WHAT? There is PORN on the INTERNETS?
I demand PROOF!!

The Spirit that inhabits your body, that is the recording medium. When you die, you take all those memories and everything you've learned with you. It's really quite simple. The spirit is the recording medium, and the the human brain is the spiritual to physical interface adapter.

Essentially, those neurons are nothing more than your hard drive cable. The scientists can see the data traveling down the cable, then they can see the data traveling back, then they wonder... 'hmm, how on EARTH does this cable store so much data?' It would all be so much easier to understand if they would just acknowledge the existence of a hard drive.

Never did I say, nor imply that Stratfor publishes guar gum futures, nor would New York Times.
The New York Times and all other mainstream news sources for that matter, do not report the news, they report their opinions on the news. They exclude from their reporting anything that does not fit with their agenda.

If you are looking for hard information, it is pointless to turn to the media sources anywhere. That is where the value of Stratfor comes in.

Want to hear a joke? It's called "The New York Times".
Media these days is so slanted that every news piece has an agenda. If you were to rely on the popular media for your news and information, well, you can forget about being well informed. They excel at filtering out information that disagrees with their world view.

At its essence, Stratfor is a news company. They gather 'Intelligence' from the 'field' and put it out there. They tell you what is going on, in a boots-on-the-groud point of view. They provide enough background to give context, the news, and what this could mean to the future of the region - and that's it. They don't do human interest stories. It is not your typical news. That is what Open Source Intelligence is.

So you read through the 'intel' they gather, and unless you have a particular interest in the region, or a business need for the information, it is boring stuff... So?

I know a company that imports guar gum, an ingredient that is used primarily in food products. The primary manufacturers of the product are in Pakistan. They are continually researching what is going on at the local level in Pakistan, not just the stuff that makes the headlines. Stratfor provides that info, as boring as that is. They also monitor situations in the regions their product is transported through, lest there be any supply disruptions. They want to be able to have contingency plans, such as leaning more on a supplier from India, even though the price may be higher, there is less chance of supply disruption, etc.

Were you expecting it to be the stuff that movies are made of?

Give me a break.

Anonymous hookups?
http://xkcd.com/364/

In WWII, we learned important lessons... and unfortunately, we also learned the wrong lessons.
Many countries - instead of learning to fight evil, they learned that fighting is evil. That kind of pacifism is lethal to a country. Fighting evil is a noble cause and must be done.

With respect, shouldn't that be the first step?

The first step of moving on, yes. I would agree - but due to many factors it is not practical for many users.

We're like Doctors in many respects - we can make all the recommendations we want, but the patient is going to do whatever they are going to do.

And referring to trustworthy backups - when the remote management software has been in place for x number of months, and it has been backed up, restoring the machine while doing virus scans profits you nothing if you are not looking for 'rogue' management tools.

I'm not talking about hackers that run botnets - yes, they use rootkits. Never at any point have I stated that rootkits are obsolete or no longer used. What I am saying, and what I have said quite clearly, is that some criminals that want to obtain and maintain access to a corporate network are using remote network admin software. So, be on the lookout for it. That is all.

I'm working on that right now - I'm on the SBA Information Security Task Force - determining what really are the best practices out there. It's an all but impossible task.

No, I have not flown out to respond for many years now. I do travel in state and neighboring states quite a bit, but for the most part there are enough good people in each market with sufficient capabilities.

Midnight_Falcon - did you not notice that I put the word (old) AFTER Dameware NT? It is less common now, but did the issue just go away? No, they have updated their software.

The point I wish to make, and have done, is that many hackers do not leave rootkits behind. They simply set themselves up as rogue network administrators within your network.

I am quite familiar with "enumerating badness".
This is only done as part of a clean-up effort.
If management tools are running where they should not be, I want to know about it.
"Enumerating badness" is precisely what is required when you are hunting down an intrusion. It is not the best policy to take when defending one.

The overarching lesson I've learned in all these years is that a secure network is a well managed network. If you do not actively manage your network - there are plenty of criminals that would be happy to manage it for you.

Like Kevin Mandia, I too clean up these messes professionally. Cleaning these things up starts with the data gathering and analysis, virus scans, offline analysis - and more that are not mentioned.

The MOST important thing that ANY admin should know is that the true professional hackers do not use rootkits. They will use exploits to gain their foothold, but rather than install a rootkit, they will install remote network admin utilities, such as Dameware NT utilities (old), or more recently I've seen LabTech Software.

From www.labtechsoftware.com
IT Systems Management Software providing a leading remote monitoring and management (RMM) solution for Managed Service Providers (MSP) and IT...

This software is great for Managed Service Providers - it also is a dream come true for cyber-criminals as it provides a backdoor into networks using signed code that will not appear on any antivirus, anti-malware or anti-rootkit scan. It can sit dormant for years, get backed up, and restored. Even if you do run anti-virus scans on your backups prior to restoring them - as one commenter stated above - it would be of no use.

So, when I am gathering the data dump, what I do is look for ALL network management tools, and I have created scripts that search for these.
        *****
        Google this: C:\WINDOWS\LTSVC\LTSVC.exe Hijackthis
        You will find examples of people who have run Hijackthis on their computer and posted the log online - the common complaint is that they keep getting reinfected and cannot figure out how. They've run {insert virus tools here} a number of times and cannot figure it out. They usually resort to reinstalling the OS.
        *****
Anyhow - gathering up all the logs from every device on the network, linking how they went from machine-to-machine, enumerating lists of installed software on each machine, and also performing offline analysis of drives, searching for any file/directory modifications based upon time stamp. It is FAR more involved, but it is the only way to enumerate the intrusion.

Removal must be done all at once. Either cut the network access of all the devices, then remove, or write a custom removal script and schedule it as a task to have everything be done at precisely the same moment.

I then have custom IDS signatures that look for any unauthorized Remote Management & Monitoring software.

You'll never hear the real reason why in the main-stream media, because they support the Occupy Wall Street, but there is a very clear reason why the Feds stepped in and shut this down.

What you may not have heard about is that on Friday, there was an assassination attempt on Obama. Haven't heard about it? Well, someone shot an AK-47 at the white house, and he's been at large until today, when they finally caught him and now the story is coming to light. Apparently, this guy went to the White House straight from the OWS encampment.

Here in America, if you are going to work for the agency directly, there are no direct costs for the security clearance. So no difference there. The key here is that if you are a private contractor, that contractor must bear those costs directly themselves, and they must recoup all those costs in billable hours.