ok thanks for the clarification ^_^
I've seen conflicting reports on the key change!
Some are saying the latest compromised binary was signed with the OLD valid keys before new ones were uploaded.
Others say it was signed by the new keys.
Main currently accepted theory is the NSA or whoever (insert your fave 3 letter agency here!) tried to get the signing keys TC decides all it can do is "salt the field" and shut up shop.
may as well throw in my 2 theories :
1) one lucky scammer/hacker got the mother-load of a hack and got access to one of the developers systems and managed to get the signing keys as well as full access to the TC sites.
2) Due to internal ego's and in-fighting one of the development team did a "Eric Cartman" on the others and go "Screw you guys I'm outta here!" putting up the "closed for business sign" and issuing a suspect (but officially signed!) version that only decrypts, killing the brand in the process.
Or at least have the opportunity to organize your own meet-up at a convenient location, Or get a list of willing volunteers to help set up the meets and get local tech or other sector businesses involved in your general area. (Fair amount of the MOOC are not IT related!).
I've tried a dozen or so different courses from different providers and I only can be bothered to go 1 or 2 days through the courses before giving up!
I learn better in a group, actually interacting with other students and teachers rather than sitting in front of my PC with a bunch of youtube vids and a page of multiple-choice questions! (which is weird as I generally can't stand the company of other people!!)
... but I have a life.. ^_^ but i've used it already
Couple of points: (I'm thinking less in an individual file encryption issue than to a larger set of encrypted data structure)
In a totally non-knowledgeable fashion would the algorithm or the program access the algorithm create the bogus data?
To me one flaw would be random generation of data. If it was random then using the same false password twice would result in 2 different results (so that password can be ignored) defeating the point of the bogus data.
The way to work it is to use procedural generation of some type, It should be easy to generate a random looking but believable indevidual files or directory structure (and fill it with plausible files related to the folder names *i.e. avi,mov,mpg in video folder and doc,xls,xdoc etc... in Documents folder.) You could go as far as to generate appropriate file herders and meta data to fool some automated checking.
With procedural generation the same false password would generate the same false data every time so it is harder to differentiate between bogus and actual data.
I 'stole' my domain name (in a they didn't bother to renew the domain name in time sort of way...).
In my defence the address is my real name and I already had the
Found out 1h after registering and sorting out the email that it was owned by a Developer/Real Estate agent in Canada before me.
I gave up responding after 6 months or so of contacting the senders to inform them I'm not the person they are looking for. Also telling them they should use the telephone to contact the guy and get his new address!
After a few months I got bored and I started to reply to emails about a particular $1,000,000 development for a conservative party member they were trying to get a tender for:
Love the plans for the project. Client has a couple of alterations.
Can you amend the plans to include:
Large 4ft deep jacuzzi in the living room.
'Adult' Games room in basement. (wants the place soundproofed and optional "adult dungeon" fixtures and fittings with a double bed down there.)
Oh can you fit celling to floor French doors in the toilets facing the decking at the fount of the house. (prospective buyer is a pit of a perv..)
[insert my name here]
Was not really surprised it took them nearly 4 weeks to notice I wasn't the developer in Canada but a guy in the UK (Well I did tell them 2 or 3 times before this I wasn't their guy!)
I still get emails about projects, prospective site availability and invitations to the Canadian conservative party conferences every once and a while but they get spammed and trashed.
It's probably more like a glorified "keylogger"
A simple KVM box with one of those low powered credit card PC's fitted inside, stick in a rechargeable battery and wire it to draw power from the usb input, It sits there day after day recording key strokes and mouse movements with the odd screen grab. the on board PC then compresses it in to manageable chunks of zips, rars or tar's and waits for one of the gang to walk into the Bank at a busy time of the day. Then it sends it to a receiver via wifi in the crooks bag/pocket in the 10-20 mins he is waiting to get served. If one visit is not enough then they hand it over to another member who gets in line and waits for it to finish.
Or the power companies buy it by the truckload and "rent" it out to local consumers in areas they think is too costly for a proper infrastructure (Large Gas Pressure tank + Cube = lot cheaper than laying gas pipelines to backwood / middle of nowhere locations!) for inflated prices!
I forgot to add that I think only council already on retainer or on staff can be informed and advise the client/company regarding the court order.
But I'm not sure IANAL!
Think it's like the UK's "Super Injunction" where not only would you be breaking the law to talk about the case behind the court order but it would also be illegal to say you've actually received a court order in the first place. It can cover individuals or entire companies depends on how it's worded.
True but you just need a few organisations to jump on it with Pro Bono Lawyers to make it difficult for the government to walk over individual businesses.
They don't have to fight each and every order, just enough for the Judges to get annoyed at the Government overreach and to slap down the entire job lot!
If it was for 10,000 for specific conversation between specific address at a specific date/time then It's reasonable to comply.
But bureaucracy is not as fluid as you might imagine! Their is a reason places like the NSA and CIA go for specific or blanket warrants / Court orders rather than mass individual ones.
Partly because they don't KNOW who to target apart from a few isolated people already on their radar, unless they go for John Doe #1 all the way to John Doe #10,000 which would cause another 10,000 or so new court orders required once they get the actual names, then you'd be correct in thinking that Civil Liberties groups / EFF and other like mined organisations would have a field day tying them up in red tape, challenging each and every individual order.
Oh and i think Judges are beginning to hate mass John Doe#1 to # Court Orders anyway because of their over use by Copyright Trolls to gather User information from IP addresses.
Depends on what the Court order was for.
If it was for specific conversation between specific address at a specific date/time then It's reasonable to comply.
But if it was for Everything since the service started or between 2 dates (i.e. 1st Jan 2011 to 31 Dec 2012) or from that point onwards, then it's a fishing expedition and its reasonable NOT to comply without further legal council and possible injunction (if that's possible with this kind of court order!)
All the Lawyer needs to do is send a letter asking 3 questions.
1) Between what dates did the OP work (Person A) for the client ?
2) Between what dates did the new developer (Person B) take over work for the client ?
3) When was the first use by the company (in-house or commercial) of the specified code ?
If the answer to Q3 is in the range of Person A's time at the company and outside the range of Person B then matter solved.
If not then hard luck unless you have corroborating evidence that you created it (work emails / memos / Letters about the code from your boss to you.)
Then in that case only winner is the lawyer...
Where's Blue Thunder when you need it!!