Security Newsletter 21

The 21rst Technicolor security newsletter is now available. Molva Refik (Eurecom) is our guest. The news that did trigger our interest were some consequences of the patriot act versus the cloud, an attack on Internet ads, TOR used by pedophiles, a weakness in XML encryption and of course Duqu. Patrice analyzes the attack on WPS, while Stéphane explores the Carrier IQ disaster. And a very deep dive in the protection of 3D CGI objects (encryption, watermark…)

I hope you will enjoy reading it. if you want to subscribe, send an email at security.newsletter@technicolor.com.

Past issues are available here.

The Pirate Bay and 3D objects

AnonymousWould you like to have a Guy Fawkes mask (currently better known as Anonymous mask)?  If you have a 3D printer, it is easy.   Just ask the Pirate Bay.   The Pirate Bay, the flagship of P2P sharing, recently added a new category of torrents:  physibles.  Physibles are files that describe a 3D object for 3D printers.   In other words, the Pirate Bay proposes a category for sharing 3D printable objects.

With the advent of 3D printers, we could expect soon to see copyright infringement for 3D shapes.  This is the first sign of such trend.  It will take time before 3D printers become mainstream. They are still expensive.  But once they will become cheaper, then it will be a new battle field for anti-piracy and anti counterfeiting.

Funnily, next issue of the Technicolor Security Newsletter will feature a long article on how to protect 3D CGI object.   The Pirate Bay demonstrates that it will be needed in the future.

Is Google moving towards paid distribution of content?

End of 2010, Google acquired Widevine.  At that time, I was forecasting that the acquisition of a DRM provider was the preparation of paid distribution of content.   This prediction seems to be correct.

The initial trial would occur in Kansas City.

 

Apple, Google, Amazon: the future giants of content distribution?

UV has reached 800,000 accounts

The industry analyst company IHS has claimed that UltraViolet (UV) has reached 800,000 user accounts in the US.   At CES 2012, UV announced to already have 750,000 user accounts.   Each account has in average 1.25 titles.   This low value can have several explanations:

  • The catalog of available title is currently small (I found last week about 30 BD titles on Amazon which could be redeemed).  Most probably, the majority of new released BD titles will be UV ready
  • The first UV title appeared only end of 2011 (Warner’s Horrible Bosses).  In view of this short period, 800,000 seems impressive to me.
  • Many people experiment.  If ever you purchased a BD/DVD that is UV ready, why would you not try it.  Its for free.

 

The interesting trend to monitor is the number of average titles per account.  As more new titles will be available, this will show the people buy-in to the concept.  If the depth increases, then UV may become successful.

PST 2012

Usually, I do not make advertisement for conference and call for papers.  But for Privacy Security & Trust 2012 (PST 2012), I will make an exception.  If you go on the site, you will understand easily why  :Wink:

The preferred topics are:

  • Privacy Preserving / Enhancing Technologies
  • Critical Infrastructure Protection
    Network and Wireless Security
    Operating Systems Security
    Intrusion Detection Technologies
    Secure Software Development and Architecture
    PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
    Network Enabled Operations
    Digital forensics
    Information Filtering, Data Mining and Knowledge from Data
    National Security and Public Safety
    Security Metrics
    Recommendation, Reputation and Delivery Technologies
    Continuous Authentication
    Trust Technologies, Technologies for Building Trust in e-Business Strategy
    Observations of PST in Practice, Society, Policy and Legislation
    Digital Rights Management
    Identity and Trust management
    PST and Cloud Computing
    Human Computer Interaction and PST
    Implications of, and Technologies for, Lawful Surveillance
    Biometrics, National ID Cards, Identity Theft
    PST and Web Services / SOA
    Privacy, Traceability, and Anonymity
    Trust and Reputation in Self-Organizing Environments
    Anonymity and Privacy vs. Accountability
    Access Control and Capability Delegation
    Representations and Formalizations of Trust in Electronic and Physical Social Systems

The submission deadline is 18 March 2012.

BTJunkie is down!

After the closure of MegaUpload last month, another iconic site is closing: BTJunkie.   BTJunkie was the fifth P2P tracker site.   This is what appears on the site:


2005 – 2012
This is the end of the line my friends. The decision does not come easy, but we’ve decided to voluntarily shut down. We’ve been fighting for years for your right to communicate, but it’s time to move on. It’s been an experience of a lifetime, we wish you all the best!

Are these two events correlated ?  Is this correlated to the signature of the ACTA ?  To the best of our knowledge, BTJunkie was not under any current legal suit.

The PirateBay is still active.  They will replace torrent-files by magnets on the 29th February.  Another movement in this arena.  (I’ll come back on this one later)

 

Megaupload is down

Yesterday, FBI launched a vast operation to stop Megaupload.   Megaupload is one of the most important Direct Download (DDL) sites or cyberlocker.   It offers the possibility to store content, and to allow others to access it.  Nevertheless, DDL sites do not offer a method to explore the content or a catalog.  The links to the stored data are published by other means such as dedicated sites, and even twitter.

 

A US grand jury indicted 7 individuals and two societies of

engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering and two substantive counts of criminal copyright infringement.

Four individuals have been arrested in Aukland (New Zealand) and will be hand over to the US.   Servers have been seized in the US, the Netherlands, and Canada.

This is probably the most impressive operation against copyright infringement of the last years.  Currently DDL traffic exceeds P2P traffic.  This a strong message against piracy.  It will be interesting to see whether there will be any retaliation from the Darknet.

Update (Friday 3.50pm):

As we could have expected, Anonymous started the retaliation operation with a large scale DDoS.  Many sites are down such as the DoJ, some studios and recently the French Hadopi.