Author Archives: wunderbarb

SF: Reservation of Goblins

Posted on by
Reply

I’m currently reading again some of my oldies but goldies. “Reservation of Goblins” from Cliford D.SIMAK (in French “La réserve des lutins”) This is a short novel which is fun to read. Published in 1968, it uses some of the faery folks that Tolkien will make famous. You’ll find goblins, trolls or banshees. It is placed in the future where you will encounter a caveman and Shakespeare! This remembers the future “Riverworld saga”. José Framer will publish the first book of the saga in 1971.

The “Reservation of Goblins” is book very funny and easy to read.

Intellectual Property: Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods

Posted on by
Reply

How much does piracy and counterfeiting cost to the industry? This is an extremely valuable question. Depending whom you are listening the data change in incredible ratio.

Are their any reliable figures? This was teh question that the United States Government Accountability Office (GAO) tried to answer following a request of the Congress. Last month GAO published its 41 page answer.

What is the answer? I will quote an excerpt of the executive summary.

We determined that the U.S.
government did not systematically collect data and perform analysis on the impacts of counterfeiting and piracy on the U.S. economy and, based on our review of literature and interviews with experts, we concluded that it was not feasible to develop our own estimates or attempt to quantify the economic impact of counterfeiting and piracy on the U.S. economy.

In other words, according to GAO, it is not possible to have reliable data. Nevertheless, the report makes an exhaustive review and analysis of the numerous reports proposing data. Each time, GAO explains the weaknesses in the methodology. The report offers an interesting exhaustive bibliography of existing reports on piracy.

At no moment does GAO take a position if the data are under estimating or over estimating the real data. it just states that there is no reliable way to estimate it. Which is totally logic. How can estimate something that you cannot measure, that you do not know, … Would the institutions have precise knowledge, they would then be in capacity to stop it.

In addition, the report gives a good qualitative analysis of the consequences of pîracy. The “positive” effect is rather anecdotic, although the argument that IT and telco industry did benefit from digital piracy was already claimed by Olivier BOMSEL.

Conclusion: Piracy and counterfeiting arereal. They have negative effects but nobody can give a reliable estimation of the real impact.

SSD accelerates password crack

Posted on by
1

The Swiss company “Objectif Sécurité” was already known for its Ophcrack software. Ophcrack is an open source software that cracks XP/Vista passwords. The originality is that Ophcrack uses rainbow tables. Rainbow tables are data structures, invented by Philippe Oechslin the founder of the company, that drastically accelerate the process of brute force exploration of passwords. Although Ophcrack is open source software, the rainbow tables are not. Objectif sécurité sells these tables.

Objectif Sécurité has designed a new version of rainbow tables optimized to use Solid State Disks (SSD). SSD are blitz fast hard drives using solid state memories rather than magnetic memories. They do not have mobile parts and thus have an extremely fast access. According to Objectif Sécurité, they can crack a 14 character XP password in less than 6 seconds with a rather conventional PC but with 80GB of tables in SSD.

I forgot. The initial requirement is that you have the XP/Vista hash of the user’s password. You can try on their site (don’t use YOUR password hash! :Happy:  ). They have a Web demonstration.

Poke Walker: a brilliant idea against piracy

Posted on by
Reply

We are currently flooded in France with advertisement for the Poke Walker that is shipped with Nintendo’s Pokemon HeartGold and SilverSoul games. These are the latest sequels of game of the Pokemon family for Nintendo DS.

The Poke Walker is a small pedometer that can download a pokemon from a Nintendo DS. In other words, you carry your pokemon with you. You may say: “Nothing new, just take your DS with you.”. But the difference is that the more you walk with your poke walker, the more points your pokemon will gain. And of course, the poke walkers can communicate gaining some new points.

This is simply brilliant, for at least three reasons:

  • Against piracy; the poke walker is only delivered with the legit games. No way to purchase a poke walker without buying the actual game cartridge. When you know the pervasiveness of R4 (and likes), this is an extremely good answer.
  • It obliges your kids to walk, run, move… Good answer to people who complain that video games turn our kids in sedentary zombies
  • You have to communicate with other poker walkers; once more, a good answer to detractors against no life players
  • Business wise; a good illustration of the network effect.

This is an excellent answer to piracy. Unfortunately, it works only on this game.

I know that the news is somewhat out-of-date. It was launched in the US last summer. But my kids are not pokemon players  :Happy:

SF: The complete Amber Chronicles

Posted on by
Reply

In my last post about SF, I discussed about the first saga of Zelazny’s Princes of Amber. At that time, I had an open point about the sequel of the saga.

During my last trip to US, I purchased the Great Book of Amber which collects the ten books. The five first books recounted the story of Corwin of Amber. The five last books recount the story of Merlin, son of Corwin and Dara of Chaos! Merlin inherits of the power of the “¨Pattern” (La Marelle for the French readers) and of the “Logrus”. The “Logrus”,one of the many new elements in the story, is the alter ego of the “Pattern” for Amber.

I am a real fan of Zelazny, but I must admit that the sequel is not as thrilling than the first saga. This second saga adds new actors, new artifacts… THe saga has not high consistency. For instance, the Ghost Wheel is a computer that handles the shadows. Its role is unclear and clearly fuzzy at the end (Probably a wink to an earlier book “Jack of the Shadows” that opposed magic and science). The ghosts may have been some inspirations to the authors of the matrix. The end of the saga is, honestly, extremely deceiving.

Last point for the French readers: I had a lot of pleasure to read the first saga in its original version. Just do it.

Conclusion: Corwin Yes, Merlin No

Airport, laptop and computers

Posted on by
Reply

After my last travel (I hate volcanoes  :Mad: ) I noticed a funny point. For now several trips, I am carrying with me a very small computer that hosts many demonstrations. This is in addition with the laptop. At airport screening, I systematically take the laptop out of the brief case, and put it on the belt for X RAY. I always forget to do the same with the small computer. Guess what? Never, and in country, I was asked to place the tiny computer on the belt out of my luggage.

Obviously, this surprised me. Personal brainstorm… Why are laptops screened out of the luggage? Not to check if they carry a bomb. Within or outside the briefcase, it would change nothing on the X ray. Then why? Next time, watch the monitor. Electronic equipment is rather impenetrable. You may not see what is lying beneath this equipment, for instance a weapon or a bomb. Laptops have a rather large footprint and thus may hide weapons.

But why did the officers not check my computer? Its physical footprint is a small square that may hide a small gun or a knife. Why no check? I guess that the officers have been trained to look for laptops, i.e. a given form factor within a range of size. My small computer does not fit inside this category, thus passes through.

Lesson: Educate the people about the rationales behind a security measure. Only then may they apply the security rule intelligently.

May be somebody has a better explanation (and less distressing)

Facebook – Another breach in the wall

Posted on by
Reply

This is the title of a presentation that George Petre gave recently at the MIT spam conference. George is the head of the Threat Intelligence Team of anti-virus company BitDefender.

His team experimented the use of social networks as spam vector. And the results are impressive (frightening?). Social networks are great for spams.

One of the side results of the study is the evaluation of user acceptance of new ”friends”. They created three types of profiles. The first one had the minimal allowed details (without picture), the second one had a picture and some more details and the third one was extremely complete.

Just one hour after starting to add people to each profile, we managed 23 connections with the 1st profile, 47 with the 2nd profile and 53 with the 3rd profile.

Amazing! You don’t even not need to be a social engineer.

And of course, once you are a friend, people have a natural tendency to trust you and accept any of your proposed links.

The full paper is available here. If you are worried about social networks, read this paper and you will be even more worried. The remedy seems simple: accept as friend only people that you know and trust. Unfortunately, this is contrary to the drive to have a high score of friends.