It is available. The topics are:
- the news of the quarter
- Latest attack on WPA
- Attacks on Intel TXT
- Attacks on BGP
- Forging illegal certificated
Good reading
Security Newsletter #12
Reply
Veoh versus Universal Music Group (2)
Last month, a US court ruled that Veoh could not be sued by Universal Music Group (UMG) under DMCA safe harbor. This month, the same court ruled in favor of Veoh, more precisely in favor of its investors. In the Napster case, the investor Bertelsman was sued for copyright infringement. Thus, UMG attorneys expected to do the same to Veoh’s investors.
The Los Angeles judge, A. Howard Matz, reminded that Veoh was not (yet?) yet guilty. Thus, it was impossible to sue the investors for an infringement that is not qualified. In the case of Napster, Bertelsman continued to support Napster once it was condemned. This is not the case.
Some Venture Capitalists will feel better. In these hard time to find money to invest, this may be a good news for VCs. They may take some calculated risks when investing in the Grey area of copyright.
The story of Veoh versus UMG continues.
Security and its unforeseen consequences
First of all, view first this comic.
It is extremely true. How many times did we end up with such things? We may even apply it to AACS. In the right box, put we will let poor developers implement it.
Nevertheless, I would like to highlight another issue with security. Sometimes security as collateral damages. Modern high price cars have sophisticated anti theft system. It may have reduced the number of car theft. Nevertheless, it has also created a new type of crimes: carjacking. The best way to steal this type of car is to wait for his owner to arrive in front of his/her garage or entry door. While he/she waits, violently eject him/her and drive away with the car. These sophisticated anti-theft system have replaced non violent theft by a violent theft. Many car owners have been injured.
Lessons: security may have collateral effects. They need to be analyzed. One more trade-offs to play with.
IFPI report 2009
The annual report of IFPI is always interesting. The 2009 edition has just been released. Its title is exciting: New business models for a changing environment. This year, IFPI put the focus on the new ways to monetize musics. They highlight mainly three main trends:
– Music access, through a subscription, or a package people have free access to a catalog. Nokia offered such service. French ISP Neuf Cegetel runs such service since 2007. For no additional cost, they offer legitimate access to a catalog of nine music genres. For a monthly fee of 5€ (7US$), they provide legitimate access to all universal Music tracks.
– Ad supported services, the deal of mySpace music is important. UGC sites are the new distribution channels of music. Half the most popular streams on YouTube are copyrighted music videos.
– Games, branding and merchandising. The huge success of Guitar Hero is an example. The report provides some example of combined launching of games featuring band music and corresponding release of album.
Thus, music industry is clearly exploring new business models. They have to. DRM free music puts the pressure.
Of course, there is a section on piracy. This year teh focus is on the role of ISP to thwart piracy. France is showcased for its graduated response (known as HADOPI). Our friend Olivier BOMSEL is interviewed. Olivier was member of the French “commission Olivennes” that suggested the graduated response (and many other things)
Nice to read document
Fighting Jessica
In the security newsletter #5, Frédéric Lefebvre presented the research works of Jessica Fridrich. Through analyzing the noise of pictures, she attempts to uniquely fingerprints a camera. Each CCD generates a unique template of noise. Thus, it should be possible to detect if pictures were taken by a given camera.
It seems that this work has been spotted by the community and raised some fears. The site instructables proposes a process “anonymizing” the pictures. Obviously, the author has no serious knowledge of signal processing theory. Some of the tricks are more than questionable. Nevertheless, he is serious. he did not forget the most obvious steps 1 and 6. In step 1, he removes the metadata attached to a picture (How many people ignore or forget that Microsoft documents embed identification metadata?. In step 6, he suggests to use TOR to anonymize the Internet postings.
The lesson is that the community check the latest works of the academic world. Although, they do not necessarily understand the scientific details (thus they may have a wrong estimation of the maturity), they clearly understand the potential consequences and outcomes.
An occasion to read the latest results from Jessica Fridrich? :Wink: Thanks Bertrand
How honest people cheat
One of the mottoes of the Copy Protection Technical Working Group (CPTWG) has always been “Keep honest people honest.” But do honest people stay honest?
I have read an old issue of Harvard Business Review (February 2008). There is an interesting paper from Dan Ariely. Its title is “How honest people cheat.” With his team, he experimented the capacity to cheat of thousands of “honest” people. They were paid for each successfully solved simple mathematical problems. There were 20 problems. The average number of solved problems was 4. In a second experiment, people had to report themselves the number of successful solutions. There was no way to verify the assertions (the paper with the answers had been shredded before). The average correct answers jumped to 6! Compared to the potential maximum of 20, an increase of 2 is really not large.
Other experiences showed that the risk of being caught did not affect the level of dishonesty. A more interesting observation, people were more dishonest when the reward was not directly monetary.
The rough conclusions were that most people when tempted are ready to be a little bit dishonest, but never will become fully dishonest. In front of non monetized cases, people are more ready to cheat because they can more easily “rationalize” or “justify” their cheatings. This last founding can partly explain why people may be ready to download an album through P2P and would not be ready to still it in a shop (even without risk). Probably we may have some similarity between demonetization and dematerialization.
Another conclusion. CPTWG was perhaps right when trying to Keep honest people honest.
Veoh versus Universal Music Group
The beginning of the 2009 has seen an interesting litigation being closed. Universal Music Group (UMG) was suing the video sharing Veoh for copyright infringement. But Veoh claimed to be protected by the DMCA safe harbor act. The safe harbor act does protect service providers against the illegal doing of its users.
UMG claimed that DMCA safe harbor act does only protect for storing bits, not when manipulating bits. Veoh is transcoding the uploaded content in the exchange format. The court decided otherwise. The main argument was that users “signed” term of contract before uploading content. The terms of contract specified that the user agreed not to upload copyright content.
This court decision sets an interesting legal precedent. Will it have any influence on the current battle Viacom versus YouTube?