Author Archives: wunderbarb

Storm on The Pirate Bay (2)

Posted on by
1

The story continues. Here are some news since last report in August.

On 24th, a Swedish Court ordered Black Internet, one of FAIs of The Pirate Bay (TPB), to cut the connection, which it did. Nevertheless, TPB uses many FAIs.

On 27th August, the shareholders of Global gaming factory approved the purchase of TPB. Now, the company has just to provide the money (which seems not as obvious)

Meanwhile the obvious next move occurred. Somebody packaged the list of more than 800,000 torrents as a torrent. BTARENA has put on line this list, thus cloning TPB.

My favorite Anti Virus (at least the one I use at home), Avast! did also strike. For some time, it declared TPB site has a malicious site. Avast! has removed this categorization claiming it was a human error.

The Pirate Bay is still online and offering trackers.

SF: The Black Company

Posted on by
Reply

During this summer, I read the three first books of Glen Cooks’s “Chronicles of the Black Company”.

Tne books tell the story of a free company of mercenaries. In fact, the narrator is the doctor of this company. Of course, the black company is hired by evil forces. Once a contract accepted, the honor of the Company requires to obey. Although the members of the company are not people you’d like to meet, they are not inherently bad. This generates some problems. And there is evil, and even more evil. Thus, is it not better to fight with evil to stop more evil?

A small regret for the 3rd book. There are some obvious tricks (very Hollywood movie style) that you anticipate too easily.

Good chronicles for light summer reading.

Trust no one

Posted on by
Reply

Law 4 is “Trust no One”. Often when I present the ten laws, when arriving at this one, there are laughter and of course the inevitable question: “Even not you?”

Obviously, security cannot be build without trust. Trust is the foundation of security. Unfortunately, trusting people is the most difficult part of the design.

In an article for the Wall Street Journal, Bruce Schneier proposed five heuristics to deal with trusted people:

1. Limit the number of trusted people…

2. Ensure that trusted people are also trustworthy…

3. Limit the amount of trust each person has…

4. Give people overlapping spheres of trust…

5. Detect breaches of trust after the fact and prosecute the guilty…

In other words, trust people until a given limit. Build some safeguards around trusted people. My preferred one is number 2. it is also the most difficult to enforce.

DoJ reacts to the Thomas-Rasset case

Posted on by
Reply

In June 2009, a Court sentenced Jammie Thomas for $1,9 million as statutory damages award. Meanwhile, Jammie Thomas has moved to the Court to either alter the judgment because the statutory damages award is unconstitutional, or remit the award, or grant a new trial because some evidences should not have been admitted.

The Department of Justice (DoJ) reacted against the first issue, ie, the unconstitutionality of the statutory damages award. Argument I of the published document recommends the Court to solve the case with the two last arguments (remittitur, and new trial due to unacceptable evidence. In other words, avoid to go on the constitutional battle ground.

But the most interesting part is in argument II. DoJ examines the issue of constitutionality of the statutory damages award. In short, the purpose of statutory damages is to compensate the plaintiff for damages that are hard to evaluate, as copyright infringements. Furthermore, Doj sheds some lights on their goals:

The Copyright Act’s statutory damages provision serves both to compensate and deter.

(page 17)

The message towards the infringing users is even clearer:

The current damages range provides compensation for copyright owners because, inter alia, there exist situations in which actual damages are hard to quantify. Furthermore, in establishing that range, Congress took into account the need to deter the millions of users of new media from infringing copyrights in an environment where many violators believe that they will go unnoticed.

(page 3)

Since 1999, the range is between $750 and $30,000 per infringed works in case of non willful violation. If willful, it raises to $150,000. Thus, the $80,000 is in the middle of the range.

Let’s see what the Court will decide.

PS: DoJ’s document is interesting to read although tough (as most legal paper)

Understanding Scam Victims

Posted on by
Reply

BBC has broadcast a set of TV documentaries “The Real Hustle“. In this documentaries, Paul Wilson, a con-artist, scams real people with real scams. When you look them, you are upset because they are sometimes extremely simple but devastating. For instance:

Frank Stajano from Cambridge Computer Laboratory has co-authored with Paul Wilson a paper that analyses these scams. The analysis extracts seven principles that may drive human behavior:

  •   The Distraction Principle
  •   The Social Compliance Principle
  •   The Herd Principle
  •   The Dishonesty Principle
  •   The Deception Principle (Dear to Mitnik :Happy: )
  •   The Need and Greed Principle
  •   The Time Principle

Frank explains how these principles may infer with security systems. We all know that human is the weakest link. Knowing that human behavior is driven by these principles, it may be possible to build systems that mitigate the importance of the human weak link.

Most of these principles are not new. Some have already been disclosed in books like “Beyond Fear” or “The science of fear”. Nevertheless, the paper is worth to read, even if it is just to better discover the world of scam (and may be increase our awareness and saving us in the future) Good summer reading.

Behead The Prophet

Posted on by
Reply

Behead The Prophet is the name of an unofficial add-on to World Of Warcraft (WoW). This add-on creates helpers (NPC) that will automatically (once commanded) fulfill some tasks for the player (healing, casting spells, grinding …) It has been presented at defcon17.

This is not the first time that such tool is offered. The interesting part is that such bots are considered as cheating tools by Blizzard Entertainment (the company behind WoW). Using them is a violation of the Terms of Usage.

The design of such tools is driven by different motivations: greed spirit, winning spirit, and hacking (in the golden meaning) spirit

Greed: Real money is exchanged in MMORPG. A typical example is gold farming where people will perform some tasks with your character on your behalf. China becomes worried about gold farming. It is probably not too much about ethics, it is mainly economical. These practices give more value to virtual money (that no State controls) and offer pathways for money laundering.

Winning: Some people want to succeed (with or without ethics). Their avatar will be like that, but they will most probably seek any virtual artifact that may give advantage. then, if they may have access to a tool that may change the odds…

Hacking spirit: This is a new frontier. It is a marvelous playground for programmers to test scripts, automation tools, … It is also a fight against the machine. This is rather similar with the community of home brew for the game consoles such as Wii or PS3.

Regardless of copyright issues, is Blizzard right to fight such unauthorized add-ons? Yes. Many of the players appreciate to struggle in these worlds because they have a fair chance to succeed. Everybody is with the same rules. Would there be many cheaters, then this assumption would be wrong. Increasing cheating would reduce the attractiveness of the game, thus meaning loss of players, thus loss of money.

Nevertheless, finding a solution to channel the creativity of the developers’ community could be worthwhile: for instance, through dedicated servers, or contests. This would most probably generate nice advances for Blizzard to integrate in newer version.

MPAA 2 – RealDVD 0

Posted on by
Reply

By Eric DIEHL

In October 2008, MPAA succeeded to stop the sales of realDVD. The main concept of realDVD is to rip a DVD and store a PROTECTED copy on the hard disk of a computer. A first decision of justice banned the sale. Of course, RealDVD appealed this ruling.

Currently, RealDVD site displays:

RealDVD is currently unavailable
Due to recent legal action taken by the Hollywood movie studios against us, RealDVD is temporarily unavailable. Rest assured, we will continue to work diligently to provide you with software that allows you to make a legal copy of your DVDs for your own use.

Last week, judge Patel granted a preliminary injunction in favor studios. RealDVD has been granted a license by DVD-CCA. DVD-CCA is the licensing authority for DVD. This license is mandatory to legally get the keys that allow to descramble CSS protected discs. According to judge Patel, the license of DVD forbids to make permanent copies of CSS protected DVDs. Furthermore, according to judge Patel, fair use does not allow to circumvent a protection under DMCA.

Interestingly, Kaleidescape that has the same issues (but for a high end expensive product) has also been ruled against by a Californian court during the same week.

The story continues…