check to make sure that only one instance runs at a time,
even under the rights of another user. How do we get around this?
Thank goodness for Internet Explorer! ( I can’t believe I said that )
Internet explorer can browse your file system with ease. ( remember it's the same )
Type this “C:\Program Files\Internet Explorer\iexplore.exe” at the command prompt
WITH THE QUOTES.
In the address bar, type in C:\ Now we are browsing as the SYSTEM account.
* Note - Actually there is a way to have multiple instances of explorer running
Click " Tools " at the top and " Folder options " then " View ", scroll
down and check " Launch folder windows in a separate process "

This next tip is from here _
http://windows.ittoolbox.com/groups/technical-functional/win...
Explorer has a folder called " System Volume Information ", where the restore
points of the System Restore function are kept. A 40 gig hard disk, inexplicably
nearly full, after checking all the directories there is nothing evident to
explain the loss of free space. The only possibility is the System Volume
Information directory, which is locked by NTFS permissions. Disabling System
Restore and rebooting did NOT return the free space and nor did using the
System Restore cleanup function of Disk Cleanup. After enabling access to
inspect these folders sure enough, there was nearly 30 gigabytes worth of
disconnected system restore crap in there. Deleted all to recover the space,
then enabled system restore again and created a new restore point.
( I recommend shutting off XP's system restore and using ERUNT instead,
described further on below here, but read on )
A warning to everyone using Windows XP with the NTFS filesystem who can't
account for their disk usage, that it's probably the " System Volume Information "'
directory. Temporarily disable System Restore, and clean out that directory. It
appears that just like Internet Explorer's Temporary Internet Files. When files
get disconnected from the tracking mechanism, they pile up and are never
removed.
When Window's user settings cannot be repaired it is because of faulty or
malicious entries in the registry. If, unknown to you, you've had some maloderous
excreta deposited by a " drive by installation " and now need to reposess control of
your system. You can do so by having first created an initial ERUNT backup when
your PC is running just the way you want. Go here for a tutorial on how to use
the " ERUNT " " Emergency Registry Utlity NT " to save backup copies for replacing
the entire registry. This is much more elegant than the bloated Windows System
Restore, which you can then deactivate. ERUNT with instructions for use is here _
http://www.winxptutor.com/regback.htm

http://www.softcows.com/windows_washer_delete_indexdat.htm
How else can you manually delete Index.dat file ?
The index.dat files are used by Internet Explorer and Windows Explorer. Since you
cannot delete a file that is in use by a running program, if you feel you need to
delete these folders, you will have to shutdown all instances of Explorer and IE. This
includes applications that may host the Webbrowser control: Outlook, Messenger,
IE, Product Studio, Visual Studio, Help, Windows Media Player, etc. Your best bet
is just close everything. When you are left with a desktop and a start menu, you
will still need to shutdown Explorer.

1. Close all open programs.
2. Open a Command Prompt ( Windows Key and R , type in cmd.exe press enter )
. and leave it open.
3. Press , CTRL SHIFT ESC together or just right click the taskbar and select Task Manager
4. To shutdown Explorer go to the Processes tab of Task Manager and right click
. Explorer.exe and select End Process
5. Next click " File " at upper left in Task Manager's tool bar and select " New Task Run "
. type EXPLORER.EXE and leave the Create New Task box and Task Manager open.
6. Go back to the Command Prompt window and change to the directory the
. undeletable file is located in by typing CD and the path
. "C:\Documents and Settings\name of folder" ( or the offending undeletable file )
. with the quotes , then hit enter.
7. At the command prompt now type DEL filename ( filename with extension )
. at this point you should be able to delete the index.dat file.
8. Go back to Task Manager, and press OK in the Create New Task box to restart
. the Windows Explorer GUI shell
9. Close Task Manager.

This Freeware utility will delete all internet related files including index.dat
http://support.it-mate.co.uk/?mode=Products&p=index.dats...
http://www.snapfiles.com/get/indexdatsuite.html

For other stubborn files that don't know their place try this Unlocker utility
http://ccollomb.free.fr/unlocker

Windows Clean Disk utility will only clean out the cache not the index.dat
1. Reboot and to start up in Safe Mode, press F8 while booting and choose " Safe Mode "
. Press the Windows and R keys and type " cleanmgr /sageset:50 " without quotes.
. Leave a space between " cleanmgr " and " /sageset:50 " , and click OK. In the
. resulting screen, choose your options by checking the boxes.
2. To automate this process without rebooting into safe mode, type this instead
. cleanmgr /d C: /sageset:50
. NOTE: /d parameter is used to specify the drive-letter. The above command
. assumes that the current Windows installation is in C:\. If not, change the
. drive-letter/Path accordingly.
3. Select Temporary Internet Files and any other options by checking the boxes.
. Click OK to save the changes.
. Now, the cleanup configuration is stored in the registry. You can invoke the
. cleanup of Temporary Internet Files by calling this saved configuration. To do
. so, whenever you wish to clear the Temporary Internet Files cache, you just
. hit Windows key and R and type the original command cleanmgr/sagerun:50
. into " Run "

NOTE: When using /sagerun, you don't need to specify the drive-letter, as the
drive-letter configuration is already stored in the registry by step 2 - using the
/d parameter )

Of course the best and easiest thing is to have this ability as a built in
feature of your browser , Avant Browser is a shell that runs with IExplorer
and provides extensive and delightful additions and enhancements.
http://www.avantbrowser.com

Other Utilities to empty the trash _
I Use all of them often . these do no harm
CrapCleaner
http://www.ccleaner.com
DustBuster
http://www.casperize.com/2004/04/08/dustbuster-english-versi...
EasyCleaner
http://personal.inet.fi/business/toniarts/ecleane.htm
EmptyTemp
http://www.danish-shareware.dk/soft/emptemp
MRUBlaster
http://www.javacoolsoftware.com/mrublaster.html
Install and run, click " settings " and " Go to Plugins "
enable " IE Temporary Internet File Cleaner " this
completely automates erasing the index.dat file

[color=darkred]BE AWARE THAT WHATEVER METHOD DESCRIBED ABOVE YOU USE ,
DELETING FILES ONLY MAKES THE DISK SPACE THEY OCCUPY AVAILABLE FOR
OVERWRITING. TO REMOVE THE FILES IT IS STILL NECESSARY TO ERASE THEM
WITH ANOTHER UTILITY.

Entering the " cipher " command at a DOS prompt in XP and Win2K will securely erase
already deleted files inside a directory. Type cipher /? for a list of options.
Hit the Windows Key and R , type in " cmd.exe " without quotes and press enter
At the command prompt type the following :
cipher /W:C:\"Documents and Settings\Username\Local Settings\Temporary Internet Files\Content.IE5"
this will clean the Content.IE5 directory.
In this case you D O use the quotes ( this allows DOS to recognize the spaces in
the folder name ) and \Username\ is your windows account name.

Other file overwriting utilities
Shredder
http://www.analogx.com/contents/download/system/shred.htm
Simple file shredder
http://www.scar5.com
Ultra Shredder
http://www.xtort.net/xtort/ultra.php
BCWipe
http://www.jetico.com/index.htm#/bcwipe3.htm
Earaser
http://www.heidi.ie/eraser
Necrofile
http://www.nthsystem.com/nfinfo.html

[color=darkred]IT IS BEST THAT THESE OPERATIONS BE DONE ON A DISK THAT HAS BEEN DEFRAGMENTED

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

BETTER STILL INSTALL 1/2 GIGABYTE OR MORE OF RAM AND ELIMINATE THE PAGE FILE
ALLTOGETHER. THEN INSTALL A " RAMDRIVE " DRIVER. THIS CREATES A VIRTUAL DRIVE
IN RAM. http://www.surasoft.com/articles/ramdisk.php
SO WHAT?
YOU CAN THEN ASSIGN TEMPORARY INTERNET FILES, COOKIES, HISTORY, AND TEMP
FOLDERS TO IT. EVERYTHING DISAPPEARS WHEN YOU REBOOT !
GET IT HERE -> www.ramdisk.tk
This " Extended edition " is the one you should get _
http://members.fortunecity.com/ramdisk/RAMDisk/ramdiskpro.ht...
An unbelievable value !

After it is installed and configured _
Click Start > Control Panel > Internet Options > General Tab > Settings > Move Folder
( MAKE IT B:\ )
Click Start > Run > ( type ) Regedit, Go to these two keys here _
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
( Click Shell Folders and User Shell Folders itself , not the [+] )
Locate " Cache ", " Cookies " and " History ", Right Click each , select " Modify " and
change the drive letter to B:\ LEAVE EVERYTHING ELSE THE SAME

Last , Click Start > Control Panel > System > Advanced Tab > Enviornment Variables ( below )
In those two boxes upper and lower , Edit the four instances of " TEMP " and " TMP "
enter for all the value B:\Temp

Just one more thing , the Temp Folder has to be created each time you boot up.
This can be done automatically at bootup by keeping this batch file in the
C:\WINDOWS\System32 , folder. In Notepad write this

@ECHO OFF
MD B:\Temp
TEMP = B:\Temp
TMP = B:\Temp
MD B:\PRINTER_SPOOLER

Save it , name it CREATETMP and change the extension from *.txt , to *.bat .
Put it in the C:\WINDOWS\System32 Folder.
You now need to list the batch file in the Registry to invoke it at startup
Hit Windows key and R , type in Regedit and enter. Go to this Registry Key _
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Right click it and select New and from the drop down list click " String Value "
A new entry highlighted in the right Window pane appears called New Value
click this and type in it's name CREATETMP.
Now right click it , select Modify and a text box appears. Type in
C:\WINDOWS\System32\CREATETMP.bat
and click O K, close all the trees and the Registry editor.

YOU'RE DONE !

If you want your printer's job folder , called the Printer Spooler to be in the
Ram disk also , then do this
1. Click Start, Control Panel then DOUBLE CLICK " Printers and Faxes "
2. In the " File " menu of the Tool bar at top , click Server Properties.
3. Click the Advanced tab.
4. In the Spool Folder text box, type the complete path to the new folder
. B:\PRINTER_SPOOLER
5. Click Apply , Click Yes , Click OK , and then close the Printers and Faxes folder.

IF YOU DON'T WANT THE PRINT SPOOLER TO WORK OFF THE RAMDISK , THEN
REMOVE THIS LAST ENTRY -> MD B:\PRINTER_SPOOLER , FROM THE BATCH FILE.

A MINOR BUT ANNOYING BUG IS THAT THE RECYCLE BIN ALWAYS ASSIGNS AND
SETS ASIDE A DEFAULT VALUE OF 10% IN THE RAMDISK. JUST REMEMBER TO
RIGHT CLICK " PROPERTIES " ON THE RECYCLE BIN AND SET B:\TO ZERO
AND " DELETE FILES IMMEDIATELY " WHEN YOU FIRST BOOT-UP THE SYSTEM.

______________________________________________________________

I am anguished by the disservice of computer tech articles to it's readers by
the continued pimping of outmoded and by now effectively obsolete methods
of protecting an Internet connected PC from virus and spyware infection.
To deal with such incursions piecemeal is futile and unavailing, even if you do
back up your registry. The only way to keep from spending interminable time
cleaning everything out is to write protect your drives - period.
There exits ample hardware and software solutions for this.

Good overview of both hardware and software solutions
www.cyic.com/howit.htm

PCI Bus cards variously referred by their manufacturers
as 'restore cards', 'recovery cards', 'reborn cards', 'HDsafe card'

. [color=darkred]* Warning - I know of none that will work with Raid and only
some support extended partitions.

MY PICK at $20

www.winter-con.com/productlist.html#recovery , Distributed by:
www.elstonsystems.com/prod/hard_drive_recovery_card.html

-- some of these are OEM others are resellers.

www.lenten.com/PD_PCI_XP.asp

www.eksitdata.com/guard

www.bluegeckogroup.co.uk/w.dogii.htm

www.hdsafecard.com/Products02.html

www.hddguarder.com/new

Alternatively Microsoft Windows XP Embedded developer's distribution contains
a feature called E W F Enhanced Write Filter overlay that writes everything
to a ' scratch file ' that is simply deleted upon reboot.

Motherboard manufacturers , AOPEN for one , already provides free the
ProMagic v.6.0 utility for supported motherboards that possess the necessary
EZ restore bios chip.
www.aopen.nl/tech/techinside/EzRestore.htm

There is third party software applications that will do this also.

MY PICK at $ 30 ~ $ 5 0 . . . ( this is what I have used , and is superb )
This is able to protect any or all partitions on all your Hard Drives
www.shadowstor.com/products/ShadowSurfer
www.shadowstor.com/products/ShadowUser

ANOTHER at $ 50
www.horizondatasys.com/product_page.html?page_id=1
( Drive Vaccine )

One final product that is related to these above is WriteProt
This utiliy will effectively write protect any IDE hard disk.
This is only useful for archived data and file storage hard disks since
if you write protect the disk with your operating system, nothing will work.
http://www.joeware.net/win/free/tools/writeprot.htm

[Edited on 25-6-2007 by franklyn]

Sandmeyer - 10-12-2006 at 17:24

New printers put some invisible "fingerprint" on the documents one prints, making them tracable. It's good idea to take copies at a large town library istead of sharing direct printer prints-outs...

Quantum - 10-12-2006 at 18:28

I believe it would not be too difficult to wire a small switch into the battery area so you can turn the phone off for real without going to the trouble of removing the battery - this would look odd in public.

I don't know why anyone is still using windows if they care about security. I use OpenBSD(openbsd.org) for all my computer needs and I run linux on a PDA device. If you really need windows you could run it using VMware or on a machine that is not connected to the network or internet.

Some of you may be interested in this site. It's a blog and other things by the guy that made Blowfish about security issues.

http://www.schneier.com/blog/

tonyxxy - 11-12-2006 at 11:40

Quote:

Originally posted by Twospoons
You want a real scare? Go to your Temporary Internet Files directory. Add " \Content.IE5\" (no quotes) to the end of the address bar. See all those funny folder names? They contain records of your web surfing! Notice how you cannot delete them? See the file called index.dat? Thats got every URL you've ever visited.
You can get rid of all this stuff, though. There are some pricey bit of software out there that do this, but the one I like is cheap - called "PurgeIE". Seek and ye shall find ...

I only found out by accident when my virus scanner picked up a virus in one of these secret folders - and I couldn't see the folder in IE (show hidden files / folders was turned ON!).

Are you all aware that Outlook never actually deletes an email?

[Edited on 4-12-2006 by Twospoons]

Even though you think your information has been deleted, this simply isn't true. A hard drive almost never writes information on the same magnetic space on a sector (a sector being the smallest physical storage unit on the disk). Therefore it is recommended to shred your files and overwrite (9x recommended) the same sector with random data. This will keep forensic software away. When they really want to know what's on the drive, they will send it to specialized recovery centers. There they will physically inspect the drive with specialized equipment. In order to really delete your data, 27x overwrites are recommended.

For web site surfing habits not only your computer contains relevant information but in some countries ISP's are forced to store every single bit of data that travels trough your ISP to your computer during a certain period wich can be months literally. Of course you can surf trough the encrypted https protocol and they cannot know what information is transmitted, but they have a pretty good idea of every keyword you type in google, wich websites have been accessed and how long etc. Of course there are ways to surf the web securely and I don't mean proxies because, well those aren't very secure imho.

For surfing wardriving is a possibility but even that isnt really secure because there are a lot of things to think of. I won't go in to detail here.

To be relatively secure one could start to open a ISP account in a country that doesnt require the ISP's to store the information that travels trought their networks and run a physical vpn server from there. To be secure locally one simply opens a vpn connection to the server and the only thing your local ISP could see is that you make a vpn connection to a server.

The future will only be more scary when in comes to privacy.

As for personal computer security the only way to be secure is to encrypt your whole harddrive. In order to boot you have to provide a password, this being the only way to decrypt the information and start the system. This is considered a secure method, but never garanties the same security for the future because encryption algorithms have been cracked in the past.

chromium - 11-12-2006 at 12:41

Quote:

Originally posted by tonyxxy
As for personal computer security the only way to be secure is to encrypt your whole harddrive. In order to boot you have to provide a password, this being the only way to decrypt the information and start the system. This is considered a secure method, but never garanties the same security for the future because encryption algorithms have been cracked in the past.

...and all your security will depend on single (pass)word. If you write it donw somewhere or if you use some letter combination that could be quessed trying spellings and misspellings say 10 000 words you have used in public letters then successfull brute force attack might take even with slow computers only some hours or days.

[Edited on 11-12-2006 by chromium]

tonyxxy - 12-12-2006 at 08:43

Quote:

Originally posted by chromium

...and all your security will depend on single (pass)word. If you write it donw somewhere or if you use some letter combination that could be quessed trying spellings and misspellings say 10 000 words you have used in public letters then successfull brute force attack might take even with slow computers only some hours or days.

[Edited on 11-12-2006 by chromium]

I agree, a single password that can be guessed by a simple dictionary/bruteforce attack isn't secure at all. However, some software allows to enter a combination of four different passwords (all ASCII characters, minimum length 8) in order to decrypt the data. You can even run an OS within another OS. This way when you're forced to reveal a password the attacker doesn't know your sensitive information.
I assume if you encrypt your whole drive that you know about password strength aswell.

[Edited on 12-12-2006 by tonyxxy]

Give me a break

franklyn - 13-12-2006 at 00:43

Quote:

Originally posted by tonyxxyit is recommended to shred your files
and overwrite (9x recommended) the same sector with random data. This will
keep forensic software away. When they really want to know what's on the
drive, they will send it to specialized recovery centers. There they will physically
inspect the drive with specialized equipment. In order to really delete your data,
27x overwrites are recommended.

And on whose recommendation exactly ?
I'm very interested to know your source for this , umm , revelation.
Anyone who would believe an overwrite of 27 X is needed
would never be allowed to keep secrets in the first instance.

The cipher command I mentioned renders deleted sectors unrecoverable
by any known forensic means. Its a simple matter to call any of the
dozen or so top rated data recovery firms and ask them if data that has
been overwritten this way and can be recovered. If they say , well we
would have to see the disk first , ask them if they charge even if they
don't recover data , if they do , then it is obvious bullshit , something
with which you are , I'm sure , very familiar.

Overwriting a disk is largely for the convenience of not removing the drive from
where it's installed. Hard Drive manufacturers wipe disks serviced under warranty
with a degausser. For the truly anal there is the Gutmann method often tauted
as meeting " government " specifications for erasure which overwrites 7X with
random data. This is entirely fiction since in practice a drive with sensitive data
is physically destroyed by incineration , and even this is excessive since once
the substrate heats above the curie point all magnetic domains vanish. To be
fair , Gutmann's original paper in 1996 theoretically postulated 35 writes to
obfuscate original disk data, on the original winchester drives that had been
in use probably before you were born.

See the epilogue on the end of this first copy of his paper here
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Read " Common misconceptions " here _
http://en.wikipedia.org/wiki/Data_recovery

Read commentary bottom of page 21 here _
http://www.simson.net/clips/academic/2003.IEEE.DiskDriveFore...
http://www.computer.org/portal/cms_docs_security/security/v1...

Gutmann's paper
http://wipe.sourceforge.net/secure_del.html
http://www.usenix.org/publications/library/proceedings/sec96...

[Edited on 13-12-2006 by franklyn]

franklyn - 12-3-2007 at 16:12

Video of lecture on computer security
http://video.google.com/videoplay?docid=5159636580663884360&...

Handbook on hacking ways and means " Hacking Secrets Revealed "
it's slow to download , just wait a bit _
http://artofhacking.com/Tucops/hack/GENERAL/HACKSECR.PDF

.

quicksilver - 14-3-2007 at 06:59

Quote:

Originally posted by Sandmeyer
New printers put some invisible "fingerprint" on the documents one prints, making them tracable. It's good idea to take copies at a large town library istead of sharing direct printer prints-outs...

I'm very interested in this. Where did you first learn about this fingerprint? I certainly think it's viable, etc. - I would want to learn more about it. This is the actual printer were talking about; not the cartridge?
It believe that each ink jet printer has it's own individual spray pattern on a micro level but if one changes the cartridge that pattern changes with the cartridge. However you're saying that the printer itself has a "fingerprint"?

not_important - 14-3-2007 at 07:41

printer fingerprints - see http://www.schneier.com/blog/archives/2005/10/secret_forensi...

While that is colour printers, supposedly some high resolution B&W printers do something similar by laying down a small blob that is encoded data.

msp2 - 14-3-2007 at 07:59

Reminds you of soviet type writers does it?

Quote:

On Nov. 22, 2004, PC World published an online article entitled “Government Uses Color Laser
Printer Technology to Track Documents,” which stated that “several printer companies quietly
encode the serial number and the manufacturing code of their color laser printers and color
copiers on every document those machines produce. Governments, including the United States,
already use the hidden markings to track counterfeiters.” The article quoted Lorelei Pagano, a
counterfeiting specialist at the Secret Service, as saying that the markings are used only to
investigate counterfeiting cases: “The only time any information is gained from these documents
is purely in [the case of] a criminal act.”
EFF’s research indicates that Xerox and Canon color laser printers, among others, mark
documents with minuscule yellow dots invisible to the unaided human eye, the arrangement of
which likely encodes information such as a machine’s serial number and manufacturer’s name.
On documents printed by Xerox printers, the markings consisted of yellow dots arranged in a 0.5
inch by 1.0 inch rectangular space. The arrangement of dots was repeatedly printed over an
entire page. On documents printed by Canon printers, the markings also consisted of tiny yellow
dots, but they were not arranged within a rectangular space. At first glance, the dots appear to be
without rigid structure, but close examination reveals that they are merely arranged within a non-
rectangular polygon. Since these yellow dots are small and blend easily with a white paper
background, the unaided eye cannot distinguish the dots from the background.

http://www.eff.org/Privacy/printers/

There is trend today to build devices forensic friendly from the beginning instead of relying on what is naturally there for you to analyze.

[Edited on 14-3-2007 by msp2]

Attachment: nip06-suh.pdf (371kB)
This file has been downloaded 1267 times

quicksilver - 15-3-2007 at 06:37

Makes sense. Canon took a laser color printer off the market back in the mid-1990's. Nothing was available as to the reason. It was a high-end color printer that had no problems. The company had no response as to queries regarding the reason (even PC Magazine speculated....) for it's withdrawal. But rumor had it that it was a government check counterfeiting issue. I remember I was working in an office that had one and it was NOT due to any problems with it's functioning, as it was fantastic. The firm wanted to get more and they were surprised to learn that they were no longer available.

JohnWW - 11-4-2007 at 01:53

Quote:

Originally posted by quicksilver
Makes sense. Canon took a laser color printer off the market back in the mid-1990's. Nothing was available as to the reason. It was a high-end color printer that had no problems. The company had no response as to queries regarding the reason (even PC Magazine speculated....) for it's withdrawal. But rumor had it that it was a government check counterfeiting issue. I remember I was working in an office that had one and it was NOT due to any problems with it's functioning, as it was fantastic.

What model of Canon color laser printer was that? I will see if I can get one second-hand, to foil government snoopers.

quicksilver - 11-4-2007 at 05:19

Quote:

Originally posted by JohnWW
What model of Canon color laser printer was that? I will see if I can get one second-hand, to foil government snoopers.

Oh my goodness, that was a long time ago.....I will actually find out if you want and U2U you if you're serious. It DID print some high end stuff for the time.
But remember, today the standard is 1200++dpi back then in was about half that - so what can be duplicated today is pretty intense!

seb - 11-4-2007 at 21:04

you dont need privacy if you're not doing anything illegal. the government is your gov't and you should work to increase its transparency. if you are doing something illegal, (I use the meth lab example. I have thought about it a lot), there are a few ground rules to follow. when you violate them, expect to be busted. add to those rules the fact you dont have a cell phone or a computer. you got the recipe and commited it to memory a long time ago, didn't you? any self-respecting criminal never talks about his crime. the anthrax killer got away with it, didn't he? it proves he acted alone. ACT ALONE. the internet is not alone (surprised?) the crime lends itself to being carried out alone. elsewhere on this site is a thread about obtaining chemicals. many of the techniques I used can still be done. for instance, the US made a proof of identity required to open a PO Box. I had one already open under a fake name when they did that; they can't take it away. the typical thing to not have shipments followed is a MAIL DROP, and Loompanics had a book, "Mail Drops in the USA". Loompanics is gone, but the concept of mail drops is still there. I say this knowing that much of the discussion on this website is not information we can't get out of the professional literature. It is only the secret dynamite meth recipes that really give this here thing a reason to exist. there's a professor somewhere on this planet who specializes in anything legal. Having said that, the meth situation as we see it today is more a tragedy than it was vis a vis the amateur chemist. It has gone to Mexico in "bigger than superlabs" amounts and is therefore something you should just buy if you want it. None of those drugs should be part of your life, but you shouldn't die over it; you can recover, but, you should do some time over it, because prison is part of the high. many members say to check out a company with a small order first. what do you think they are talking about? It's meth! I automatically sent $100 and never expected to see my money again, rather than to "order innocuous chemicals". One thing that makes sense is that the company is in it with you, and your actions can get them busted, so, when you find one, don't put it on this website, but, if you get ripped off, by all means do so. All the good companies eventually do get busted. All the cooks eventually get busted. Uncle Fester got busted. Why don't you read a book by somebody who never got busted? I think it is because in your mind before you get busted is the idea that you worked for the information and it is power you hold over others. If you are interested in chemistry you will exceed the knowledge of others many times over quickly. Well, not so quickly if you count time since you started, but so many times over in the sense that there is no need to have a thread covering turning cell phones into bugs. The cure for that is obvious. Yeah, so if these people who are withholding the true story of illicit chemistry are doing so out of immoral motives, don't you think that all literature is basically a ripoff? I do. I get tired of trying to interpret what some liar is saying about meth based on what he's saying about acetophenone, and you know he knows! I got busted once when I stored my lab at my house, and again after storing it in a storage locker for years just when I brought it home. That's a bill you have to pay, due to search-and seizure conditions. Actually, with the receipt thrown away, you sleep better. Cops don't know how to follow leads. That made me laugh, you all talking as if the cops would want a recording of them busting you, or a recording of anything. They'd have to give that to your attorney, but they operate in the darkness. They don't really respect your rights. I was always in a State Court, busted by luck by ordinary cops, once on a domestic violence call. There are special meth lab cops, but I don't see how they are going to find you. The lab cops have busted so many labs that they are busting less of them now. They don't have a magic way to find you, tweakers bust themselves, doing such stupid things that they are begging to get busted. The cops drove the business to Mexico I thought. I want to get inside the real corruption that permits the massive scale of illicit drugs to exist in this country, and that must lie within government and legitimate front companies. those are the meaningful arrests. people like me, hey, if I'd done anything wrong would I still be out here to chat on the internet, still seeking after scientific truth?

pantone159 - 11-4-2007 at 22:37

Quote:

Originally posted by seb
you dont need privacy if you're not doing anything illegal.

I sure like it, though.

Quote:

Loompanics is gone

I didn't realize that.

Quote:

It is only the secret dynamite meth recipes that really give this here thing a reason to exist. there's a professor somewhere on this planet who specializes in anything legal.

No, there is tons of stuff on this board that has nothing to do with meth recipes (namely, almost all of it), and I also don't think that academia has the topics on this board 'covered'. The chemistry related to what we do as hobbyists isn't the focus of academic research, at all. 'Fun' isn't a research goal, after all.

Quote:

Why don't you read a book by somebody who never got busted?

I just picked up Pauling, General Chemistry, because I wanted to read about Cu compounds. I don't think he ever got busted. I have two books by Shulgin as well, and he never really got busted, I don't think.

quicksilver - 12-4-2007 at 07:38

@seb:
I am somewhat confused by the direction of your post. I re-read it a few times. However some of the issues you raised I would like to respond to.....

I would expect that anyone trying to get more meth recipes from here would receive the short end of the mod's temper. I have seen it. This board has some issues that may be abused (pyro hobbies, etc) but that is generally accepted as very low on the scale of public threat. Fire dangers exist but most adults act like adults with a pyro hobby. Cooking dope is not a hobby; it's business and can be very, very ugly.
Meth labs are a serious issue for a Hell of a lot of reasons. This board has not shown a support of those seeking information on cooking drugs. I know that some techniques or OTC sources can be used in the context of obtaining chemicals, etc - but then so can any information be mis-used.

I am not sure where you were going with the reference to the "Anthrax Killer" but that person or group were despicable from the same perspective as anyone or group who seeks to silence those who would disagree with them. No one has the right to silence those they disagree with. Anyone who attempts to do so is an enemy of both liberty and freedom. Liberty and freedom are two separate issues however. One is based on a level of personal responsibility and the other more of a matter born of co-operation to an end goal.

The statement "you don't need privacy if you're not doing anything illegal" is something I totally disagree with. Privacy is something that can best be described as a human right. - My reasoning is that if I allow any of my thoughts, thinking or writing to be totally available to the government or person I don't have the right of independent thought. The collective can tell me what I must think or say so as not to receive repercussions (jail, "re-education", etc). This is why "PC (Politically Correct) speak" is IMO a form of censorship.
A transparent government may be a good idea from a personal perspective but in the big picture how can any government act in international affairs if it's agenda was totally transparent? Governments are generally businesses from the collective standpoint of the population it represents and or it's ideology.

The above was NOT meant to refute what you said. I am simply expressing my opinion regarding some of the points raised in context. In fact, some of the issues are so broad that I really don't believe there is a final perspective that they can be expressed in. As we would have to define the area & culture they impact.

Who Me ? !

franklyn - 18-8-2008 at 16:37

You thought identity theft was your biggest worry

Excerpted from PCWorld magazine September 2008

Robert McMillan.jpg - 145kB

joeflsts - 18-8-2008 at 16:44

Quote:

Originally posted by franklyn
You thought identity theft was your biggest worry

Excerpted from PCWorld magazine September 2008

Another great reason to never work for the government.

Joe

Polverone - 18-8-2008 at 17:14

Quote:

Originally posted by joeflsts
Another great reason to never work for the government.
Joe

You don't think private companies would fire workers for porn on a company laptop? Or that any would have IT departments that fail to recognize the laptop is infested with malware? There's too much ignorance in the world for government employers to hold a monopoly on it.

I do wonder how people get their machines infected in the first place though. I don't use any anti-virus/anti-spyware software on my Windows machine and it's never been infected. All I do is keep up with Windows updates and surf with Firefox. And it's not like I've never visited a dodgy MP3 or software-sharing site either.

12AX7 - 18-8-2008 at 17:16

Quote:

Originally posted by Polverone
I do wonder how people get their machines infected in the first place though. I don't use any anti-virus/anti-spyware software on my Windows machine and it's never been infected. All I do is keep up with Windows updates and surf with Firefox. And it's not like I've never visited a dodgy MP3 or software-sharing site either.

Same here. Maybe it's the firewall? We have a hardware firewall / router, not much hacking about that!

Tim

Twospoons - 18-8-2008 at 17:54

Er .. if you don't have any anti-virus software, how can you be so sure you are not infected?
I have anti-virus software running all the time (AVG Free edition), and while I would say attacks are very rare, there have been one or two times when the AV has caught a trojan on a completely innocuous website (one for a graphite manufacturer IIRC).
I deliberately scan all downloads, and I wont let the kids download anything until I've checked it out.

The_Davster - 18-8-2008 at 20:51

I ran without virus programs for a couple years, doing the same as Polv; firefox and behind a router. Eventually got nervous and bought Kaspersky(non free unfortunatly) And upon running the first time, nothing. All it ever does is warn me I have security risks, which to them means their software is not updated to the most recent version.

I think use of no virus scanner is fine for the semi computer literate, but not for those who would try to download an image ending with .exe

Twospoons - 18-8-2008 at 22:11

After I made that last post I was looking for stuff on linear particle accelerators (LINAC) and one of the hits on google, which looked completely innocent from the URL, re-directed me to some ghastly porn site - and before I could back out Norton pops up and says its detected and stopped an intrusion attempt. Now maybe it would have failed anyway, what with the windows firewall etc, but I rather like the "belt and braces" approach so that I really don't have to worry about my pc being compromised. This is a work pc - so I don't want any crap dumped into it!
Remember - all I did was open a google search result that looked real and relevant, with none of the usual "red flags" that give away the dodgy sites.

Quote:

Fred's World o' Sci, homebuilt linac & cyclotron. Ed Haas' page . ... Fred's World of Sci. homebuilt Cyclotron and Linac 7/13/97. ...
lofstrom-4jeli.blogspot.com/2008/07/amateur-linac.html - 19k - Cached - Similar pages

Would you regard that result as suspicious?

[Edited on 19-8-2008 by Twospoons]

woelen - 18-8-2008 at 22:59

Quote:

Originally posted by PolveroneI do wonder how people get their machines infected in the first place though. I don't use any anti-virus/anti-spyware software on my Windows machine and it's never been infected. All I do is keep up with Windows updates and surf with Firefox. And it's not like I've never visited a dodgy MP3 or software-sharing site either.

I can tell you, I did the same, up to last weekend, already for a few years. WinXP, always downloading the newest updates from Microsoft, I have two firewalls in my house (one for my website which is on a DMZ) and a second which is between the DMZ and my home network. And what happened to me? Last Friday my PC was infested with Vundo/Virtumonde malware :mad:

. In an attempt to repair things I completely fucked up the installation of the system and finally I was forced to buy a second hard drive, make a fresh installation on that and mounting my first harddrive from a virtual machine (with Ubuntu, running in a VirtualBox, just to assure that I do not reinfest my host Windows operating system) to save my files and other important goodies.

So, now I also use a virusscanner. I use the free AVG scanner. It seems to work well. I configured it to retrieve updates every day.

This whole adventure cost me almost two complete working days (Friday and Saturday) and EUR 50 for the harddisk and this is the last thing I could use at the moment, having so many other things to do :mad:

.

I also learnt something from this: Now I use a VirtualBox when I scan the Internet for serials. The worst thing which can happen then is that the virtual machine is invested. Simply discard this and use the freshly installed image again. A restore from such an event now only takes 15 minutes or so. Only bad thing is that I need two Microsoft licenses for Windows XP, while I only have one PC.

[Edited on 19-8-08 by woelen]

sparkgap - 19-8-2008 at 07:47

"with none of the usual "red flags" that give away the dodgy sites."

If you are using Firefox (I'm pretty sure you are, right?), WOT and PhishTank are pretty good for warning you if a site is dodgy.

sparky (~_~)

Polverone - 19-8-2008 at 08:56

I can't be sure that my machine is free of infection, but it doesn't have typical malware symptoms (mysterious slowdowns, browser home page hijacked, porn site popups, rise in outgoing network traffic, office files suddenly replaced with encrypted versions and a ransom note...) The machine is behind a hardware router though. That may offer some additional protection.

I just recently got a new desktop machine and I'm running Linux on it as my primary OS, but keeping XP in VirtualBox for some useful Windows-only software. Like Woelen I keep snapshots of the VM state so I can just revert if anything bad happens. Important files are saved to the host OS shared folder so I won't lose anything important on reversion. I will soon be retiring my older non-virtual Windows machine.

joeflsts - 19-8-2008 at 14:59

Quote:

Originally posted by Polverone

Quote:

Originally posted by joeflsts
Another great reason to never work for the government.
Joe

Most private companies spend a bit more time making sure they are firing someone for just cause in a case like this. Government agencies tend to act first and then practice due diligence.

Have you ever noticed what happens when you make a one letter mistake on a popular website URL? Sometimes it takes you to a website that is infested with popups. These popups can take you into a mess.

Norton usually takes over on my machine and cleans it up.

Joe

meme - 19-8-2008 at 18:39

http://housecall.trendmicro.com/uk/

is an online virus scan if you just want to check. Some people would be paranoid to do so but I believe it is quite safe. There is a small chance that a legit website can give you a virus, but if you mess with w4r3z then you need more than a firewall and safe browser.

It mostly depends on where and how you get your software, and who makes it, whether or not internet security (firewall and safe browser) is effective. 99% of virus' are installed by their user, imo.

reignsantiago9 - 11-8-2009 at 03:35

Leave your phone near FM receiver and if it tries to send something you immediately hear specific noises from your receiver. Normally, if nobody is calling you, mobile phones connect itself to network once per hour or two and noise lasts only secund or two. If noises last much longer (or are more frequen) then you know that something weird is happening.

_________________
Predictive dialer

Technology Marches On

franklyn - 8-1-2010 at 12:06

Roll Over Bethoven
The maker of the " Magic Jack " device which facilitates voice over
internet protocal VOIP for a paltry yearly fee , will now provide a
device which will allow your cell phone to work like a wireless
landline at home.
http://tech.yahoo.com/news/ap/us_tec_gadget_show_magicjack

This will stymie the NSA from tracking calls as it has done.
Expect a serious challenge and a work around to be introduced
into the system for no other purpose than to tap in. Quote
" the Federal Communications Commission had no immediate
comment on whether they believe the device is legal, but said
they were looking into the issue."

.

JohnWW - 8-1-2010 at 18:17

Quote: Originally posted by franklyn

The maker of the " Magic Jack " device which facilitates voice over internet protocal VOIP for a paltry yearly fee , will now provide a device which will allow your cell phone to work like a wireless landline at home.
http://tech.yahoo.com/news/apus_tec_gadget_show_magicjack
This will stymie the NSA from tracking calls as it has done.
Expect a serious challenge and a work around to be introduced
into the system for no other purpose than to tap in. Quote
" the Federal Communications Commission had no immediate
comment on whether they believe the device is legal, but said
they were looking into the issue.".

If the FCC decides that the device is illegal because it prevents the N$A from bugging calls, the mere fact that it is illegal will certainly result in either "knock-offs" of it being made and circulated (clandestinely in the U$A), or in plans being circulated over the internet to enable one to make one's own. Yet another case of "if it is illegal, it must be good for you"!

watson.fawkes - 9-1-2010 at 06:42

Quote: Originally posted by JohnWW

If the FCC decides that the device is illegal because it prevents the N$A from bugging calls [...]

The issue will be that the device has to transmit to the cell phone and that such transmission is unlicensed. In the trade, these things are called "femtocells", and they're a small but growing market for the cell carriers, which means that the device encroaches on a commercial interest.
EDIT: Oops. That should have been "intere$t". My bad.

[Edited on 9-1-2010 by watson.fawkes]

anotheronebitesthedust - 10-1-2010 at 15:54

Truecrypt

Nothing Is Sacred

franklyn - 9-3-2010 at 21:35

http://citp.princeton.edu/pub/coldboot.pdf

Quote :
" Most security experts assume that a computer’s memory is erased almost
immediately when it loses power, or that whatever data remains is difficult
to retrieve without specialized equipment. We show that these assumptions
are incorrect. Ordinary DRAMs typically lose their contents gradually over a
period of seconds, even at standard operating temperatures and even if the
chips are removed from the motherboard, and data will persist for minutes
or even hours if the chips are kept at low temperatures. Residual data can
be recovered using simple, nondestructive techniques that require only
momentary physical access to the machine."

" In Section 4, we present several attacks that exploit DRAM remanence to
acquire memory images from which keys and other sensitive data can be
extracted. Our attacks come in three variants, of increasing resistance to
countermeasures. The simplest is to reboot the machine and launch a custom
kernel with a small memory footprint that gives the adversary access to the
retained memory.

A more advanced attack briefly cuts power to the machine, then restores
power and boots a custom kernel; this deprives the operating system of any
opportunity to scrub memory before shutting down.

An even stronger attack cuts the power and then transplants the DRAM modules
to a second PC prepared by the attacker, which extracts their state. This attack
additionally deprives the original BIOS and PC hardware of any chance to clear
the memory on boot. We have implemented imaging kernels for use with network
booting or a USB drive."

.

gregxy - 9-3-2010 at 23:23

What infuriates me is the strangle hold that Microsoft has on
our whole society. It is impossible to get by without them.
I use linux on my PC my we need to have a PC with windows
so my teenage daughter can do her homework (which these
days requires Word and Powerpoint).

I also think the continued security flaws are just part of the
money making scheme cooked up by MS, Norton the PC makers etc. Look at what happened with my daughters Windows machine: Inspite of the virus protection SW it
became infected and unusable. I'm a profesional SW developer but even I can't figure out how to remove the mess. So I go to "wipe" the machine. Well there is no reinstall CD, they put that on a separate partition which became infected too (big surprise, and how much would that
CD have cost, much less than the wasted extra partition).
So now I need to buy a new version of Windows or else get a whole new machine, even though the old PC had years of life left in it I bought a new one anyway just to avoid the hassle. And who wins in all this Microsh*t and the PC makers.

My Linux pc never gets infected, and goes for months without crashing. Same for my iPhone. Security is not that hard, MS is making money from these security holes, so why should they fix it.

If you have kids, put pressure on the schools to allow simple text submissions for homework and get MS out of our homes
and schools!!!

User - 9-3-2010 at 23:35

Please if you really need ms windows than just download an iso.
Really don't bother paying that bunch of scratch, its not your fault that you can't do without.

MagicJigPipe - 9-3-2010 at 23:38

Woelen: I'm not exactly sure why you had to purchase a new hard drive. How did the malware damage your old one? Or was this just an excuse to buy a new HD

? (I need one of those excuses)

[Edited on 3-10-2010 by MagicJigPipe]

woelen - 10-3-2010 at 00:02

I needed the second harddrive to install a fresh OS without having to overwrite my first harddrive. The first one contained a lot of personal data and that of course should not be overwritten.

MagicJigPipe - 10-3-2010 at 03:38

Good excuse then.

quicksilver - 12-3-2010 at 14:36

Back in DOS days I had the privilege of meeting Phil Zimmerman (wrote PGP) prior to his trial. The older versions were the ones that caused all the fuss. Microsoft has built so many way to data-mine an erased HDD they they are teaching classes in it for LE agencies' computer people. Apparently the slick ones to get stuff back from are Vista and WIN7. These are not back-doors in the most common sense but methods to undelete and skirt around MS's own privacy & encryption. The reason I mention Zimmerman was that recently many OLD computers are being used as DOS/FAT machines using Zimmerman's PGP 6 or lower for DOS on a command line level. There is a possibility that if such a thing were used making several levels of encryption: one within another; the time some of the REAL machines would need to open it up would be days or more.

He released the code, HASHES, etc with each release so folks would know it was genuine. This was when encryption was a munition. It's not dealt with that way as most public material can be defeated by the real computers. However the old FAT based computers could be MORE tough than today's.
At a Cisco conference a speaker was politely asked to drop a topic dealing with the problems of older OS's, encryption and deletion. In fact, MIT had a contest some years back to resurrect drives that were not physically damaged. The winner's (it was a draw between two) was a 486 with Novell DOS v7 and a GUI on it for simple apps Windows for work groups v3.11 and OS2 v2.1. material deleted and over written on both those platforms was not available once the MBR (that's what what it was called back then) was wiped.
Runner's Up were: a tiny program that over-wrote a FAT running computer and deleted it's place on track 0 it; all in one key stroke which could be configured as a Function Key and something else together, total program (written in Assembler) was less than 1K.
Another one was Microsoft's own WIN95 (it's MSDOS 7) in FAT16 with a program written in DOC ANSI C that moved the FAT16 MDR to the next available space; thus the user over wrote it and that user could be out of luck or he could remember what it was he was doing and what he wrote when it was started & could bring it back with exactly the same eight key strokes. So it's either set to hide or set to destroy. It even remembers what app you were in size 12K ! the only hurdle with DOS was the naming convention; especially the naming convention for an executable. But they hurdled that by using two programs that could find it's hidden sister called "uninstall.moc" to uninstall.com (remember "com" files? - anything under 64K and that's a LOT of program for assembler without macros! Or keep the standard EXE file, but there's no need because the sister file renames and starts the program in a package that 1K ! like temp-cln.exe in the root directory run it and -"netlog.012" & turn that into "netlog.exe"

[Edited on 12-3-2010 by quicksilver]

Brave new world

franklyn - 27-4-2010 at 13:48

Links for the full article , scroll down for the text

" Your ISP Is a Copyright Cop "
" 'Private' or 'Incognito' Browsing...Isn't "
http://www.pcworld.com/article/191312

http://www.pcworld.com/article/191312-2
http://www.pcworld.com/article/191312-3
http://www.pcworld.com/article/191312-4
http://www.pcworld.com/article/191312-5

Some here are already ahead of this
http://www.sciencemadness.org/talk/viewthread.php?tid=1372
" Your Passport Could Make You a Target for Crime--Wirelessly "
http://www.pcworld.com/article/191312-6
http://www.pcworld.com/article/191312-7

.

Lala - 13-7-2010 at 02:18

you know what...think about this..we are talking here about having no privacy on our computers but at least it IS possible to decide fuck it and not use one and then that problem would over with right..but check this out..i dont know if this has been discussed here before but where i live is just about the worst place in this country as far as having any rights and privacy..here in good old los angeles more and more ( all in the name of "PUBLIC SAFETY") they are installing CCtv cameras that are recording the streets and sidewalks and storing it all...about a year and half ago i was reading local beverly hills paper and there was a story that talked about how beverly hills is striving to be the SAFEST CITY in the US and how within 5 years every inch of street and ally will be CCtv and how it senses motion and will be able to tell the difference of a human creeping instead of a raccoon or cat walking around at night..oh and also the use of the wonderful ALPR that all their cars now have and now more and more LAPD cars on the road with aswell as la county sheriff's ..incase you aren't aware of what that is it's the AUTOMATIC LICENSE PLATE RECOGNITION software that captures the license plates of every car that it passes even one's going the opposite direction..it takes snapshots of the plate and runs it through the hot sheet database of course ..but it also picks up 'hits' if the car's registration has been suspended if the r/o is wanted or their license is suspended..i find this to be the very end of rights and privacy.....here's a demo on youtube and some other links showing us how fucked we are letting ourselves become..

..http://www.youtube.com/watch?v=itolga3Hi8c

http://sheriff.lacounty.gov/wps/portal/lasd/!ut/p/c5/04_SB8K...

http://sheriff.lacounty.gov/wps/portal/lasd/!ut/p/c4/04_SB8K...

http://sheriff.lacounty.gov/wps/portal/lasd/!ut/p/c4/04_SB8K...

you know last year i got pulled over and didnt have my license on me and the lapd officer got all excited to get to use his new toy that had me just put my index finger on a little tiny pad and with a minute they had pulled me up off my print...its all bad and getting worse..

quicksilver - 13-7-2010 at 06:00

Britain has a shit-load of cameras; perhaps way more than LA. but your point is well taken.

A method (not a complete answer) to reduce the effectiveness of many systems was to use a transparent covering over the plate which cannot be determined to be against code. Almost anything can reduce the effectiveness of these systems, including heavy rain (wet plates) drops of mud (recognition software pulls too many hits & is forced to "choose") therefore defaulting, etc. The transparency often (but not always) reduce legibility due to glare. The companies that sell these systems push for privacy intrusion based on the LE "force multiplier" sales pitch: which you heard in the video.
One of the major problems is the "probable cause" element that it introduces into traffic stops. ....Making a situation worse by introducing a "cried wolf" phenomenon into a really serious man-hunt.

[Edited on 13-7-2010 by quicksilver]

franklyn - 7-10-2011 at 09:34

Halloween all the time , will masks become fashionable ?

http://money.cnn.com/video/technology/2011/10/05/t-ts-iphone...

.

IrC - 20-10-2011 at 12:48

EU Parliament Member Proposes ‘Black Box’ to Trace Citizens’ Web History

http://www.theblaze.com/stories/eu-parliament-member-propose...

Europe's version of big brother?

franklyn - 5-10-2012 at 05:57

Your stuff isn't yours to sell - all your stuff belong to us. Will this be the end of Ebay ?
www.marketwatch.com/story/your-right-to-resell-your-own-stuf...

" The more numerous the laws, the more corrupt the state."
-Tacitus - AD 69

.

Morgan - 28-1-2013 at 12:39

"It is the definition of “observe” in this case that will blow your mind, though."
http://www.extremetech.com/extreme/146909-darpa-shows-off-1-...

SM2 - 28-1-2013 at 13:07

Yep, it's been like that in UK for quite some time. Longer in some Scandinavian countries, I would guess. In W. Germany at the time, there were some local revolts against it.

Part of the impetus for this is the re-gentrification of inner cities. I can still remember like it was yesterday, when Hoboken and Jersey City were basically slums, or mob only zones. Yuppi yippy yuppi

BigApple, NyNy uses to imply Manhattan only.

oh, I forgot to say, Guten Morgan!

[Edited on 28-1-2013 by SM2]

Morgan - 5-2-2013 at 13:00

The Threat of Silence
http://www.slate.com/articles/technology/future_tense/2013/0...

franklyn - 28-5-2013 at 22:44

www.wired.co.uk/news/archive/2013-05/28/password-cracking
www.wired.co.uk/news/archive/2013-05/28/password-cracking/pa...
www.wired.co.uk/news/archive/2013-05/28/password-cracking/pa...
_______________________

www.dailymail.co.uk/sciencetech/article-2331984/Think-strong...

.

franklyn - 24-6-2013 at 14:38

Back in the heday of seruptitious bugging, before everyone got in on the act,
a small appliance that attached to a phone called an "infinity transmitter" or
"harmonica bug" allowed one to dial that phone and with the appropriate tone
disconnect the ringer " hookswtich bypass" so that one could eavesdrop on nearby conversation.

Now this feature is built in to your cell phone

www.zerohedge.com/contributed/2013-06-24/single-most-importa...

.

AndersHoveland - 24-6-2013 at 14:42

Quote: Originally posted by IrC

EU Parliament Member Proposes ‘Black Box’ to Trace Citizens’ Web History

I have long suspected that protecting against child pornography will just be used as an excuse for the government to consolidate direct control over the internet. "Think of the children!"
We have heard that before.

The EU would just love to regulate the internet, I have no doubt. They have a history of trying to silence historical, scientific, and social opinions they do not like. Similar mentality to the former Soviets in many ways.

[Edited on 24-6-2013 by AndersHoveland]

phlogiston - 24-6-2013 at 14:59

[Edited on 24-6-2013 by phlogiston]

franklyn - 10-7-2013 at 07:16

Your phone software has hidden capabilities _
www.businessweek.com/articles/2013-07-03/security-enhanced-a...

Historically _
www.heise.de/tp/artikel/5/5263/1.html

.

Fantasma4500 - 18-7-2013 at 06:45

about technology:
some druggies i know, because obvs. pretty much anybody at my age are deep in drugs because thats fashionable, showed me one thing, they are agaisnt the law because drugs, so some good thing the drugs do
anyhow..
if you take illuminati
spell it backwards
itanimulli
then it was .net .com or .org
seemingly i cant get it to work now..? it worked for 2 months straight i remember
now what this thing did was that it went straight to US' government site, the actual site, not some knockoff
some might say this is somewhat small time propaganda, anyhow if a mirror site was created i would believe that they would be notified about it and cancel it immediately, so i find this unlikely

the people doesnt know what power they posess, after all powerful men are people like the people
the government is people controlling people

ElectroWin - 18-7-2013 at 10:39

http://itanimullihoax.wordpress.com/

franklyn - 31-7-2013 at 21:48

www.sovereignman.com/personal-privacy/think-your-password-is...

Review
http://www.sciencemadness.org/talk/viewthread.php?tid=7144&a...

.

As nasty as they come

franklyn - 17-2-2014 at 07:58

Ransomware denies you your computer files and for a fee will restore their use.
I do not think it came from here , and do not know the source of this pestilence.
But given the number of members here it is probable some will succumb also.
Cryptorbit is the name of the thing which slayed me. It encrypts all manner of
data files undetected in the background then announces it's deed with three 2 kb
files in every folder it's visited. See the .gif , .htm , .txt , inside the
Additionally I include a screen capture .jpg of the extortion site you are told to visit
to make your payment in Bitcoin ~ $ 600 , through Tor. , and just to mock one
all the more they provide a link ( I highlighted in yellow with red border ) to a
youtube video - www.youtube.com/watch?v=WV3wzN3OV2I

Cryptolocker works the same way , this explains how and precautions to take.
www.youtube.com/watch?v=cYVqJ0N0FDY

http://blog.teesupport.com/infected-by-cryptorbit-ransom-vir...
www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware...
The tool available from bleepingcomputer does not restore my files , likely because
as Kaspersky states below about Cryptolocker , it now fully encrypts the whole file
not just it's header as told in the next account at Malwarekillers. Terminating the
infestation as fast as possible is the best one can do.
http://blog.kaspersky.com/cryptolocker-is-bad-news
www.malwarekillers.com/how-to-decrypt-cryptorbit-files
www.pelstar.com/big-mikes-blog

N O T E : The support for Windows XP with Service Pack 3 ends April 8, 2014

Now is a good time to install the operating system again and start fresh

[<a href="u2u.php?action=send&username=bfesser">bfesser</a>: deleted upload]

[Edited on 17.2.14 by bfesser]

bfesser - 17-2-2014 at 09:19

I deleted the .zip file you uploaded—<em>please don't upload files from virus-infected machines.</em>

roXefeller - 17-2-2014 at 13:31

At least those guys are putting their creative talents to a remuneration scheme and getting paid for their handiwork.

In a way they are being honest about their highway robbery. I can pay them to free my ransomed computer, or I can pay norton (annually) to 'free' my yet-to-be-ransomed computer. Now the malware writers are getting a cut of the market share. Either way, owning a computer is a depreciating scenario, financially that is.

It's hard to polish a terd.

This time we were lucky

franklyn - 21-6-2014 at 05:21

http://easysyncbackup.com/decryptorbit

www.bleepingcomputer.com/forums/t/517689/howdecrypt-or-crypt...

.

aga - 22-6-2014 at 13:33

Hello ?

Did ANYONE ever think any of this easy-to-hack crap was ever Secure Ever ?

Windows wasnt designed as Insecure, it was/is just crap programming, and the Idea of security was an add-on that came after the money deluge began.

Every single bit of data you transfer goes *somewhere* on it's way from you to them or vice versa (i.e. Internet)
Where the data goes is Beyond Your Control.

Due to the inexplicable ineptitude of M$, your computer is also vulnerable to Smarter people simply finding a Hole, poking through it, and then taking absolute control over it.
To be fair, M$ isn't the Only OS provider with Holes, just they get more heavily targetted, and seem to have a surplus of holes.

ALL safety is an Illusion.
Regarding Your Computer data, there is no Safety or Security at all.

[Edited on 22-6-2014 by aga]

franklyn - 25-6-2014 at 13:16

www.hackingteam.it/index.php/remote-control-system

Bow down to your masters

franklyn - 13-8-2014 at 01:32

Consider for a moment exactly what Google can do. It is able to scan through the billions of emails that flow across its network every day, and , based on hashes — mathematical formulas used in database searches and information encryption — it can pluck out an offending email that matches a database of flagged content and then alerts law enforcement.

Google claims as part of a class-action lawsuit against the company regarding email scanning that " a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties." Got that , in an era of electronic communications , emails between you and your friends or business partner , or between you and your brokerage firm , bank , accountant , lawyers , or even your doctor , spouse and child , are never to be considered private.

What happens if an increasingly paranoid government grows suspicious about references to patriotism and deems patriotic speech and imagery worthy of scrutiny ? What happens if government decides those who invest offshore are traitors who must be identified and persecuted ?

When Edward Snowden's revelations broke last year , it sent shock waves through CERN , a particle physics laboratory in Switzerland. A young MIT PhD student working there expressed concern , and soon 40 of the smartest physicists and computer programmers on the planet were pooling their knowledge to found ProtonMail , a Gmail-like email system which uses end-to-end encryption , making it impossible for outside parties to monitor messages sent back and forth. ProtonMail's two-week " crowd funding " campaign had set a target of $100,000 , but collected more than $300,000 in just a few hours. => https://protonmail.ch

In June, PayPal — the same U.S. money-transfer company that blocked contributions to Julian Assange's WikiLeaks at the U.S. government's behest — froze ProtonMail's funds and blocked all further contributions , without notice or explanation. Why would PayPal do such a thing ? Andy Chen, the MIT PhD student who dreamed up ProtonMail , explained that , " When we pressed the PayPal representative on the phone for further details , he questioned whether ProtonMail is legal and if we have government approval to encrypt emails." PayPal's officiousness verifies the fact that American tech companies are increasingly an extension of the U.S. government , and so regrettably cannot ever be trusted with anyone's business.

Excerpts of articles from http://thesovereigninvestor.com

_______________________

Duh I'm with stupid up there
www.sovereignman.com/trends/heres-the-dumbest-thing-youll-he...

.

franklyn - 30-8-2014 at 00:18

http://www.csoonline.com/article/2360945/security/malicious-...

http://www.csoonline.com/article/2599437/data-protection/cry...

.

aga - 30-8-2014 at 13:53

Everything you do on the internet is scanned, analysed, recorded.

It's easy to do, and is done all of the time.

The telephone/mobile networks went digital decades ago.

Likely that a 'Market' exists between Governments (including Mafias) to trade data on who said/did what.

The sheer Quality of Surveillance satellite optics means that what you Say can be derived from the vibrations of something near you.

In these mildly paranoid times, literally Everything you say or do is analysed.

What will be made of the data in Wartime will be interesting.

Texium - 30-8-2014 at 15:18

Quote: Originally posted by aga

Everything you do on the internet is scanned, analysed, recorded.

I think we need a new internet.

roXefeller - 30-8-2014 at 15:33

Someone call Al Gore.

franklyn - 31-8-2014 at 12:24

Quote: Originally posted by aga

The sheer Quality of Surveillance satellite optics means that what you Say
can be derived from the vibrations of something near you.

Not so. The laser bug is over 40 years old. The limitations inherent cannot be overcome without very stringent control of the environmental setting.
Adaptive optics to which you allude cannot possibly compensate.

www.youtube.com/watch?v=1MrudVza6mo

www.williamson-labs.com/laser-mic.htm

.

aga - 1-9-2014 at 12:42

High speed camera, isolate the movement of a small part of the image, such as the edge of a crisp packet, add some DSP, DAC it, and you have sound.

The key ingredients are camera resolution and frame capture speed.
Essentially the frame rate is what determines the max frequency you can resolve.

http://newsoffice.mit.edu/2014/algorithm-recovers-speech-fro...

Quote: Originally posted by roXefeller

Someone call Al Gore.

OK. Al is Gore.

[Edited on 1-9-2014 by aga]

Fantasma4500 - 1-9-2014 at 13:28

my classmate keeps yapping about some damn app trying to install itself on his smartphone, he says he read through what it does, it does so the software can pretty much fully control his smarthphone in exchange of some lame game of some sort.. however killswitch technique has been used lately to shut off loads of iphones (smartphones all in all?) not to mention stingray phone tracker

the arguments for installing killswitch technique on iphones when theyre manufactured is so that the all devious thieves cannot steal your phone and use it..

http://en.wikipedia.org/wiki/Stingray_phone_tracker

http://www.examiner.com/article/in-the-wake-of-ferguson-crit...

we live in an age of technology where criminals are out in the open, and the criminals ofcourse wouldnt want to be on camera and later on the internet

i never wanted a smartphone, the more technologically advanced you get, the easier it will be to be limited by the same technology

The martians have landed ?

franklyn - 14-9-2014 at 17:12

Great what's next.

http://money.msn.com/now/mysterious-fake-cellphone-towers-fo...

http://www.popsci.com/article/technology/mysterious-phony-ce...

My question is if someone takes one down and helps themself to the parts , will the police respond ? Who will be the complainant.

See this other related post above

http://www.sciencemadness.org/talk/viewthread.php?tid=7144&a...

Private sector hacking.

___________________________________________________________

Since when did I don't like what you're doing , stop that , become enforcible.

www.inquisitr.com/1474279/comcast-tells-customers-to-stop-us...

.

careysub - 15-9-2014 at 03:45

Quote: Originally posted by aga

High speed camera, isolate the movement of a small part of the image, such as the edge of a crisp packet, add some DSP, DAC it, and you have sound.

The key ingredients are camera resolution and frame capture speed.
Essentially the frame rate is what determines the max frequency you can resolve.

http://newsoffice.mit.edu/2014/algorithm-recovers-speech-fro...

That is an interesting article.

But it has nothing to do with satellite imaging - they cannot image the surface of a potato chip bag at 3000 frames a second.

Read the brand on the label, yes. Maybe some of the other larger text as well. That's about it.

IrC - 15-9-2014 at 05:56

Does it matter when they will not stop until they have high tech cameras on every street light in the nation? Not only that, I have seen banks of cameras on a power pole on a two lane rural highway between two towns 50 miles apart. One population ~5,000, the other ~1,500. If they are there you can bet they are going up along every highway nationwide at a never ending pace. Your plates are on record and your travels are already cataloged. While those highway setups may not be listening you know the ones on city poles are. If they can be panned and controlled what are the odds that in addition to the microphones on the poles the technology aga describes will not be added. Pan the camera at whatever building or house they want to spy on and little privacy remains. Add to that thermal imaging which can provide internal images and precise analysis of power use, water use. Next toilet use. Orwell could not begin to understand the technical advances in 1984 that would exist by 2014 when governments are busy building the reality.

chemrox - 15-9-2014 at 18:10

Thanks franklyn. I reserved an invitation.

franklyn - 26-11-2014 at 02:25

http://techcrunch.com/video/lavabit-founder-talks-snowden-an...
See ' The legal premise ' below

With this stuff in the wild everyone has a need for security in communication.
http://www.bloomberg.com/video/malware-used-for-surveillance...
http://finance.yahoo.com/news/unidentified-country-likely-be...
http://fortune.com/2014/11/23/regin-malware-surveillance/?xi...
http://techcrunch.com/2014/11/24/regin-spying/?ncid=txtlnkus...

The legal premise for secret indictments , particularly as applied to accused terrorists or combatants is that Grand Jury proceedings are secret as enacted in constitutional law. In Gerstein v. Pugh, 420 U.S.103 (1975) , the Court held that a suspect can be detained for a significant length of time after arrest when the legality of the confinement is reviewed by a neutral decision maker. Normally that review is supplied by a magistrate in a post arrest hearing; but when a grand jury indictment precedes the arrest, the Court concluded that no further review is needed. Substituting a grand jury's review of the evidence for a magistrate's review is permissible,

.

Homing Pigeons are still secure

franklyn - 20-1-2015 at 08:10

No kidding, those are used in New York.

http://www.computerworld.com/article/2872292/nsa-secretly-us...

http://www.computerworld.com/article/2474275/cybercrime-hack...

.

franklyn - 21-5-2015 at 10:04

http://www.theverge.com/2015/5/21/8633815/snowden-nsa-google...

Zombie - 21-5-2015 at 10:35

I've been saying it for years.

If you think you are free to do as you please... you're wrong. IF the government has an interest in you or a use for you, you are theirs.

All of this spyware/malware, ect, is only for one purpose. Analytic marketing.
What are people doing, and how can we steer them thru our cattle runs. Where are they, what are they doing, and how can we make money off of this information?

That's all it is. Money!

WGTR - 21-5-2015 at 19:56

I have a question about general interest in a somewhat-related topic. I have been thinking of designing a hardware access control list for a network. Basically an ACL operates on layer 3 of the OSI model, and it allows one to limit access to or from a network based solely on IP address. Packets coming or going to IP addresses other than those which are allowed get dropped. Conceptually the design is simple, and can be done with stateless hardware.

Tor can be configured to go through certain entry nodes. These nodes can be programmed into an access control list, essentially blocking all network traffic except for that of the selected node. What this means, is that if malware or a browser extension attempts to access the internet outside of the selected Tor node (or a VPN, etc.), those packets never even make it out to the modem. Most expensive (and some inexpensive) routers have an ACL functionality built-in. However, what I am thinking of is a hardware solution that implements only the ACL. This would be an additional box that would be installed between the router and the modem.

Instead of a web interface, the ACL could be programmed directly at the box itself. This eliminates problems with web server exploits. The modular design, i.e., having the ACL physically separate from the hardware router, would greatly simplify both the design and the security auditing that would follow. Of course, the design would be open source.

The overall goal is to offer an internet safety net to those who feel the need to have one, a first line of defence of sorts. The device would be a brick upon arrival, unable to pass any network traffic until the ACL is programmed with selected IP addresses. The lack of a web interface, and the very simple software function implemented, allow hard coding of the design into FPGA fabric. Parties outside (or inside) the network could not hack into the ACL remotely and run code, because there would be no state machine to run it. The software should be simple enough for reasonably experienced parties to audit it. The fact that no single point failure (ACL in series with a router) would allow rogue traffic to pass the network would improve overall security. If someone wanted to access the 'net normally, all that would be needed would be to unplug the ACL box and bypass it manually.

So, am I explaining this well enough? Does it sound interesting, or perhaps like I'm smoking my socks?

Zombie - 21-5-2015 at 20:15

This exists in software... PeerBlock. http://www.peerblock.com/

As you said the trick is in blocking all the known threat IP addresses. In reality, you don't know which ones to block until they are discovered so the bottom line is in blocking the entire "net", and only allowing known IPs to travel thru.

This creates new problems as many sites are "in bed" with the powers that be, and these sites will not function unless you allow the third party access at the same time.

It's a time consuming process to "fix" the issues. I've been avoiding the majority of eavesdroppers for decades but you can't beat them all. I give it up to "risk reduction" vs. risk proof.

Now if you came up with an automatic "Who Is" box oe software, that would help BUT again, these fellas aren't going under Super Sucker Inc. Washington D.C.
They go under Candy Corn, and Unicorn Logic Software Inc. Lakeside N.J.

It's a tough fight. Keep throwing the idea around... you never know what may develop

leau - 16-1-2023 at 09:58

Not Your Average App: A Large-scale Privacy Analysis of Android Browsers

ABSTRACT The privacy-related behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one hand, they can have access to (and can expose) a unique combination of sensitive user data, from users’ browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. On the other hand, they are in a unique position to protect users’ privacy by limiting data sharing with other parties by implementing ad-blocking features. In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we develop a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII—including non-resettable identifiers—to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers’ adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.

https://petsymposium.org/popets/2023/popets-2023-0003.pdf

:cool:

[Edited on 16-1-2023 by leau]

Attachment: popets-2023-0003.pdf (2.3MB)
This file has been downloaded 301 times

leau - 11-2-2023 at 10:53

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps

Consumer mobile spyware apps covertly monitor a user's activities (i.e., text messages, phone calls, e-mail, location, etc.) and transmit that information over the Internet to support remote surveillance. Unlike conceptually similar apps used for state espionage, so-called "stalkerware" apps are mass-marketed to consumers on a retail basis and expose a far broader range of victims to invasive monitoring. Today the market for such apps is large enough to support dozens of competitors, with individual vendors reportedly monitoring hundreds of thousands of phones. However, while the research community is well aware of the existence of such apps, our understanding of the mechanisms they use to operate remains ad hoc. In this work, we perform an in-depth technical analysis of 14 distinct leading mobile spyware apps targeting Android phones. We document the range of mechanisms used to monitor user activity of various kinds (e.g., photos, text messages, live microphone access) — primarily through the creative abuse of Android APIs. We also discover previously undocumented methods these apps use to hide from detection and to achieve persistence. Additionally, we document the measures taken by each app to protect the privacy of the sensitive data they collect, identifying a range of failings on the part of spyware vendors (including privacy-sensitive data sent in the clear or stored in the cloud with little or no protection).

https://petsymposium.org/popets/2023/popets-2023-0013.pdf

:cool:

Attachment: popets-2023-0013.pdf (1.4MB)
This file has been downloaded 320 times

Fantasma4500 - 17-2-2023 at 08:49

vague number from hm- 10 years ago, 1% of the population in my country is actively under surveillance
the rest just get all their data dumped into a hard drive, naturally- sorted through some word scanner, surely social media profile connections are scanned

i always pay with money in stores, for years i ate just pasta and meatsauce 3 times a day, never looked up anything about pasta sauce- never.
never paid with card
never spoke about it.
one day i got adds about pasta sauce. how?

i have heard from people who got in trouble that within very short amount of time police was through all security parameters on their phones, asking them questions about people on encrypted apps. 10 years ago it took them 10 minutes to get access to facebook account by contacting UK surveillance demons
but now- they were interrogating these people on the spot, not like they striked them down- he was caught with something, supposedly stopped for routine check and immediatedly they had access
dont be naïve, online you write with pen not pencil.