How does last year sound? http://hardware.slashdot.org/story/10/11/23/0642238/Intel-Launches-Atom-CPU-With-Integrated-FPGA?from=rss Granted, it might be a while before they are commonly found on commercially available boards. And as others have pointed out, If you do it in *real* hardwdare, it will be faster than if you did it in an FPGA. This is more like a customizable coprocessor to the Atom. You could even use it to replace the motherboard chipset, conceivably.

As was pointed out in the comment I originally replied to, if you allow your phone to interact with an Exchange server, you end up giving the Exchange admins the ability to do a LOT of things to your phone without your knowledge.

Including, erasing everything saved on the phone.

I am not willing to give up that level of control.

If I'm on call, or if my employer wants to replace my desk phone with a cellular one to make it easier to reach me, or they want me to be able to read and respond to email from my phone, I'm perfectly happy carrying two phones.

But if I'm on my own time and I'm not on call, the work phone goes on a shelf, and it may or may not get turned off in the process.

Thankfully I do not have to read my company mail on my phone for a living. If I had to, I would have paid for one of those HTCs without giving it a second thought.

If the company you work for requires that you be able to read your email on your cellphone, they damn well be providing you a cellphone to do it with.

Since you didn't include a link to the text of the act in question, here is the text of the Espionage Act of 1917.

Section 1, paragraph (e) pretty clearly applies to the person who leaked all of the documents in question.

Section 1, paragraph (d) MIGHT have applied to Wikileaks... EXCEPT for the fact that they provided the State Department with copies of all of the documents that had been leaked, prior to publication.

What's more, not only are they redacting the documents prior to publication, they're redacting the documents EVEN MORE HEAVILY than the declassified versions being published by the Department of Defense.

So, yeah. Granted, IANAL, but I'd say that doesn't apply.

Hey. At least then, the bomb goes off in the airport instead of on the plane, right? I mean, that way, you don't have tons and tons of debris possbily raining down onto a heavily populated area.

ATMs can be had for ~$2k on ebay

Hell, there are even ebay listings for companies that'll ship you an ATM for free, have somebody come out and fill it with money, and give you a percentage of the surcharges they collect from cardholders.

It's called a "Prepaid Card".

Several are listed here. but you should be able to walk into walmart, kmart, target, and many grocery store chains and buy a prepaid MasterCard or Visa card.

And if you can buy the card there, you can walk back in there with the card and a handful of cash and say "Put this money on here." and have them do it for you.

I would imagine that there are two distinct major camps of people that work for Raytheon and similar companies. People that feel that they are doing the right work, and people who just don't think about it at all.

You might argue that they're a subset of the second group, but there are people who have thought about it but can honestly say they really don't care.

To quote Tom Lehrer on Werner Von Braun, "Once the rockets go up, who cares where they come down? That's not my department."

Who else would have to foresight to include embedded executable code and a javascript engine in a print document format?

It's even worse than that. Take a good look at version 1.7 of the PDF spec

From section 7.11.4.1 of chapter 13, which is titled "Multimedia Features"

If a PDF file contains file specifications that refer to an external file and the PDF file is archived or transmitted, some provision should be made to ensure that the external references will remain valid. One way to do this is to arrange for copies of the external files to accompany the PDF file. Embedded file streams (PDF 1.3) address this problem by allowing the contents of referenced files to be embedded directly within the body of the PDF file.

And worse yet, quoting from one of the descriptions of flags in table 44:

(Optional; PDF 1.2) A flag indicating whether the file referenced by the file specification is volatile (changes frequently with time). If the value is true, applications shall not cache a copy of the file. For example, a movie annotation referencing a URL to a live video camera could set this flag to trueto notify the conforming reader that it should re-acquire the movie each time it is played. Default value: false.

In other words, you can ALSO embed the LIVE feed from your webcam in a PDF document.

You could just go to your doctor and get prescribed a medication for ADHD.

Most of the ones that typically get prescribed are in the stimulant category, some of which are amphetamine-based.

Nope. Sorry. You fail.

It's active if someone actually had to act with intent.

If all they had to do is start a service that by default sent its output to syslog, that's definitely passive.

Besides, disk is cheap.

The Ramses works great... As long as the missile's radar guided.

Except, you know, for the lack of sand or other abrasives.

I assume this is more along the lines of what you were hoping for?

http://www.realtouch.com/
(NSFW)

If all you were able to do is listen to the network traffic, then yes, you're right.

But we're talking about a special case here, where the online banking is being done from within a VM. In that special case, malware installed in the host OS can monitor both the keystrokes and mouse events that are going to the VM in addition to the network traffic.

If I were going to write malware to try to steal usernames and passwords for "interesting websites", I'd wait until I saw network traffic to one of those sites, and *then* start logging keystrokes and mouse events. The fact that the network traffic is HTTPS doesn't matter. All that matters is *where* it's going, and HTTPS doesn't hide that. I don't care about the payload of the packets or what pages you're requesting. All I care about is the DNS name of the computer you're sending data to.

When the malware is installed in the same machine (real or virtual) as the online banking, you can log only the keyboard and mouse events that are beingg sent to the web browser and ignore everything else. What I proposed above allows you to further limit the data you have to sort through by only logging the keystrokes that are likely to result in data being sent to the websites I care about.

If there's a VM between the malware and the browser, you can no longer monitor just the keystrokes going to the browser -- you have to sift through *everything* that's being sent to the VM. But you can still use the network traffic to provide you with some context of what is likely to be interesting and what isn't.