ZeroDay

Level 29
Verified
Malware Tester
Critical point here.. Just simply collect less data and everyone is better off. Hence why Fortinet essentially allows you to disable ALL data collection from ALL products/services/software.. Don't want anything collected? No problem, tick a few boxes and we're all better off.

The constitutional lawyer in our family brought up a good point to me. By using US Products/Services we come under US Consumer Protection Laws, Regulations, Acts and the Constitution itself. It's incredibly illegal for the US Govt. to gather intelligence on local citizens without probable cause and due process. But if you start using offshore based products/services, you vacate yourself from legal protection because your data sudden becomes the possession of a foreign actor.

Case in point, if you are using a US-Made, US-Stored cloud backup, a US Citizen comes under direct protection by US Law. But if you are using a Russian based cloud backup service your data is offshore, and now subject to US Intelligence gathering, and you've abdicated your legal protection to some extent. He reminded me that it is a constitutional violation to unmask a US citizen without a court order and that citizen will need to be talking to a FORN entity for the court order to have merit. Similar to how a NON-US Citizen would be using a US-Based product, they have no legal protection whatsoever.

Maybe American's should switch to Norton.. AHAHAH
I think Snowden pretty much proved US products or not we're all being watched albeit illegally, same here in the UK. It's one think it being against the law, but expose that law breaking by the US government and you end up in Snowden's situation. Can you imagine if you found out you were being unlawfully spied upon by the US government and you took this issue to court? They'd use every loophole including 'possible connections with terrorists because you Googled 'terrorism' once. The judge's head would be spinning that fast you'd be behind bars before he'd taken an Aspirin lol.
 

ZeroDay

Level 29
Verified
Malware Tester
There are so many loopholes the terrorism act itself is a rabbit hole withing a rabbit hole. By the time you or I proved our innocence we'd be drawing a pension after serving 30 years for absolutely nothing.
 

AtlBo

Level 27
Verified
Content Creator
TLDR; This list is a sham, designed to save face, prempt congressional scrutiny. Designed as a 'feel good' pile of nothingness to satiate the public and counterbalance the 'worldwide' negativity that INCESSANTLY builds up hatred for the corporate/industrial/intelligence complex. Designed to keep the little man in order so he feels good. Facebook is probably behind this whole pile of nonsense but anyone signing onto it is probably just as guilty as facebook.
@Slyguy...thanks. Wish I could have said this in these words. Exactly what I was trying to say, and I can't tell you how good it feels to read it. It sure feels and appears this way (after 20 years of watching this industry closely) to me...

Even if they are not selling or sharing data with third-parties, just by collecting a lot of data on someone is bad...
If someone has undocumented access to personal data and personal creative ideas, then there will be theft. Why, because the only people who would run a system that depended on such a breach waiting to happen methodology, wouldn't allow for it on a broad scale EVER...not just as a precaution or adherence to good policy though. Because the whole thing would eventually crash with such a hole in place...in a large scale environment. Actually, any size almost.

If a company is serious about protecting their customers and the data of their customers then they should be focusing on reducing the amount of data collection, reducing the amount of sharing of data and re-assessing which data they are sharing with third-parties, cleaning out old data, etc. The less data that is available, the less damage that is done when data is exposed.
Storing logs of data transfers including specifics of data transactions maybe? This would be a nice start. Microsoft could leave in a log a description of the purpose of each internet connection transaction and specifics on the contained data sent to the company unrelated to updates (keep those separately). This would be at least a start to setting a precedent for responsible program development and bring some encouragement to computer owners.

If a company is serious about protecting their customers and the data of their customers then they should be focusing on reducing the amount of data collection, reducing the amount of sharing of data and re-assessing which data they are sharing with third-parties, cleaning out old data, etc.
Thanks @Opcode, I L:love:VE this statement. They can be publically accountable or to some independent privacy rights group or something maybe about all of this. Especially I like the cleaning out of old data, but this kind of cooperation and accountability could lead to predictable security practices that are a solid part of a much better big picture. Ex, cleaning out old data weekly, could mean finding a discrepency early on, etc. and being able to go public about a problem before it mushrooms.

I wonder if there is some kind of copy protocol that could be developed and locked into use for some server setups where data is stored (legally)? This way maybe every time data is copied it could be tracked when on an equipped server or whatever...or maybe just create a special type of protected copy/paste/cut/move whatever within program languages.

The constitutional lawyer in our family brought up a good point to me. By using US Products/Services we come under US Consumer Protection Laws, Regulations, Acts and the Constitution itself. It's incredibly illegal for the US Govt. to gather intelligence on local citizens without probable cause and due process. But if you start using offshore based products/services, you vacate yourself from legal protection because your data sudden becomes the possession of a foreign actor.
ESPECIALLY via an owner trusted platform like a phone or internet account! Illegal as HELL! It's the same thing as breaking into a home or searching a car without a warrant or without asking first. Actually, not even that should be allowed imo. Not everyone knows the law to just say no should they care to. Anyway, law enforcement doesn't need that kind of thing to "Serve and Protect".

Case in point, if you are using a US-Made, US-Stored cloud backup, a US Citizen comes under direct protection by US Law. But if you are using a Russian based cloud backup service your data is offshore, and now subject to US Intelligence gathering, and you've abdicated your legal protection to some extent. He reminded me that it is a constitutional violation to unmask a US citizen without a court order and that citizen will need to be talking to a FORN entity for the court order to have merit. Similar to how a NON-US Citizen would be using a US-Based product, they have no legal protection whatsoever.
This is why government and software companies should NEVER agree to anything privately. It should be forbidden under American law imo. Government can only get here via Microsoft or Google basically or maybe Facebook or Apple. However, won't learn anything anyway from a Russian cloud server hack that can't be learned better with old fashioned feet on the ground pulse reading and also with good old fashioned fair play...and high level diplomatic activity and pressure. This is where the magic will happen for U.S. security operations if it is going to happen and when it's combined with standard net monitoring and case study. We don't have to be a bunch of knee jerk worry turds cawking about the shape of the moon to know what it might mean that someone is using a Russian cloud service or whatever. They're acting like a bunch of shivering toy poodles in Washington the way things seem...

SERIOUSLY, they need to get on the same page with IT pros that they can trust on their lower levels...bring them in and get to the bottom of how to get this &%*$ show fixed. Fix it for business, and the rest will get fixed too. Get corporate out of the CIA and vice versa...annihilate the NSA----->completely obliterate it from the record. Find diplomats and be a civilized nation of working people. Some are going to need a computer, so, once you are done, watch over the game you have laid the framework for and watch the backs of American corps.

BTW, EVERY AMERICAN is a VIP, and EVERY AMERICAN is a JANITOR too. Special treatment is what got us here in the U.S. into this mess in the first place. It's got to stop. There isn't a reward for carrying out a civic duty or doing one's part...
 
Last edited:
D

Deleted member 178

That's a useless generalization that ANYONE could make about ANY country. So you ran into a few people you could BS? Great.. So what does that say about you if you are trying to BS people? :unsure:
i don't claim to be a good and nice guy ;)
Most often in countries where people are very dependent on medias get easier to manipulate and scam.
the article mostly mentioned American firms, so it is why i mentioned American citizens.
I have family who are Americans so it is not like i have some grudges towards the US, i just talk about my experience over there.

Barring actual evidence or study being conducted this statement is merely conjecture. Also keep in mind the US ranks 9th overall in the world in average IQ and most of what you probably enjoy was invented in America. 90% of the worlds countries have contributed virtually nothing to the world.
Naivety has nothing to do with IQ, it is about trust. You can be smart and very educated but trust people easily.
 
D

Deleted member 65228

like what?!
1. 1516 - Windows Kernel 64-bit pool/stack memory disclosure in nt!NtQueryInformationProcess (ProcessImageFileName) - project-zero - Monorail
2. 1515 - Windows Kernel pool memory disclosure in nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) - project-zero - Monorail
3. 1518 - Windows Kernel 64-bit stack memory disclosure in nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation) - project-zero - Monorail
4. 1519 - Windows Kernel 64-bit stack memory disclosure in nt!NtQueryVirtualMemory (MemoryImageInformation) - project-zero - Monorail
5. 1512 - Windows Kernel stack memory disclosure in nt!NtQueryVolumeInformationFile - project-zero - Monorail

The disclosure date of the above was in January and it wasn't patched until April, months later. However, they were subject to 90 days before being disclosed, therefore Microsoft had a lot more time to look into them.

6. 1543 - mpengine contains unrar code forked from unrar prior to 5.0, introduces new bug while fixing others - project-zero - Monorail - also subject to 90 days prior to disclosure and was disclosed after the 90 days time-frame at the start of March however was not patched until this month.

7. 1427 - Windows: StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation EoP - project-zero - Monorail - disclosed after a time-frame in November, patched in February.

In the past there have been vulnerabilities they decided not to patch entirely (or at-least for a very long time) for whatever reason.

The above examples, some of the patching times aren't so bad because you have to give them time to patch the problems properly... However bear in mind that 90 days about 3 months so that's already quite some time.

There'll be loads more examples probably if you do more searching on it.
 

Slyguy

Level 43
Realize that even though I state US Citizens are protected by various laws, regulations and the constitution itself I will be the first to say those laws, regulations and the constitution itself are being violated at the highest levels of our govt. down to the lowest levels.

When Yahoo built a front-end tool for the NSA to access Yahoo Accounts in realtime, they broke the law. When Microsoft and others joined PRISM, they broke the law. When the NSA started collecting meta-data on every US Citizen, they broke the law. When the CIA started breaking into congressional computer systems they broke the law. The list goes on and on, but the realization is - the law is being broken at every level. The constitution is being violated.

Something has to give.. Either the whole structure has to be brought down, or people need to swing from the gallows and constitutional order must be restored. It's all messy right now, it's all out of control. There are no easy answers. We're living in dangerous times right now for freedom and democracy.

I just read ICE walked onto a guys farm, roughed up a 'suspected' illegal, hauled him and his family off after beating up the farmer and tossing his cell phone into the road. All without a warrant.. 100% illegal, but since it's law enforcement themselves doing this, who is policing the police?

Remember these guys? The Citizen Militias that helped stand down the govt. overreach on the Bundy ranch? They'll be who are tasked with fixing this mess if it gets too messy. These are NOT military, they are citizens, and it's the primary reason we have the 2nd amendment.

militia.png
 
Last edited:

MeltdownEnemy

Level 6
Verified
For who is unbeliever, or are very fanboys of intel, For those of you who defend these companies with cloak and dagger, I'd like to remind you of why the computer hardware that we buy is not really ours. Those companies have always been watching us, gathering information even though the computer is not connected to the internet, it seems like a paranoid, fictional story, but the latest discoveries speak for themselves.

MINIX: Intel's hidden in-chip operating system | ZDNet

Researchers say Intel's Management Engine feature can be switched off | ZDNet

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA
 
Top