Warner threatens French Fansubbers

Posted on March 5, 2009 by wunderbarb

On 17th February, Warner Bros. entertainment France SA sent a mail to the administrators of the main French sites of fansubbers. Fansubbing consists to translate and write subtitles for TV series or movies. Typically, it results in a file with extension .srt that can read with most players such as vlc.

Clearly Warner indicates that subtitles are protected by the copyright laws.

En effet, est constitutive des délits prévus et sanctionnés par les articles L.122-4 et L.335-2 à L.335-10 du Code de la Propriété Intellectuelle (”CPI”) toute reproduction, représentation, mise à disposition du public, adaptation, traduction et/ou transformation d’œuvres protégées, sans autorisation des titulaires de droits.

What is the reaction of these sites? The site all-abou-subs has decided to favorably answer the request of Warner. But, they just removed the fansubs of the series mentioned by Warner in its mail. Other sites, such as sub-way, Forom, SerieBox or Subbers In Black do even not mentioned Warner’s threat.

Will Warner France escalate its threat with more legal actions? Is it worthwhile? It is rather easy to find TV series with French subtitles on the P2P networks sometimes even the day after the first broadcast (sometimes with broken translation :Happy: )

NIST SHA3 and buffer overflows

Posted on March 3, 2009 by wunderbarb

For several months, NIST launched the public challenge to define SHA-3, the successor of SHA-1. All the 42 contenders had to submit the description of their algorithm together with C reference implementation.
Tool supplier, Fortify, decided to analyze these implementations. They used their source analysis code on these reference implementations. Guess what? They found some common mistakes, such as buffer overflows. See the the report. But, most implementations were excellent.

The fact that the implementations had weaknesses does not mean that the algorithm itself is weak. But we may learn two lessons:

– As we all know, writing a secure implementation of an algorithm is a difficult task. And Fortify did not test the robustness against attacks, just the programming errors.
– Using software testing tools such as static analyzers, memory manager, … is MANDATORY when developing software for security. It will not eliminate all the weakness, but at least avoid some basic ones.

The SongBeat case

Posted on March 2, 2009 by wunderbarb

Warner Music has succeeded in its lawsuit against German Start-up SongBeat. SongBeat allowed to search for mp3 songs using integrated search tools from Seeqpod, Project Playlist, SpoolFM or iASK. SongBeat offered even the possibility to download the songs. Unfortunately, the downloads had not the blessing of majors.

This did not worry the start-up. According to its CEO

The downloading of music is not fundamentally illegal. However, it lies in the hands of the user to discern whether or not they have the right to download the particular music file at hand.

Well, the judge did not have the same understanding. veoh was smarter about this issue (see Veoh versus Universal Music Group) SongBeat will ask for an appeal. Nevertheless, the chances are weak.

When reading the last IFPI report 2009, we see that music industry will look for new revenues through digital music. The trend is also towards DRM free music. Nevertheless, DRM free does not mean without any control. Music industry is not ready to loose its control on who makes money and how much. Music industry will probably not tolerate uncontrolled distribution of its copyrighted songs.

SF: The Children of Hurkin

Posted on March 1, 2009 by wunderbarb

Sunday, March 1, 2009

:Sad: This book has been recently edited by the son of J.R. Tolkien. It was an opus that had never been published before.

There was perhaps a reason why Tolkien father did not publish it. I really was never thrilled by the book. The plot is too simple. The story was never exalting. We are far from the Lord of The Rings. Perhaps the French translation was poor. But, it would not explain all.

One of my indicator is if I would be pleased to read again the book in the future. I read “Lord of The Rings” four times. I will not read again this book.

Did you read it? Did you like it?

SF: new category

Posted on February 28, 2009 by wunderbarb

Like many technical engineers of my generation, I am fond of science fiction literature. Here science fiction is in the very broad meaning, i.e. it encompasses also fantasy or heroic fantasy. Engineers have some affinity with this genre. Perhaps, it is a need of some bits of irrationality in our (hopefully) rational mind.

I read my load of this stuff. Thus, I decided to add a new category which is far more personal. I will describe the books I loved or hated once I read them.

In order now to disturb the readers who are solely interested on my security oriented thoughts, I will prefix the title of corresponding entries with SF. SF is the French abbreviation for SciFi. Thus, these readers will be able to skip these non security related entries.

For the SciFi fans, do not hesitate to comment my reviews and suggest other books.

Wardriving RFID passports?

Posted on February 27, 2009 by wunderbarb

Wardriving is the game to wander in a location and build the cartography of the wireless networks. Of course, the most interesting ones are the ones which are not protected or WEP protected (The equivalent of not being protected. It is too easy to break WEP).

Chris Paget, a well known white hacker who plays with RFID, has demonstrated a new type of wardriving: collecting information from the new US passport or driving license using RFID. In a video, he shows how he retrieved data needed to clone these cards.

In US passport and RFID, I presented the risks associated to these new cards. Paget shows how to do it with not much cost. The range of reading depends on the emitting power of the antenna. Even without cloning, with this type of attack, it would be possible to spot a person, once you sniffed his/her RFID identification code.

It should be noted that this type of RFID is not the one used in the e-passport (the booklet passport). The e-passport is more secure.

Nevertheless, it is worrying to see administrations deploying such weak systems.

Hate and Love authentication

Posted on February 26, 2009 by wunderbarb

Raven White proposes a new authentications system Blue Moon Authentication in the trend to replace typical password challenge by a more user friendlier (and less memory requesting) one.

The authentication will ask you your dislike and like choices on 15 questions. If you have right on a large numbers, you are authenticated. The initialization of the system requires you to select 8 like topics and 8 dislike topics among a selection of about 70 topics.

:Happy: The choice of the topics seem to have been done nicely. Interview of a sample of users of about 200 topics has allowed to reject the topics that have the less entropy. Some Human Computer Interaction specialists participated.

:Sad: The distribution of 8 like and 8 dislike helps a lot when trying to guess the answer. Remember that the challenge is about 15 topics. Mathematically, you need to end up with 7 from one side and 8 from the other side. I did not do the math, but it decreases the space of exploration. I’m too lazy It is too late, and the day was hard) to calculate but is is less than 2^14 trials. Of course, if you know a little bit the person you want to impersonate, the odds are definitively changing.

:Sad: The system is supposed to remove the burden of password replacement. Nevertheless, with such a limited challenge, you will have necessary to block any brute force attack. Once the user is blacklisted, how will he be reauthorized? Through which authentication mechanism? Password?

I did not read the papers. I will do soon.

It reminds me the authentication based on the selection of pictures or icons among a set of pictures.

Would you trust this authentication process?

The blog of content protection

A site managed by Eric Diehl

Author Archives: wunderbarb