Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers

timothy posted about a year ago | from the taken-for-a-ride dept.

Privacy 43

tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."

Sorry! There are no comments related to the filter you selected.

A-List Spear Phishing (2)

ponraul (1233704) | about a year ago | (#45336929)

That's hot.

Re:A-List Spear Phishing (1)

Anonymous Coward | about a year ago | (#45337101)

Too bad Brian Krebs is always raining on our parade.

and use adobe PDF reader (1)

Joe_Dragon (2206452) | about a year ago | (#45337103)

that just auto hacks your system when some opens an PDF loaded with hacker tools in it.

Good (2, Funny)

Anonymous Coward | about a year ago | (#45336979)

Exposing the personal information of 30 million people wouldn't bother those in power. But those in power having their information hacked? Finally, we may see some protection of data--at least for those in power.

Hold Them Responsible (3, Interesting)

Jane Q. Public (1010737) | about a year ago | (#45336981)

When are corporations going to be held responsible for the security of their customers' information?

If things like credit card information are stored in cleartext, the corporation doing it should be fined and the people responsible prosecuted if there is a leak. It's just gross irresponsibility, for which nobody has seemed to get punished.

That needs to change.

Re:Hold Them Responsible (1)

Anonymous Coward | about a year ago | (#45337011)

When are corporations going to be held responsible for the security of their customers' information?

Probably now since this actually targets someone in charge.

The problem is that the "fix" will be to only hold corporations responsible if someone "important" is hurt.

Re:Hold Them Responsible (3, Interesting)

andyjb (1625561) | about a year ago | (#45337037)

They are resposible - if they have been deemed to be in breach of PCI compliance, they will not be granted "safe harbour" by their issuing bank / {AMEX, Visa, MC}. In a nutshell it means that they will find it more expensive to do business from now on. It does often happen however that a business will decide that being PCI compliant is more expensive than the fines...

Re:Hold Them Responsible (1)

cheater512 (783349) | about a year ago | (#45339613)

Every credit card related info leak is in breach of PCI compliance.
Even if they got audited just a week previously and passed with flying colours.....

We are a limo company not an IT one the outsourcer (1)

Joe_Dragon (2206452) | about a year ago | (#45337049)

The outsource is the one who messed up.

Re:We are a limo company not an IT one the outsour (0)

Anonymous Coward | about a year ago | (#45375943)

Get what you pay for, I guess.

Re:Hold Them Responsible (1)

Thanshin (1188877) | about a year ago | (#45337111)

When are corporations going to be held responsible for the security of their customers' information?

Just as soon as we stop referring to "corporations" as if they were people?

Re:Hold Them Responsible (5, Funny)

Deadstick (535032) | about a year ago | (#45337541)

I'll believe they're people when Texas executes one.

Re:Hold Them Responsible (1)

Gr8Apes (679165) | about a year ago | (#45340559)

I'll believe they're people when Texas executes one.

I guess Texas [idownloadblog.com] did [techdirt.com]

Re:Hold Them Responsible (1)

Jane Q. Public (1010737) | about a year ago | (#45340567)

"Just as soon as we stop referring to "corporations" as if they were people?"

Corporations can be held legally responsible for their actions. Hell, that's one of the reasons corporations were invented.

Re:Hold Them Responsible (0)

Anonymous Coward | about a year ago | (#45341279)

They CAN but typically AREN'T. In the few instances they are held accountable it ususally involves a slap on the wrist fine compared to the money they made on the data that was lost.

Re:Hold Them Responsible (2)

Sarten-X (1102295) | about a year ago | (#45337129)

When are residents going to be held responsible for the security of their valuables?

If things like cash and jewelery are stored behind unlocked doors, the households storing them should be fined and the people responsible for the storage prosecuted if there is a theft. It's just gross irresponsibility, for which nobody has seemed to get punished.

That needs to change.

I'm exaggerating a little, but this is really how the law works now. The criminal responsibility falls to the guy who thought "I'm going to violate this obvious demarcation line and grab whatever I want", rather than the guy who thinks "That barely-visible boundary should be obvious enough". The concept applies broadly, affecting harassment, copyright, theft, injury, and discrimination suits, just to name a few. While there is some consideration given to whether the victim should have taken more reasonable precaution, being careless is not a crime in itself.

Re:Hold Them Responsible (0)

Anonymous Coward | about a year ago | (#45337205)

Being careless can be crime in many circumstances.

Re:Hold Them Responsible (1)

Sarten-X (1102295) | about a year ago | (#45337337)

If you let carelessness run amok to the point of negligence, yes... but the circumstances for negligence must be defined in law. There is no such law for information security, outside a few particular areas (financial institutions, health care, and military).

Re:Hold Them Responsible (0)

Anonymous Coward | about a year ago | (#45337313)

While there is some consideration given to whether the victim should have taken more reasonable precaution, being careless is not a crime in itself.

Not necessarily a crime but when you handle the property of someone else you have a responsibility to keep it safe and have to compensate the person if you don't.
If you rent a car and the car is stolen you will likely have to pay a fine.
Borrowing your friends bike and it gets stolen, well, you can ignore your friend if you are a complete dick but anyone else would offer some sort of compensation.

Re:Hold Them Responsible (5, Insightful)

TheNastyInThePasty (2382648) | about a year ago | (#45337465)

Having YOUR stuff stolen kind of is the fine. Your anology doesn't work because in this case, it's not the company's information that was stolen. It was their customers. A bank is a closer analogy but even that doesn't work. I'm pretty sure the bank will compensate you if the contents of your security box is stolen due to their poor security practices.

With this company and the recent Adobe breach, there's no compensation for their customers who had their data stolen. The company gets to just go "Well shucks, I'm sorry guys." Meanwhile, their customers have been exposed to possible identity theft or fraud and they're the ones who have to deal with the consequences.

A couple of years ago, my social security number was stolen from a local university that I took a summer class at. My parents then subscribed to one of those identity theft protection services. Were we ever compensated for the service fees needed to protect my identity? Nope. Would I have been compensated if someone stole my identity and destroyed my credit for life? Nope.

That's the problem.

Re:Hold Them Responsible (1)

CODiNE (27417) | about a year ago | (#45339175)

Oh yeah for years the community college I went to would use SSN for student IDs. They'd pass around an "anonymized" roll sheet where everyone would sign next to their SSN. At the end of the semester your grades would be posted next to your SSN instead of your name.

Idiots.

Re:Hold Them Responsible (1)

Sarten-X (1102295) | about a year ago | (#45339281)

I'm not saying it makes sense for a company to be unaccountable, but only that that's the way the law is set up now. There's a pretty strong fear of blaming the victim in legislature, so I doubt we'll see any such laws crop up soon. Legally, it's the same as a gym's locker room that says "not responsible for lost or stolen items". The law just doesn't make them responsible.

You do bring up an interesting point... why does a university need your federal retirement savings account number?

Re:Hold Them Responsible (1)

TheNastyInThePasty (2382648) | about a year ago | (#45342155)

My point is that they're not really the victim. Their customers are. The businesses are the conduit. They are the means by which the attacker is able to cause you damage. Framed that way, it becomes clearer that they deserve consequences for their failure.

Re:Hold Them Responsible (0)

Anonymous Coward | about a year ago | (#45342435)

Unless you work there, a university should not have your SSN.

Look into FERPA regulations. This is a HUGE thing to have happened and I believe you have recourse.

Re:Hold Them Responsible (1)

sl4shd0rk (755837) | about a year ago | (#45337417)

When are corporations going to be held responsible for the security of their customers' information?

It used to be that companies really feared being out of compliance with PCI standards [pcisecuritystandards.org] but things must have changed. I don't know for certain but if I had to venture a guess, companies probably find it more appealing to take chances being non-compliant rather than invest in appropriate infrastructure (including competent staff) to support full PCI compliance .

It's *extremely* difficult to sell proper security to management based on potentials. They want numbers to plug into their spreadsheets to measure cost vs. benefit but when you are working with a gradient like a compromise those numbers fall anywhere from 0 to infinity depending on the depth of the compromise (think Stuxnet) and what assets are at risk (adobe Photoshop source code). For those reasons, many companies only implement the bare minimum and hope for the best.

850K (1, Interesting)

pr0t0 (216378) | about a year ago | (#45337025)

Also known as a list of 850,000 people making a hell of a lot more than I do.

St Louis in the House!!!! (3, Funny)

turp182 (1020263) | about a year ago | (#45337033)

Hey, I have to take every chance I get to promote my hometown, and that's where this company is based.

A coworker for mine knows someone that used to work for the company, it sounds like they used a custom (homebrew) encryption scheme for the passwords. This could be incorrect, the guy hasn't worked there in a couple of years.

Anyway, we didn't win the World Series, but apparently we can give you Tom Hanks credit card info...

Re:St Louis in the House!!!! (1)

HornWumpus (783565) | about a year ago | (#45337359)

East St Louis is the best St Louis.

That's a slight exaggeration. But St Louis really is a shithole.

Re:St Louis in the House!!!! (1)

turp182 (1020263) | about a year ago | (#45340879)

I'm assuming you were trying to be offensive, but no offense taken. STL is a good "live in" city, better than So Cal (where your 2nd job is sitting in traffic and the state/federal officials seem to be... out of touch with reality - watch out for cancer!!!). Better than Phoenix as well (summer sucks and I prefer "character" rather than a 15 square mile suburb). Same for Vegas on the suburb. All are nice for visiting, but not for living, unless you have millions to spend/waste. Washington state is probably nicer...

I live in a walkable neighborhood (food, drinks, entertainment, groceries, frozen yogurt) in a house that was built in 1885. Built to last, which time has proven. I do commute to the boring suburbs for work, such is reality (against traffic). Soulard is my home.

East St. Louis is hell, that is for sure. But where I'm at I can walk a couple of minutes and get almost any type of food and listen to bands from Ireland almost any night of the week (McGurk's - fantastic).

And it's where my family is. Which is important, having kids (people who like to take the kids over the weekend - coming up this weekend in fact).

It's also a very good market for software developers, it's a job seeker's market right now.

Why did I type so much...

not THAT rich (1)

cellocgw (617879) | about a year ago | (#45337213)

Pffft... if they were really rich, they'd have their own fulltime bonded limo drivers on staff. Before you laugh, remember that the suckily rich own huge yachts which have a permanent crew whose only job is to make sure the yacht shows up at whatever port the owner wants his next party to be at.

Re:not THAT rich (2)

swb (14022) | about a year ago | (#45337579)

"...at whatever port the owner wants.." is kind of a small list of boats.

Just moving even a smallish yacht (75 feet or so) ocean distances is really expensive and/or really slow. Sport yachts capable of 20+ knots cruising speeds can eat double-digit quantities of fuel per hour. Moving from Miami to NYC could take days and tens of thousands of dollars in fuel and most don't have the fuel capacity for major blue ocean transits. Trawler styles use less fuel, but have cruising speeds in the single digits.

I think even most million-dollar class yachts that are crewed aren't crewed by permanent crews but are crewed as needed when the owner wants to use them, maybe with a preferred captain and generally don't move ports but may move to alternate berthings with the general vicinity, but even then you can't just show up with a big boat and expect to find a berthing for it.

Of course there are ocean-going ships permanently crewed, but this is a pretty small list because now you're talking really large boats that are ships with operating costs on par or exceeding large jets.

Re:not THAT rich (1)

rickb928 (945187) | about a year ago | (#45338191)

The rich use their yachts primarily as vacation homes. And they rent them out to defray the costs. Or lend them out to impress their buddies.

Limos != yachts (0)

Anonymous Coward | about a year ago | (#45337703)

I wouldn't be so sure about that.

The rich don't need to use a yacht everyday so there's time to move the yacht to where it needs to go, but you need a car everyday.

Rich people fly around a lot more, and planes travel faster than cars so if you want a car to be there when you land, you'll need to have multiple cars distributed geographically, and with it comes extra cost in logistics

The really rich may do that for the places they frequent a lot, but I think they do travel to a lot of other places where it's better to just rent as you go.

Re:Limos != yachts (2)

uncqual (836337) | about a year ago | (#45338189)

Or, just fly your cars (multiple needed for backup and for security details) in your second 747. Poor folks may have to cram the cars into the cargo hold on their primary (and only) 747 -- but that's pretty low class and only trailer trash would consider it.

Nobody Seems To Notice and Nobody Seems To Care (-1)

Anonymous Coward | about a year ago | (#45337245)

** PLEASE COPY AND SHARE THIS ARTICLE **
** ESPECIALLY ON THE #BADBIOS - BADBIOS - bad bios - DISCUSSION WHICH MAY HAVE STATE ACTORS SAYING IT IS BUNK **

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

"In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use â" which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then⦠you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

        Know your router's firmware may easily be replaced on a hacker's whim?
        Shield all cables against leakage and attacks
        Still use an old CRT monitor and beg for TEMPEST attacks?
        Use TEMPEST resistant fonts in all of your applications including your OS?
        Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
        Use your PC on the grid and expose yourself to possible keypress attacks?
        Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
        Search out informative papers on these subjects and educate your friends and family about these attacks?
        Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

UPDATE on tagmeme domain - 11/2013 - You'll have to use Archive.org to recover and view pages and files from the tagmeme domain as it has been abandoned and the content removed.

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof"

Re: Nobody Seems To Notice and Nobody Seems To Car (0)

Anonymous Coward | about a year ago | (#45337347)

Damn, that is the longest post I have ever seen.

Re: Nobody Seems To Notice and Nobody Seems To Car (1)

globalist (1332141) | about a year ago | (#45337833)

You must be new here, right?

Uncle Leo? (1)

Peter Kingsbury (3046159) | about a year ago | (#45337977)

Is that you?

IS KEVIN BACON IN ANY DANGER ?? ANY AT ALL ?? (-1)

Anonymous Coward | about a year ago | (#45337287)

Because that would truly be a tragic turn for the lesbian !!

Prostitution / Mistress Detection (2)

arthurpaliden (939626) | about a year ago | (#45337381)

Ok now all one has to do is to find out what the most common destinations, other than their homes, were and there you have who possibly uses prostitutes or have mistresses.

850,000 Limo Riders? (2)

edibobb (113989) | about a year ago | (#45341099)

There are sure a lot of people who ride in limousines.

Cricket (1)

shimul1990 (3413815) | about a year ago | (#45342515)

Cricket is now a days a very popular & interesting game all over the world.

Lobra (0)

Anonymous Coward | about a year ago | (#45379031)

1 kamer canon 1 duks me kanabis

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?