Internet Censorship - Total Information Awareness
by Wayne Madsen - 12-9-5
Internet censorship. It did not happen overnight but slowly came to America's
shores from testing grounds in China and the Middle East.
Progressive and investigative journalist web site administrators are beginning
to talk to each other about it, e-mail users are beginning to understand why
their e-mail is being disrupted by it, major search engines appear to be
complying with it, and the low to equal signal-to-noise ratio of legitimate
e-mail and spam appears to be perpetuated by it.
In this case, "it," is what privacy and computer experts have long warned about:
massive censorship of the web on a nationwide and global scale. For many years,
the web has been heavily censored in countries around the world. That censorship
continues at this very moment. Now it is happening right here in America.
The agreement by the Congress to extend an enhanced Patriot Act for another four
years will permit the political enforcers of the Bush administration, who use law
enforcement as their proxies, to further clamp censorship controls on the
web.
Internet Censorship: The Warning Signs Were Not Hidden
The warning signs for the crackdown on the web have been with us for over a
decade. The Clipper chip controversy of the 90s, John Poindexter's Total
Information Awareness (TIA) system pushed in the aftermath of 9-11, backroom
deals between the Federal government and the Internet service industry, and the
Patriot Act have ushered in a new era of Internet censorship, something just half
a decade ago computer programmers averred was impossible given the nature of the
web. They were wrong, dead wrong.
Take for example of what recently occurred when two journalists were taking on
the phone about a story that appeared on Google News. The story was about a
Christian fundamentalist move in Congress to use U.S. military force in Sudan to
end genocide in Darfur. The story appeared on the English Google News site in
Qatar. But the very same Google News site when accessed simultaneously in
Washington, DC failed to show the article. This censorship is accomplished by
geolocation filtering: the restriction or modifying of web content based on the
geographical region of the user. In addition to countries, such filtering can now
be implemented for states, cities, and even individual IP addresses.
With reports in the Swedish newspaper Svensa Dagbladet today that the United
States has transmitted a Homeland Security Department "no fly" list of 80,000
suspected terrorists to airport authorities around the world, it is not
unreasonable that a "no [or restricted] surfing/emailing" list has been
transmitted to Internet Service Providers around the world. The systematic
disruptions of web sites and email strongly suggests that such a list
exists.
News reports on CIA prisoner flights and secret prisons are disappearing from
Google and other search engines like Alltheweb as fast as they appear. Here now,
gone tomorrow is the name of the game.
Google is systematically failing to list and link to articles that contain
explosive information about the Bush administration, the war in Iraq, Al Qaeda,
and U.S. political scandals. But Google is not alone in working closely to stifle
Internet discourse. America On Line, Microsoft, Yahoo and others are slowly
turning the Internet into an information superhighway dominated by barricades,
toll booths, off-ramps that lead to dead ends, choke points, and security
checks.
America On Line is the most egregious is stifling Internet freedom. A former AOL
employee noted how AOL and other Internet Service Providers cooperate with the
Bush administration in censoring email. The Patriot Act gave federal agencies the
power to review information to the packet level and AOL was directed by agencies
like the FBI to do more than sniff the subject line. The AOL term of service
(TOS) has gradually been expanded to grant AOL virtually universal power
regarding information. Many AOL users are likely unaware of the elastic clause,
which says they will be bound by the current TOS and any TOS revisions which AOL
may elect at any time in the future. Essentially, AOL users once agreed to allow
the censorship and non-delivery of their email.
Microsoft has similar requirements for Hotmail as do Yahoo and Google
for their respective e-mail services.
There are also many cases of Google's search engine failing to list and link to
certain information. According to a number of web site administrators who carry
anti-Bush political content, this situation has become more pronounced in the
last month. In addition, many web site administrators are reporting a dramatic
drop-off in hits to their sites, according to their web statistic analyzers.
Adding to their woes is the frequency at which spam viruses are being spoofed as
coming from their web site addresses.
Government disruption of the political side of the web can easily be hidden amid
hyped mainstream news media reports of the latest "boutique" viruses and worms,
reports that have more to do with the sales of anti-virus software and services
than actual long-term disruption of banks, utilities, or airlines.
Internet Censorship in the US: No Longer a Prediction.
Google, Microsoft, Yahoo, and Cisco Systems have honed their skills at Internet
censorship for years in places like China, Jordan, Tunisia, Saudi Arabia, the
United Arab Emirates, Vietnam, and other countries. They have learned well. They
will be the last to admit they have imported their censorship skills into the
United States at the behest of the Bush regime. Last year, the Bush-Cheney
campaign blocked international access to its web site -- www.georgewbush.com --
for unspecified "security reasons."
Only those in the Federal bureaucracy and the companies involved are in a
position to know what deals have been made and how extensive Internet censorship
has become. They owe full disclosure to their customers and their fellow
citizens.
http://waynemadsenreport.com/
The internet nanny is cute ...
by Shanghailist.com
... until she confiscates your computer and hauls you away and locks you up for a
couple of years on trumped up charges relating to national
security leaking national secrets . and then you realize she.s a hard
ass. Inspired by the hideous and tacky mascots of the Beijing
Olympics, the Shenzhen police devised a way of making their new internet police
force (which started work on January 1 of this year) seem more cute and
acceptable to the masses . using cartoon mascots of their own. One is named Jing
Jing (the male), and the other Cha Cha (the female). .Jing. and .cha. are the
characters that comprise the word for .police. in Chinese. Shanghaiist is sure
that some of you readers are no doubt Westerners that just don.t get China and
Chinese values, which is why the po-lice have to spell it
out for you:
????????? ????????“????”,??????????????,???????????
This basically states that websites, including BBSs, discussion groups (and
most definitely blogs) are public places, and so internet denizens must
likewise watch what they say and do. Thus the two cartoon figures will appear on
various Shenzhen sites from now on. Apparently, you can click on either one and
then be brought to a page (here or here) where you can talk live with real
cops. One of the interesting things about these cartoon cops is that people have
expressed the feeling that Jing Jing and Cha Cha look just too darn cute, and
that no internet bad boys are going to be thinking about what they gonna do when
these cartoon cops come for you. To learn more, read an English report here. There is
something we don.t get, though: Why is it that Cha Cha has those marks under her
doe eyes that indicate she.s a she, while neither she nor Jing Jing even
has a f*cking nose? Anyway, we.d definitely pay more attention to her if she
looked like, say, Jessica Rabbit .
but we digress. You won.t find these two at your local donut shop . they.re hard
at work on many sites, like on the right side of this webpage. Click on the icon and it.ll take you to
yet another page where you can then go to the links we gave above where you can
talk with real coppers. We.ve been unsuccessful at actually getting someone thus
far. It could be that there are just too many people out there dying to talk to
an internet cop about T1betan independence, official corruption, human rights
violations, heroin and gay sex.
Related:
China:
Web censorship gives US pause for thought (silicon.com)
How China Controls the Internet (
Business Week)
Anonymizer's new anti-filter service for China netizens
Anonymizer launched a new project called "Operation Anti-Censorship" last week -- free privacy software to help Chinese citizens circumvent government-issue Web filters. Snip from product launch announcement:
In addition, the new solution protects users from detection, persecution, and retribution by shielding their personal identities and related information that the Chinese government is currently able to monitor. The site that currently hosts the software download is www.xifuchun.com, however please note that this URL will be changed on a regular basis to avoid blocking by the Chinese government. Anonymizer relies on early adopters to share the regularly changing URLs with their friends and family members so the number of people able to safely access the Internet continues to grow.
Also: Website
censorship in Thailand
US plans to 'fight the net' revealed
by Adam Brookes - BBC Pentagon
correspondent
27 January 2006
Information
Operations Roadmap The document says information is "critical to
military success"
Bloggers beware.
As the world turns networked, the Pentagon is calculating the military
opportunities that computer networks, wireless technologies and the modern media
offer.
From influencing public opinion through new media to designing "computer network
attack" weapons, the US military is learning to fight an electronic war.
The declassified document is called "Information Operations Roadmap". It was
obtained by the National Security Archive at George Washington University using
the Freedom of Information Act.
Officials in the Pentagon wrote it in 2003. The Secretary of Defense, Donald
Rumsfeld, signed it.
The "roadmap" calls for a far-reaching overhaul of the military's ability to
conduct information operations and electronic warfare. And, in some detail, it
makes recommendations for how the US armed forces should think about this new,
virtual warfare.
The document says that information is "critical to military success". Computer
and telecommunications networks are of vital operational importance.
Propaganda
The operations described in the document include a surprising range of military
activities: public affairs officers who brief journalists, psychological
operations troops who try to manipulate the thoughts and beliefs of an enemy,
computer network attack specialists who seek to destroy enemy networks.
All these are engaged in information operations.
Perhaps the most startling aspect of the roadmap is its acknowledgement that
information put out as part of the military's psychological operations, or
Psyops, is finding its way onto the computer and television screens of ordinary
Americans.
"Information intended for foreign audiences, including public diplomacy and
Psyops, is increasingly consumed by our domestic audience," it reads.
"Psyops messages will often be replayed by the news media for much larger
audiences, including the American public," it goes on.
The document's authors acknowledge that American news media should not
unwittingly broadcast military propaganda. "Specific boundaries should be
established," they write. But they don't seem to explain how.
"In this day and age it is impossible to prevent stories that are fed abroad as
part of psychological operations propaganda from blowing back into the United
States - even though they were directed abroad," says Kristin Adair of the
National Security Archive.
Credibility problem
Public awareness of the US military's information operations is low, but it's
growing - thanks to some operational clumsiness.
When it describes plans for electronic warfare, or EW, the document takes on an
extraordinary tone. It seems to see the internet as being equivalent to an enemy
weapons system
Late last year, it emerged that the Pentagon had paid a private company, the
Lincoln Group, to plant hundreds of stories in Iraqi newspapers. The stories -
all supportive of US policy - were written by military personnel and then placed
in Iraqi publications.
And websites that appeared to be information sites on the politics of Africa and
the Balkans were found to be run by the Pentagon.
But the true extent of the Pentagon's information operations, how they work, who
they're aimed at, and at what point they turn from informing the public to
influencing populations, is far from clear.
The roadmap, however, gives a flavour of what the US military is up to - and the
grand scale on which it's thinking.
It reveals that Psyops personnel "support" the American government's
international broadcasting. It singles out TV Marti - a station which broadcasts
to Cuba - as receiving such support.
It recommends that a global website be established that supports America's
strategic objectives. But no American diplomats here, thank you. The website
would use content from "third parties with greater credibility to foreign
audiences than US officials".
It also recommends that Psyops personnel should consider a range of technologies
to disseminate propaganda in enemy territory: unmanned aerial vehicles,
"miniaturized, scatterable public address systems", wireless devices, cellular
phones and the internet.
'Fight the net'
When it describes plans for electronic warfare, or EW, the document takes on an
extraordinary tone.
It seems to see the internet as being equivalent to an enemy weapons
system.
"Strategy should be based on the premise that the Department [of Defense] will
'fight the net' as it would an enemy weapons system," it reads.
The slogan "fight the net" appears several times throughout the roadmap.
The authors warn that US networks are very vulnerable to attack by hackers,
enemies seeking to disable them, or spies looking for intelligence.
"Networks are growing faster than we can defend them... Attack sophistication is
increasing... Number of events is increasing."
US digital ambition
And, in a grand finale, the document recommends that the United States should
seek the ability to "provide maximum control of the entire electromagnetic
spectrum".
US forces should be able to "disrupt or destroy the full spectrum of globally
emerging communications systems, sensors, and weapons systems dependent on the
electromagnetic spectrum"
Consider that for a moment.
The US military seeks the capability to knock out every telephone, every
networked computer, every radar system on the planet.
Are these plans the pipe dreams of self-aggrandising bureaucrats? Or are they
real?
The fact that the "Information Operations Roadmap" is approved by the Secretary
of Defense suggests that these plans are taken very seriously indeed in the
Pentagon.
And that the scale and grandeur of the digital revolution is matched only by the
US military's ambitions for it.
Quotes:
The only valid censorship of ideas is the right of people not to listen.
~ Tommy Smothers
The peculiar evil of silencing the expression of an opinion is, that it is
robbing the human race; posterity as well as the existing generation; those who
dissent from the opinion, still more than those who hold it. If the opinion is
right, they are deprived of the opportunity of exchanging error for truth: if
wrong, they lose, what is almost as great a benefit, the clearer perception and
livelier impression of truth, produced by its collision with error.
~ John Stuart Mill, On Liberty, 1859
PageTOP ^
Disclaimer
M$ Windows XP Professional Bugging Device ?
A hypothesis that Microsoft's Windows XP is a complex variation of a bugging
device.
by Mark McCarron
Introduction
Context, context, context. I was sick hearing that phrase from Egyptologists in
regards to my research on the Great Pyramid. They never could grasp that context is
irrelevant to the scientific process or methodology, science examines facts, not
interpretation. In saying that, they taught me a lot, it is funny how the entire
aspect of a thing or situation can change, just by applying a different context to
it.
In this article, I intend to do just that, with Microsoft's Windows Operating
System.
If you have ever wondered, if;
- Microsoft, was secretly spying on end-user machines?
- Big Brother deployment scenarios were real?
- M$ Windows was a type of bugging device?
Then this, is for you my friend, the 'Top-47 Windows bugging functions', and then
some. There is also an appendix on forensic methodology and Magnetic Force Microscopy
(MFM).
All sing...'There may be trouble ahead...' :)
If You Could See, What I Can See, Reinstalling Windows...
In general, to people in the western hemisphere; bugging devices, parabolic
microphones, signal tracing, satellite tracking and secret government agencies,
performing highly illegal activities, on a covert basis, are the source of
inspiration for novels, movies and theater, rather than any real event.
These devices and activities have been part-and-parcel of my life (and almost anyone
else in Northern Ireland), from the moment of birth and conspiracy theories are
simply facts of daily life that, could put, any of my friends, or myself, into an
early grave. Therefore, it is only natural for me to see things in a military context
and this provides a very interesting picture of odd behavior, at Redmond and various
other big names, throughout the US.
Microsoft is of the 'opinion' that its software is an operating system with a wide
range of 'features'. As I am about to demonstrate, that is simply a matter of 'how
you see things' and the context in which they are highlighted in. This is a very
subjective experience and different people tend to see different things, simply
because their own personal context is automatically applied, a 'bias', if you
will.
The point to hold, in the front of your mind, throughout reading this article, is
the fact that the 'features' and their descriptions, presented here, are accurate
representations of Window functions, in their own right, however, any suggestion as
to motivation would be speculation.
More clearly, Microsoft has presented it own 'opinion' on the various features
within Windows, other 'opinions' do exist and this article presents one of them, in a
hypothetical scenario. For this analysis to hold, the hypothetical scenario must be
demonstrated to be consistent throughout the design of the OS, not just its
usage.
The style and tone throughout, is based upon the working hypothesis, that Microsoft
has altered the Windows OS, to reflect US military requirements and that its primary
role is that of a modern variation of a 'bugging device'. It is simply taken as a
given fact throughout.
This clarification allows for a more direct style of writing and legal protection
for publishers. In addition to this, the views expressed in this report are the
authors and have nothing whatsoever to do with anyone else.
There are no accusations being made, this is presented only as a 'working
hypothesis', at all times, to allow for the fullest exploration of this particular
train of thought. If the hypothesis holds, then we will expand it a little, to place
it in proper context and draw the conclusion from the entire investigation.
Report On Analysis of Microsoft Windows XP
- Start -> Search :)
Each and every time a search is conducted using the search option under the start
button on Windows XP, the system automatically checks if your online and transmits
information directly to Microsoft.
This is done, without informing the end-user in any fashion, nor providing a clear
method to disable. It has been hidden by design. In technical terms, a form of
Trojan.
A good application level, stateful firewall, will catch this communication
attempt.
Done by design.
- Help System, F1
When accessing Microsoft Help systems, through the F1 key. A communication attempt
to Microsoft's ActiveX site is made.
Done by design.
- Microsoft Backup
Designed to bypass all security, even ownership rights of a drive. Try it.
Done by design.
- Process Viewer (Task Manager)
No mapping to executable file, nor will it show all running processes. Designed to
hide important information required for determining system infections and sources
of network data transmission.
Done by design.
- Dr Watson
This used to loadup with information on dlls that had been hooked. Hooked DLLs are
used to intercept keystroke, etc. Microsoft removed end-users capability to see
this. It now generates a simple messagebox.
Done by design.
- The Windows Registry
Now, on the face of it, this may seem like a good idea, however, as any developer
will tell you, they only use it because the commands are quick, simple and, when it
comes down to it, security is mainly the end-users responsibility.
It would be much faster, simpler and provide greater system security to use an ini
file. Linux uses this approach with config files. An entire database must be
examined each time request is made. This is why Windows slows down after you begin
installing applications. The registry grows and more cycles must be dedicated to
completing each query.
When you multiply this, by the wide range of systems accessing the registry, it is
clear to see, that as a design architecture, it is completely moronic.
That is, until it is examined from another perspective, try the following
perspectives as examples:
a. HKEY_CURRENT_USER - psychological profile of logged on user, real-time usage
focus.
b. HKEY_LOCAL_MACHINE - Detailed reporting of hardware and a wide range of
traceable unique identifiers
c. HKEY_USERS - psychological profiling of all users, post-forensic usage
focus.
d. HKEY_CURRENT_CONFIG - Advanced psychological profiling based on a ranking
system of 'psychologically-based options' embedded throughout the system. This
could include things like favorite colour, pictures, sounds, etc.
Throughout the registry are an extensive amount of MRUs. These areas store your
recently accessed documents each application and other information. Now instead of
having a single area were these are stored, for both rapid access and cleaning
purposes, Windows was designed to fragment these throughout the registry
database.
Firstly, this makes cleaning the registry a specialized job, as a mistake can
corrupt Windows. Secondly, and most importantly, this is what we call
'fragmentation'.
Now 'fragmentation' is a well known source of problems when accessing information.
Many will point out, that the registry is a hierarchy and that that this eliminates
fragmentation. I must point out that I am referring to the 'entire structure of
recorded information' and not the technical definition of fragments of data.
By fragmenting the various forms of 'recorded information' throughout the
registry, it can take upwards of a week to list every key that should be cleaned.
The entire process must be repeated each time a new application is installed, to
determine what exactly was placed into the registry. Windows also uses an extensive
amount of MRUs that have been altered to an 'unreadable' format. This would leave
95% of users completely unaware of Microsoft was recording.
There is no need or requirement for a registry, other than to provide central
access to 'private information'. As a programming architecture model, the design
borders on the moronic and is directly opposing every known, best practice, in
programming.
The true motivations behind the registry design are quite clear and highly
specific.
Done by design.
- Temporary Files
Temporary files are retained under 'Document and Settings' for a prolonged period
of time and in most case require manual clearance.
Done by design.
- Recycle Bin
Even when told to not use deleted item to the recycle bin, it is used anyway, only
with out the prompt. This generates a ghost copy on your hard disk of any deleted
files.
Two copies are better than one for recovery purposes, especially were Magnetic
Force Microscopy is concerned. The two copies can be referenced with each other for
rapid recovery procedures, its an attempt to eliminate bit errors in overwritten
files.
The more ghosts images, the better the chances are for fast and complete recovery
of during post-forensic examination.
Done by design.
- Recent Files
Only a small portion/subset of the recent files accessed is displayed in
'Documents' section under the start button. The folder that contains the shortcuts
has a far longer list hidden from general view.
For example, 11 files are listed under the Start buttons 'My Documents', however,
'My Recent Files' contains 17 entries. The other 6 came from my last list of files
which I deleted using the 'Clear' button.
Done by design.
- NotePad
Windows XP versions cannot word wrap properly and have been redesigned to make
their usage as frustrating as possible. For example, when saving text only file,
the screen resets the position of the text to the line where the cursor is
at.
This takes specific coding and not something that happens by accident. The idea is
to push people towards Microsoft Office, were all security can be breached and
copies written, at will, across your drive.
Done by design.
- Swap Space/Virtual Memory/Page File
Regardless of how much memory is in your system the page file can not be disabled.
Its main function is too swap memory to disk and allow memory to be freed for
running applications. With a large amount of RAM, this function becomes redundant,
except under exceptional circumstances.
What is the useful purpose of a 2MB page file? Other than writing data, across the
drive, in 2MB chunks, none.
Its designed to flush encryption keys and sensitive information to disk. This also
generates ghost images which can be retrieved.
Done by design.
- Firewall
Incoming firewall only. This allows spyware to transmit information without any
problems or detection. 90% of spyware information is transmitted to and shared
throughout the US.
Done by design.
- Memory Usage
Designed to use large amounts of memory to drive the hardware industry sales of
components. For Windows XP to function correctly, it requires at least 1GB RAM and
at two physical drives on separate IDE channels or SCSI interface I/O.
Even then, it hogs everything and leaves random fragments in memory. These
fragments or 'memory leaks' are then flushed to disk, in an effort to capture some
information from running applications, encrypted viewers, etc.
The ever expanding registry is designed to keep up, with ever expanding hardware
and slow the system. End users think programs have gotten more powerful and they
must upgrade. Its simply that more and more cycles are dedicated to various
expanding databases, each and every boot.
Done by design.
- Automatic Updates
Can allow remote installation of any form of software at Microsoft's whim.
Done by design.
-
Raw Sockets
Microsoft prevents new protocols being developed on Windows to prevent usage of
nonstandard protocols. This allows for easy access to information. It also
prevents the disabling of Microsoft's TCP/IP stack, which for all we know, could
have 30,000 extra 'ports' coded into it.
Windows 2000 was actually programmed to reject any driver, that would allow
custom protocols to be developed, without Microsoft certification. Microsoft
claimed this was a 'mistake'.
Now lets all try to picture the conversation at Microsoft on this one, shall
we?
{In an office at Redmond...}
Executive 1: '...my hand slipped and wrote 10 pages of code..., no
wait...,
Executive 2: the dog coded it, ah nuts..., erm...,
Executive 1: Can we blame Bin Laden?'
Raw socket access also bypasses every known firewall, from Sygate to Zone Alarm.
The reason being that these applications, rely on the Windows message/event
handling and Microsoft designed Raw Sockets not to report to this layer.
Komodia produce a TCP/IP Packet Crafter, install that and Sygate's Personal
Firewall on WinXP service pack one. Craft a few packets to see this in action.
Nice trojan tool M$.
Reverse psychology was employed, although not a very good example of it, in
Microsoft's deployment decision to support raw sockets. It was to get people to
focus on a 'hoax' alert, rather than the high level of security such a system
would provide.
The truth is, raw sockets is not required, however, it just makes life simpler.
For real time software, the overhead presented by TCP, is too great and the
effects can be seen on excessive lag during online gaming, or media playback. A
streamlined custom stack, allows for faster processing of the IP packet and over
a 1000% improvement to connectivity management than TCP encapsulation.
Many developers do not realize that TCP is not required and that custom packets
can be encapsulated within IP alone. IP routes the packet, from A to B, and TCP
provides a data path encapsulated with the IP packet. This allows Internet
routing to change, without effecting application support. Custom stack creation
is a 'walk in the park', all it involves is parsing a binary stream and executing
functions based on flags or value, it also, automatically, supports the OSI/DoD
model.
By breaking support for raw sockets on Windows 2000, Microsoft manipulated the
entire global market, as no developer could be assured their applications would
function after 12-24 months. It also provided a way for Microsoft to eliminate
tools such as 'Ethereal' that could inspect the communications of a Windows
system.
An active attempt at blocking end-users knowing what information a Windows
system was transmitting, as Microsoft is aware, that over 80% of end users only
have a single PC.
Done by design.
- Remote Access Bugs
This is a good example of 'context and highlighting' (perspective). I want you to
consider this statement:
Is a remote access bug, not the same thing as a backdoor access code?
Write a detailed essay on your conclusion, no less than 30,000 words. You should
consider statements such as 'buffer overflow executes code', 'invalid datagram
shuts down PC', etc. :)
OpenBSD has no such remote exploits and no money.
Done by design.
- Music Tasks
A nice big link to 'Shop for Music Online'. This is a direction to US based
enterprises and also a violation of the Microsoft EULA, as it mentions nothing
whatsoever in regards to Microsoft Windows being an advertising supported
platform.
No matter how small the feature, that is still what it represents. If Microsoft is
in breach of its EULA, does that invalidate it?
Done by design.
- Windows Media Player
No way to disable automatic check for updates. This allows any form code Microsoft
chooses to be used as an upgrade. Defaults to uniquely identifying an end user and
stored media.
Certain websites warn their visitors that using Windows Media Player version 7 on
their websites will reveal your 'personal information' to Microsoft.
Have you ever wondered how p2p information on end users is gathered? Think about
it the next time you connect to a commercial Internet radio, video or media
service.
Done by design.
- Alternate Data Streams
This 'feature' of Microsoft Windows relates to how information is stored on your
harddrive. Under NTFS, not only is there the file, but there is a second, hidden
aspect to each file. This hidden aspect is stored separately on your hard drive and
not as part of the file.
I suppose the term, 'Alternate Data Streams' make better business sense, than
'hidden information gathering process combined with standard file functions'.
:)
All additional information to a file, such as date/time stamps, file name, size,
etc. is stored in this layer. Not only this, but so is the thumbnail cache of all
images viewed by the system. This 'feature' is hidden by design and requires either
a 1 month long 'disk nuke' (for average 80GB HD) or physical destruction of the
disk platters to remove.
Physical destruction is recommended, as it requires specific manufacturers codes
to access bad blocks, internal scratch areas and internal swap/cache areas of the
drive. Even with the codes, certain problems can arise from unreadable sectors
which may contain copies of sensitive information.
Nothing beats an nice afternoon with a screwdriver and grinder. :)
The caching can be disabled, however, Microsoft has made this as 'obscure' as
possible. Microsoft Windows also does not explain the function of 'Do not cache
Thumbnails'.
It is aware 90% of end-users have the technical aptitude of 'a banana with a with
a drink problem' and would never grasp the implications, let alone,
understand.
Done by design.
- Stability
Microsoft Windows is designed to collapse upon extensive number crunching, of
large arrays, of floating point calculations. This would prevent; nuclear
modelling, physics modelling, and genetic modeling. These three aspects can produce
Nuclear, alternative and biological weapons.
I don't know about you, but this 'feature', I can live with, or couldn't live
without, for very long. :)
Done by design.
- Internet Explorer 'Features'
MSN Search
When Internet Explorer fails to locate a web address it initiates a search through
Microsoft. Therefore, every failed access attempt is sent to Microsoft, with all
your system information in the X header structure. to Microsoft, cleverly disguised
as 'assistance'.
Done by design.
- Temporary Internet Files
Without extensive reconfiguration of Windows end users will not see the real
files. Instead they see a database generated representation drawn from a file
called index.dat.
Even the controls to access the drive are hidden with an obscure setting called
'Simple File Sharing (Recommended)'. Windows XP does not always delete the actual
files from your hard disk. Even the emulated DOS reports the database, unless
windows is substantially reconfigured.
Windows goes to great lengths to prevent this reconfiguration. Also, many do not
know there is no need for this cache, other than to go back to pages. Its main role
is to maintain a record of users activities and generate ghost images throughout
the drive.
Done by design.
- Index.dat
A database file of the contents of an area of the drive, including deleted files.
In the 'Temporary Internet Files' it records date, time, Internet location and file
name information of downloaded graphics/images and sites accessed, with user IDs in
a nice big list.
There are various 'index.dat' files throughout Windows, a dat file is generally a
database. A users activities can be recorded for several weeks and user names (etc)
recovered. The index.dat file retains information about recently deleted files and
Microsoft has failed to provide any reasonable explanation.
You cannot provide, what does not exist, there is no genuine reason to retain
deleted files information other than deliberately recording an end users activities
for forensic analysis.
This is used for rapid identification, file recovery and time-plotting of a users
activities. A small application produces a timetable of a user's usage, referenced
against the recorded information for each second of activity.
On large networks, this can be used to verify each member of staff location and
movement across an entire infrastructure, this type of output in normally rendered
in a full 3D layout of the target building.
Done by design.
- Cookies
The official explanation for cookies is to offload information from the server, to
the client. This can be authentication, preferences, etc. As you can see, its just
a cheap solution, designed to cut costs.
When costs are cut, so are corners and in this case a corner that presents a major
threat to information security. Cookies retain a lot of information such as logon
IDs. In fact, the first cookie I look for, is generally, passport.com. This cookie
will have the last recorded hotmail address stored within it. Combined with
index.dat information, I can tell the following;
1. Windows logon ID of the person involved
2. The hotmail email address
3. The Date and time the account was accessed
4. External graphics viewed and the sources of those graphics
5. The machine from which it was accessed.
6. The duration of viewing.
7. And generally, the individuals sexual, political, social, personal and
religious preferences based upon the information accessed.
That's with only two file sections.
Cookies can also be accessed remotely and are used to track the movements of end
users as they move from site to site. Passport, Microsoft's common logon system,
relates itself against the Windows account by default.
There is no need for this, it is these 'subtle functional intrusions' that
Microsoft prefers. I honestly do not know what is going on in these people's heads,
to think for one second, that the world would spot this a million miles off. It
really does show the level of intelligence these people have; my dog demonstrates
more social engineering skills when looking for food.
Done by design (very poorly executed).
- Auto-Complete
Designed to record search terms, web addresses, and anything else it can get its
grubby little digital hands on, for rapid post-forensic retrieval.
Done by design.
- MSN Messenger
Microsoft has been retaining each persons deleted contacts from messenger. M$ has
been monitored in this area and is known to retain everyone's deleted contacts for
3 years, at least.
This could be seen using a console-based version of MSN Messenger under Linux.
Microsoft has since changed the protocols, so I am unaware if you can still see
some of the information, M$ retains, on over 150 million people.
Messenger is also activated on accessing Hotmail. Microsoft claims to be using the
'features' provided by Messenger and will not allow it to be disabled. Now, as
millions access M$ Hotmail without messenger, I must seriously question this
behavior.
The 'features' provided by MSN Messenger are the transmission and reception of
typed text and files. So, Microsoft has stated that it is, 'transmitting typed text
and files', to and from, end users machines, when hotmail is being accessed.
Just cleverly worded.
Done by design.
- Web-Cams and Microphones
These devices can be remotely activated providing visual and audio feedback from
the target subject. There is also no way of telling if your devices have been
remotely activated. These features are demonstrated in 'proof of concept'
applications such as NetBus, etc.
With raw sockets (or driver) this information can bypass your firewall without any
problems.
Microsoft Windows XP Services
1. Application Layer Gateway Service
Microsoft's Description:
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
and the Internet Connection Firewall,,Manual,Local Service
Alternative Description:
This thing just loves making remote connections and accepting them. Set this up in
your firewall to ask each time using ADSL or higher.
Have fun. :)
Done by design.
- Automatic Updates
Microsoft's Description:
Enables the download and installation of critical Windows updates. If the service
is disabled, the operating system can be manually updated at the Windows Update Web
site.,,Disabled,Local System
Alternative Description:
Enabled by default. Enables Microsoft to distribute and incorporate any 'feature',
at will. Not the greatest thing in the Universe to be allowing.
Done by design.
-
Computer Browser
Microsoft's Description:
Maintains an updated list of computers on the network and supplies this list to
computers designated as browsers. If this service is stopped, this list will
not be updated or maintained. If this service is disabled, any services that
explicitly depend on it will fail to start.,Started,Automatic,Local System
Alternative Description:
This stupid design will breach security. The only computer a client needs to
know, is the server and it should coordinate everything.
Why does Microsoft Windows identify and map every computer on the network?
The design principal is based upon 'remote orientation' requirements, using
insecure clients as targets. Servers would be difficult to compromise and arouse
to much suspicion.
The flow of information on any network is about 'the need to know'. Clients do
not need to know any other computer, other than the server. The server acts as a
'proxy' to the entire network, data transfers may, optionally, be proxied
too.
Done by design.
-
Fast User Switching Compatibility
Microsoft's Description:
Provides management for applications that require assistance in a multiple user
environment.,,Disabled,Local System
Alternative Description:
Switches to every account, but the Administrator account. In fact, unless you
know exactly what your doing, an end user cannot access the administrator
account.
Post-Forensics can, that includes your Windows Encrypting Filesystem. Cheers
M$.
Done by design.
-
IMAPI CD-Burning COM Service
Microsoft's Description:
Manages CD recording using Image Mastering Applications Programming Interface
(IMAPI). If this service is stopped, this computer will be unable to record
CDs. If this service is disabled, any services that explicitly depend on it
will fail to start.,,Manual,Local System
Alternative Description:
Part of CD Burning and this thing is a nightmare. Any CD you make, it first
makes a copy to the system drive, then only to use a scratch drive after that.
Why?
That action is a waste of time. This is designed to generate 'ghost images' that
can be recovered by Magnetic Force Microscopy. It is unlikely that the target
subject will destroy their boot drive. Also, pointing the scratch to another
drive, just makes more ghost copies.
Not only that, but I have caught Windows XP, pointing me to the CD burning
directory when viewing CDs. That would suggest a cached image of some form.
Done by design.
-
Indexing Service
Microsoft's Description:
Indexes contents and properties of files on local and remote computers;
provides rapid access to files through flexible querying language.
,,Manual,Local System
Alternative Description:
A search using the DOS emulator will run like a bullet. Windows search,
however, will take its time unless the indexing service is activated. This
provides quick post-forensic and real-time access to files remote files.
This behavior is by design. :)
-
Internet Connection Firewall(ICF)/Internet Connection Sharing(ICS)
Microsoft's Description:
Provides network address translation, addressing, name resolution and/or
intrusion prevention services for a home or small office network.,,Manual,Local
System
Alternative Description:
First off information is sent to both Microsoft and to a range identified as
belonging to ARIN whenever a PC connects to the Internet. Random connection
attempts are made by Explorer, NT Kernel, Internet Explorer, Windows Help,
svchost.exe, csrss.exe and numerous others. I have even caught calc.exe (The
calculator) attempting to initiate a remote connection, now and again. Without
reverse engineering, I was unable to tell if it really was the applications, or
a subsystem calling the applications. Very odd.
Microsoft Windows defaults to sharing your files using SAMBA across the
Internet. This even bypasses most domestic firewalls or security setups, unless
specific options are set in the firewall. This allows for remote access to files,
documents, etc. without breaching any known legal regulations.
Try entering random IP addresses into your 'My Network Places' window when
online, preceded by the '\\' network identifier.
i.e. '\\91.111.2.80', or '\\222.54.88.100'
Within about 30 attempts (of a good netblock), you should get a remote machine
to share files with you, in the same manner as a LAN setup. Expect your machine
to freeze when performing any remote operations for up to 4 minutes at a time
(i.e. such as right-clicking a file).
The reason for behavior is that native SAMBA is designed for 10Mbit networks (at
least) and is therefore a very bulky protocol. Also, the remote host may be using
their Internet connection, have a low bandwidth connection or performing
processor intensive tasks.
A quick examination of Sygate's instruction on how to use their firewall with
ICS, reveal that your kernel cannot be blocked, nor can several other systems.
These systems are not required on a LAN, so Microsoft has designed these systems
to breach security.
There is no difference between TCP/IP over a LAN and the Internet, other than
settings. As a programmer I know Network Address Translation is simply a case of
storage and substitution of IP addresses, with a few whistles and bells. There is
no excuse for these systems to be exposed to the network.
Done by design.
-
Messenger
Microsoft's Description:
Transmits net send and Alerter service messages between clients and servers.
This service is not related to Windows Messenger. If this service is stopped,
Alerter messages will not be transmitted. If this service is disabled, any
services that explicitly depend on it will fail to start.,,Disabled,Local
System
Alternative Description:
Messages should only be broadcast, by and to, the main server. Having this on
every machine provides a method of transmitting real-time keystroke intercept
across the Internet. This service is also enabled by default, even with the
known Internet abuse of the function. This only indicates design manipulation.
Done by design.
-
Network Connections
Microsoft's Description:
Manages objects in the Network and Dial-Up Connections folder, in which you can
view both local area network and remote connections.,Started,Manual,Local
System
Alternative Description:
Only weakens security by providing a central reporting mechanisms. These
aspects have been combined by design, with no logical requirement for the
function. Again, a single-point of failure is introduced into the system.
Done by design.
-
Protected Storage
Microsoft's Description:
Provides protected storage for sensitive data, such as private keys, to prevent
access by unauthorized services, processes, or users.,Started,Automatic,Local
System
Alternative Description:
Also provides quick access to this information. Swift breaking of security.
Sweet. :)
Done by design.
-
Remote Procedure Call (RPC)
Microsoft's Description:
Provides the endpoint mapper and other miscellaneous RPC
services.,Started,Automatic,Local System
Alternative Description:
May the saints preserve us from RPC. RPC provides remote computers with the
ability to operate your PC and listens for these connections on the
network/Internet.
What sort of idiotic decision making was behind an RPC service that cannot be
disabled? Why not just come into my livingroom M$? You're practically there
anyway!
(I'm just losing my head now! This is disgraceful.)
Done by design.
-
Remote Registry
Microsoft's Description:
Enables remote users to modify registry settings on this computer. If this
service is stopped, the registry can be modified only by users on this
computer. If this service is disabled, any services that explicitly depend on
it will fail to start.,,Disabled,Local Service
Alternative Description:
This nifty service is enabled by default. It provides remote access to the
windows registry, allowing run-time modifications to be made to your PC.
Hmmm....what an excellent idea! Just what I always needed, a way to 'tweak' my
running spy applications remotely.
I knew M$ was thinking about me, I'm touched, or at least they're close enough
to reach out and touch me. :)
Done by design.
-
Server
Microsoft's Description:
Supports file, print, and named-pipe sharing over the network for this
computer. If this service is stopped, these functions will be unavailable. If
this service is disabled, any services that explicitly depend on it will fail
to start.,Started,Automatic,Local System
Alternative Description:
This is not required, it provides a central management for open files and
printing operations. It also provides a method of remotely monitoring a users
activities.
This 'service' (ha!) provides a single-point of failure for an entire network.
It is linked to the authentication, so if the server collapses, so does the
entire network, as this is managed by the server. Again, security and
functionality have been manipulated to focus on information retrieval and
access.
Done by design.
-
SSDP Discovery Service
Microsoft's Description:
Enables discovery of UPnP devices on your home network.,,Disabled,Local Service
Alternative Description:
What in Gods name for? This is part of the 'remote orientation' facilities
encoded into Windows, allowing remote hackers the ability to explore the
network swiftly, reducing chances of alarm and excessive activity through
exploration.
Done by design.
-
System Event Notification
Microsoft's Description:
Tracks system events such as Windows logon, network, and power events. Notifies
COM+ Event System subscribers of these events.,Started,Automatic,Local System
Alternative Description:
No way of knowing, without full reverse engineering, how many undocumentented
events exist throughout Windows. Windows could have an entire additional level
of event reporting.
Event and thread management in Windows is very suspicious due to its sluggish
and sometimes unpredictable behavior. Compensation for this is normally done by
'peeking' into the message cue, however, sometimes it simply refuses to work.
This would tend to suggest the interaction of an unknown component (or several
component) with the event system producing conflicts.
Done by design.
-
System Restore Service
Microsoft's Description:
Performs system restore functions. To stop service, turn off System Restore
from the System Restore tab in My Computer->Properties,,Automatic,Local
System
Alternative Description:
Keeps ghost copies of various forms of cached information in a nice quick
accessible format. We can't let our hard earned information go down the pan
now. :)
Done by design.
-
Terminal Services
Microsoft's Description:
Allows multiple users to be connected interactively to a machine as well as the
display of desktops and applications to remote computers. The underpinning of
Remote Desktop (including RD for Administrators), Fast User Switching, Remote
Assistance, and Terminal Server.,, Disabled,Local System
Alternative Description:
I just bet its interactive and highly 'functional' too. This is enabled by
default, providing a remote desktop for any hacker. Wow, what a service M$.
I'll agree with you on this one, that is a 'service and a half'!
Done by design.
-
Windows Time
Microsoft's Description:
Maintains date and time synchronization on all clients and servers in the
network. If this service is stopped, date and time synchronization will be
unavailable. If this service is disabled, any services that explicitly depend
on it will fail to start.
,,Disabled,Local System
Alternative Description:
Sends information to Microsoft and keeps your date and time stamps nice and
fresh for post-forensic analysis. At least they're tidy when they invade your
privacy. :)
Done by design.
-
Wireless Zero Configuration
Microsoft's Description:
Provides automatic configuration for the 802.11 adapters,,Disabled,Local System
Alternative Description:
Zero configuration means zero security and that's exactly what you get. The
entire network is exposed to anyone within reception range. Therefore, if you
are using this in your home environment, that can mean remote monitoring from
up to 3Km using proper equipment, or someone else using your Internet
connection from a range of around 50-80m radius.
Even with security, the IEEE specification for WEP was clearly manipulated and
weakened by interested parties. There is no other acceptable excuse for that
level of incompetence.
Done by design.
- Microsoft Works
Breach of trade descriptions act? Microsoft 'probably' Works. :)
Really, it is an 'implied' suggestion based on the play of words. It can be
described as 'psychologically misleading', human psychology is extremely complex,
even if most humans are not.
This implied statement is registered at a deeper level of the brain and assigned
its true meaning. Otherwise, you would have never considered the relationship in
the first place.
One way of describing this is, 'marketing', the accurate description is
'subliminal programming', it does not matter how slight the incident.
This is very, similar in style, to the 'French Fries' and 'Freedom Fries' incident
in the US, used to blind the US citizens from war opposition, through manipulation
of patriotic beliefs.
Shameful.
Done by design.
Windows Security, Not What You Think
Since all security products that operate on the Microsoft Platform are both
designed from, and encapsulated by the OS, then it is ultimately Microsoft Windows
that is providing your security and not your firewall, etc.
So, any product that claims to provide security FOR windows, is simply reflecting
the limited understanding the company has of what it is doing.
I bet that will inspire confidence in computer security. :)
The accurate description is that M$ Windows, secures itself, through execution of a
3rd party application, which M$ Windows must inform, to provide security. As we seen
in 'Raw Sockets', this does not always happen. Linux does not have this problem, as
the systems is a mosaic rather than a full encapsulation, or sandbox
environment.
Therefore, even with all the security, in the known Universe, installed on a
Microsoft Windows Platform, it is still the responsibility of Windows to inform the
security products of each event happening. If Microsoft Windows fails to report, or
hides certain messages/events, then your security software becomes 100% completely
redundant.
This is a source of great concern with Microsoft's plans to encrypt the system area
of new versions of Microsoft Windows. Somehow, I don't think this system, nor any
variation of it, will ever see the light of day.
If this was to happen (the encrypted system), instead of an EULA, I think Microsoft
Windows should be required to read end-users their rights. Microsoft is not the Law,
nor is it above it, in any way.
You have the right to be bugged, click OK to continue! :)
Bugs Of The Third Kind
How long as Microsoft been programming Windows for?
Ten, maybe fifteen years, and we are seriously asked to believe that a company with
the financial resources of Microsoft cannot a create a bug-free Operating
System?
Companies with lesser resources than Microsoft provide such systems for Air-Traffic
control and medical purposes (Heart Monitors, etc). A perfect example here is
OpenBSD. OpenBSD is a free Operating System and with very little funding (nowhere
near what Microsoft has, in a million years) the only remote exploits you will find,
anywhere in the world, will be at least 12 months old.
Most of Microsoft's problems are at least that old before anyone decides to analyze
them, let alone, fix them.
This is a very clear example, honestly, there is no acceptable excuse here. If
Microsoft claims 'compatibility', then I simply refer them to the current deployment
of service packs that destroy 'compatibility'.
Also, the important thing to business is their data and data cannot have
'compatibility' issues. Its simply a binary stream that can be used on any known
operating system.
Wild Speculation On Codenaming Strategy
Microsoft has had a consistent naming policy for its operating systems, in the form
of city names. Code names for various releases have included; Chicago, Memphis,
etc.
Now all this changed with the arrival of Windows XP. Its codename was 'whistler' and
the next version of Windows is codenamed 'LongHorn'. I was interested in the
reasoning behind the switch. I was thinking that these codenames could be based on
one, or more, of the following points:
1. A play on the term 'whistleblower'?
2. A play on a reference to 'pinocheo'? (tells stories, reference to Long (Nose) and
Horn (Whistle Blower) )
3. Horn, as in a form of 'early warning system' and Long because of its distributed
nature?
Can Windows Be Secured?
Yes, with FDisk. (Recommended) :) Otherwise, due to its encapsulated nature, the
answer is a pointblank, no.
Additional Observations
All we need now is Intel's 'processing and storage' layer to the Internet and we
have a, full-scale, 100% genuine, deployment of a Big Brother scenario. Thanks Intel,
but, we'll pass on that one, nice to see you are thinking of everybody for a change.
:)
If anyone is wondering what on Earth is going on, well Congress went a little nuts
passing resolutions, without its normal due caution. Looking down the barrel of a gun
24/7, does not provide the ideal circumstances for making these decisions, nor the
environment for full, open debate, for security reasons. As such, mistakes can only
be expected, congress is still only human, despite the rumors.
I am just worried that this is the entire intention, due to Microsoft's
modifications, its software predates 9/11, so it could not use 9/11 as an excuse. I
wouldn't like to consider the implications of that statement 'being
inaccurate'.
I know many readers would be enjoy this analysis taken further, however, it is well
beyond the scope of this report. It is also an area I feel is best left to the
authorities.
Alterations to M$ Windows also coincides with antitrust cases and the reversal of
the ruling to split Microsoft into two companies. This leads to three important
questions:
1. Was Microsoft hijacked by the US government, CIA or NSA?
2. Is this why M$ Windows was altered?
3. What would the suggested reason be for military adaptations to M$ Windows prior
to 9/11?
4. Why 3 Operating Systems (ME, 2000 and XP) between 1999-2001?
I only mention this to be fair, rather than shoot first, ask questions later. I'm a
Zen Buddhist and politics, ain't my bag baby. :)
Google's ranking methods have come under question recently and in the context of
this report, I think the follow will speak volumes for itself:
Search for the term 'Book'. Conducted September 15th, 2005.
Top 10 results from Google.com
- US
Barnes & Noble.com, 6000 Freeport Ave - Suite 101, Memphis, TN 38141.
- US
onlinebooks.library.upenn.edu, University of Pennsylvania
- US
www.cia.gov, CIA - Factbook.
- US
BookFinder.com - Berkley California
- US
www.kbb.com - Orange County
- US
www.worldbookonline.com - Country Wide, with world-wide divisions
- US
www.superpages.com - 651 Canyon Drive. Coppell, TX 75019.
- US
www.amazon.com
- US
www.abebooks.com - Victoria B.C.with offices in Canada and Germany.
- US
www.bookwire.com - 630 Central Ave. New Providence. New Jersey.
May I remind everyone that Google is behind nearly every major search engine in the
World. Is this what they describe as 'free enterprise' in action?
I wouldn't like to see systematic manipulation of the global economy, if that's the
case. :)
A Small Bit of Advice
Linux...Open Source...Free...No worries.
Try Linux
Conclusion
Is America awake? Remember a small concept called Liberty? (Its French, by the
way.) I wonder how M$ is going to explain this one?
This one, I really must hear. :)
'...let's face the music and dance.'
Appendix Contents
- Appendix 1. Symbiotic Duality
- Appendix 2. Magnetic Force Microscopy (MFM)
Appendix 1. Symbiotic Duality
The first thing you must accept is that a product does not have to be limited to a
single purpose. The second thing to be accepted is that you may not be aware of any
other purpose, even to the extent of being unaware of its primary purpose. Purpose
comes from design, not usage.
Therefore, a product, such as Microsoft Windows can give the impression of being an
Operating System, whilst having been designed for an entirely different purposes.
This is the concept of 'Symbiotic Duality', it is the basis of all manifestations of
depth.
We'll look at a few quick examples:
a. When you fight with someone you love, you can hate them, yet still love
them.
This form 'Symbiotic Duality' is experienced as a 'depth' of emotion, it stems from
the observed contrast, or gulf, between opposing emotions. The greater the gulf
between the conflicting emotions, the more intense the experience.
It is from this understanding that the, very accurate phrase, 'Fighting is a sign of
love', is drawn from. One cannot exist without the other and 'Symbiotic Duality' is a
fundamental step in every emotional response.
'Love thy Enemy'. Its not like I much choice in the matter :)
b. To produce the effect of Depth in a scene.
An image contrasting near and far (large and small) produces the illusion of depth.
This is another form of 'Symbiotic Duality', the contrast between near and far (large
and small) produces an optical illusion, both aspects function as one, from opposing
sides.
c. A depth of character can be expressed in apparently conflicting viewpoints. You
may both agree and disagree with a situation, for various reasons. For example, you
may not agree with war, but you recognize a time comes when it must occur, or, you
may not agree with a situation, but since it is happening, you may as well make the
best of it.
The greater the depth of character, the greater the gulf will be between these
conflicting thoughts there will be. A person who repeats the same 'statements or
rhetoric' time and time again, has very little intelligence and certainly lacks any
depth of character, as they lack the opposing viewpoint.
d. The gulf between the people and government leads to increased anxiety, fear,
paranoia and rejection.
The more 'stark' a contrast between government and the people, the greater the
'perceived gulf' will become. This concept is explored in George Orwell's book
'Animal Farm', it examines the 'US and Them' principle, and unknowingly, touches on
the 'Symbiotic Duality' of the scenario.
That is, the common source of conflict between the two groups, the 'perceived gulf'
that exist between them. By bridging that gulf, the situation may have been
avoided.
Why is 'Symbiotic Duality' important to understand?
'Symbiotic Duality', as you notice from each of the examples, ends up, in one form
or another, relating to the human biological make-up. The simple reason for this is
that, 'depth', is a perception. If a 'Symbotic Duality' appears in an investigation,
a human was involved in planning.
'Symbiotic Duality' can prove useful in forensics. By clearly identifying the
contrasting behaviors of any system, the design choices made by humans and those
dictated to by system requirements, can be distinguished with repeatable
methodology.
This separation allows for both reliable, rapid identification of human design
choices that fall outside compliance with system specifications, or other known base
references (i.e. another OS design) and for complete focus to be given to only 'odd'
human generated code.
Scientific investigators must operate by rigid procedures and methods, the concept
of 'Symbiotic Duality' provides such a structure, this allows for repetition of the
investigative procedure, rather than solely relying on expert testimony and Police
accounts.
This can be vital in cases were an officer/jury needs to follow the scientific
investigator at a technical level, collaborate on an investigation in a distributed
environment, or work through vast amounts of information.
It provides a roadmap for the investigation, with one point naturally flowing to
another, or any amount of other points.
Let's say for example we were investigating an email application. Firstly, we remove
from the equation the basic technical functions of the application. This leave us
with what can be described as a 'human-defined design'. That is, all the fluff added
to an application to make it 'user friendly' and operational.
From here, we list each of the 'features' and a description of their functions.
Next, we begin the 'Symbiotic Duality' analysis, by contrasting the basic technical
requirement to implement a 'feature' against the actual implementation.
There are various sub-aspects to this procedure, such as contrasts from different
'perspectives'. This would include examining ease of information retrieval,
information storage, information movement, information processing, network
communication attempts, etc.
By contrasting what would be 'expected', under reasonable circumstances, against
what is actually there, the 'gulf' (form of perceived depth) between the two states
is revealed (Symbiotic Duality).
The procedure uses the 'Russian Doll' and Henry Ford Conveyor Belt principles, to
break down the application into smaller and smaller units in a systematic exploration
of the target system.
The method is highly flexible, in that, it does not require a linear approach to
investigation, but rather, a completely random approach is recommended. This can
match budgets and resources of investigative departments.
The results are composited in a cross-referenced mosaic that can be expanded upon
from any point, providing the investigator a model of his/her complete investigation.
This gels beautifully with the 'chain of custody' model.
What we are left with, is a combination of fluff and 'Interest Motivated' sections
of the application. Its simply a matter of contrasting the expected characteristics
of fluff against the remaining sections of code.
So, staring you in the face, in glorious black & white, will be a very clear
list and description of each identified 'odd' behavior. As many investigators will
have realized by now, adaptations of this can be applied to any form of of
investigative procedure.
If you are interested in 'Symbiotic Duality', I'm afraid you will not find it in any
texts, it was something I developed as part of my work to assist me. An in-depth
understanding human psychology is a basic requirement in this field, as you must
always think, what would this person do? 'Symbiotic Duality', let's you understand
more clearly, what they were thinking as it exclusively relates to human
perceptions.
I don't claim that this is any form of great new method, I just use it to assist my
own work and it also has no form of recognition as an accepted method. Its simply
another tool, in a long list, of analytical procedures and, in my line of work, every
assistance is a bonus.
I like to think of this procedure as a:
'Random access investigative procedure, which uses the horizontal nature of
emotional and perceptive responses, to clearly identify the various ranges of
possible motivations behind an incident.
Cross-referencing and statistical analysis, provide a mechanism of ranking
motivations, across an entire case framework, allowing for 'Computer Assisted Real
Motive Analysis' (CARMA).'
That'll mess with your noodle for a while. Sorry. :)
The best visual representations would most likely be in the form of a 'tree'
structure, expressed in 3D. Each 'Symbiotic Duality' identified can be provided a
'score' (ranking), and numerous sub-scores (sub-rankings) if required. The ranking
system, has an unlimited user-defined scale. This allows for statistical analysis and
cross-referencing, with stark contrasts. The scale can also be categorized.
I only mention it here, as it was employed in this analysis, however, I am still
developing the theory behind this. The report does not rely on this theoretical work,
but rather, standard procedures in high level analysis.
Well, that's enough 'Psychology and Forensic Analysis 101' for today.
Have you not got a life or something? :)
Appendix 2. Magnetic Force Microscopy (MFM)
I had the chance to see this process first hand, a good friend of mine
demonstrated the following technique using an Open-Mosix cluster. The process was
mainly based on the statistical recomposition of data sectors. The usage of highly
discreet array-based statistical recomposition can uncover data.
Its based on the fact that a harddisk has certain known read/write characteristics
that effect the position of molecules on a disk platter. Its important to note, we
are not trying to uncover previous data directly, but rather explore variations in
memory.
An MFM series of images of the disk platter is produced and converted to 3D. Then
each sector's dimensional values are offset against the values provided by the known
characteristics of the read/write heads. Each binary bit is treated
independently.
As most can see, this method bypasses encryption by focusing on physical position.
After this, it is simply a matter of computing variations and attempting to match
patterns. Not one bit of cipher breaking, makes you wonder about the advice security
companies provide and who exactly qualified them in 'IT Security'?
Most people do not realize they are self-appointed and even wrote the texts for
'security classes'.
The technique came from the "The Catch 22 Guide To Business" and a chapter entitled
"Recursive Algorithms& Global Expansion", with cross-references to the Ferengi
'Rules of Acquisition'. :)
Can you trust your computer?
by Richard Stallman
Who should your computer take its orders from? Most people think their computers
should obey them, not obey someone else. With a plan they call "trusted computing",
large media corporations (including the movie companies and record companies),
together with computer companies such as Microsoft and Intel, are planning to make
your computer obey them instead of you. (Microsoft's version of this scheme is called
"Palladium".) Proprietary programs have included malicious features before, but this
plan would make it universal.
Proprietary software means, fundamentally, that you don't control what it does; you
can't study the source code, or change it. It's not surprising that clever
businessmen find ways to use their control to put you at a disadvantage. Microsoft
has done this several times: one version of Windows was designed to report to
Microsoft all the software on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions. But Microsoft is not alone:
the KaZaa music-sharing software is designed so that KaZaa's business partner can
rent out the use of your computer to their clients. These malicious features are
often secret, but even once you know about them it is hard to remove them, since you
don't have the source code.
In the past, these were isolated incidents. "Trusted computing" would make it
pervasive. "Treacherous computing" is a more appropriate name, because the plan is
designed to make sure your computer will systematically disobey you. In fact, it is
designed to stop your computer from functioning as a general-purpose computer. Every
operation may require explicit permission.
The technical idea underlying treacherous computing is that the computer includes a
digital encryption and signature device, and the keys are kept secret from you.
Proprietary programs will use this device to control which other programs you can
run, which documents or data you can access, and what programs you can pass them to.
These programs will continually download new authorization rules through the
Internet, and impose those rules automatically on your work. If you don't allow your
computer to obtain the new rules periodically from the Internet, some capabilities
will automatically cease to function.
Of course, Hollywood and the record companies plan to use treacherous computing for
"DRM" (Digital Restrictions Management), so that downloaded videos and music can be
played only on one specified computer. Sharing will be entirely impossible, at least
using the authorized files that you would get from those companies. You, the public,
ought to have both the freedom and the ability to share these things. (I expect that
someone will find a way to produce unencrypted versions, and to upload and share
them, so DRM will not entirely succeed, but that is no excuse for the system.)
Making sharing impossible is bad enough, but it gets worse. There are plans to use
the same facility for email and documents--resulting in email that disappears in two
weeks, or documents that can only be read on the computers in one company.
Imagine if you get an email from your boss telling you to do something that you
think is risky; a month later, when it backfires, you can't use the email to show
that the decision was not yours. "Getting it in writing" doesn't protect you when the
order is written in disappearing ink.
Imagine if you get an email from your boss stating a policy that is illegal or
morally outrageous, such as to shred your company's audit documents, or to allow a
dangerous threat to your country to move forward unchecked. Today you can send this
to a reporter and expose the activity. With treacherous computing, the reporter won't
be able to read the document; her computer will refuse to obey her. Treacherous
computing becomes a paradise for corruption.
Word processors such as Microsoft Word could use treacherous computing when they
save your documents, to make sure no competing word processors can read them. Today
we must figure out the secrets of Word format by laborious experiments in order to
make free word processors read Word documents. If Word encrypts documents using
treacherous computing when saving them, the free software community won't have a
chance of developing software to read them--and if we could, such programs might even
be forbidden by the Digital Millennium Copyright Act.
Programs that use treacherous computing will continually download new authorization
rules through the Internet, and impose those rules automatically on your work. If
Microsoft, or the US government, does not like what you said in a document you wrote,
they could post new instructions telling all computers to refuse to let anyone read
that document. Each computer would obey when it downloads the new instructions. Your
writing would be subject to 1984-style retroactive erasure. You might be unable to
read it yourself.
You might think you can find out what nasty things a treacherous computing
application does, study how painful they are, and decide whether to accept them. It
would be short-sighted and foolish to accept, but the point is that the deal you
think you are making won't stand still. Once you come depend on using the program,
you are hooked and they know it; then they can change the deal. Some applications
will automatically download upgrades that will do something different--and they won't
give you a choice about whether to upgrade.
Today you can avoid being restricted by proprietary software by not using it. If you
run GNU/Linux or another free operating system, and if you avoid installing
proprietary applications on it, then you are in charge of what your computer does. If
a free program has a malicious feature, other developers in the community will take
it out, and you can use the corrected version. You can also run free application
programs and tools on non-free operating systems; this falls short of fully giving
you freedom, but many users do it.
Treacherous computing puts the existence of free operating systems and free
applications at risk, because you may not be able to run them at all. Some versions
of treacherous computing would require the operating system to be specifically
authorized by a particular company. Free operating systems could not be installed.
Some versions of treacherous computing would require every program to be specifically
authorized by the operating system developer. You could not run free applications on
such a system. If you did figure out how, and told someone, that could be a
crime.
There are proposals already for US laws that would require all computers to support
treacherous computing, and to prohibit connecting old computers to the Internet. The
CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But
even if they don't legally force you to switch to treacherous computing, the pressure
to accept it may be enormous. Today people often use Word format for communication,
although this causes several sorts of problems. If only a treacherous computing
machine can read the latest Word documents, many people will switch to it, if they
view the situation only in terms of individual action (take it or leave it). To
oppose treacherous computing, we must join together and confront the situation as a
collective choice.
For further information about treacherous computing, see <http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>.
To block treacherous computing will require large numbers of citizens to organize.
We need your help! The Electronic
Frontier Foundation and Public Knowledge are campaigning against
treacherous computing, and so is the FSF-sponsored Digital Speech Project. Please visit these
Web sites so you can sign up to support their work.
You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq,
or anyone you have bought a computer from, explaining that you don't want to be
pressured to buy "trusted" computing systems so you don't want them to produce any.
This can bring consumer power to bear. If you do this on your own, please send copies
of your letters to the organizations above.
Postscripts
The GNU Project distributes the GNU Privacy Guard, a program that implements
public-key encryption and digital signatures, which you can use to send secure and
private email. It is useful to explore how GPG differs from treacherous computing,
and see what makes one helpful and the other so dangerous.
When someone uses GPG to send you an encrypted document, and you use GPG to decode
it, the result is an unencrypted document that you can read, forward, copy, and
even re-encrypt to send it securely to someone else. A treacherous computing
application would let you read the words on the screen, but would not let you
produce an unencrypted document that you could use in other ways. GPG, a free
software package, makes security features available to the users; they use it.
Treacherous computing is designed to impose restrictions on the users; it uses
them. Microsoft presents palladium as a security measure, and claims that it will
protect against viruses, but this claim is evidently false. A presentation by
Microsoft Research in October 2002 stated that one of the specifications of
palladium is that existing operating systems and applications will continue to run;
therefore, viruses will continue to be able to do all the things that they can do
today.
When Microsoft speaks of "security" in connection with palladium, they do not mean
what we normally mean by that word: protecting your machine from things you do not
want. They mean protecting your copies of data on your machine from access by you
in ways others do not want. A slide in the presentation listed several types of
secrets palladium could be used to keep, including "third party secrets" and "user
secrets"--but it put "user secrets" in quotation marks, recognizing that this
somewhat of an absurdity in the context of palladium.
The presentation made frequent use of other terms that we frequently associate
with the context of security, such as "attack", "malicious code", "spoofing", as
well as "trusted". None of them means what it normally means. "Attack" doesn't mean
someone trying to hurt you, it means you trying to copy music. "Malicious code"
means code installed by you to do what someone else doesn't want your machine to
do. "Spoofing" doesn't mean someone fooling you, it means you fooling palladium.
And so on. A previous statement by the palladium developers stated the basic
premise that whoever developed or collected information should have total control
of how you use it. This would represent a revolutionary overturn of past ideas of
ethics and of the legal system, and create an unprecedented system of control. The
specific problems of these systems are no accident; they result from the basic
goal. It is the goal we must reject.
PageTOP ^
Disclaimer
