I am donating BadBIOS infected laptops, flashdrives, tampered live fedora CD, infected personal files (plain text files, MP3, PDF, jpg, tiff, doc), infected external DVD writer, etc. to any one interested in conducting forensics. I wrote threads on my limited ability to perform forensics in /r/badBIOS subreddit of reddit.com. My other threads are in other subreddits. Look at my submit history. My laptops were indicted, infected and implanted.
On Wed, Jul 16, 2014 at 7:19 AM, Bluelotus <bluelotus@openmailbox.org> wrote:
I am donating BadBIOS infected laptops, flashdrives, tampered live fedora CD, infected personal files (plain text files, MP3, PDF, jpg, tiff, doc), infected external DVD writer, etc. to any one interested in conducting forensics
Forensics is fine, I suppose, but wouldn't it be better to donate them to some organization that you don't like? The reelection committee for some politician you don't like, a lobbying group whose position you despise, or a charity which is conspicuous for high overhead might be deserving recipients. (Not on topic, but I never donate cash to charities or other not-for-profits. I've done various support work (as a paid consultant) for quite a few NFPs, including work on their accounting databases, and every single one had funny business going on with the money. Not necessarily covering up pilferage by corporation bosses, though there was some of that, but always overhead that was much higher than reported. And usually the total compensation of the bosses was much higher than reported, if you include non-trivial expenses like paid-for cars. I'm not interested in putting money in the pocket of someone with three times my income while they poor-mouth to get more donations.) -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
Dnia środa, 16 lipca 2014 10:41:34 Steve Furlong pisze:
On Wed, Jul 16, 2014 at 7:19 AM, Bluelotus <bluelotus@openmailbox.org>
wrote:
I am donating BadBIOS infected laptops, flashdrives, tampered live fedora
CD, infected personal files (plain text files, MP3, PDF, jpg, tiff, doc), infected external DVD writer, etc. to any one interested in conducting forensics
Forensics is fine, I suppose, but wouldn't it be better to donate them to some organization that you don't like? The reelection committee for some politician you don't like, a lobbying group whose position you despise, or a charity which is conspicuous for high overhead might be deserving recipients.
No. I feel an internal disgust at such an idea. Had you full control of the bugs/implants and could actually get the info/data out and then leak it to Wikileaks/whatever, then it would have a shred of sense, because you could use these tools as a force for good. The way it is, you don't have such control. So you would be giving these away to some orgs you don't like hoping this will get them in hot water with the NSA/the government. There are two scenarios here. Either you'd be de facto giving a present to the NSA -- and I don't feel like giving the NSA presents; or, it would be an org that works with the NSA, or at least is conducive to whatever the gov does -- hence, the implant-gathered data would not be used. Of course you could also hit a potential whistleblower within such an organisation, which would be even worse. Either way, a bad, bad idea. Forensics is the way here.
(Not on topic, but I never donate cash to charities or other not-for-profits. I've done various support work (as a paid consultant) for quite a few NFPs, including work on their accounting databases, and every single one had funny business going on with the money. Not necessarily covering up pilferage by corporation bosses, though there was some of that, but always overhead that was much higher than reported. And usually the total compensation of the bosses was much higher than reported, if you include non-trivial expenses like paid-for cars. I'm not interested in putting money in the pocket of someone with three times my income while they poor-mouth to get more donations.)
Sorry you had bad experiences. I work in an NGO that tries to be at least partially funded by donations, and it's fucking hard. We want to be funded by donations because being funded by grants or sponsors is always a "strings attached" situation, and we need to be as independent as possible. Employees here get decent, but not high, pay, and there are no perks like paid-for cars. -- Pozdr rysiek
The way it is, you don't have such control. So you would be giving these away to some orgs you don't like hoping this will get them in hot water with
On Thu, Jul 17, 2014 at 6:49 AM, rysiek <rysiek@hackerspace.pl> wrote: the
NSA/the government. ... Either way, a bad, bad idea
Oh, agreed. I was joking when I suggested spreading the malware. (People keep telling me that my (alleged) sense of humor will get me in trouble one of these days. Meh, hasn't happened yet.)
I work in an NGO that tries to be at least partially funded by donations, and it's fucking hard.
I'd say it's a case of the 10% making the rest look bad, but really, every single NFP whose accounting I've seen has had something to hide. It's not always excessive perqs for the bosses (and only for the bosses; one of the things to hide is just how much the boss's little extras cost while she tells the staff that there just isn't the money to give any of them pay raises this year), sometimes it's just the level of overhead. One person was telling me that they needed to conceal their overhead level because if they reported the actual level they would lose donations to "more efficient" charities ... who also were lying in their financials.
participants (3)
-
Bluelotus -
rysiek -
Steve Furlong