Another question for Paul

Hi :-)

'Shadow' seems to think that he can visit this website *anonymously* to
download the softwa-

https://support.kaspersky.com/viruses/krd18

Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is?

--
David B.
Devon

On 07/11/2019 15:57, ~BD~ wrote:
Hi :-)

'Shadow' seems to think that he can visit this website *anonymously* to
download the softwa-

https://support.kaspersky.com/viruses/krd18

Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is?

I downloaded the ISO onto my Mac (Catalina) and was shown this message:-

https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0

I decided not to open it.


--
David B.
Devon

~BD~ wrote:
On 07/11/2019 15:57, ~BD~ wrote:
Hi :-)

'Shadow' seems to think that he can visit this website *anonymously*
to download the softwa-

https://support.kaspersky.com/viruses/krd18

Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is?

I downloaded the ISO onto my Mac (Catalina) and was shown this message:-

https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0


I decided not to open it.

Here's an example of some waffling on the issue.

https://superuser.com/questions/1184...e-or-cause-oth

So on the one hand, you have the theory that it's somehow
related to "It Came Off The Internet" flag, which is what
the OS marks the .ISO file with when downloaded. I don't
think that's a credible theory, because the message on the
screen should be different. Such a message should be related
to "immediately executable" content, which could endanger
the machine.

The other theory, is some fsck is being done. Well, why, and
at what level ? Does the ISO have a .dmg file on it, and
if so, how does the mounter know you want to open that one.
It should take clicking on the .dmg, for the mounter
to be "interested" in the content. A file format like that
should be signed for integrity. Then the error message could
say "Signature failure" or similar.

What does that leave ? Running an fsck on the ISO itself ?
Why exactly ? Is the utility clever enough to know all
layouts, including hybrid ones ?

mount -t ISO9660 ...

Sure, it could find a problem with one of the flavors
of content on the disc. (You can have several file
systems on an ISO, pointing to the same set of files,
and it's all, perfectly valid and commonly done.)

So that leaves taking the ISO to a capable platform, and
somehow determining the ISO is "good". Windows 10 has
a virtual DVD drive style mounter, and can do that
for you, even if the content on there is a .dmg
(DiskImage), and Windows 10 can't do anything with it.

It's possible 7ZIP can open a .dmg. After you right-click
it in Windows 10 and try "Mount".

Paul

On 07/11/2019 19:23, Paul wrote:
~BD~ wrote:
On 07/11/2019 15:57, ~BD~ wrote:
Hi :-)

'Shadow' seems to think that he can visit this website *anonymously*
to download the softwa-

https://support.kaspersky.com/viruses/krd18

Do YOU believe he can do so without Kaspersky knowing EXACTLY who he is?

I downloaded the ISO onto my Mac (Catalina) and was shown this message:-

https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0


I decided not to open it.

Here's an example of some waffling on the issue.

https://superuser.com/questions/1184...e-or-cause-oth


So on the one hand, you have the theory that it's somehow
related to "It Came Off The Internet" flag, which is what
the OS marks the .ISO file with when downloaded. I don't
think that's a credible theory, because the message on the
screen should be different. Such a message should be related
to "immediately executable" content, which could endanger
the machine.

The other theory, is some fsck is being done. Well, why, and
at what level ? Does the ISO have a .dmg file on it, and
if so, how does the mounter know you want to open that one.
It should take clicking on the .dmg, for the mounter
to be "interested" in the content. A file format like that
should be signed for integrity. Then the error message could
say "Signature failure" or similar.

What does that leave ? Running an fsck on the ISO itself ?
Why exactly ? Is the utility clever enough to know all
layouts, including hybrid ones ?

Â*Â* mount -t ISO9660 ...

Sure, it could find a problem with one of the flavors
of content on the disc. (You can have several file
systems on an ISO, pointing to the same set of files,
and it's all, perfectly valid and commonly done.)

So that leaves taking the ISO to a capable platform, and
somehow determining the ISO is "good". Windows 10 has
a virtual DVD drive style mounter, and can do that
for you, even if the content on there is a .dmg
(DiskImage), and Windows 10 can't do anything with it.

It's possible 7ZIP can open a .dmg. After you right-click
it in Windows 10 and try "Mount".

Wow. That's almost 10 years old, so obviously nothing to do with
Catalina!!! I'll think on it for now.

Your help, as always, is appreciated Paul. Thank you.

I expect there was a reason why you didn't answer my original question.

State secrecy, perhaps? ;-)

--
David B.
Devon

~BD~ wrote:

Wow. That's almost 10 years old, so obviously nothing to do with
Catalina!!! I'll think on it for now.

Your help, as always, is appreciated Paul. Thank you.

I expect there was a reason why you didn't answer my original question.

State secrecy, perhaps? ;-)

The premise of the first question is a bit silly.

It involves a lot of speculation.

The page itself is showing a yandex.ru URL, but that's
not something I would run into regularly, and yandex
tracking isn't as common a feature as Google and
Facebook tracking.

Your biggest exposure in terms of building a profile,
is using a credit card on a computer. That risks the
most real-world information. If his hard drive
has C:\users\Shadow , then the profile might exist,
but for the time being, is anonymous. Until you
do a credit card transaction, and then your
particulars could end up just about anywhere.

For example, Microsoft knows *exactly* who I am,
and any time I use a modern Windows, they'll know
it's me. And that's because I bought copies
of Windows 8 with a credit card. And that
provides the ability to correlate everything.
Even though most of the copies of Windows use
local accounts, they know when each one of those
connects to Microsoft, who I am.

The connection is much more tenuous for Kaspersky.
When I bought a product from them, it was *cash*
at the computer store. Rather than a credit card.
Because in the year I got that product, that's
how we got software, was boxed, at the computer store.
I generally never, ever, register computer software
in my name. The account name on the computer is
made up. But if I use a credit card, of course
there would be a liberal dollop of info to
hoover up. As soon as you do that on a computer,
you're "exposed". Now the odds become "non-zero".

The web page itself does not "guarantee" compromise.
If depends on how clumsy and careless you've been,
as to what they could conclude from a single
web page transaction. For example, if ten minutes
ago, you bought a copy of Kaspersky with a credit
card, then chances are, they'd know who you were,
just because of some cookie that was set. And that's
what I mean by "speculation" on the topic.

Building a profile requires a "thin web" of transactions.
Even the type of questions you enter in google.com ,
help identify in a general way, what you are.
("white male, 60, with health problems").

Paul

On 07/11/2019 21:20, Paul wrote:
~BD~ wrote:

Wow. That's almost 10 years old, so obviously nothing to do with
Catalina!!! I'll think on it for now.

Your help, as always, is appreciated Paul. Thank you.

I expect there was a reason why you didn't answer my original question.

State secrecy, perhaps? ;-)

The premise of the first question is a bit silly.

It involves a lot of speculation.

The page itself is showing a yandex.ru URL, but that's
not something I would run into regularly, and yandex
tracking isn't as common a feature as Google and
Facebook tracking.

I didn't think to look in the source code!

You are clever! ;-)

Your biggest exposure in terms of building a profile,
is using a credit card on a computer. That risks the
most real-world information. If his hard drive
has C:\users\Shadow , then the profile might exist,
but for the time being, is anonymous. Until you
do a credit card transaction, and then your
particulars could end up just about anywhere.

For example, Microsoft knows *exactly* who I am,
and any time I use a modern Windows, they'll know
it's me. And that's because I bought copies
of Windows 8 with a credit card. And that
provides the ability to correlate everything.
Even though most of the copies of Windows use
local accounts, they know when each one of those
connects to Microsoft, who I am.

Honest folk like you have no need to hide!

The connection is much more tenuous for Kaspersky.
When I bought a product from them, it was *cash*
at the computer store. Rather than a credit card.
Because in the year I got that product, that's
how we got software, was boxed, at the computer store.
I generally never, ever, register computer software
in my name. The account name on the computer is
made up. But if I use a credit card, of course
there would be a liberal dollop of info to
hoover up. As soon as you do that on a computer,
you're "exposed". Now the odds become "non-zero".

The web page itself does not "guarantee" compromise.
If depends on how clumsy and careless you've been,
as to what they could conclude from a single
web page transaction. For example, if ten minutes
ago, you bought a copy of Kaspersky with a credit
card, then chances are, they'd know who you were,
just because of some cookie that was set. And that's
what I mean by "speculation" on the topic.

Building a profile requires a "thin web" of transactions.
Even the type of questions you enter in google.com ,
help identify in a general way, what you are.
("white male, 60, with health problems").

I always enjoy reading your comments, Paul - they invariably make me think!

I appreciate that I may be mistaken, but I'm fairly confident that if
someone visits a Kaspersky website, no mater HOW careful they may think
they have been, then tenuous links will have been established.

That bothers me not one jot, but there are some folk on Usenet who
appear to be frightened of their own Shadow!

--
David B.
Devon