The blog of content protection

Do you want to add a digital watermark to your personal pictures or audio records? The MyDRMspace site offers such a free service free (although in the terms of use, there is a possibility to charge).

Polish developers and entrepreneurs opened this site in 2009. Once registered, you can upload a photo or a piece of audio to the server. Then, you enter information related to the file and mydrmspace will add a watermark to it (signature in their vocabulary). Of course, you can upload a file to check if any watermark is present. If the watermark is present, then mydrmspace will point to the corresponding information.

The developers had the bright idea to offer the infrastructure as a platform for watermark designers. Any watermark designer can upload his/her embedders and detectors (so called coder and decoder on the site ) Then the public may use this technology. In other words, when uploading to mark, you can choose the embedder (coder). I have no clue on which criteria, normal users would use one technology rather than another one. The most probable would be that normal user would choose either the first one presented or the most popular one. When checking a file, you have to select the right detector (decoder).

Unfortunately, they seem not to have tremendeous success. There is only one audio watermark technology available and two image watermark technologies (from the same author). The place holder for video watermark is empty.

I have not tested if the watermarks are robust.

Do you know any similar site that offers free watermarking service?

Thank you to TF for the pointer

On November 2009, Amazon launched a new payment mode so called PayPhrase. The idea is simple. You associate to your profile a passphrase, i.e. a sentence with at least two words (more than four characters) and a 4-digit PIN. The payphrase is linked to a shipping address and a payment method. Would you like another shipment address, use a second payphrase.

Amazon offers this service forother sites. The other sites will validate the information throughAmazon but will never have access to your personal data neither to your credit card data. The basic assumption is that you trust Amazon to make a clean work in securing your personal data (which seems a reasonable assumption)

Of course, Amazon expects to become a competitor to established payment methods such as PayPal.

Is it serious? Well, I have spotted one funny issue. How do I define a payPhrase?

Create an original PayPhrase yourself, or choose one of our suggestions. Once you have claimed a particular PayPhrase, it can’t be claimed by anyone else.

The unicity of the payPhrase shows that the idea is that you replace your identity by the payPhrsae and the authentication is the PIN. This means two things:

• The latest incomers may have some trouble to set up an easy to remember payPhrase because the most trivial will be used.
• People will use the most trivial ones

And this last one is the fun part of the game. Try to find a trivial payPhrase and check if it is active. Then, you may try a DOS for this person by trying many PINs until it is blacklisted.

I tried my favorite trivial passphrase “Trust no one”. Guess what? It belongs to somebody of Portland paying with Visa! I did not try the PIN.

Lesson: Some design decisions may have “funny” side effects.

Some students have released a version of Tor for Android phone. Tor is the most known anonymity system when using the Internet. In theory, through a complex routing scheme, it is impossible to trace back the issuer. With TorProxy, you can now anonymously surf on the net with your Andoid mobile phone.

The open source product is available at http://www.cl.cam.ac.uk/research/dtg/android/tor/

I recently stumbled across a useful site for increasing security awareness. The Password Strength Checker evaluates the submitted password. The use is intuitive.

Sure, when a password is declared as strong, then it is strong. I played a little bit with. I discovered that my Firefox master key was 74%, my account password was 70%, and my password for this blog was only 30%!

When examining the poor result of this last password (rather long), I find that I was not in total agreement with the rationales of the penalties. Consecutive upper case letters, lower case letters or numbers are “penalized”. Intuitively, I would think that systematically you recommend to avoid consecutive upper case, lower case or numbers would give an advantage in brute force. If I select a upper case, then in brute forcing next character, I would avoid to use an upper case. It reduces (slightly) the space of passwords.

Nevertheless, a nice useful tool.

I just read about KeyLemon, a company who offers face recognition based login to Windows XP for less than 40$. They have a trial version. For fun I decided to try it.

The installation was straight forward. It used my webcam. When registering for the first time, it became touchy. The software wants you to be in a given relatively precise position.

Instead of your typical login screen, you have a screen who displays what the webcam sees, and a field to possibly enter your password. Once it recognized me (after a few seconds), it logged on without any problem. Now, the funny part, let’s push slightly the limit. I registered with my glasses, because I work without them in front of my screen. When I tried with the glasses, it did not recognize me. OK, let’s do it without the glasses.

Of course, you all already though about it. I took a picture of me with the webcam and printed it on the color printer. YES!!!! It recognized my picture! That’s really bad! An easy way to impersonate.

Then, I decided to comb my hairs (those who know me will understand ) It did not recognize me. Ouf, my picture works.

Then, I decided to train better the tool (after 20 cumulative training with glass or not, comber or not), it did perform worse. Gracefully, there was still the field to type the password in.

KeyLemon is a funny tool but not a secure tool. Don’t trust it. Interestingly, the announced advantage

Stop wasting time entering your password

I’m not sure who would win the race

Stop remembering your password

No!!! What if it does not work correctly.

The only funny feature is the lock of the computer once it does not see you anymore in front of the screen.