Poke Walker: a brilliant idea against piracy

Posted on by
Reply

We are currently flooded in France with advertisement for the Poke Walker that is shipped with Nintendo’s Pokemon HeartGold and SilverSoul games. These are the latest sequels of game of the Pokemon family for Nintendo DS.

The Poke Walker is a small pedometer that can download a pokemon from a Nintendo DS. In other words, you carry your pokemon with you. You may say: “Nothing new, just take your DS with you.”. But the difference is that the more you walk with your poke walker, the more points your pokemon will gain. And of course, the poke walkers can communicate gaining some new points.

This is simply brilliant, for at least three reasons:

  • Against piracy; the poke walker is only delivered with the legit games. No way to purchase a poke walker without buying the actual game cartridge. When you know the pervasiveness of R4 (and likes), this is an extremely good answer.
  • It obliges your kids to walk, run, move… Good answer to people who complain that video games turn our kids in sedentary zombies
  • You have to communicate with other poker walkers; once more, a good answer to detractors against no life players
  • Business wise; a good illustration of the network effect.

This is an excellent answer to piracy. Unfortunately, it works only on this game.

I know that the news is somewhat out-of-date. It was launched in the US last summer. But my kids are not pokemon players  :Happy:

SF: The complete Amber Chronicles

Posted on by
Reply

In my last post about SF, I discussed about the first saga of Zelazny’s Princes of Amber. At that time, I had an open point about the sequel of the saga.

During my last trip to US, I purchased the Great Book of Amber which collects the ten books. The five first books recounted the story of Corwin of Amber. The five last books recount the story of Merlin, son of Corwin and Dara of Chaos! Merlin inherits of the power of the “¨Pattern” (La Marelle for the French readers) and of the “Logrus”. The “Logrus”,one of the many new elements in the story, is the alter ego of the “Pattern” for Amber.

I am a real fan of Zelazny, but I must admit that the sequel is not as thrilling than the first saga. This second saga adds new actors, new artifacts… THe saga has not high consistency. For instance, the Ghost Wheel is a computer that handles the shadows. Its role is unclear and clearly fuzzy at the end (Probably a wink to an earlier book “Jack of the Shadows” that opposed magic and science). The ghosts may have been some inspirations to the authors of the matrix. The end of the saga is, honestly, extremely deceiving.

Last point for the French readers: I had a lot of pleasure to read the first saga in its original version. Just do it.

Conclusion: Corwin Yes, Merlin No

Airport, laptop and computers

Posted on by
Reply

After my last travel (I hate volcanoes  :Mad: ) I noticed a funny point. For now several trips, I am carrying with me a very small computer that hosts many demonstrations. This is in addition with the laptop. At airport screening, I systematically take the laptop out of the brief case, and put it on the belt for X RAY. I always forget to do the same with the small computer. Guess what? Never, and in country, I was asked to place the tiny computer on the belt out of my luggage.

Obviously, this surprised me. Personal brainstorm… Why are laptops screened out of the luggage? Not to check if they carry a bomb. Within or outside the briefcase, it would change nothing on the X ray. Then why? Next time, watch the monitor. Electronic equipment is rather impenetrable. You may not see what is lying beneath this equipment, for instance a weapon or a bomb. Laptops have a rather large footprint and thus may hide weapons.

But why did the officers not check my computer? Its physical footprint is a small square that may hide a small gun or a knife. Why no check? I guess that the officers have been trained to look for laptops, i.e. a given form factor within a range of size. My small computer does not fit inside this category, thus passes through.

Lesson: Educate the people about the rationales behind a security measure. Only then may they apply the security rule intelligently.

May be somebody has a better explanation (and less distressing)

Facebook – Another breach in the wall

Posted on by
Reply

This is the title of a presentation that George Petre gave recently at the MIT spam conference. George is the head of the Threat Intelligence Team of anti-virus company BitDefender.

His team experimented the use of social networks as spam vector. And the results are impressive (frightening?). Social networks are great for spams.

One of the side results of the study is the evaluation of user acceptance of new ”friends”. They created three types of profiles. The first one had the minimal allowed details (without picture), the second one had a picture and some more details and the third one was extremely complete.

Just one hour after starting to add people to each profile, we managed 23 connections with the 1st profile, 47 with the 2nd profile and 53 with the 3rd profile.

Amazing! You don’t even not need to be a social engineer.

And of course, once you are a friend, people have a natural tendency to trust you and accept any of your proposed links.

The full paper is available here. If you are worried about social networks, read this paper and you will be even more worried. The remedy seems simple: accept as friend only people that you know and trust. Unfortunately, this is contrary to the drive to have a high score of friends.

Security Newsletter #15 is available

Posted on by
Reply

The new issue of the Technicolor Security newsletter is available. It comes with a new skin that fits our new branding: Technicolor.

I am proud that our guest was Bruce SCHNEIER. I suppose that I do not need to introduce him. As usually, we invite sometimes people who do not totally share our view. Obviously, Bruce’s position on DRM is not aligned with mine. Nevertheless, exchanging points of view is how the world evolves.

The other topics are the TLS renegociation vulnerability, a presentation about free DNS topic and the last part on forensics.

Hoping that you will enjoy reading it.

Next issue is due in June 2010

Do people care about privacy? Blippy

Posted on by
Reply

Privacy is a hot topic. Many people fight to preserve our privacy. On the other side, many people build services that destroy this privacy. According to me, social networks are among the natural predators of privacy.

I went through a new site: Blippy. First, I thought it was a joke. But no, it is real. And some serious reviewers (such as techcrunch) appreciated it.

Blippy proposes to display every purchase you will do with one credit card. It provides the details of the transaction: when, where, how much and the details of the purchase. The objective is that people discuss with you about your purchases such as asking for evaluation, tips or giving advices.

Where is the problem? Social Engineering!! Tell me what you buy, and I will have a far better knowledge of who you are, a rough estimate of your incomes… If you purchase travel tickets, I will know when you will not be at home… Are people who subscribe to this site aware of this risk?

Of course, the site has a section about privacy. It is worth reading!

Would you enroll on such sites?

Privacy notices as “Nutrition” Label

Posted on by
Reply

Reading privacy notices on online sites is a difficult task. Currently, they are displayed in lengthy textual pages with legal mambo-jumbo. How many brave people try to complete this unpleasant reading? I suppose that excepted privacy lawyers, quiet nobody.

As a consequence, people give up their privacy and accept the privacy rules without knowing what they are.

Under the lead of Cranor Lorrie, a team of researchers from Carnegie Mellon propose in a paper to be presented at CHI10 an interesting approach: Let’s display the privacy policy in a way similar to nutrition labels.

We are now all familiar with nutrition labels that allow you to have a look at carbs, proteins… (at least if you are concerned about your figure and/or health  :Happy:  ). They propose a table which rows indicate the potentially collected data whereas each column defines the potential use. The cell has five color codes: Will use, opt in, opt out, will likely not use, will not use.

They compared different forms of policy displays. Guess what? The standardized privacy label won.

This proposal is clearly a progress. Now, a more worrying question: how many people would choose their social network depending on the privacy policy? How many people would not join the latest buzz hot need-to-be social network due to privacy issues? I’m afraid not so many.  :Sad:

Nevertheless, people would have at least the possibility to choose. This would be better than the current situation.