Posts by Kiwi 4368 publicly visible posts • joined 26 Sep 2011
That said, this bloke was either clearly not part of the best and brightest or made a very, very costly poor judgement call...
Or perhaps, just perhaps, they want people pointing at "NSA incompetence" and laughing.. While the NSA competently has their way with the data.
(El Reg, another vote for a tin-foil hat icon!)
If Kaspersky has the ability to detect the NSA snooping tools, then the detection of these tools would have occurred as soon as the tools were copied to/installed on that laptop/desktop. Independently of the MS Office key crack. This makes the whole tangent about the MS Office key crack pointless.
You do realise that one can install two OR MORE bits of software/data on a computer at one time, right? Or is that beyond your comprehension?
TFA says that Kaspersky was disabled on the machine for some weeks. I could install whole terrabytes of data in that time! Imagine! Incredible!
Which begs the question: how does Kaspersky know what to look for, and upload their find to Russia?
If you don't know how AV software works, you might want to skip commenting on articles about it. Maybe reading the article again would give you a few clues, but I suspect you're a bit beyond that.
We need an activation routine now OFF2010 and beyond...
Are you sure about that? Really?
Oh? Well what about everyone else? Especially those who've got experience at hunting for software+keygen on torrent sites?
(I have seen functional "keygen" tools for Orifice 2k10, most of but not all tripped AV and the ones that didn't trip AV appeared to act like they were perfectly fine. The customer was also told that their keygen was deleted as part of our normal cleanup processes (MSSE (never before noticed it sounds almost exactly like "messy"...) picked ALL keygens for MS software as malware. Also did the same for any files that were text with lists of keys in them IIRC, so not proof the keygens were harmful but definitely (as far as MS is concerned) fall into the "unwanted program" camp). (have I used enough ")" to be mathematically correct?))")")"?
It can run your legacy *Nix stuff too.
I run *Nix stuff because I want security (not just in the malware sense but that my OS will stay the same and my apps will remain), privacy, reliability and speed.
None of these are available from MS, not even in their much rootedtouted "store".
Indeed, running the initial .exe may pop up a window asking you to disable any anti-malware software you have installed.
So glad no legitimate software out there suggests that users turn off their AV. Why, that would be a big warning to someone that nefarious doings were afoot, and they should stop their activity forthwith!
</sarc>
:( So sad that there is so much software, from drivers to browsers to, well pretty much anything I guess, that suggests you should disable AV during the install. How many users now expect that as normal behaviour, when even legitimate programs ask for it? :(
Not to mention that there shouldn't be any data that you care about outside of the default locations.
So.. You shouldn't have backups because e:\backup is not a default location?
Why should it matter where I stick my data? Or is MS still a bit dumb in the concept of not everyone does everything the same?
"You call "You do not have permission to access this (file/folder/drive). Click here to permanently get full access rights" 'rock solid'?"LOL @ complete lack of understanding of ACLs. To be able to do that you need admin rights, AND the admin account needs to have rights to "take ownership" to the files in question.
You're an MS shillsupporter and you challenge others on security?
And no, you clearly have a complete lack of understanding of MS's complete lack of security. I'm talking a LIMITED account with no admin rights on a Win7 (and I think I've seen this on 8) where the kids wanted to access something in another account (admin or not), they click the folder, get told they don't have permissions "click here to permanently get permission to access this folder",
We're talking home users so the MS craptastic and generally rather broken ACL's don't exactly come into it do they? Default MS settings, to be as insecure as possible and and when that's not insecure enough, to automatically and permanently give full access to whoever asks.
Upvoted you cos you talk sense - however one of the reasons I can't make the switch to Linux is it breaks my workflow.
Thanks :)
I switched slowly myself. I started it on some serverstuff I was doing, and slowly moved it over. I had some type of terminal program (maybe cygwin) that would led me ssh into the server. I started using it more and more with Ubuntu 8, and IIRC for a while I had the ultimate in dual-boot - 2 computers side-by-side!.
What sold me was the first time I went to use my epson printer/scanner on Linux. Stood up to turn the printer on, sat back at the computer, and there was a prompt saying it was ready. No driver searches, no wait while the OS finds drivers, just done and ready to work.
Of course, back then computers were a tiny fraction of my normal working life, so I had it easy.
(Oh, and as I said I still stick with something Gnome2-like because that's what I like - I'm comfortable in KDE and Cinamon, but the UI on the latest Fedora also made it my shortest-lived VM :) )
I'm keeping my fingers crossed for no major UI changes in Windows. Just clean up the rough edges still hanging around after the 8 debacle. Its not friendly having both the old XP / 7 interfaces and the new 8/8.1/10 interfaces popping in randomly. The new ones suck pretty hard for anything except basic on/off switches.
Yeah they do waste a LOT of screen real estate! Efficient UI design DOESN'T involve having 3 words and one on/off slider per screen!
Finally got the update installed. Bit busy and the numerous reboots booting into Linux when I'm not there to tell it not too slowed me down.
One of the reasons I seldom boot into Windows anymore. It will've decided some driver needs changing, or I've made a drastic hardware change like put the mouse in the wrong USB port (the one I plugged it into last week instead of earlier this week) or some other event that so seriously affects things that it wants a reboot. And when I reboot it takes a few minutes for Windows to shut down (I love showing off 11-15 second shutdowns in Linux with a ton of programs open!) so I wander away, hoping to be back to catch it.
I found Grub Customizer, which has let me set the Grub time to 5 minutes (I would love a don't automatically boot OS option), so at least I have some hope of intercepting the normal boot-into-Linux and letting Windows start the next stage of it's 5xrebootforminorchanges cycle.
Nice to know that network shares can be protected. Don't suppose the system defaults to protecting stuff though does it?
"Except here the group policy disables UAC as the C-Level kept complaining about the pop-ups..."You let USERS have admin rights?! And then disable the safeguards?! Good luck with staying in business...
Typically, if you don't let C-level types have their way, they send you on your way.
"You mean that thing that's on the screen briefly before the user clicks the "make it go away!" button?"Only if they have admin rights. Most corporate users wont. This cant beat a determined idiot with admin rights, but it's a good start....
I suspect there may be some management issues there as well.. (ie manager demanding certain things be allowed which shouldn't).
Genuinely curious. What's wrong with Comodo?
Maybe some here don't like it because the initial setting up is (was - last time I used Comodo was in 2008 before I went to mainly Linux) a bit annoying. All that thinking!
Not like the Windows firewall, which may or may not be turned on (you can't be sure) and just does it's thing, quietly letting anything and everything through protecting you from all them nasties! (at least that's what the marketing dept claim)
I'd also love to hear someone suggest flaws in Comodo, as my memory of it is good and I may end up suggesting it to someone stuck with Windows - would hate to make their machines even less secure!
Not on Windows they don't.. Deny always overrides any access. I have done hundreds of tests as part of a compliance project on various Windows versions and its rock solid.
You call "You do not have permission to access this (file/folder/drive). Click here to permanently get full access rights" 'rock solid'?
I've performed thousands of test, and found the Windows security model... Actually, no that's not true, I've never found the Windows security model because it does not exist!
Not worth persisting with to protect your actual-data then, just because one thing got blocked?
A big part of the hate directed at 8/8.1/10, a big part of the reasons given why people resist switching to secure OS's etc etc is that it "breaks their workflow".
People tend to hate things that make their jobs harder. Many also like a new feature and want to use it, but until they get the time to get it working right they turn it off.
Somtimes time is worth more than faffing about with MS settings and fighting yet another change to the way Windows works. Also why I use Mate instead of other systems - I like functions Gnome2 had which were removed in 3.
"It does need to be ran as Administrator, but that's trivial to work around."How is that trivial to work around? Users on Windows 10 won't have admin access without at least a warning prompt to elevate access.
You mean that thing that's on the screen briefly before the user clicks the "make it go away!" button? Or the one that defaults to the "allow" button being selected, which gets "clicked" when the user presses their space button. Which is not very often really, only every 4-5 characters typed or so....
Not knowing how the permissions mechanism works, but my plan to defeat it would be 1) to bombard the user with prompts (making the reason sound safe enough, eg "Mostwonderousfreebackup.exe needs to access your data to protect it, allow (yes/no)?" in the expectation that they'll hit "yes" (what turned UAC into just another Useless Annoying C...) or b) use a trojan that acts much like A.
Now, a versioning system that can detect wholesale changes to user's files and maybe take action (without having a simple yes/no prompt the user can make go away quickly but something that sticks around and explains itself fairly carefully - no I don't know how this can be achieved sorry!) , and make sure that the previous copy of the user's files cannot be touched - that would be good. Of course a quick defeat to that is to fill the HDD with stuff so there's no space left.
Maybe the versioning software can send the file that's making the changes back to HQ (and other places, ie competing AV firms) for analysis, and hold it's execution till cleared?
Unfortunately any security system that requires the average user to select "no" several times a day is doomed to failure.
And when that's done what happens to the sensitive personal financial data left on the storage devices?
Surprised at the number of downvotes on this!
Quite a reasonable concern that the data is going offshore, and we know that the best systems have failures, so highly sensitive data could be left around (even if there's a mandate the disks are physically destroyed, some (many?) will "wander").
Have one of these to take your mind off the weird downvoters! (cue some more for my tally as well :) )
The extra capacity can be (automatically) switched off and forgotten about as soon as they are no longer needed.
Just a thought.. What does that mean for data protection? I'd hazard a guess that people's tax (especially for businesses) is extremely sensitive information.
Should it be going to a foreign government, especially one not exactly known for keeping its nose out of other people's business?
But it's still sandboxed by default and it warns you before you do that. If someone random sends you a Word document and tells you that you need to view tracked changes, and you do it, the problem is not with Office...
And it doesn't bother you that, by your own admission, viewing "tracked changes" is a vector for malware?
What do they put in the water at MS HQ?
But look at the number of anti-virus suites we had to have in those days?
Thunderbyte, F-Prot, Norton AV (pre Symantec I believe, when they were actually able to detect a virus!), McAfee, Avast, AVG, Avira, BitDefender, Dr Web, ESET, F-Secure, Kaspersky, Sophos, Trend Micro - all were around before 1998, some of these firms before 1990.
I've got a feeling I've actually barely scratched the surface of what was available in 1997.
We had a lot of AV suites back then. A BBS SysOp could spend a hell of a lot of their time playing with them just to decide what they'd have on their system and what they'd reject. That's how come I remember so many of them (damn I wish we had VM"s back then!)
Far more people have been killed or injured by using the aforementioned than a computer, but I'm sure you are so superior you understand fully how to set up ladders safely and when to revert to scaffolding.And did you inspect your car tyres this morning? Thought not.
Well, actually... I also know when NOT to use scaffolding even when the regs say it must be used! (ok, but NZ safety regs basically say if you want to work at 1m or higher you need full harness and all sorts of other protection - just about bad enough that a electrician kneeling on the floor to work has to have safety harness attached nearby).
And yes, actually, I did inspect my tyres this morning. Need 4 new ones sometime in the next month or so, maybe 2 since Christmas is coming up. 3 of them could be used as mirrors! (joke - for the humour impaired)
How can I get malware like this? I want to play in this world of lost data and having to use "bitcoin" and so forth, but I'm not allowed to.
Linux just won't weaken up the security, and LO doesn't have these security bugsfeatures.
How can I play these games? Am I forever to be bored by my nicely secure system? :(
I am upset/angry to the point of very irrational behaviour, and/or I no longer care about the damage I do while expressing my dislike of the world at large.
A police officer wearing a camera approaches me. Am I
1) Going to suddenly find a way to act rationally and calmly, and settle down, or
2) Going to at best remain the the same state, or
3) Find the presence of the officer as yet another aggravating factor (with or without noticing the camera).
In some cases 4) Want to destroy the evidence housed on said camera.
In some cases 1 may be possible, but then talking to the person calmly might also be enough to change the situation. Where a person is deeply fearful or angry or otherwise upset, the presence or absence of a camera will make little difference.
OTOH, at least - if said cops can't "accidentally" delete footage or "forget" to turn on said cameras, having them recording video and audio would be something people could use in court when the cops step out of line. Somehow I feel a complainant might have a hard time getting a copy of footage that shows the officer to be acting up unless they take such footage themselves. And manage to take it without coppers confiscating their gear, even when being used perfectly legally.
IMHO team development is only a good thing for people who prefer management to coding and to be frank a excellent programmer doesn't need managing at all.
Are you pottything, or that idiot from GRSecurity? Same arrogance anyway.
How can one person keep up with the changing hardware, changing OS, changing tools, and changing software environment of a machine, and still write complex code?
Here's a tip you've missed - a lot of stuff written for DOS will not work on WIn 10. Nor will a lot of stuff written for Windows XP. Or even 7. API's have changed, some removed. The hardware has changed (not always an issue at the application level), the OS API's are different, the look of the software (window decorations etc) have changed just in the last few years.
So.. Prove that one person can write an entire OS, application suite, and build the hardware - and ship it 100% bug free.
If your coding is like your grasp of English........
I see posters here suggesting that complex projects demand "team" development when the reality is that it is just cheaper to get in a few people who know what they are doing and a lot of amateurs who need to be told.
That would still be what is commonly defined as a "team".
The sad truth is that there are programmers who can code without allowing any errors in the final product and then there is the majority who have been programmed to believe it doesn't matter.
When I did data-entry work (for a short time between other jobs, was a terrible desperate time!), a typing rate of 90% accuracy was considered very good, and I think you were employed if you could top 70%. At 90% that means you average 1 error in every 10 characters! Now, my typing accuracy is much better than that - I've touch-typed this paragraph with the first error being the "U" in "touch" being missed. That was 326 characters without error (I also missed the 2nd C in "characters", both cases not hitting the key quite hard enough). So at this point 3 errors (next was hitting "p" instead of "o" in "So", 612 characters with 3 errors.
To type a tiny program with 1000 lines of code, averaging 100 characters per line, is 100,000 characters. The odds of any human doing that without a number of typos is 0. No matter what you claim your typing is not that good, there is no one who can type at a reasonable speed and get it right.
Some of the errors will be quickly picked up by the compiler, eg if you have a variable named "mycodeisshite" and in one case you type "mycodeisshit" the compiler should get that. But a lot won't be, say you mean to type "13565236734727" and you type "13565237634727" instead, in a constant, neither your compiler nor your eye will pick that up until you're having real problems and very closely look at the code.
So by this point I've already proven that either your code makes a "hello world" program look complex, or your code has bugs. You may get most of them before shipping, but unless your code is very trivial you're stuffed.
My last program was 603 lines of Pascal, including comments. It was a simple console .exe to clean up a minor failure in a customer's system, seeking a string in certain file names and removing that string. From what I know the "shipped" version was bug-free, however it was only executed 3 times once complete - a test run by me on sample data, the actual run on that customer's machine, and another run on another machine with the same issue. I designed it in an hour, and built it in a weekend with a few bugfixes in the process. By most standards this really is a very trivial program. I have no idea how many lines of code a graphics driver has, or the kernel of an OS, but it is far beyond what one person can do.
Add in development tools that are themselves insecure and management who value only getting the product out the door.
True there are issues with the build tools (as I mentioned, another reason why your code cannot be perfect). And also true there are managers who want products shipped as soon as possible, however repeat business comes from having a product that's good enough - if your customers really hate what you're doing then you're not getting them back.
It used to be that if you wanted a computer based solution, you went to a guy who built the hardware, software basically everything from scratch, if he had to get help then clearly he was the wrong guy. Now we roll out "qualified" developers who could not build the hardware, have no clue how to write an OS and need a existing development package to write even just an office suit. How can anyone doubt that trusting these guys is a bad idea.
And here we need that steaming pile of bovine excrement icon. Even Turing had a team helping him out, and before them - before he was born even - a lot of work went into stuff that he learned and built from. If Turing hadn't had his team then his machine would never have worked, certainly not in time to crack Enigma anyway. It was someone else who gave him the idea to look for the common element (the weather report IIRC, though "heil hitler" also springs to mind).
If you're referring to "building the hardware" as actually from raw components (rather than building a PC consisting of already-assembled mobo, already built CPU etc etc) then there is NOT ONE PERSON in this world who could do that. One person can build a CPU, true, it has been done not long back. However, that CPU is very large and does not have the power of even the least of the smart phones.
I'd love to see a citation of where one person could do the lot, build the hardware and write the software. Even in the Vic20 days that would've been difficult, if not impossible for one person to do. Maybe back with some of the more simple kitset computers that blinked a few lights.
You could blame the education system, the employers the users or you could just accept that unless you are that guy then you are an imposter, you are the reason for the "bugs" and vulnerabilities, simply because you do not know better. Better to have given matches to children.
Actually no, I think the few people out there like you are the problem. Really, you can, on your own, code an entire OS, plus application suite, plus build the computer - and all of this non-trivial and secure and bug-free?
Absolute rubbish. But I'll call you on it and give you a chance to prove yourself - what code have you released that is not trivial and bug-free? What OS have you written? Afraid you'll have to kill your AC and provide verifiable links (I'll accept you passing the info to staff at El Reg (since they can tell who you are anyway) and have them check your claims and simply come back with a "Yes, AC has actually done this" or "No, AC is telling porkies")
Icon --> Always looks to me like a homeless guy sniffing a tube of some sort of glue. Brain-damaging drug use seems appropriate here.
""El Reg - an icon that represents a steaming pile of male bovine excrement would be much desired.""Maybe a competition is in order for a new row of icons?
I've probably suggested enough for a couple of rows in the last year or two!
But I agree, something to get the team/commentards working for at least one row! (would like to see some of the older ones make a comeback as well)
(I also, when I screw up the tags in a post, would love to see a highlight in the approximate area of the invalid HTML, or when invalid stuff is detected colour-coding the bits it can figure out :) )
My code has never been exploited and has never needed any updates, this simply because it was bespoke i.e. different for each customer and all written with the old computing definition of security in mind.
So... No repeat business, code insignificant enough that errors in the compiler aren't triggered by it, insignificant enough that changes to the OS don't cause any issues with it. Oh, and insignificant enough that ONE person writes it.
I can understand a lot of the bugs with MS stuff - their code has to support quite literally MILLIONS of possible hardware configurations. On top of that, there are millions of software configurations as well. The interaction between different bits of hardware or software, especially on complex programs, and sometimes that can throw up some serious surprises.
Of course, if you really did write code like you want us to believe, you'd know that what you have in your test environment may not match what your customer has in their RealLife environment, and any changes to their RL environment could well result in changes to the function of your code. Also, no matter what coders think to test for, no matter what we think is a "so stupid it will never happen", RL invents users who, on the first time just looking at your software, manage to break it in ways you never dreamed possible.
And that's before the next lot of updates to the OS, or other running software (what about all those deprecated system calls, API's that no longer exist, DLL's that have changed name or location on disk etc etc etc etc etc etc etc etc etc etc etc?)
El Reg - an icon that represents a steaming pile of male bovine excrement would be much desired.
"Any Theory and even Laws must be constantly questioned if you are a real scientist, that is how we discover new science!!!"Yes if the evidence doesn't match the Theory.
Funny you say that, and yet you support the "climate change" guff?
I said this a couple of years (or more) back, and it's still the same today. I can go to various beaches around the area (example Petone beach) and the sea level is basically unchanged from the late 1800s or early 1900s when the wharf was built (may've been 1907, you can have fun with a search engine).
Mean and max sea levels are the same as back then, slightly changed since 1840 (but then in 1840 things changed very suddenly and significantly at the time).
Yet the "climate change" stuff we were being fed not that long ago said we'd have sea level rises of several metres by now, and I'd drown if I tried to stand on the roof of the tallest building in the area without scuba gear (IIRC one quote was along the lines of "Need scuba gear to stand on the World Trade Center")
Oh, of course. I forgot. It's "Isostatic rebound" which magically exactly matches the rate of sea level rise. Sea level has risen 10m in the last 20 years, but the earth's crust has also miraculously risen by the same amount! Anyone who believes this stuff and also wants to put down Christianity should wonder much about their own mind.
Ah, so you're a climate science denier.
Nope, I don't believe in the IPCC stated reasons for climate change, and especially their much-touted "solutions" that will fix nothing for the mere cost of making things worse. Climate is changing, the rate, causes etc and what the IPCC claim are mutually exclusive.
If you liked denying climate science, you may also like:Denying evolution
Unproven constantly changing "theory" that has been shown time and again to be rubbish - by people who can understand science and aren't scared to actually promote truth over the other stuff.
Homepoathy
Crystal healing
They're in the same category of "science" as "evolution".
Donald Trump
He makes evolution-believers look sane!
This could potentially be a way of dealing with unknown UDP services, since there usually isn't any reliable way to tell what's listening to UDP ports from the outside. For TCP you can just do a normal port scan and kill anything that appears. I doubt it will randomly start running new services on its own (except if you count things opened via UPnP), but you never know with crappy consumer gear...
That's my thinking as well.
This is a Thomson (speedtouch) one provided by a telco that is well known for taking great gear and hobbling the crap out of it (not as bad as Vodafone seem to be these days though, neighbour has a Huawei rebranded cable router that has a setup that lets him see his IP, configure his WIFI SSID and password, and that's it - can't even change the IP range of the DHCP!). Fortunately said telco forgot to hobble the ability to re-flash, so it has OEM firmware on it now (no updates for a while though).
It has one feature I've not seen elsewhere (and cannot think of the feature's name for the life of me!) - if I try to visit my URL from within the home network (ie I have www.example.com registered which points to the home IP) then unlike most routers which just stop with a "domain unreachable" type error, this one works out that you're trying to reach the web server sitting behind it and routes traffic appropriately.
I've tried a few other routers which don't have this feature. I can work around it by setting up a separate internal DNS server, but it is a nice function.
(First time I tried to set up a router for port forwarding I had no idea about this limitation, and was struggling for hours trying to work out what was going on, why my server wasn't being seen - then some helpful hacker who'd found a FTP server visited while I was tailing the server logs, so I realised the system was accessible from outside, which led me to learning that you couldn't visit the URL from inside... )
The link you use to connect can be back-hacked to pwn you.
[non-fantasyland citations needed]
That's how drive-by and watering-hole attacks work.
No no no NO
Drivebys work by infecting a web page with a file that will be downloaded by the browser (because it's part of the page's resources) and executed by the browser's systems (eg java (if you have it installed) or javascript handlers). You cannot force any extra stuff through the connection that's not part of/required by the originating page.
Get off those drugs (but please tell me what they are, I might want to do some travelling to weird and scary places sometime) and get into the real world.
To protect against mass attacks like these, all you have to do (regardless of vendor, model, or any patches) is make sure it doesn't have any open ports to the outside. There are SOME exceptions to this (and UDP services and such can be hard to spot in a scan), but it's a damn good start.
I've often done something slightly different to that.
While my router seems fine now, I cannot be absolutely sure that there is nothing lurking in the background yet to be discovered. The ports for telnet, ssh and a few other common things that I am NOT intending to use are therefore redirected to a non-existant IP address (ie something outside of the DHCP address limits within the network).
My thinking is that someone from outside the network trying to access the router will try common ports, find them open but nothing responding (thus tying them up a little longer) before moving on. If my router does turn out to have a vulnerability, then you cannot reach it from telnet from outside anyway as the router has no ports listening for telnet.
If this is a bad idea, then please let me know why (preferably with citations - not all commentards are as clued up on current practices as we think we are! :) )
(I must someday sit outside and run a full scan against it and see what appears to be open and check that off against my list)
"... website owners to declare approved origins of content that browsers should be allowed to load ... "says the standard. That means website owner can allow whatever (ads, malware) they want without asking me.
The key you might've missed is basically every site creator/host already does this
The point of CSP (at least as I understand it) is to say "the owner wants data coming from theirdomain.com and clodfool, anything else (eg google analtics or scummymalwaresite.com) is NOT ALLOWED. Thus if someone manages to change the content of the page to serve up some other stuff, well, the system tells your browser what is allowed, your browser sees what is offered is not on the OK list and stops loading it.
ICBW of course.
The content of the reports is another matter, but most of the data that is in them would, I assume, be available from logging - especially your IP, session cookies, pages visited etc (assuming that level of logging is turned on)
If the site has an XSS vulnerability then the report would inform the site owner who could take action to fix the underlying cause.I would expect a website owner to test their own site for XSS exploits before opening it to the public. Not to use their users as guinea-pigs - actually, canaries would be a better description.
A 0day is found in Apache under Linux, allowing an attacker to modify the content of pages served by the site (or faulty cpanel or faulty wordpress or faulty FTP server etc etc etc etc).
But hey, you don't need to worry about the content on the site changing, because the site's creator checked for XSS exploits before uploading. Having another mechanism to help secure sites/the data they send because the content creator already looked it over.
(Given the large number of site makers who have little to no idea of anything technical, and create the sites with WYSIWYG tools, via various content managers etc.....)
I doubt my data contain information that would be of interest to anyone besides myself .
The only way I could know if your data is not of interest to me is to go through ALL of it to check for anything that might be of interest.
And where you've signed an agreement giving the other party rights to use as they wish, including to make money from and make derived works from in perpetuity (Maybe not MS, but have you checked Hotmail's T&Cs closely? LinkedIn, Google, Flickr and others DO have that in their - by placing stuff on their site you give them the right to use your work, sell your work etc forever)
Many years ago the author of one of the popular messaging programs for Fidonet released the source code for his software. The next day he changed his mind, but it was to late. Once the private data is released it is gone from your control. Even scarier, MS says they'll trawl your files for stuff that is of interest to LEO (at least anything on OneDrive) - if you're starting to take notes for a novel perhaps about terrorism or maybe some ideas on a murder mystery or any number of other things, what if they take it out of context? Or perhaps they just go over it to build a psychological profile, which of course will be far from accurate as those things usually are - what if in their psychologists opinion you're a dangerous person because they're only handed documents you did as a homework assignment for a writing course?
Keep your stuff private, only let out the barest minimum. Once you have lost control of private information it is lost forever. As the old saying goes, never put on the internet what you don't want shouted from the rooftops.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
