If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Another question for Paul
Hi :-)
'Shadow' seems to think that he can visit this website *anonymously* to download the softwa- https://support.kaspersky.com/viruses/krd18 Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is? -- David B. Devon |
Ads |
#2
|
|||
|
|||
Another question for Paul
On 07/11/2019 15:57, ~BD~ wrote:
Hi :-) 'Shadow' seems to think that he can visit this website *anonymously* to download the softwa- https://support.kaspersky.com/viruses/krd18 Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is? I downloaded the ISO onto my Mac (Catalina) and was shown this message:- https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0 I decided not to open it. -- David B. Devon |
#3
|
|||
|
|||
Another question for Paul
~BD~ wrote:
On 07/11/2019 15:57, ~BD~ wrote: Hi :-) 'Shadow' seems to think that he can visit this website *anonymously* to download the softwa- https://support.kaspersky.com/viruses/krd18 Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is? I downloaded the ISO onto my Mac (Catalina) and was shown this message:- https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0 I decided not to open it. Here's an example of some waffling on the issue. https://superuser.com/questions/1184...e-or-cause-oth So on the one hand, you have the theory that it's somehow related to "It Came Off The Internet" flag, which is what the OS marks the .ISO file with when downloaded. I don't think that's a credible theory, because the message on the screen should be different. Such a message should be related to "immediately executable" content, which could endanger the machine. The other theory, is some fsck is being done. Well, why, and at what level ? Does the ISO have a .dmg file on it, and if so, how does the mounter know you want to open that one. It should take clicking on the .dmg, for the mounter to be "interested" in the content. A file format like that should be signed for integrity. Then the error message could say "Signature failure" or similar. What does that leave ? Running an fsck on the ISO itself ? Why exactly ? Is the utility clever enough to know all layouts, including hybrid ones ? mount -t ISO9660 ... Sure, it could find a problem with one of the flavors of content on the disc. (You can have several file systems on an ISO, pointing to the same set of files, and it's all, perfectly valid and commonly done.) So that leaves taking the ISO to a capable platform, and somehow determining the ISO is "good". Windows 10 has a virtual DVD drive style mounter, and can do that for you, even if the content on there is a .dmg (DiskImage), and Windows 10 can't do anything with it. It's possible 7ZIP can open a .dmg. After you right-click it in Windows 10 and try "Mount". Paul |
#4
|
|||
|
|||
Another question for Paul
On 07/11/2019 19:23, Paul wrote:
~BD~ wrote: On 07/11/2019 15:57, ~BD~ wrote: Hi :-) 'Shadow' seems to think that he can visit this website *anonymously* to download the softwa- https://support.kaspersky.com/viruses/krd18 Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is? I downloaded the ISO onto my Mac (Catalina) and was shown this message:- https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0 I decided not to open it. Here's an example of some waffling on the issue. https://superuser.com/questions/1184...e-or-cause-oth So on the one hand, you have the theory that it's somehow related to "It Came Off The Internet" flag, which is what the OS marks the .ISO file with when downloaded. I don't think that's a credible theory, because the message on the screen should be different. Such a message should be related to "immediately executable" content, which could endanger the machine. The other theory, is some fsck is being done. Well, why, and at what level ? Does the ISO have a .dmg file on it, and if so, how does the mounter know you want to open that one. It should take clicking on the .dmg, for the mounter to be "interested" in the content. A file format like that should be signed for integrity. Then the error message could say "Signature failure" or similar. What does that leave ? Running an fsck on the ISO itself ? Why exactly ? Is the utility clever enough to know all layouts, including hybrid ones ? Â*Â* mount -t ISO9660 ... Sure, it could find a problem with one of the flavors of content on the disc. (You can have several file systems on an ISO, pointing to the same set of files, and it's all, perfectly valid and commonly done.) So that leaves taking the ISO to a capable platform, and somehow determining the ISO is "good". Windows 10 has a virtual DVD drive style mounter, and can do that for you, even if the content on there is a .dmg (DiskImage), and Windows 10 can't do anything with it. It's possible 7ZIP can open a .dmg. After you right-click it in Windows 10 and try "Mount". Wow. That's almost 10 years old, so obviously nothing to do with Catalina!!! I'll think on it for now. Your help, as always, is appreciated Paul. Thank you. I expect there was a reason why you didn't answer my original question. State secrecy, perhaps? ;-) -- David B. Devon |
#5
|
|||
|
|||
Another question for Paul
~BD~ wrote:
Wow. That's almost 10 years old, so obviously nothing to do with Catalina!!! I'll think on it for now. Your help, as always, is appreciated Paul. Thank you. I expect there was a reason why you didn't answer my original question. State secrecy, perhaps? ;-) The premise of the first question is a bit silly. It involves a lot of speculation. The page itself is showing a yandex.ru URL, but that's not something I would run into regularly, and yandex tracking isn't as common a feature as Google and Facebook tracking. Your biggest exposure in terms of building a profile, is using a credit card on a computer. That risks the most real-world information. If his hard drive has C:\users\Shadow , then the profile might exist, but for the time being, is anonymous. Until you do a credit card transaction, and then your particulars could end up just about anywhere. For example, Microsoft knows *exactly* who I am, and any time I use a modern Windows, they'll know it's me. And that's because I bought copies of Windows 8 with a credit card. And that provides the ability to correlate everything. Even though most of the copies of Windows use local accounts, they know when each one of those connects to Microsoft, who I am. The connection is much more tenuous for Kaspersky. When I bought a product from them, it was *cash* at the computer store. Rather than a credit card. Because in the year I got that product, that's how we got software, was boxed, at the computer store. I generally never, ever, register computer software in my name. The account name on the computer is made up. But if I use a credit card, of course there would be a liberal dollop of info to hoover up. As soon as you do that on a computer, you're "exposed". Now the odds become "non-zero". The web page itself does not "guarantee" compromise. If depends on how clumsy and careless you've been, as to what they could conclude from a single web page transaction. For example, if ten minutes ago, you bought a copy of Kaspersky with a credit card, then chances are, they'd know who you were, just because of some cookie that was set. And that's what I mean by "speculation" on the topic. Building a profile requires a "thin web" of transactions. Even the type of questions you enter in google.com , help identify in a general way, what you are. ("white male, 60, with health problems"). Paul |
#6
|
|||
|
|||
Another question for Paul
On 07/11/2019 21:20, Paul wrote:
~BD~ wrote: Wow. That's almost 10 years old, so obviously nothing to do with Catalina!!! I'll think on it for now. Your help, as always, is appreciated Paul. Thank you. I expect there was a reason why you didn't answer my original question. State secrecy, perhaps? ;-) The premise of the first question is a bit silly. It involves a lot of speculation. The page itself is showing a yandex.ru URL, but that's not something I would run into regularly, and yandex tracking isn't as common a feature as Google and Facebook tracking. I didn't think to look in the source code! You are clever! ;-) Your biggest exposure in terms of building a profile, is using a credit card on a computer. That risks the most real-world information. If his hard drive has C:\users\Shadow , then the profile might exist, but for the time being, is anonymous. Until you do a credit card transaction, and then your particulars could end up just about anywhere. For example, Microsoft knows *exactly* who I am, and any time I use a modern Windows, they'll know it's me. And that's because I bought copies of Windows 8 with a credit card. And that provides the ability to correlate everything. Even though most of the copies of Windows use local accounts, they know when each one of those connects to Microsoft, who I am. Honest folk like you have no need to hide! The connection is much more tenuous for Kaspersky. When I bought a product from them, it was *cash* at the computer store. Rather than a credit card. Because in the year I got that product, that's how we got software, was boxed, at the computer store. I generally never, ever, register computer software in my name. The account name on the computer is made up. But if I use a credit card, of course there would be a liberal dollop of info to hoover up. As soon as you do that on a computer, you're "exposed". Now the odds become "non-zero". The web page itself does not "guarantee" compromise. If depends on how clumsy and careless you've been, as to what they could conclude from a single web page transaction. For example, if ten minutes ago, you bought a copy of Kaspersky with a credit card, then chances are, they'd know who you were, just because of some cookie that was set. And that's what I mean by "speculation" on the topic. Building a profile requires a "thin web" of transactions. Even the type of questions you enter in google.com , help identify in a general way, what you are. ("white male, 60, with health problems"). I always enjoy reading your comments, Paul - they invariably make me think! I appreciate that I may be mistaken, but I'm fairly confident that if someone visits a Kaspersky website, no mater HOW careful they may think they have been, then tenuous links will have been established. That bothers me not one jot, but there are some folk on Usenet who appear to be frightened of their own Shadow! -- David B. Devon |
Thread Tools | |
Display Modes | Rate This Thread |
|
|