SF: The Collapsium

Posted on by
Reply

This book from Wil MacCarthy is in the category of Hard Science Fiction. Hard Science Fiction means that science is at the heart of the story. Without surprise, Wil McCarthy is a high level scientist. It is the CTO of Galileo (the project that should provide a satellite system competing GPS)

The main idea is that in the future it is possible to create cristals of black holes!! One genius will have to fight against a mad genius who misuse this technology.

McCarthy is a good scientist but a poor writer. The story is weak, repetitive. The characters are caricatural…

Don’t read it!  :I-m-Bored:

SMS: Nice piece of social engineering

Posted on by
Reply

This morning, I received on my cellular the following SMS (translated from French):

Info: This caller tried to call you at 09:47 without leaving a message. Unknown Number in your directory > Call the 0899190721 to identify him

Obviously, this number will be surcharged. How many gullible people will fall in this trap?

It is a nice piece of social engineering. The caller has not left a message. You may want to know who called and why he called. They give a solution to answer these questions… Bingo.

The attack would have been even better if you would have had a failed call just before.

The scammers are really very creative!

A database of 44 millions game accounts!

Posted on by
Reply

Symantec has located a database server holding 44 million accounts of online gamers. The information in itself is already interesting. But more interestingly is the companion of the server. The database holds credentials, most probably collected by some malwares. But are these credentials still active? For that purpose, the hackers have created a dedicated Trojan that once installed receives a set of accounts to test. If it succeeds to log on one account, it correspondingly updates the database. Using a Trojan on a botnet has the following advantages:

  • go faster by using many concurrent computers
  • Bypass eventual limitations of failed login using the same IP address

You may say: “Game accounts! Who cares? It is not as if it was something serious such as bank account”. In that case, you’re clearly not a gamer. More seriously, I would suggest that you take a look at the site player auctions. Wov! You’re not dreaming. This is about real money. And not a few cents!

Once more, we see that hackers are more and more money driven, less visible and not looking for fame.

Thanks MM for the pointer.

Societies of authors and rights collectors

Posted on by
Reply

This site lists some of the societies that are in charge to collect the fees for the rights owners in the music industry. I suppose that each country has its own way to collect the fee and the method of calculations. The list seems limited to societies that have a Internet site.

Funnily, some countries, such as France, have more than one!

Interesting pointer if you need such information.

SF: Reservation of Goblins

Posted on by
Reply

I’m currently reading again some of my oldies but goldies. “Reservation of Goblins” from Cliford D.SIMAK (in French “La réserve des lutins”) This is a short novel which is fun to read. Published in 1968, it uses some of the faery folks that Tolkien will make famous. You’ll find goblins, trolls or banshees. It is placed in the future where you will encounter a caveman and Shakespeare! This remembers the future “Riverworld saga”. José Framer will publish the first book of the saga in 1971.

The “Reservation of Goblins” is book very funny and easy to read.

Intellectual Property: Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods

Posted on by
Reply

How much does piracy and counterfeiting cost to the industry? This is an extremely valuable question. Depending whom you are listening the data change in incredible ratio.

Are their any reliable figures? This was teh question that the United States Government Accountability Office (GAO) tried to answer following a request of the Congress. Last month GAO published its 41 page answer.

What is the answer? I will quote an excerpt of the executive summary.

We determined that the U.S.
government did not systematically collect data and perform analysis on the impacts of counterfeiting and piracy on the U.S. economy and, based on our review of literature and interviews with experts, we concluded that it was not feasible to develop our own estimates or attempt to quantify the economic impact of counterfeiting and piracy on the U.S. economy.

In other words, according to GAO, it is not possible to have reliable data. Nevertheless, the report makes an exhaustive review and analysis of the numerous reports proposing data. Each time, GAO explains the weaknesses in the methodology. The report offers an interesting exhaustive bibliography of existing reports on piracy.

At no moment does GAO take a position if the data are under estimating or over estimating the real data. it just states that there is no reliable way to estimate it. Which is totally logic. How can estimate something that you cannot measure, that you do not know, … Would the institutions have precise knowledge, they would then be in capacity to stop it.

In addition, the report gives a good qualitative analysis of the consequences of pîracy. The “positive” effect is rather anecdotic, although the argument that IT and telco industry did benefit from digital piracy was already claimed by Olivier BOMSEL.

Conclusion: Piracy and counterfeiting arereal. They have negative effects but nobody can give a reliable estimation of the real impact.

SSD accelerates password crack

Posted on by
1

The Swiss company “Objectif Sécurité” was already known for its Ophcrack software. Ophcrack is an open source software that cracks XP/Vista passwords. The originality is that Ophcrack uses rainbow tables. Rainbow tables are data structures, invented by Philippe Oechslin the founder of the company, that drastically accelerate the process of brute force exploration of passwords. Although Ophcrack is open source software, the rainbow tables are not. Objectif sécurité sells these tables.

Objectif Sécurité has designed a new version of rainbow tables optimized to use Solid State Disks (SSD). SSD are blitz fast hard drives using solid state memories rather than magnetic memories. They do not have mobile parts and thus have an extremely fast access. According to Objectif Sécurité, they can crack a 14 character XP password in less than 6 seconds with a rather conventional PC but with 80GB of tables in SSD.

I forgot. The initial requirement is that you have the XP/Vista hash of the user’s password. You can try on their site (don’t use YOUR password hash! :Happy:  ). They have a Web demonstration.