Token for WoW

Posted on July 7, 2008 by wunderbarb

Blizzard is the first online game that offers a login security equivalent to the one used by enterprises. In the enterprise world, remote workers are used to so called RS tokens to authenticate on their VPN. This token displays a 6-digit random number valid for a few seconds. When logging, user dials in the currently displayed number.

World Of Warcraft (WoW) suffers from account theft. Thus, Blizzard offers similar token that can be purchased for 6.5$. Once the token linked to our WoW account, you are safe against account theft (but not against character death :Wink:).

Professional grade security for entertainment.

Nico, have you already yours?

DRM and Individualized Pricing

Posted on July 3, 2008 by wunderbarb

Michael Lesk, from Rutgers University, attempted to answer why online music stores sell to each customer at the same price. Interestingly, every song is sold at the same price, regardless of its performer. The price of the corresponding CD varies depending on the artist’s fame. Online stores have good profiling of Alice. Thus, they could easily propose a personalized price slightly lower than the price she would be ready to pay. According to Lesk, it is not a privacy issue but a feeling of resentment that frightens the sellers.

One alternative that make price differentiation acceptable is versioning. People accept that a hard-bounded book is more expensive then a paper back. People may accept to pay more for a content they will be able to view several times, than for a content that they will view only once. This is the role of DRM. DRM may allow to decrease the average price by offering different versions. Unfortunately, today DRM is not used for that, probably because it is simpler and safer for merchants to offer one unique price.

Reference of the paper
LESK Michael, Digital Rights Management and Individualized Pricing, in IEEE Security & Privacy, May/June 2008

Is DRM bad for the Earth?

Posted on June 30, 2008 by wunderbarb

:Happy:
In my life, I heard many arguments against DRM. I must confess that this one is the most surprising one. It seems that some professors of US campuses promote the use of eBooks as alternative to traditional paper book or photocopies. One of the arguments is that it is more environmentally sound. To that, we can only applaude.
Unfortunately, there is no universally adopted format for eBooks. Furthermore, they are protected with DRM that are not interoperable. Thus, ebooks are an ecologic but less convenient alternative to paper book.

Conclusion of the paper: DRM is not environmental sound. :Sad:

My personal conclusions are that we urgently need interoperability of DRM. It is the unique feature that will make DRM acceptable to users. Furthermore, for ebooks, DRM must support the possibility of free excerpting. This mandatory for any serious scholastic work.

Wii Homebrew channel (2)

Posted on June 22, 2008 by wunderbarb

The things are going too fast. I reported the launch of the Homebrew Channel. Meanwhile Nintendo issued a firmware update 3.3 for the Wii. It is possible for Nintendo to patch its installed consoles through firmware update. This allows to add new features, repair some bugs, and answer some attacks. The upgrade checking occurs when the Wii is connected to the Internet. This is a main difference with Nintendo DS that does not have such firmware update.

The new upgrade closes the loop hole of Zelda. This hole allow to create the Twilight Hack supporting homebrew programs. Thus, this firmware should stop the homebrew channel. Nevertheless, it seems that the upgrade does not affect the homebrew channel if it was installed before the upgrade.

According to you, who will make next move:

The hackers to circumvent the new firmware?
Nintendo to fully close the hole?

Wii’s afficionados have now their homebrew channel

Posted on June 18, 2008 by wunderbarb

Homebrew applications are applications, often games, developed by hobbyists to run on game platforms (or mobile phones). Wii had already some homebrew applications using a hack so called Twilight hack. Now, it is even more convenient. There is an application that can be loaded as a Wii channel. In other words, through the Homebrew channel, user can play games (or other applications) that were developed and distributed without the authorization of Nintendo. The games can be loaded through SD cards, and even remotely through TCP!

They are extremely well organized with even a Wiki at Wiibrew.org

Ransomware virus (3)

Posted on June 17, 2008 by wunderbarb

Kapersky labs has given up their unrealistic tentative to guess the key used by Gpcode (see blog entry from 10th June). Their conclusion is that the best countermeasure is regular backup.

Nevertheless, thanks to a “common” mistake of the virus’s author, there may be some hope for careless users who did not backup. When encrypting the file, the virus creates a new files that it renames with the expected extension and then deletes the original file. The deletion is not secure. It is common knowledge (at least in the security community) that a simple deletion does not erase the file. It mainly erases the fields in the file system’s indexing tables. Thus, if the data are on the hard disk as long as they are not be overwritten by a new file. If there was not too much activity on the hard drive, typical recovery tools may retrieve the “deleted” files. Kapersky Labs proposes such a tool from the open source community.

No doubt that the author of the virus will add a secure deletion in the new already announced releases of Gpcode. The author claims that he will use stronger algorithm and new keys. Secure deletion is performed by overwriting every bytes of the file to delete with random data several times before removing it. Tools exist that perform such secure erasing

Two lessons:

Backup, backup, and backup
Developers if you want to delete a file, use a secure procedure.

New strategy for RIAA?

Posted on June 16, 2008 by wunderbarb

According to Ars Technica, it seems that RIAA has decided to strike back the current tactic to quash their subpoenas. Many students try to thwart the threat of RIAA’s pre-litigation letter by an escalating strategy of successive motion filings.

The tactic is simple: escalate the fees. RIAA proposes to settle the case for $3,000 after reception of the pre-litigation letter. This settlement fee jumps at $4,000 in case of going in front of the court. If the subpoena is challenged, then the fees rockets at $8,000.

Will this new tactic:
1- reduce the number of challenged subpoenas? Electronic Frontier Foundation (EFF) already challenges this new technique.
2- significantly reduce the amount of downloaded songs through P2P?

In addition to this US strategy, we see more and more legal offers of DRM-free downloads. This is probably the best strategy (If we believe that honest people stay honest.

The blog of content protection

A site managed by Eric Diehl