Author Archives: wunderbarb

On the Death Of The Music CD Business

Posted on by
Reply

An extremely interesting post on Techcrunch about the death of music (See http://www.techcrunch.com/2008/11/19/ian-rogers-on-the-death-of-the-music-cd-business-i-dont-care/)
Ian Rogers predicts no the death of music but the death of CD business. He predicts that the ecosystem will change. Distributors will earn less and artists may get rid of the distributors to directly sell to the public. Once more, we see the holy grail of disintermediation. Sell directly, earn more.
To prove his forecasts, he presented two artists Brian Eno and David Byrne who made money with direct sales. The problem with this holy grail is that we underestimate the value of the promotion done by distributors. Ian Rogers used as example already established artists. The same is true for Radio Head. But how many non established artists have made enough money to survive and are now widely known?
One thing is sure: the equilibrium point between artists, distributors and consumers will change. And probably a new breed of “distributors” such as Topspin (the company of Ian Rogers) will raise.

Lenovo distribution with virus

Posted on by
Reply

On a regular basis, the security newsletter reports devices that are distributed with viruses. That CE devices are not security aware can be understood (although not excusable). But when a serious PC company delivers some software packages with malware in it, this is not acceptable. This what happened to Lenovo for their Lenovo Trust Key software for Windows XP. (Trust key with malware :Sad: ! Law 4: Trust no one is really true)
It would be interesting to learn when the malware infected the package. Nevertheless, it highlights that the package was not thoroughly tested before signature.
This must be the fear of any product line manager: shipping an infected software to the customers. The remedy is known: check all the package with a maximum of anti virus software before signature. This of course requires some financial investment (low compared to the cost in reputation) and some time investment. The databases of each anti-virus software have of course to be up to date. The remedy is so simple.
This highlights the need of security awareness at every level of an organization. Security is not stronger than its weakest link.

Newsletter #11 is available!

Posted on by
Reply

With some delays, we have issued the fall version. This quarter you will discover some news, more about Defcon and Black hat conferences (from one attendee with a liking for reverse engineering), more about the famous DNS weakness, and some thoughts about fighting piracy on P2P (with some explanations about French HADOPI, a story that is regularly followed in this blog).

You may find it at Security Newsletter #11
Do not hesitate to post your comments and remarks here.

Some updates concerning older topics

Posted on by
Reply

In September, I reported that the French TV recording service wizzgo was not allowed to record M6 and W9. Last week, the court banished TF1 and NT1 (a subsidiary of TF1) from the service. Meanwhile, all the channels of France Television group were also banned. Only a few channels remain available through this service.

More and more Free To Air broadcasters propose a system of catchup TV. And of course, they expect to secure their advertising revenues. This type of service would cannibalize these revenues. Wizzgo wil have to find another business model.

In September, I also reported the massive campaign against DRM for the game Spore. The creators of the game “World of Goo” have reported that they estimate that the PC version of their game has been pirated at 90% (more accurately 82%). On their blog, they explain their measurement methods. They record the IP addresses of the highest scores reported to their server. World of Goo is not protected by DRM.

The conclusions of the creators is that DRM is worthless, because another game that was protected by DRM had the same piracy level. :Sad: His conclusion is also that for 1000 deterred pirated instances, you gain one purchased version. I am not sure that this ratio would be valid for a blockbuster. If you sadly want the game, and have no alternate solution than purchase it, would you miss the game?

Brilliant Digital offers a new filtering technology

Posted on by
Reply

Brilliant Digital Entertainment announces a new technology for ISPs. Once the ISP detects that the request concerns an illegal audio files, it would block the link and propose an alternative link to purchase a legal version. The company already proposes legal distribution using P2P.

Some interesting facts:
– The announce of this new technology has been made by two former rivals: Kevin Bermeister (formerly KaZaa) and Michael Speck (former anti piracy of Music Industry Piracy Investigations)
– The business model is interesting. Brilliant Digital Entertainment would share some part of their revenues gained from sales with the ISPs.

Now, let’s have a look on the technical tidbits. Very few information are available (only the announcement). The site itself has no reference to the new technology. It seems that the ISPs would intercept the request of the illegal file. This means two things:

  • A mean to detect illegal files; It is probably associated to a list of hash codes of contents that have been spotted as illegal. Similar work will have to be done for instance for French graduated answer. Fingerprinting technologies should allow to find some infringing files.
  • A mean to spot the request; In view of the described method When the architecture of the internet that has our technology recognizes one of those proven illicit files, it blocks it, disconnects the link to it and adds to the search results the opportunity to purchase the legitimate material , I would guess that they replace the illegal trackers by legal trackers powered by AltNet (the technology of Brilliant Digital). It means that they have a way to spoof the request.

As a rough analysis, the second point may be Achilles heel. This may work if the request is done using a typical browser calling the tracker sites. It may be more difficult if using dedicated tools such as Che for instance. With collaborating tracker sites, they could secure the answer.

It is an interesting initiative that we have to follow.

Murder of virtual avatar, real punishment?

Posted on by
Reply

Two weeks ago, a 43-year old Japanese woman has been jailed for the murder of her virtual divorced husband. Her avatar was married to a avatar in “Maple Story“, a kind of Korean Second Life. Her virtual husband divorced without notifications. As retaliation, she logged in the account of the owner of her divorced avatar and destroyed the avatar. It seems that he shared with her his account login credentials.

She has been charged for illegal computer access and destruction of digital information. She may face up to five year jail or $5000 (3500€) fine. Interestingly, if her avatar would have killed her divorced avatar within the metaverse, then she would not be prosecuted. Death in metaverses is common. You may murder in Second Life. You may be killed by monsters or other characters in World Of Warcraft. That is the game. But here, she destroyed the avatar data (different from killing the avatar). An avatar may represent a lot of time investment, emotional investment and sometimes even monetary investment. The death (following metaverse’s rules) of an avatar may be accepted by his owner (sometimes with difficulty). But this destruction of data may represent a moral wrong and even financial loss.

Regardless of the morale judgment of this story, this story highlights a coming big problem. How will real world rule the interaction with metaverses. Metaverses will take an increasing importance in our life. Current regulations are not adapted to this coming challenge. Even metaverses are not ready. Many challenges for security in these worlds are needed. In many cases, the threats will come from the real world.

Nintendo DSi incompatible with linkers?

Posted on by
Reply

Nintendo has just launched its new portable console DSi. It has a 17% larger screen than DS, a 0.3 megapixel camera and the possibility to download and store games.

Interestingly, it seems that Nintendo took also this opportunity to fight back the linker-based piracy. First reports announce that the most spread linkers (R4, …) do not work anymore with this version.

Thus, good move from Nintendo. The question is how long will it resist.

Thanks Yves