TorrentSpy fighting the MPAA!: TorrentSpy a torrent search engine who is in takedown war with the MPAA is not laying down, they are fighting back and I think they have a pretty good chance of getting the case dismissed…. They don’t create torrents they only track them. If you read the motion you will understand that they have some legal precedence on this one and are likening themselves to Google. The recent Supreme Court decision handed down on Grokster may end up being their deciding factor depending on how the judge interperts the higher court ruling. The MPAA has been getting sites taken down with their broad interpertation of that same ruling.
Browsing Posts published in March, 2006
Interview: Theo de Raadt of OpenBSD:Theo de Raadt is the project leader for OpenBSD, a Unix-like operating system. We spoke with Theo about the upcoming release of OpenBSD, 3.9, the financial state of the project, and about companies that profit from free software without contributing back.
An Interview With The Router Man:Angry_Admin writes “For Network World’s 20th anniversary, they’ve published an interview with William (Bill) Yeager, the creator of the multiprotocol router, with some history on how Cisco came to be. As he says in the interview : ‘This project started for me in January of 1980, when essentially the boss said, ”You’re our networking guy. Go do something to connect the computer science department, medical center and department of electrical engineering.“’ 6 months later he had his first working 3MBit router shoved in a closet.”
Totally Random One Time Pads:liliafan writes “Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure.”
Using Top More Efficiently (29 Mar 2006):Introduction to using the utility Top.“Among many monitoring tools that available, most people use ”top“ (a part of procps package). Top provide almost everything we need to monitor our system’s resource usage within single shot.
Multiple live CDs in one DVD (29 Mar 2006):This is a very cool idea.“Live CDs do a great job of advertising Linux distributions. In addition to general-purpose live CD distributions, there are lots of task-oriented live CDs. Wouldn’t it be great if you could carry multiple live CDs on one DVD disc? Nautopia.net has put up a script that you can use to make a custom DVD to boot multiple live CDs.”
DNS Hackers Target Domain Registrars:
Linux is a powerful and popular operating system kernel. That popularity means you might be running it even if you’re not a dedicated Unix administrator or high-powered programmer. That doesn’t mean that rock-solid security is out of your reach, though. Aaron Brazell shows how to make Red Hat 9 (and other Linux distributions) much more secure in a few easy steps.
LXer has an interesting look at the big three operating systems with some surprising results. From the article: “If you think that a Linux advocate cannot make an objective analysis of desktop operating systems, then you need to read this report. You may find yourself surprised with some brutal honesty that leaves out the free software philosophy.”
Forgotten Password Clues Create Hacker Risk:
Meet the Botnet Hunters:An anonymous reader writes “The Washington Post is running a pretty decent story about ‘Shadowserver,’ one of a growing number of volunteer groups dedicated to infiltrating and disabling botnets. The story covers not only how these guys do their work but the pitfalls of bothunting as well. From the article: ‘Even after the Shadowserver crew has convinced an ISP to shut down a botmaster’s command-and-control channel, most of the bots will remain infected. Like lost sheep without a shepherd, the drones will continually try to reconnect to the hacker’s control server, unaware that it no longer exists. In some cases, Albright said, a botmaster who has been cut off from his command-and-control center will simply wait a few days or weeks, then re-register the domain and reclaim stranded bots.’”
DHS Privacy and Integrity Report: Last year, the Department of Homeland Security finally got around to appointing its DHS Data Privacy and Integrity Advisory Committee…. On March 7th they published their “Framework for Privacy Analysis of Programs, Technologies, and Applications.”This document sets forth a recommended framework for analyzing programs, technologies, and applications in light of their effects on privacy and related interests. It is intended as guidance for the Data Privacy and Integrity Advisory Committee (the Committee) to the U.S. Department of Homeland Security (DHS). It may also be useful to the DHS Privacy Office, other DHS components, and other governmental entities that are seeking to reconcile personal data-intensive programs and activities with important social and human values.It’s surprisingly good.I like that it is a series of questions a program manager has to answer: about the legal basis for the program, its efficacy against the threat, and its effects on privacy…. Do the benefits of the program…justify the costs to privacy interests….?“I think this is a good starting place for any technology or program with respect to security and privacy.
Who owns the Internet pipes?:Ben Worthen of CIO has an interesting post about who in the context of the Net Neutrality debate. He worked with Lumeta’s chief scientist Bill Cheswick to create a map of the North American Internet backbone, including 134,855 routers, colored by telecom company (Verizon, AT&T, Qwest, Level 3, Sprint Nextel, cable companies, smaller players).Worthen concludes that while AT&T and Verizon have [...]
Who owns the Internet pipes?:Ben Worthen of CIO has an interesting post about who in the context of the Net Neutrality debate. He worked with Lumeta’s chief scientist Bill Cheswick to create a map of the North American Internet backbone, including 134,855 routers, colored by telecom company (Verizon, AT&T, Qwest, Level 3, Sprint Nextel, cable companies, smaller players).Worthen concludes that while AT&T and Verizon have [...]
Today I want to talk about the role of encryption.Scenarios for network discrimination typically involve an Internet Service Provider (ISP) who looks at users’ traffic and imposes delays or other performance penalties on certain types of traffic…. For example, if the ISP wants to penalize VoIP (Internet telephony) traffic, it must be able to distinguish VoIP packets from ordinary packets.One way for users to fight back is to encrypt their packets, on the theory that encrypted packets will all look like gibberish to the ISP, so the ISP won’t be able to tell one type of packet from another…. The ISP would see nothing but a bi-directional stream of packets, all encrypted, flowing between the user’s computer and the gateway.The most the user can hope for from a VPN is to force the ISP to handle all of the user’s packets in the same way…. The ISP can back down, by easing off on discrimination in order to keep the user happy – or the ISP can call the user’s bluff and hamper all or most of the user’s traffic.But the ISP may have a different and more effective strategy…. If the ISP imposes jitter on all of the user’s packets, the result will be a big problem for VoIP apps, but not much impact on other apps.So it turns out that even using a VPN, and encrypting everything in sight, isn’t necessarily enough to shield a user from network discrimination.
RFID Tags Could Carry Computer Viruses:
Canon EOS 30D Preview
Security Flaws Could Cripple Defense Network:An FCW.com article about the uninspiring future for the Missile Defense System’s software…. From the article: “The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement ‘was not in the contract.’ The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.
Wired and Wireless At the Same High Speed:Roland Piquepaille writes “The next generation of optical networks needed to satisfy our appetite for bandwidth is currently under development. And researchers from Georgia Tech have built a new architecture which delivers super-broadband wired and wireless service simultaneously. This hybrid system ‘could allow dual wired/wireless transmission up to 100 times faster than current networks.’ In fact, this optical-wireless network can carry as many as 32 different channels, each providing 2.5 gigabit-per-second service to your home or your office. And companies such as NEC and BellSouth are already working on such hybrid optical-wireless communications networks.”
Power Analysis of RFID Tags: This is great work by Yossi Oren and Adi Shamir:Abstract (Summary)We show the first power analysis attack on passive RFID tags…. While the specific attack described here requires the attacker to actually transmit data to the tag under attack, the power analysis part itself requires only a receive antenna. This means that a variant of this attack can be devised such that the attacker is completely passive while it is acquiring the data, making the attack very hard to detect. As a proof of concept, we describe a password extraction attack on Class 1 Generation 1 EPC tags operating in the UHF frequency range…. The main significance of our attack is in its implications any cryptographic functionality built into tags needs to be designed to be resistant to power analysis, and achieving this resistance is an undertaking which has an effect both on the price and on the read range of tags.My guess of the industry’s response: downplay the results and pretend it’s not a problem.
