This may be apparently true but in reality when you put it in a wider set of rules (the rules that apply to so called 'states of rights') it becomes false.
Let's take an example from Wikipedia:
In 1776, the United States Declaration of Independence declared that "life" is one of the unalienable rights, implying that all persons have the right to live and/or exist. The Declaration of Independence continues that a government has the obligation to secure the unalienable rights of its people. When a government no longer respects this fundamental reason for its existence, it is the "right" and "duty" of the people to overthrow it.
Ironically the state can alienate lives, while people can do so only for self-defense, unless you consider the death penalty a form of self-defense applied by the state... which is not.
And this right to alienate lives is preemptive: you accept that the state can take away anyone's life.
I consider this a form of abuse that some people willingly accept.
And just to be clear on my part, I believe that most people in the world - in the democratic world - surrender their will in the hands of people they shouldn't trust.
This happens everywhere. It's not American, it's not Italian, it's not English or European.
This happens everywhere. It's not American, it's not Italian, it's not English or European.
Update: Kenneth Foster will not be executed.
Funny you should say that, Breizh. The first occurrence of the word "americans" in this page is in your post.
Edit: and in case you didn't understand, my family had an active role in the Italian Resistance. They were part of a minority at the time. I can distinguish positions. I have to. But you can't deny most part of the American people supported the war. It's a fact. Go read the polls and stop hinting at antiamericanism. This isn't the first time you do such a thing because you don't like something.
Edit: and in case you didn't understand, my family had an active role in the Italian Resistance. They were part of a minority at the time. I can distinguish positions. I have to. But you can't deny most part of the American people supported the war. It's a fact. Go read the polls and stop hinting at antiamericanism. This isn't the first time you do such a thing because you don't like something.
Last edited by Albieg, .
In one thing Vietnam cannot be compared to Iraq, and that is the all-volunteer basis of the US Army we have today. No draft means - theoretically - that all the soldiers who went to Iraq knew there was a possibility, and they accepted it, unless you accept Ehren Watada's ideas as valid (and for the record I do, the history of my family is deeply rooted in the Italian Resistance to fascism and this has a large influence on my ideas).
The absence of a draft is a major distinction in this case.
No compensation, not even a moral one, will ever be paid by the US to Iraq. The US expect their enemies play by the book, but they don't. A twisted notion of sovereignty and the historical lack of interest in foreign affairs shields the general public from the form of self-criticism that both Germany's and Italy's social textures had to endure.
And just to be clear, I'm not comparing the extent of the crimes of nazism, fascism or stalinism to the extent of the violations of International laws (which are - not only in my opinion - still crimes) committed by the US. I know they are completely different things and that the US is a fully formed democracy, but the same rules apply. "We didn't know" is hardly a good justification when someone simply didn't care to listen to the words of the IAEA. They had to know better and now everybody knows they knew better, but the documents were there at the time. Uranium from Niger? How the hell could someone believe to such a blatant Italian intelligence forgery that was ruled out as bull by the Italian investigative press immediately (except of course from Panorama, owned by Berlusconi)?
Powell regrets his stunt at the UN as a painful "blot" in his career, but estimates made by people who were really in the know (and acknowledged worldwide to be so) were already widely available at the time.
The reputation of people who knew what they were doing has been smeared, and since then restored to the shame of all the falling heads in the US government. May Powell's blot hunt him in his nightmares for all his life to come.
The absence of a draft is a major distinction in this case.
No compensation, not even a moral one, will ever be paid by the US to Iraq. The US expect their enemies play by the book, but they don't. A twisted notion of sovereignty and the historical lack of interest in foreign affairs shields the general public from the form of self-criticism that both Germany's and Italy's social textures had to endure.
And just to be clear, I'm not comparing the extent of the crimes of nazism, fascism or stalinism to the extent of the violations of International laws (which are - not only in my opinion - still crimes) committed by the US. I know they are completely different things and that the US is a fully formed democracy, but the same rules apply. "We didn't know" is hardly a good justification when someone simply didn't care to listen to the words of the IAEA. They had to know better and now everybody knows they knew better, but the documents were there at the time. Uranium from Niger? How the hell could someone believe to such a blatant Italian intelligence forgery that was ruled out as bull by the Italian investigative press immediately (except of course from Panorama, owned by Berlusconi)?
Powell regrets his stunt at the UN as a painful "blot" in his career, but estimates made by people who were really in the know (and acknowledged worldwide to be so) were already widely available at the time.
The reputation of people who knew what they were doing has been smeared, and since then restored to the shame of all the falling heads in the US government. May Powell's blot hunt him in his nightmares for all his life to come.
Really, really strange...
If you managed to keep the old LFS executable (I always keep no longer active suspect files until analysis is finished) you could compare the two with fc from a command prompt to see if there's a difference.
If you managed to keep the old LFS executable (I always keep no longer active suspect files until analysis is finished) you could compare the two with fc from a command prompt to see if there's a difference.
Stop telling others to listen, start listening, stop hiding behind a finger. You did something stupid. Maybe this doesn't transform you in a bad person, but this transforms you in a programmer I'd manage to get fired instantly.
Denying responsibility isn't professional either, muhaa.
Moreover muhaa failed to keep track of the time passed between the discovery of the security issues and of his disclosure, he spread a poc in the wild, he didn't take into account the fact that LFS isn't so widespread. I see no professionality in this.
They keep this database as a form of advertising for their worldwide security chapters: a bit of shame for the defaced, a bit of fame for the defacers and tah-dah! You need zone-h. We'll secure your website, but maybe a zone-h founder will wiretap you. Not now, for sure
.Edit: and they fail to mention that Ghioni is in deep trouble with justice... No full disclosure in this case.
LFS stops working (maybe). That's all.
If this is real, he just lost a lot of respect from me.
Edit: nice to know that muhaa... I can't condone what Ghioni has done.
+1. Proofs of concept are considered a good practice, although spreading them in the wild isn't justifiable.
Anyway, all of this reminds me of the wonderful words of Thomas Hesse, Sony BMG's president: "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
By the same logic if you don't know what cancer is, you shouldn't care about it. That's stupid. I prefer to know. I prefer to be warned about risks. As a software user I have a right to know and take action to prevent abuses from those who have the know-how.
Alright Sam, you know I respect your ideas. But let's get a fact straight: there may be black, grey and white hats out there, but there isn't any sure border.
You quote a page in zone-h, a defacement database site. They teach security, they enforce security, they warn about criminal activities. They MUST be good, after all...
Well, not all of them. One of the two founders, Ghioni, is in jail. He's involved in breaching into the computer of the president of Rizzoli - Corriere della Sera, he was the leader of the tiger team of Telecom Italia, he's presumably involved in the illegal wiretapping of thousands of persons, there are pending investigations that tie him to the Italian military secret service and to the persons who were responsible for the kidnap of an imam in Milan, who was abducted by CIA agents who were subsequently investigated.
This is an international scandal involving someone who's presumed to be a white hat. He's been rotting in jail for months, and probably he's safer there than out, given the number of secrets he knows. He talks very little to investigators, and it's easy to understand why.
If you want different examples (Mitnick anyone?) there are tons of not so good people turning bad, and tons of not so bad people turning good. That's the norm.
My position is generally for full disclosure, but I do not condone any kind of attack, disruptive or not. I'm for research in a controlled environment, or after having obtained permission to do so. I respect the job of the people who disclose their discoveries and don't keep their knowledge for themselves for illegal activities.
Edit: full disclosure after an acceptable amount of time. Read the story about Robin Hood and Friar Tuck here:
http://www.retrologic.com/jargon/meaning-of-hack.html
Last edited by Albieg, .
Nothing should really change, the md5 hash you see on Jotti is calculated on the whole file, and if the hash is the same there's no reason to believe the files are different. You should have the same results if the md5 hash is the same.
Having the same hash with different files is possible (although extremely rare), but I think I can safely rule out this possibility in this case.
Edit: I add the results of my online scan for reference.
File: LFS.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: e0c2f6ca50eb7e9007071c163f9f0474
Scan taken on 28 Aug 2007 14:45:22 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Last edited by Albieg, .
That's a false positive, something in LFS.EXE exhibits code which is similar but not equal to a trojan. This happens with heuristic scans, that's why some antiviruses have a better recognition than others.
(but they're prone to false positives
)
Update: I installed Antivir on Vista and updated it. I scanned LFS.EXE with both low, mid and high heuristic recognition and no problem whatsoever was signalled with the executable. Mmmm. I then submitted LFS.EXE to Jotti. The files have the same md5 hash, so they should be exactly the same file. The scan results are the same. This is a false positive, although I cannot tell exactly why since Antivir has a different behaviour on your computer and on mine: it may be different updates, different OSes or an interaction with other resident protection tools.
(but they're prone to false positives
)Update: I installed Antivir on Vista and updated it. I scanned LFS.EXE with both low, mid and high heuristic recognition and no problem whatsoever was signalled with the executable. Mmmm. I then submitted LFS.EXE to Jotti. The files have the same md5 hash, so they should be exactly the same file. The scan results are the same. This is a false positive, although I cannot tell exactly why since Antivir has a different behaviour on your computer and on mine: it may be different updates, different OSes or an interaction with other resident protection tools.
Last edited by Albieg, .
Really looks like a false positive to me. Antivir is over-zealous in this case, it must be the heuristic recognition. Ignore the threat, set Antivir to ignore LFS.EXE or the whole folder or disable heuristics.
False positive or not?
Don't take immediate action. Take note of the full path of the executable. Use the search if necessary. Take note if different versions of the same file are available. Then look at file properties: dimensions, last accessed, last modified. Compare the dimensions to a clean LFS.EXE (I'm at work, I cannot give the right dimensions). If last modify is not the last day in which you updated your LFS version, it's suspicious. It may also be a false positive (it happens).
To have a better insight, go to http://virusscan.jotti.org . Wait in line till the server allows you to upload. Upload LFS.EXE and take a look at the results. Post it here if you like, I can have a look at them for you. Please, just the text.
Edit - That file seems to be somewhere in your Documents and Settings folder. This is in no way a correct location for LFS, although you may have installed it there. Take a look at the path of LFS you usually run.
Re-Edit: the dimension of LFS.EXE should be 1.728.512 byte.
Don't take immediate action. Take note of the full path of the executable. Use the search if necessary. Take note if different versions of the same file are available. Then look at file properties: dimensions, last accessed, last modified. Compare the dimensions to a clean LFS.EXE (I'm at work, I cannot give the right dimensions). If last modify is not the last day in which you updated your LFS version, it's suspicious. It may also be a false positive (it happens).
To have a better insight, go to http://virusscan.jotti.org . Wait in line till the server allows you to upload. Upload LFS.EXE and take a look at the results. Post it here if you like, I can have a look at them for you. Please, just the text.
Edit - That file seems to be somewhere in your Documents and Settings folder. This is in no way a correct location for LFS, although you may have installed it there. Take a look at the path of LFS you usually run.
Re-Edit: the dimension of LFS.EXE should be 1.728.512 byte.
Last edited by Albieg, .
I have a long term experience with Avast and I'm far from happy with it.
This comparison chart confirms what I read somewhere else and what I experienced first-hand.
That's what most Italians think about their politicians, all of them. But for me that's a sort of daydreaming, so I take a different approach: maybe those politicians are perfect representatives.
This isn't quite right. You can perfectly live without an antivirus, but you have to understand what you're doing and accept the fact you have to manage security proactively on your own.
I for once accept the thesis of the Holy Father: the approach of most antiviruses is inherently flawed because they prevent only what they know, and this leads to a false sense of security. Nonetheless it's still a valid approach because most people don't know how to audit or manage the security of their computer. Trouble is, should they do it or not? Ideally they shouldn't do it, but OSes are far from perfect. To each his own.
The best thing in Avast is that's free. Their virus database is odd and fails to locate lots of trojans. I'd go with Avira Antivir if I had to choose a free antivirus, it does a better job.
Kaspersky remains my antivirus of choice, and the most respected one by people who have an interest in fighting malware. The Holy Father used it as a benchmark to detect his excellent rootkit, hacker defender.
Apparently the Holy Father died in a road accident last year, but I didn't check if this is only a rumour. The old homepage is unavailable. The old presentation he made for hxdef is still on YouTube.
Although Ron Paul's non-interventionist platform may appeal to some persons (particularly foreigners
) I'm not sure his positions regarding economy, taxes and freedom can have a wide appeal. He's not a strong contender at the moment, but nothing is sure in this elections: we have an ex-mayor with no international expertise that keeps uttering wrong concepts while facing a revolt from NY firemen that could cost him his reputation battling some other war supporters and an ultra-libertarian who has the face and the ideas of an old hippie still enjoying marijuana. And things are going very, very bad for republicans.
On Dems side, Barack and Hillary have already started ranting. They are very strong contenders, although each of them has troubles that could cast a shadow on their candidacy. The strongest contender would be Al Gore, whose only evident troubles are an idiotic wife and being overweight. But he's not in, at the moment. But Al Gore remains a wet dream for lots of democrats.
An ex-mayor with a sinking reputation, a libertarian who favours little government intervention and is an advocate of extreme freedoms, a black ex-muslim and a white woman in career whose husband had a penchant for strange affairs, both financially and sentimentally... No matter what happens, these elections will be really entertaining.
A good antivirus traps some kernel calls modifying the NT System Service Descriptor Table. For instance Kaspersky traps NtClose, NtCreateProcess, NtCreateProcessEx, NtCreateSection, NtOpenProcess, NTQueryInformationFile, NtSetInformationProcess and NtTerminateProcess to handle them with the driver klif.sys. All these kernel calls are usually handled by ntoskrnl.exe, but in case of Kaspersky the SSDT is manipulated and extended to offer the functionality needed to open the file, check it and pass it back to the operating system if clean.
This is the way most antiviruses work these days. It's fairly easy to check this, just run a simple antirootkit like IceSword and check the SSDT.
This metodology is used also by some rootkits.
There are some additional possible checks, such as the usage of an LSP to scan network traffic for incoming malware. Such technique is used for instance by Microworld E-Scan, which is based on Kaspersky Engine but adds an interesting and sometimes annoying feature called Winsock Layer. They say it prevents malware from entering blocking the relative network traffic, but that doesn't work always.
This is the way most antiviruses work these days. It's fairly easy to check this, just run a simple antirootkit like IceSword and check the SSDT.
This metodology is used also by some rootkits.
There are some additional possible checks, such as the usage of an LSP to scan network traffic for incoming malware. Such technique is used for instance by Microworld E-Scan, which is based on Kaspersky Engine but adds an interesting and sometimes annoying feature called Winsock Layer. They say it prevents malware from entering blocking the relative network traffic, but that doesn't work always.
FGED GREDG RDFGDR GSFDG