Author Archives: wunderbarb

Wolverine is a success…

Posted on by
Reply

at least on P2P sites. It is now about one week that a leaked version appeared on the net. The version is an unfinished one; Not the final release. It has leaked out either from within Fox or from some sub contractors.

Of course, this version is already the top downloaded movie at tracker sites. According to TorrentFreak, more than 1 million downloads already. And the first DVDs appear on the street. This is three weeks before the official theatrical release.

This reminds the leakage of Hulk without right colorimetry. The movie was a disaster.

Interestingly, TorrentFreak made a poll: 40% of the downloaders expect to view the FINAL cut in theater or in DVD. The release was pre-effects and several months old. This means that it may be a good teaser. People know that the final one will be better.

Conficker

Posted on by
Reply

Armageddon did not happen. For a few weeks, the virus specialist were ranting about the famous Conficker worm. This worm was so nicely written and protected (it should even use the latest encryption algorithms) that nobody was able to describe its payload.

Nevertheless, it was announced that the worm may trigger some lethal attacks on Fools April day. Every anti virus software vendors (at least some subscription based ones) were releasing dedicated tools to scan your network. Microsoft offered $250.000 for the arrest of the author(s). Armageddon was near.

On Saturday, we knew who the fools were. Not a smell of Y2K? If the purpose of Conficker’s author(s) was to scare people, then the success is great. Remember that often the purpose of terrorism actions is to create a feeling of insecurity, to scare people, to make their life less comfortable. Bingo!

The anti virus industry should be careful: too many false alarms like this one, and consumers will not care any more and will not use the latest updates. And then when the real threat will occur, bad bad bad 🙁 Of course, if they have really believed in the risk,then they should have reacted. But the only appropriate solution would be to come with a real detection tool integrated in their software suite, ie, transparent to the user. Why should Jo Six Pack care about the behavior of the virus, he only cares that it is removed.

Some people are already questioning who benefits from a climate of fear of worms and virus? Guess who…

SF: Recommendations from techcrunch

Posted on by
Reply

Techcrunch is well known for its analysis of nice start-ups and the newest trends. His latest recommendations was for business people not to read business books but rather Sci Fi books for imagination.

Thus, Techcrunch provided its list of preferred books. I must confess that I have nothing to reject on this list. I don’t know “The wasp factory” and have not read the latest Stephenson. But all the other ones I highly recommended.

For security minded people, I would recommend also two other books of Neal Stephenson: The Cryptonomicon and Snow Crash (le samourai virtuel in French). In the last one, it was the first quotation of multiverse and metaverse.

Is French HADOPI law dead? (5)

Posted on by
Reply

The current answer is no. The law is alive and in good shape.

Thursday evening, French Parliament has approved the law “Création et Internet.” This law allows the graduated response. (For more details see Fighting piracy in Security Newsletter #11).

The law has been slightly modified with approved amendments. The most important one requires the ISP to pay back the subscriber the subscription part that is not related to IP TV or IP phone during the banning period. The amendment that proposed to replace the banishment by a fine has been rejected.

Is the game over? Not fully sure. There are two remaining pitfalls.

  • The HADOPI is a non judicial institution that will take judicial decisions. This may be judged unconstitutional by the French Council of State.
  • If ever European Union decides that the access to Internet is a fundamental right, then the French law would be also unconstitutional regarding EU constitution.

In any case, the next step is the announcement of the HADOPI and its members.

Privacy, security and Internet

Posted on by
Reply

The French engineering school Epitech published a survey on this topic. They polled 1032 persons.

Sorry, the report is in French. Nevertheless, the most interesting out comes:

  • Among the people who use Internet at work for personal use, 47% believe that it may cripple the security of their company 🙁 And they do it nevertheless!!!
  • 61% feel safe on Internet
  • 96% are aware that they leave many traces on Internet. This is a very positive point. I was not expecting such level of awareness 🙂
  • This information leakage worries 52% only.
  • Only 8% would trust the government to guarantee their security on Internet.
  • 94% believe that it is possible to spy exchanges on Internet
  • Furthermore, 44% believe that spying can be done by anybody.
  • 62% would not give away privacy for more security. Nevertheless, 23% would! 🙁
  • 80% believe that ITC may lead to establishing files on every body. Big Brother

I was more pessimistic. People seem more aware of privacy and security issues on Internet then I thought. Unfortunately, we do not see the job categories of the polled people.

Would the data in other countries be similar?

Is French HADOPI law dead? (4)

Posted on by
Reply

Once more, European Parliament fights French HADOPI law. On 26 March 2009, the European Parliament has approved a report “Security and fundamental freedoms on the Internet”. 481 votes in favor, 25 against and 21 abstentions. The report has a large scope. Nevertheless, one of the voted recommendations may have direct impact on French graduated response.

Members of European Parliament are also concerned with the idea that “e-illiteracy will be the new illiteracy of the 21st Century.” The report argues that in this age, having access to the internet is “equivalent to ensuring that all citizens have access to schooling”, and that this access should not be denied by governments or private companies.

In other words, the European Parliament states that banning access to Internet should be illegal. The strongest penalty of the French graduated response is to ban for one year the access to Internet for infringers. French government already mitigated this banning announcing that they would probably allow some services such as mail.

If ever the EU decides that access ti Internet is a fundamental right of citizens, then French graduated response would be illegal. French government does not consider this access as a fundamental right.

Interestingly, the law is currently under examination of the French parliament. Some delegates already proposed to replace the Internet ban by a fine.

For history, follow the thread Is French HADOPI law dead? (3)

Graduated response: The pirate bay answers

Posted on by
Reply


A few days before the examination of French law that should launch the graduated response, the pirate bay has announced a riposte. The pirate bay launches a new service. Here is their description:

IPREDator is a network service that makes people online more anonymous using a VPN. it costs about 5 EUR a month and we store no traffic data.
our service is right now in a beta stage. we hope it will be released for the public before 1st of April. sign up now to start using it as soon as we’re stable.
the network is under our control. not theirs.

In other words, only authorized users will be allowed in the VPN and the transferred data are fully encrypted. This means that the HADOPI could not know that a member of ipredator is exchanging illegal data.

The main question is how many people will be ready to spend 5€ per month? Furthermore, if successful then the Pirate bay will have created one of the largest VPN infrastructure.

In any case, the graduated response will probably generate several actions

  • Movement towards encryption
  • Apparition of private protected small P2P networks with private trackers
  • Poisoning by the tracker sites of their tracker lists