Syrian Government Uses Skype To Push Malware To Activists 139
judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"
Meanwhile in America (Score:3, Insightful)
Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators [reuters.com]. No malware needed here in the U.S. Just fearmongering.
Re: (Score:2)
Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators. No malware needed here in the U.S. Just fearmongering.
When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.
And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are
Re: (Score:3)
Google Korematsu v. United States and then tell me what a president can and can't do through executive orders. Not to mention not all Syrian activists are saints, and not all members of Assad regime are monsters, life is never that simple.
Re: (Score:1)
When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.
When that happens it will be far too late to react. In fact the western monitoring laws are probably a good thing since they now force us all to act more toward cryptography which will trickle down to our Syrian friends.
And besides, the President can argue that until he's blue in the face -- without congressional support, it's dead on arrival. Tell me, do you even know who your congressional representatives are? You're directing all this anger at a man who is nothing more than a figurehead while the people actually responsible for the decision go unnoticed.
Now; there is wisedom. Having said that; the monitoring already on the books is pretty much much enough; Obama has plenty of power to limit or abuse and doesn't seem to want to use the limiting part. What this does say is that congress has to explicitly take power away from the US presi
Re: (Score:2)
When Obama starts looking the other way to the mobile raping vans to silence activist women and sends in the army to level neighborhoods of political undesireables, and we're all working at the new minimum wage of $4 an hour, I might be willing to entertain the idea that we're in the same boat as activists in Syria.
You want to wait until then to say something?
"When there's a giant breach in the hull and compartments start filling with water, and the ship starts nosing into the North Atlantic, I might be willing to entertain the idea that we're on the same boat as Leonardo DiCaprio."
Maybe shouting an iceberg warning when you see an iceberg isn't such a bad idea, even if you think your ship is unsinkable.
Re: (Score:3)
Didn't take long before some jerk on this site started bashing America. Yeah I can see the similarities here.
Make no mistake, neutering the Fourth Amendment is a step towards a government like Syria's. It's what you would do if you admired Syria and wanted to eventually become like them.
I don't like him one bit, but I believe Obama is an intelligent man. He is more than smart enough to be aware of this.
Like the other AC said, we note you failed to refute the post.
Re: (Score:2)
Didn't take long before some jerk on this site started bashing America.
He's not "bashing America," you fucking idiot. He's pointing out an instance of the US government bashing America.
Skype is not the key.... (Score:5, Insightful)
It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...
Re: (Score:2)
Skype is only remotely involved...
+1 for the pun.
Re: (Score:2)
It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...
No kidding, what a misleading title. Makes it sound like they're using some Skype vulnerability.
RAT (Score:2)
Re: (Score:2)
Re: (Score:2)
How do you say "Big Brother" in arabic?
Uch kabir, roughly
Re: (Score:3)
How do you say "Big Brother" in arabic?
Uch kabir, roughly
Well, I guess Ukh kabir, to avoid confusion of pronunciation
Trust... (Score:2)
Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat.
Trust no one.
Re: (Score:3)
Re: (Score:2)
Although, I wonder what it says about me that my "security model" is based on quotes from X-Files and Ronald Reagan?
Re: (Score:2)
Good luck in coordinating any sort of group activity with that mentality. If you go 100% lone wolf, your cause is lost and nothing of significance will change.
Re: (Score:2)
Nonsense. Assuming you are engaging in some...parlaying with a foreign power, you can give Uncle Sam a call, and he'll find an arrangement that will work to his, and sometimes your, benefit. Does anyone know if the CIA has a 1-800 number? I ask, because the amount of armaments we ship abroad to various groups dissatisfied with their host governments is truly staggering, and it lends to some thought that they must have some operators and an order fulfillment system at Langley somewhere. I mean, my God, the a
Re: (Score:2)
Re: (Score:1)
A gun to the head of a trusted party blows a hole in just about any security measure.
Well, if you want to use that example, then really "A gun to the head of a trusted party blows a hole in *every* security measure." Even if the encryption method is perfect, all the Syrian Army has to do is demand to know what the decrypted message was. And so, I guess the answer is to just give up. (BTW, I was the "anonymous coward" - wasn't logged in.)
Re: (Score:2)
Re: (Score:2)
Trust is limited, not absolute. The model that seems to be the most workable in real-world situations is the clandestine cell system [wikipedia.org].
If you're really interested, you also want to understand the concept of transitive trust [doublersolutions.com]. (Note: This link is not the most definitive example, but it works.)
The point is creating a system where the damage from a compromise, which is most likely inevitable, is compartmentalized and thus minimized.
Re: (Score:2)
Bad Summary (Score:5, Insightful)
"Syrian Government Uses Social Engineering To Push Malware To Activists."
They could be using e-mail for the same thing. Or other IM channels that offer direct connect. Or Dropbox. Or any other channel.
The clever bit is trying to convince people to download and run an unknown tool by impersonating someone they've imprisoned.
Re: (Score:2)
the clever bit was done by the headline author, implying it was all microsoft's fault.
Re: (Score:2)
Microsoft Security? (Score:2)
*snarky MS comment on*
Well you knew this would happen shortly after Microsoft bought them....
*snarky MS comment off*
Re: (Score:2)
What, that someone was the victim of social engineering?
May the Force be with the Rebels (Score:2)
On this day and always.
EFF Published This Two Months Ago (Score:5, Informative)
To all Syrian Activists (Score:5, Informative)
In order for this not to happen again do the following:
Stop using Windows and MacOSX.
Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.
Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'
Generate keys and verify them before communicating.
Be _very_ careful if who you usually talks to changes their key, they might have been arrested.
Never ever communicate in the clear.
Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this. Also you can be tracked so your oppresive government can see that you communicate, they will just not be able to read what you are saying. And not using major OSes will keep you away from the most common exploits and trojans.
Also, try to use TOR, HTTPS-everywhere and other good tools.
References:
https://fedoraproject.org/ [fedoraproject.org]
http://fr2.rpmfind.net//linux/RPM/fedora/16/x86_64/pidgin-otr-3.2.0-4.fc15.x86_64.html [rpmfind.net]
http://www.cypherpunks.ca/otr/ [cypherpunks.ca]
Good luck.
Re: (Score:2)
Install pidgin and off the record like this
Good advice. I was going to post something similar but you beat me to it.
What's so great about OTR? It doesn't just provide end-to-end encryption, but uses a model which supplies plausible deniability and perfect forward secrecy. That means that after an encrypted conversation is over, there is no way of associating it with you, and that if your keys are compromised past messages cannot then be decrypted.
Re: (Score:2)
Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this.
Clarification for people: Rubber hose cryptanalysis means that after encrypting your drive, they will beat the everloving fuck out of you, regardless of whether you give them the password before, during, or after, the aforementioned beating of your lifetime. However, if you leave it unencrypted... you'll just go to prison. But hey, if you want to enable that crypto -- go for it. Just don't plan on winning any beauty contests after.
Re: (Score:2)
I think you're assuming there are no back doors in Fedora or the encryption software included therewith. Does Fedora have some form of security that I'm not aware of to prevent such, other than being open?
Re: (Score:2)
In order for this not to happen again do the following:
Stop using Windows and MacOSX.
So you are saying that full disk encryption on Windows and Mac OS X has backdoors? Any link to back that up?
Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.
Now you are saying that Fedora has no backdoors. But the only way the Syrian activists will be sure is if they download the code, check it themselves, and compile everything, as it is pretty much impossible to know that the precompiled binaries haven't been tampered with. But the code for the relevant parts [apple.com] of Mac OS X [apple.com] is also available. In any case, the Syrian activists, being social activists and no
Re: (Score:2)
http://www.brepettis.com/blog/2011/1/28/apps-for-the-appocolypse.html
the real problem (Score:2)
Misunderstanding of what a MAC address is and how they work, that is the crux of the issue.
Tonight... (Score:1)
Next, on Real TV: When script kiddies go bad -- Real bad.
Shouldn't that read.... (Score:2)
Shouldn't that read: Syrian Government Uses Microsoft Products To Push Malware To Activists since Microsoft owns Skype?
Maybe it's time to drop the free as in beer when talking about opensource and use free as in speech.
Re: (Score:2)
I think it should read, "Syrian Government Uses Instant Messaging File Transfers to Push Malware to Activists."
Nothing about the attack couldn't have been done over AIM, or ICQ, or MSN, or IRC, or Jabber, because all of those protocols provide a means for exchanging files with other users.
Re: (Score:2)
No. It was a matter of social engineering. the delivery platform had no significant role in the delivery of the attack.
Re: (Score:2)
No. It was a matter of social engineering. the delivery platform had no significant role in the delivery of the attack.
Then why mention Skype? Technically, the product used is Microsoft Skype, I stand by the title I proposed.
This begs a crucial question (Score:2)
Is Microsoft, which owns Skype, colluding with the Syrian government to push malware to end users, or has Syria hacked into Skype to accomplish this?
My buddy ... (Score:2)
Nothing New Here (Score:2)
This is no different than an email trojan vector. They've passed the file using skype but this is not any weakness in skype itself unless one thinks that skype should be scanning files that are transferred across it as part of the service.
Re:are people really this stupid (Score:5, Informative)
When the file comes from a trusted source, it's not stupid. You have to trust someone eventually; The OS manufacturer (ie, Apple, Microsoft, etc.), the distributor (the person making the DVDs), etc. Trusting a friend isn't stupid, it's what most people would do. That's exactly why so many different worms try to propagate using a person's address book; Human trust networks.
It was only stupid that he didn't scan the file first, not that he accepted the download. And if said malware is custom-designed, it wouldn't be in any anti-malware/anti-virus definitions, and so he could do everything right and still wind up screwed. How many governments have asked that their malware not be added to the definition files again? ALL OF THEM.
Re: (Score:2)
Re:are people really this stupid (Score:5, Insightful)
Because maybe he didn't actually know the person had been arrested to begin with? These political dissident arrests are not publically broadcasted, you know...
Re:are people really this stupid (Score:4, Insightful)
when the government is out to kill you, the way to operate is TRUST NO ONE. this is the way revolutionaries have operated for centuries. small cadre of leadership and you never trust anyone completely.
Re:are people really this stupid (Score:5, Insightful)
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
Re: (Score:3)
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
Of course, you have to trust someone, but in a properly designed covert operation, that set of people is small (a so called "cell") or hierarchical (like a "handler") and you don't fully trust them either. If the cell is that small and the handlers only handle a few folks, the damage caused by misplacement of trust is limited. In this situation, if the cell or the cell's handler was compromized (e.g., arrested in this case), the other members of the cell might have known about it, or if they did not, the
Re: (Score:2)
No campaign plan survives first contact with the enemy
-Helmuth Graf von Moltke [wikipedia.org]
Revolution is different. Most are amateurs, not professionals. Increasing the degree of difficulty is fact their opponents are. Properly designed in this context is pretty simple. If you survive, it was "properly designed". You make it sound like they didn't read the Chilton Manual for revolt.
Life isn't quite so clean as that.
Re: (Score:1)
Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
The problem here is that there seem to be a bunch of arm chair cryptographers who are advising these Syrian activists. It would be really really appreciated if those people that are doing this would try to understand the real consequences to real people and give some really careful advice about how to be more seriously secure.
I you trust no one you can never form any groups. You eventually have to trust someone.
The actual statement you were responding to was you never trust anyone completely.. That's a really really good thing. In fact; and this is where our "arm chair" advice is really b
Re: (Score:2)
The Communists, who became Very Good at this sort of thing, used small "cells".
Re: (Score:2)
You eventually have to trust someone.
Maybe, but never a Microsoft-controlled Skype.
Two months ago, Skype replaces user-hosted P2P supernodes with Linux grsec boxes hosted by Microsoft, but for what?
I think wiretapping is one of the big reasons for the rearchitecture. Skype officially claimed they could not comply with wiretapping requests because of the P2P network as late as 2008 (http://news.cnet.com/8301-13578_3-9963028-38.html), and Microsoft was already working on wiretapping VoIP in 2009 (http://blog.tmcnet.com/blog/tom-keating/microsoft-patents-voip-and-skype-wiretapping.asp).
Re: (Score:2)
If the U.S. revolutionaries had operated like that, we'd still be British. At some point you have to trust your fellow compatriots and share documents, otherwise you'll never get anything done.
BTW not even Fox Mulder followed the "Trust No One" mantra you quoted. He trusted his partner Scully. He trusted Deep throat and his partners. He trusted other conspiracy people he met along the way.
Re: (Score:1)
He trusted the writers of his show to continue to write his lines.
Re: (Score:2)
when the government is out to kill you, the way to operate is TRUST NO ONE. this is the way revolutionaries have operated for centuries. small cadre of leadership and you never trust anyone completely.
No, that's the way Fox Mulder operated, on a TV show. Revolutionaries are famous because they stood up publicly for an injustice. They won over the general populace with charisma, unwavering devotion to their cause, and courage. They didn't hide from their followers, or follow some anti-social creed.
Re: (Score:3)
P.S.
you run a revolution like you set up a firewall. trust no one/block everything and accept trust on a case by case basis
Re:are people really this stupid (Score:4, Insightful)
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them?
People occasionally get released from jail.
Do these activists not use some super secret codes to tell each other they are who they say they are?
No. They're political activists, not James Bond.
Re: (Score:3)
Exactly. These people probably hooked up online and could have never even met face-to-face. There is no reason to expect that this guy necessarily would have known the other person was arrested. The secret police in countries
Ike Syria don't tell the world the names of people they arrest.
Re: (Score:2)
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them?
Perhaps he had not heard that the other activist had been arrested? It's not like the Iranian government is going to advertise how much repression they are using.
Do these activists not use some super secret codes to tell each other they are who they say they are?
They are activists, not necessarily hax0rs or james bond types. C'Mon, they're using Skype to communicate.
Well, I fooled them! (Score:1)
Trusting a friend isn't stupid, it's what most people would do.
I let all my friends know that I'm untrustworthy and stupid. I also tell my friends that I don't trust them and that I think they're dummer than a bag of hammers. I got this whole security thinging down, baby!
Of course now, i don't have to worry about being infected by worms from friends because I have no friends.
Re: (Score:2)
>>>When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?
Re: (Score:2)
>>>When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?
Eh I don't know about you, but if someone offered me a binary executable for the purpose of changing my MAC address, I would tell them "no thanks, I'll just use the built-in 'ifconfig' utility". I like that option better than playing amateur cloak-and-dagger.
Re: (Score:2)
"Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?" -> I do love the insinuation that the RP Libertarians would be engaged in some sort of subversive activity that somehow would require the attention of DHS (even the Amish get special love from DHS, because, you know, they pose some sort of a special threat, with all that barn-raising and s
Re: (Score:2)
When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
"Skype" isn't a trusted source. If you're dealing with a government that's out to get you, anything that isn't cryptographically signed is untrusted. Assume everything is untrusted until it's verifiably trustable.
Re: (Score:2)
That's all well and good to say but ignores the reality of how these dissident mvements work in these third world countries. And just because something is cryptographically signed doesn't mean it's trustworthy. Whose to say the government doesn't have forged certs? These people are rag tag groups of people who meet up online, not cryptographic specialists.
Re: (Score:2)
That's all well and good to say but ignores the reality of how these dissident mvements work in these third world countries.
The reality is that they're not educated enough to do it. There's no reason they couldn't be educated, if someone decided it was worthwhile. In cost benefit terms, it's absolutely worthwhile. So all that's needed is for the resistence to realize that and do some work.
And just because something is cryptographically signed doesn't mean it's trustworthy. Whose to say the government do
Re: (Score:2)
If your life depends on it, you think you'd take the time to figure out what you can do to protect yourself.
Anonymity deflects more bullets than body armor. All cryptography does is compromise your anonymity.
Re: (Score:2)
All cryptography does is compromise your anonymity.
Really? So if I post a private key in this thread, and you encrypt your response with that key, how does that compromise either of our anonymity?
Re: (Score:3)
"Skype" isn't a trusted source. If you're dealing with a government that's out to get you, anything that isn't cryptographically signed is untrusted. Assume everything is untrusted until it's verifiably trustable.
Are you trying to get these people killed? Political activists don't show up at a meeting and spend the first half hour checking each other's credentials and signing each other's PGP keys. Why not? Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity, which would make it easier for the government to identify and arrest the activists, not harder. With cryptographically signed communication,
Re:are people really this stupid (Score:4, Informative)
Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity
You don't have to completely identify yourself to get a benefit from cryptographic signatures. All you really need to know is that the Ahmed you corresponded with today is the same Ahmed you corresponded with last week. To do that, all you need to know is that the key used today is the same key that was used last week. This trivial precaution would have protected against this attack.
These guys aren't anonymous, they're pseudonymous. The key can be their pseudonym without compromising their actual identity in any way.
Re: (Score:1)
Re: (Score:2)
Why should we expect these activists to be any more computer illiterate than jihadists? We know they use PGP and Tor and steganography. Why not political activists?
Re: (Score:2)
More realistically, the best of kind of operational security is to assume that any security system will be compromised. All the cryptography in the world can't help you if they put a physical key-logger on your machine, while you're picking up groceries.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
face to face you can tell if the police beat him
and best case is you take a USB stick which you then scan on a stand alone computer suited for the task
Re: (Score:3)
Sure, but whose to say that the person you meet face-to-face is the same person? The government could have easily killed the real person and had someone go in his place. Most of these dissidents probably met up online and would have no idea if they are meeting a real dissident or a government stooge. It's quite easy to criticize this person from your safe position thousands of miles away.
Re: (Score:2)
Re: (Score:2)
the government is out to kill you and dump your body off a bridge
That's disappointing. I insisted on being burned alive while they chanted "She's a witch!"
you accept a crazy exe file over skype from someone not in front of your face.
The file wasn't named crazy.exe, it was named something that, in that country, is a useful tool when you're using internet cafes and open wifi to communicate covertly: Mac address changer.
how do you know where this person is. how do you know he's not arrested and having a gun pointed to his head
Dude, this is the internet. For all you know, I'm a 7 line perl script that became sentient, crawled out of Rob Malda's server, built a robot exoskeleton, and now lives down a manhole in Brooklyn. That doesn't mean you just stop talki
Re: (Score:1)
Re: (Score:2)
I sense a bit of hostility towards people less technical than yourself. I take it you don't provide technical support to anyone?
Wouldn't that only encourage hostility towards the less-technical?
Though I suppose that depends on how you define "less technical". If you mean people who could not competently administer a multi-user server from the command line, and just want to do their browsing or office work, that's one thing. If you mean people who double-left-click when you carefully, explicitly ask them to "single right click with your right mouse button" that's another thing entirely.
The former category is worthy of assista
Re: (Score:2)
using an OS that doesn't provide built-in system tools for such basic things as configuring a NIC, including the MAC address, because said OS from Redmond assumes you're an idiot who would only be confused by such things
Eh? My Windows must be broken, because I was able to do it just fine.
My Computer
Other Places, My Network Places
Network Tasks, View Network Connections
Right-click "Local Area Connection", Properties
Under "Connect using: Broadcom NetXtreme Gigabit Ethernet", Configure...
"Advanced" tab, "Locally Administered Address" property
Click the radio box on "value", type something.
Re: (Score:2)
using an OS that doesn't provide built-in system tools for such basic things as configuring a NIC, including the MAC address, because said OS from Redmond assumes you're an idiot who would only be confused by such things
Eh? My Windows must be broken, because I was able to do it just fine.
My Computer Other Places, My Network Places Network Tasks, View Network Connections Right-click "Local Area Connection", Properties Under "Connect using: Broadcom NetXtreme Gigabit Ethernet", Configure... "Advanced" tab, "Locally Administered Address" property Click the radio box on "value", type something.
So in any case, there is no good reason to trust an unknown executable that purports to accomplish this task.
I've heard it said by some, in the context of the Second Amendment, that today's nearest equivalent to the musket is the computer. It is a recognition of the way information and control of information is a form of power. I don't fully agree with that because regrettably most serious conflicts eventually escalate to physical force, but it's an interesting notion all the same. Unfortunately that
Re: (Score:2)
You could do it without PowerShell, as a matter of fact. You would need to fill in a couple of blanks, but this .bat file should work.
@echo off
rem Change Network Address - create reg file and merge into registry /s tmp.reg
cd %temp%
echo Windows Registry Editor Version 5.00>tmp.reg
echo.>>tmp.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\nnnn]>>tmp.reg
echo "NetworkAddress"="%1">>tmp.reg
regedit
del tmp.reg
rem Stop and restart NIC to apply changes
wmic path win32_networkadapter where index=n call disable
wmic path win32_networkadapter where index=n call enable
rem See if the change was successful - Display MAC addresses of local interfaces
getmac
n is the index for the NIC you want to change. The easiest way to find it is to run the command
wmic nic get name, index
and find the NIC you want to change. Since I assume you probably want to just change the MAC of a single NIC, you can hard-code it into the batch file. Hypothetically, if you wanted to, if you had a Windows installation to work with, of course...
Re: (Score:2)
Forgot to say how you would run it - probably self-evident, but in case it isn't, you type the name of the batch file followed by the new MAC address (which will be substituted for %1).
Re: (Score:2)
I can create a fully undetected trojan in ten minutes from any remote access Trojan. The problem here was not knowing how to manually change the physical address of thenic.
This is not the users fault..
Really? I believe you just rejected the entire notion of personal responsibility, especially in the face of a shit-hitting-the-fan situation like in Syria.
In the absence of such a volatile political situation, here's how I feel about myself. If I have Internet access (which they do, to be using Skype), and the information is freely available (which it is, via Google) and the operating system already provides a way to do this (which it does), then I take full responsibility for any problems I experience
Re: (Score:2)
Re: (Score:2)
How do you do that when the programmers are changing the code (and therefore the hash) every week?
Re: (Score:2)
You mean like if you think you're chatting with a fellow dissident and he sends you a tool named MACAddressChanger ostensibly to help you change your MAC address?
Your prescribed security measures are not only dumb in general, here in 2012, but they're completely oblivious of the story at hand.
And I'm pretty sure the Syrian army is dumping dead bodies because they are a frickin' army against a barely armed motley crew of civilians and defectors. You should probably live in a city being shelled by artillery a
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
unless the name and file type looks halfway legit and you can trust the person 100%
did you even read the summary?
"The problem was that the fellow activist had already been arrested and could not have started the chat."
Re: (Score:2)
The Syrian government figured out the Achilles heal of any Muslim. Just call the file "Allah Akbar" and they'll blindly open it up.
Re:are people really this stupid (Score:5, Funny)
Windoze users still fall for the jessicaalbanudes.jpg.exe trick. They don't call it point-and-drool for nothing!
Your hyperlink is not working, please repost!
Re: (Score:2)
Would you mind running that little gem of wisdom by the FBI [slashdot.org]?
Re: (Score:2)
And this--even if true--completely absolves the current régime in Damascus of any wrongdoing, right?