* Posts by Mike P

7 posts • joined 19 Apr 2007

BioShockers delivered from DRM hell

Mike P

@Jonathan Samuels

Wow, man! Are you a 3rd Reich freak or somewhat? Btw, in 1000, 99.99% of people thought the Earth was flat. So it is flat, then?

>>Being able to install uninstall the software 3 times is sufficient for 99.9% of users.

99.9% ok for most users... most users without children I guess then.

>>The fact is 99.9% of people ARE dishonest if they think they can get away with it, thats human nature.

God, pity yourself. What a prose. Hopefully "Jonathan Samuels" is a nom-de-plume... But I'm afraid you just blew up your chance with that one.

>>DRM has been around for a long time and is here to stay

Yeah. Are you the new Nostradamus? BTW, you just miss this news (http://www.theregister.co.uk/2007/02/06/apple_jobs_drm-free_call/).

But I'm a fool. It's clear now that you're a troll, and I've just been trolled.

American sent to the slammer for faking Windows certificates

Mike P

Er... Did the guy rape someone ?

4 years for just faking stuff? Ok, we must certainly fight counterfeiting and organized crime, but 4 years seems a bit excessive to me. Especially if it is his first time. Not that I have any sympathy for white-collar criminals, these should be nailed on the public place, but I'm not sure this guy is one of those.

The question is I wonder if the same would happen if someone would sell junk food with an "BIO inside" logo sticker? Would he got fined, and jailed, etc? What about a "Genuine OGM" brand? But I forgot, Bush just said that US has the best economy in the world. If only it was true...

Is AV product testing corrupt?

Mike P

The best AV...

... is VirusTotal (http://www.virustotal.com/), and a good backup software in case of infection.

I have a PC since 1991, WITHOUT any AV, WITHOUT any firewall, and NO spreading infection so far (on Win95/98 and now W2K). And still, I used to visit sites like astalavista.box.sk. How? I know my PC very well, detect all strange behaviours, and in particular avoid running any strange exe. It's only since the last 2 years that I'm much more careful due to explosion of malware, and hence I use VirusTotal much more often, but only on files that I decide to scan. I won't let a stupid AV scanning a file that I know for sure it is clean since it is on my PC for years !

AV SW DON'T HELP YOU! They simply fuck up your PC, turning your superb ferrari into a 2CV ! AV are actually the only true viruses on earth, and you ought to pay for it??? What a joke!

I had an infection on the PC on my wife, however protected by commercial AV. An unfortunate visit on a underground cracking site triggered an exploit on IE. Javascript error, with strange title in the windows. Then few sec later, WinXP telling me that PC is at risk because FW was turned off. Then a strange icon on the desktop of a malware detection software that was not installed on the PC before. The app launched automatically, telling me the PC was infected with more > 50 adware, viruses, ... All this in less than 15-30 sec !!!

I shut off the PC, pull the network plug. Restarted the PC, and run the AV. He detected ~20 virus. By comparing the new files on the PC, I noticed there was at least 50 new files that was created in the last minutes before shut off, and the AV only detected LESS THAN 50%. I copied those files to my own PC, and run a online AV scanner on it. The online scanner detected 90% of the files. Two days later, I rescanned the files, 95% was detected online.

The PC was completely unrecoverable !!! How would you trust any AV to correctly clean the machine, when YOU CAN SIMPLY BACKUP-RESTORE IT very easily, with 100% confidence on the result ???

If you understand computer a bit, you don't need AV ! AV simply sucks the power of your PC, continuously scanning and rescanning over and over the same files again and again. I doesn't make sense. Backup-restore and common sense is the best answer. AV are for neophytes and for company PCs only, and yet...

Hacker cracks Netflix copy restrictions

Mike P

Reading the License...

... where it says you have to jump off the cliff if you watch the movie, are you going to do it???

In my country, when a contract terms is illegal, it can be considered void, ie. like the term was never written. You simply plain ignore it.

People following too close the rules, we know what it gives. Remember WW II? Remember Milgram's experiment (http://en.wikipedia.org/wiki/Milgram_experiment) ?

Moreover, what's may be allegedly illegal today (like converting to an MP3, Oh you bad boy!), can well be the standard of tomorrow. Remember the revolution? Your ancestors fought and lost their lifes so that YOU can have more freedom, so please respect them by promoting a bit better that freedom.

Websites could be required to retain visitor info

Mike P

Re: JimC and Justin

JimC wrote:

"Its not really that unreasonable. It seems to be saying that if a court specifically tells a company to retain the log information then they have to..."

Yes it is unreasonable. These guys don't have a single understanding of modern technologies. The court doesn't say you have to retain data, but that "you must suspend your document destruction policy and stop deleting that relevant information." How can you stop something that you are not doing???

Justin wrote:

"It can be retrieved and examined."

You seem to have advanced skills in your field. But you don't have to go that far. It is well known that data can be retrieved and examined from RAM. That's the main purpose of it. But the key point is that RAM is NOT a *medium*. Do s.o. ever has transmitted or carried on data by giving to s.o. else some pieces of RAM??? RAM is a *transient* memory. By definition, every data there is meant to be deleted. Actually, it is so transient that it's content must be refreshed continuously or information would be deleted. And what if server was regularly shut down say at midnight? May be advanced forensics would still be able to "retrieve and examine" data from unpowered RAM, but this is clearly not a standard. Pushing further, may be this court could hire some Shaman to sense the air in TorrentSpy computer room for spiritual remnants of dead IP connections...

Mike P

Guinea pigs are not pigs coming from Guinea...

... the same way "*temporarily* stored" is not "stored". You can't possibly store in RAM, since by essence it is *volatile* memory.

Ok, but let's push further the argument of this clever court:

- When you *speak*, you temporarily *store* your speech in the *air*. Air is a wonderful storage medium obviously, it's a fact known by everybody, in particular by those Hollywood lobbyists that have eaten to much crap movies to distinguish SF from reality. You stored it under the form of pressure waves, very convenient, and undoubtfully persistent.

- Now, when you're subject to a litigation hold, or think you are, or think that may be it's time to consider the possibility of being so, then you suddenly need, are requested to immediately buy a recording device + microphone (preferably encumbered with lots of DRM Hollywood patents and license fees), and glue it to your mouth so that to be sure to store everything you might say (and no, you're not allowed to switch it off when you go to the loo...).

Really clever.

Barclays deploys PINsentry to fight fraud

Mike P

Trend Micro wrong - Sophos better

"Consumer confidence in online transactions and online banking has been waning and better safeguards, such as biometrics or smartcards needs to be considered by other banks,"

Yeah! Thank you for pushing for the technology hype. What about using our brain for 5 secs?

Banking security doesn't need biometrics. Biometrics is for identification only, and in this case it is optional and not sufficient. It is easy to imagine scheme using biometrics (like most scheme today actually) that can't even counter phishing or man-in-the-middle attacks.

To counter 99.99% of current and future internet banking attacks, the only thing you need is a strong transaction authorisation scheme. Authorisation means "signature on the transaction *content*", i.e. integrity protection + non-repudiation.

How to do this? Easy! Example: 1 secure device, 1 secure display (for showing the content) and 1 secure input device (for signature). Like a small calculator with cryptographic keys. You enter the amount, you enter the target account, you enter your password, and you receive an authorisation code. The calculator is the token, the password is the authorisation step --> 2-way authentication.

Now, that is *really* secure! And actually very easy to deploy and use (you can take the calculator anywhere with you).

That banks just keep doing the wrong way is either a proof of their ignorance in the matter or their lack of will to really solve the issue.


Biting the hand that feeds IT © 1998–2021