Author Archives: wunderbarb

SF: Neuromancer

Posted on by
Reply

Back to the past, sometimes it is nice to read again “oldies but goldies”. I read back Gibson’s Neuromancer (En français, Neuromancien). This book is considered as the genesis of the cyberpunk culture. There are all the components cyber space, drugs, and hackers.
The book was written in 1984. When reading the book, you have to remember how the computer world was in 1984. At that time, I was toying with Sinclair’s ZX81 and HP100. Only two years later did I get my first Apple II. Microsoft had not yet generated Windows 3, the first PC was yet available… Gibson already puts in place all the components of the future cyberspace. At that time, Artificial Intelligence (AI) was a promising field.

I first read it around 1988 in French. I was not yet aware that I will later work in computer security. But I already loved the book. When I have read back the book, I discovered that Gibson called microsoft the electronics implants that contains information. Microsoft company was not yet here! Thus, this name was not a tribute to Gates. I don’t remember what is the French term. Can a French reader tell me the answer?

I think that Neuromancer, together with Stephenson’s Snow Crash, are the roots of the matrix trilogy and of our cyber culture.

A must read for all SF fans.

Alea Jacta Est

Posted on by
Reply

The die has been cast. I did not go across Rubicon. Nevertheless, this Sunday, I finalized one achievement: my first book. After more than two years of work, I have sent the final version of the manuscript to Springer.

The title is Securing Digital Video: Techniques for DRM and Content Protection. I give a detailed overview of the current landscape of content protection. If you’re interested to know how PlayReady, Fair Play, AACS, DTCP, or DVB-CPCM works, this book may be of interest. I consistently describe many systems. The book highlights the similarity of all these systems.

I will describe its content more in details later.

The book should be available this summer.

A Taxonomy of Social Networking Data

Posted on by
Reply

In July 2010’s issue of IEEE Security & Privacy, Bruce Schneier in a one-page paper presented his taxonomy. It is extremely interesting. My comments are in italics.

  • 1. Service data is the data used to manage the service such as your name.
    You have control on the creation, although you may be obliged to give sometimes real data.
  • 2. Disclosed data is what you post on your own pages.
    You normally have full control on it.
  • 3. Entrusted data is what you post on other people’s pages.
    You have control on the creation, but lose control on its life.
  • 4. Incidental data is what other people post about you.
    You do not have control on the creation, nor on its life. Of course, your entrusted data are incidental data for other people.
  • 5. Behavioral data is data the site collects about your habits by recording what you do and who you do it with.
    This is the “raison d’être” of many social networks. Never forget that there is no free lunch. Most of the business models are based on “selling/using” your profile. You have no control, excepted that you may try to control your behavior.
  • 6. Derived data is data about you that is derived from all the other data.
    This is where the social networks are polishing your profile and thus increasing its value. The more they know you, the more valuable ads/personalized services they will be able to offer. You have definitively no control.

Category 5 and 6 are the most interesting ones from the privacy point of view. How can you control what the social network provider will infer from your activity on the social network.

The reference of the paper is
B. Schneier, “A Taxonomy of Social Networking Data,” IEEE Security and Privacy, vol. 8, 2010, p. 88.

Amazon Cloud Player and Cloud Drive

Posted on by
Reply

Is the launch of Amazon Cloud Player one of these events that will change the world? Yesterday, Amazon launched two new services: Amazon Cloud Drive and Amazon Cloud Player.

Amazon Cloud Drive is a service that offers 5GB of free storage. For that, you just need an Amazon account. It is always interesting to read the Terms of use.

Amazon put some safeguards to avoid (or at least give Amazon a way to stop) any attempt to use it as “Direct Download Site”. Thus in clause 1,

You agree not to use the Service in any other way, including to store, transfer or distribute files of or on behalf of third parties, for any form of file sharing, to operate your own file storage service or to resell any part of the Service.

In clause 5.1

You must ensure that you have all the necessary rights in Your Files that permit you to use the Service without infringing the rights of any copyright owners, violating any applicable laws or violating the terms of any license or agreement to which you are bound. You must ensure that Your Files are free from any malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code.

Not bad, the liability against the malware. About liability, what is the liability of Amazon? All is said in the clause 5.3.

5.3.Security. We do not guarantee that Your Files will not be subject to misappropriation, loss or damage and we will not be liable if they are. You’re responsible for maintaining appropriate security, protection and backup of Your Files.

And of course, if you believe in Amazon’s altruism, read clause 6.4

6.4.Information Provided The Service and the Software may provide Amazon with information relating to your use and performance of the Service and the Software, as well as information regarding the devices on which you download and use the Software and the Service. For example, this information may include the device type, mobile network connectivity, location of the device, information about when the Software is launched, individual session lengths for use of the Service, or occurrences of technical errors. Any information we receive is subject to the Amazon.com privacy notice located at www.amazon.com/privacy.

Amazon Cloud Player is more interesting. When you buy a song on Amazon store, you’ll be able to upload it to your Cloud Drive. Using the software Amazon Cloud Player, you may listen to your library from any devices that supports Amazon Cloud Player (It seems that it is only available for Windows OS, and Android). Amazon is the second larger seller of digital music behind Apple. Of course, you may also upload songs not purchased at Amazon and still listen them, as long as they are not DRM-protected).

Thus, Amazon Cloud Player combined with Amazon Cloud Drive is an instance of Digital Locker for music. It is not a Digital Rights Locker (DRL, such as UltraViolet or KeyChest) because there is no notion of usage rights associated. Furthermore, there is no notion of content protection.

Will it change something? Most probably yes. Apple and Google will react, most probably with a similar offer. Will the content owners like it? I am not sure. it may depend on the conditions that were negotiated for selling songs. In any case, I am sure that we will see many ripples around this launch.

PS: Amazon Cloud Player is only available for US customers. Amazon Cloud Drive has not such limitation.

Serious Captcha!!!

Posted on by
Reply

The Croatian Ruder Boskovic Institute proposes the services of a quantum random bit generator. We often insisted on the importance of high randomness in secure protocols.

But this institute has also find an extremely “funny” why to limit the access to its service to a limited set of knowledgeable people with its captcha. Captcha is a set of technique that attempts to discriminate humans trying to sign in from automatic machines. It usually requests people to dial in a set of characters which readability has been decreased. The Institute succeeded to discriminate between different categories of human. It requires to solve mathematical problems (and not simple arithmetic calculus :) ). Definitively, not a place to sign in after an exhausting day.

Have a look at the registration page, and look for several challenges. :)

ICE strange logic

Posted on by
Reply

One of the roles of the US Immigration and Custom Enforcement (ICE) is to seize the Internet domains that violate the laws. ICE recently made the headlines with a mistake that seized 84,000 of sites for child pornography whereas these sites were in no way concerned by this awful topic. OK, this type of action is out of the scope of this blog.

Recently, I revisited a site called torrent-finder. Torrent-finder is a site that aggregates the research of torrents among many torrent sites. When reaching torrent-finder.com, I got this screen.

OK. The law won. But funnily, guess what happens when visiting torrent-finder.info? This domain has not been seized whereas it is the same tool. Sometimes the decisions are not logical.

Predictably Irrational

Posted on by
Reply

“Predictably Irrational” from Dan Ariely is not a book about security (neither Sci-Fi). Thus, why do I report about it?

“Predictably Irrational” highlights that many of our reactions are not rational. Every body knows that it is true in extreme conditions. Dan Ariely demonstrates that it is also true in our daily reactions. To prove it, he describes some of the many experiments that he run.

Law 6: You’re the weakest link reminds us that human behaviour is key for security. This book helps to better understand human behaviour. For instance, a full chapter is about honesty. Great to read. This book is a tool to better understand some tricks used by social engineer.

This is related to the latest Bruce Schneier’s pet’s subject societal security.

A book to read.