Security Newsletter 21

Posted on March 27, 2012 by wunderbarb

The 21rst Technicolor security newsletter is now available. Molva Refik (Eurecom) is our guest. The news that did trigger our interest were some consequences of the patriot act versus the cloud, an attack on Internet ads, TOR used by pedophiles, a weakness in XML encryption and of course Duqu. Patrice analyzes the attack on WPS, while Stéphane explores the Carrier IQ disaster. And a very deep dive in the protection of 3D CGI objects (encryption, watermark…)

I hope you will enjoy reading it. if you want to subscribe, send an email at security.newsletter@technicolor.com.

Past issues are available here.

The Pirate Bay and 3D objects

Posted on March 15, 2012 by wunderbarb

Would you like to have a Guy Fawkes mask (currently better known as Anonymous mask)? If you have a 3D printer, it is easy. Just ask the Pirate Bay. The Pirate Bay, the flagship of P2P sharing, recently added a new category of torrents: physibles. Physibles are files that describe a 3D object for 3D printers. In other words, the Pirate Bay proposes a category for sharing 3D printable objects.

With the advent of 3D printers, we could expect soon to see copyright infringement for 3D shapes. This is the first sign of such trend. It will take time before 3D printers become mainstream. They are still expensive. But once they will become cheaper, then it will be a new battle field for anti-piracy and anti counterfeiting.

Funnily, next issue of the Technicolor Security Newsletter will feature a long article on how to protect 3D CGI object. The Pirate Bay demonstrates that it will be needed in the future.

Is Google moving towards paid distribution of content?

Posted on February 28, 2012 by wunderbarb

End of 2010, Google acquired Widevine. At that time, I was forecasting that the acquisition of a DRM provider was the preparation of paid distribution of content. This prediction seems to be correct.

Thursday, the Wall Street Journal reported that Google asked the authorities the rights to offer a paid video service.
Previously, analysts at the Bernstein Research made predictions that soon Google would offer a pay TV service.

The initial trial would occur in Kansas City.

Apple, Google, Amazon: the future giants of content distribution?

UV has reached 800,000 accounts

Posted on February 23, 2012 by wunderbarb

The industry analyst company IHS has claimed that UltraViolet (UV) has reached 800,000 user accounts in the US. At CES 2012, UV announced to already have 750,000 user accounts. Each account has in average 1.25 titles. This low value can have several explanations:

The catalog of available title is currently small (I found last week about 30 BD titles on Amazon which could be redeemed). Most probably, the majority of new released BD titles will be UV ready
The first UV title appeared only end of 2011 (Warner’s Horrible Bosses). In view of this short period, 800,000 seems impressive to me.
Many people experiment. If ever you purchased a BD/DVD that is UV ready, why would you not try it. Its for free.

The interesting trend to monitor is the number of average titles per account. As more new titles will be available, this will show the people buy-in to the concept. If the depth increases, then UV may become successful.

PST 2012

Posted on February 20, 2012 by wunderbarb

Usually, I do not make advertisement for conference and call for papers. But for Privacy Security & Trust 2012 (PST 2012), I will make an exception. If you go on the site, you will understand easily why :Wink:

The preferred topics are:

Privacy Preserving / Enhancing Technologies
Critical Infrastructure Protection
Network and Wireless Security
Operating Systems Security
Intrusion Detection Technologies
Secure Software Development and Architecture
PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
Network Enabled Operations
Digital forensics
Information Filtering, Data Mining and Knowledge from Data
National Security and Public Safety
Security Metrics
Recommendation, Reputation and Delivery Technologies
Continuous Authentication
Trust Technologies, Technologies for Building Trust in e-Business Strategy
Observations of PST in Practice, Society, Policy and Legislation
Digital Rights Management
Identity and Trust management
PST and Cloud Computing
Human Computer Interaction and PST
Implications of, and Technologies for, Lawful Surveillance
Biometrics, National ID Cards, Identity Theft
PST and Web Services / SOA
Privacy, Traceability, and Anonymity
Trust and Reputation in Self-Organizing Environments
Anonymity and Privacy vs. Accountability
Access Control and Capability Delegation
Representations and Formalizations of Trust in Electronic and Physical Social Systems

The submission deadline is 18 March 2012.

BTJunkie is down!

Posted on February 14, 2012 by wunderbarb

After the closure of MegaUpload last month, another iconic site is closing: BTJunkie. BTJunkie was the fifth P2P tracker site. This is what appears on the site:

2005 – 2012
This is the end of the line my friends. The decision does not come easy, but we’ve decided to voluntarily shut down. We’ve been fighting for years for your right to communicate, but it’s time to move on. It’s been an experience of a lifetime, we wish you all the best!

Are these two events correlated ? Is this correlated to the signature of the ACTA ? To the best of our knowledge, BTJunkie was not under any current legal suit.

The PirateBay is still active. They will replace torrent-files by magnets on the 29th February. Another movement in this arena. (I’ll come back on this one later)

Megaupload is down

Posted on January 20, 2012 by wunderbarb

Yesterday, FBI launched a vast operation to stop Megaupload. Megaupload is one of the most important Direct Download (DDL) sites or cyberlocker. It offers the possibility to store content, and to allow others to access it. Nevertheless, DDL sites do not offer a method to explore the content or a catalog. The links to the stored data are published by other means such as dedicated sites, and even twitter.

A US grand jury indicted 7 individuals and two societies of

engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering and two substantive counts of criminal copyright infringement.

Four individuals have been arrested in Aukland (New Zealand) and will be hand over to the US. Servers have been seized in the US, the Netherlands, and Canada.

This is probably the most impressive operation against copyright infringement of the last years. Currently DDL traffic exceeds P2P traffic. This a strong message against piracy. It will be interesting to see whether there will be any retaliation from the Darknet.

Update (Friday 3.50pm):

As we could have expected, Anonymous started the retaliation operation with a large scale DDoS. Many sites are down such as the DoJ, some studios and recently the French Hadopi.

The blog of content protection

A site managed by Eric Diehl

Author Archives: wunderbarb