blog.world3.net

Companies finally getting the new P2P era?

21/03/2008 – 13:59

On the day on which BluRay’s BD+ DRM was cracked, one company seems to have finally understood how to do business in the modern world. Brad Wardell, CEO of Stardock, says pirates don’t matter, and he’s right.

He points to Trent Reznor’s conclusion as the logical way forwards: “[pirates] weren’t customers, they might never be customers, so spending money to try to stop them serves no purpose.” Indeed, just because someone downloads your game/movie/music/book doesn’t mean they would have bought it. As Reznor and many others have discovered, giving away your material for free actually tends to increase sales. After all, I don’t imagine NIN’s latest four CD instrumental album gets a lot of radio/MTV play, so how else are you going to promote it?

Wardell makes another very good point too – that it’s better to make games which run well on the majority of people’s hardware, rather than aiming for the almost mythical hard-core gamer with a top-spec PC. While most gaming and hardware sites are pretty hard-core, most potential customers are not so it makes sense to give them something that doesn’t make their two year old PC look inadequate. Wardell’s comments seem to be born out by his sales figures.

By mojo | Posted in genius | Comments (0)

Precrime and branding innocent children criminals

17/03/2008 – 14:17

From The Guardian: “Primary school children should be eligible for the DNA database if they exhibit behaviour indicating they may become criminals in later life, according to Britain’s most senior police forensics expert.” Gary Pugh is a spokesperson for ACPO, the Association of Chief Police Officers.
Essentially, this is branding children as criminals before they have even committed a crime, before they are even old enough to really understand what what crime is. If you brand a child a criminal, there are well studied reasons why they are more likely to become one.

ACPO seem to have no regard at all for privacy or the right to be presumed innocent until proven guilty. They are constantly trying to take away our fundamental rights.

The usual response is “if you have nothing to hide…” but this case demonstrates very well why everyone has things to hide. Say you have a gene known to relate to aggressive behaviour, should the government know that so they can keep extra tabs on you? Considering you are already more likely to be stopped and searched if you are black, do you think the police are immune to prejudice and stereotyping? Do you trust the police to keep the fact that you are on the DNA database because of a few early childhood fights secret from the press when you want to stand for election or speak out on an issue?

“Of course the people don’t want war. But after all, it’s the leaders of the country who determine the policy, and it’s always a simple matter to drag the people along whether it’s a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger.”

– Herman Goering at the Nuremberg trials

I highly recommend reading the discussion on Slashdot, which for once is quite good.

By mojo | Posted in idiots, politics, privacy, security | Comments (0)

AV company email submission addresses

11/03/2008 – 15:58

I have been trying to compile a list of email addresses to submit samples of unknown viruses to all AV companies in one go. Unfortunately not all have an email address; many rely on web forms. Anyway, here is my list so far:

Lavasoft (AdAware): research@lavasoft.com
Comodo: malwaresubmit@comodo.com
Command: virus@commandcom.com
CA: virus@ca.com
NOD32: sample@nod32.com
F-Secure: samples@f-secure.com
F-PROT: viruslab@f-prot.com
Grisoft (AVG): virus@grisoft.cz
Avira (Anti-Vir): virus@antivir.de
Kaspersky: newvirus@kaspersky.com
NAI: virus_research@nai.com
Norman: analysis@norman.no
Panda: virus@pandasoftware.com
SOPHOS: support@sophos.com
Symantec (Norton): avsubmit@symantec.com
VBA32: newvirus@anti-virus.by
Avast: virus@avast.com
Dr. Web: vms@drweb.com
Ewido (now AVG Anti-Spyware): submit@ewido.net

By mojo | Posted in security | Comments (0)

One more on Phorm

11/03/2008 – 13:34

One more interesting post on how evil Phorm really is. Looks like there is no escape, and best of all if the Phorm servers go down it breaks your internet connection. This might actually be Phorm’s undoing – if browsing speeds plummet as everything has to go through their hardware, customers who don’t even know about it will complain and eventually ISPs will drop it.

(Quoted from http://episteme.arstechnica.com/eve/forums?a=tpc&f=174096756&m=456009490931)

“@Nate Anderson , Author:

Privacy International have not inspected the system. A consultancy called 80/20 Thinking Ltd were paid by Phorm to inspect the system. 80/20 is a private venture run by 2 guys from Privacy International.

Phorm now no-longer reference PI.

Furthermore, as previous commentators have noted, most other tracking tech you can opt-out of by ignoring cookies or stop using [free] web services. ISPs take a fee for their CARRIER service.

The use of cookies gave us a useful insight into a scary reality, for any real tech-heads I’ve written about it here:
http://www.badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?548

Webise/Phorm could possibly break your internet connection!

And finally rumours amongst investors is this is coming to America, with Phorm being in talks with AT&T:
rumour here:
http://www.iii.co.uk/investment/detail/?display=discuss…35&it=le&action=list“

By mojo | Posted in Uncategorized | Comments (0)

Phorm: the smoking gun

11/03/2008 – 13:22

Re-posted with permission from http://www.badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?632. Needs as much publicity as possible.

Many thanks to The Other Steve at the regester message board

http://www.theregister.co.uk/2008/03/10/isps_phorm_comment_target_market/comments/

Hey I said they wer lying to us all the time.

OK PHORM PR GET OUT OF THIS you have been spreading lies over the internet, yet your patent says otherwise.

Posted Monday 10th March 2008 13:36 GMT

http://www.politicalpenguin.org.uk/blog/p,295/

Including information from Etregul’s patent, which at least one of us ought to have thought of, oh well.

Juiciest bits from the patent, because I know you’ll all love this, but go have a look, it’s a truly excellent piece. See if any of this sounds familiar…

“Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein.”

Woops.

“Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed ”

Ouch.

“Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client”

Oh dear.

“As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

Oh Phorm, have you been telling us some MASSIVE porkies or what ?

The patent (linked at the above blog) is pretty dense, as you would expect, and contains plenty more of this kind of stuff. No doubt Phorm’s hapless spinmeisters will be around to tell us that this isn’t the technology they are going to implement NOW, and who knows, they might even be telling the truth*. But Phorm have lodged a patent application for technology that does indeed do all the things they have just assured us that they definitely won’t do, ever, honest, we promise, cross our hearts.

Phail !

Props to Political Penguin for digging this up, looks like a smoking gun to me. Why patent a technology that you aren’t going to use ?

* Really, they might. After all they did have Simon Davies look at it.

By mojo | Posted in networking, privacy, security, Uncategorized | Comments (0)

Traffic shaping with pfSense

10/03/2008 – 18:54

A while back I wrote a guide to traffic shaping with pfSense. The pfSense wiki got broken, so I’m re-publishing it here for posterity. There is at least some useful info about calculating required upload bandwidth for a given download speed.

It is recommened that you use the Traffic Shaping Wizard to create a default set of rules from which to start. The rules the wizard creates can sometimes cope well with VOIP traffic, but need tweaking to accomodate other traffic.

As an example, let’s look at shaping P2P traffic. Assuming you used the wizard, there will be qP2Pup and qP2Pdown created already. When you launch a P2P app, you should see traffic in these queues. They are designed to carry the bulk P2P traffic, which normally slows your connection down. Other generic traffic, like web pages (HTTP), email, IM, VOIP etc will go into other queues.

Initially, the wizard sets all queues to 1% bandwidth. This is not enough. In particular, the queue qwanacks certainly needs more bandwidth if you do a lot of downloading. First, a quick note about ACK packets.

When you download, your computer needs to send (upload) ACK packets. These are basically saying “yep, I got that part of the download OK”. If the computer you are downloading from detects that an ACK has not been received, it assumes that the data was not received and sends it again. The rate at which ACKs are sent back is also used to help determine the maximum speed that you can download data at, so it’s important that ACKs get sent as soon as possible and don’t get dropped in order to keep your downloads flowing fast. Also, repeatedly dropped ACKs can result in dropped connections, web page time-outs etc.

When you download, qwanacks is where the ACK packets your computer sends out go. You need to make sure this queue has enough bandwidth to maintain your downloads. To work out how much bandwidth you need, there are two options. You could simply experiment, keeping an eye on the queue while downloading as fast as your connection will allow, or you could try and work it out. As a rough starting point, an NTL 10Mb/512Kb cable connection needs about 260-270Kb/sec of ACK packets to download at full speed.

Taking the above example, we can see that ACKs can consume 60% of the available upload bandwidth. Thus, qwanacks should have at least 60% bandwidth available (I use 65% for the above). If you set qwanacks like this, you should not see any drops in that queue. However, you will see a lot in qP2Pup, but that’s OK. P2P upload packets are just bulk traffic, not really important so it doesn’t matter if they drop a bit. qP2Pup will now be using what is left of the available upload bandwidth, after qwanacks has used up to 65% of it. You will probably want to increase the bandwidth allowance for qwandef as well, since this is where HTTP requests and other general uploads go, which chances are you want to be higher priority than qP2Pup. Bandwidth percentages need not add up to 100%, but unless you have a very slow connection you don’t need too much for qwandef since it is mainly small requests or the odd few kb of email.

By mojo | Posted in networking | Comments (4)

Avira Labs fail to identify malware, even when the analysis is done for them

10/03/2008 – 18:16

As a follow-up to to my blog post about g-archiver, I submitted g-archiver to Avira Labs (makers of Anti-Vir) for analysis so it can be added to their database. Their web form didn’t have anywhere to add additional information, so I submitted by email instead with a link to the dissection of the code.

Despite being handed it on a plate, they failed to identify the threat:

This demonstrates exactly why you can’t trust anyone when it comes to computer security, even the good guys. g-archiver is a trojan, stealing your login details, but anyone using Anti-Vir or in fact any other AV program wouldn’t know just by scanning it. A test of 32 different AV programs showed they all passed it.

I will submit the file and the analysis to other AV vendors, hopefully eventually some of them will figure it out. I’m more hopeful open source and freeware software like ClamAV and Spybot will take notice.

By mojo | Posted in idiots, privacy, security, software | Comments (0)

Dephormation Firefox Add-On

10/03/2008 – 18:05

A new tool to fight Phorm: http://www.dephormation.org.uk/

This Firefox plug-in cannot stop Phorm from monitoring every web site you visit, reading your web mail (unless you use gmail via secure http) etc but it can at least mess up the tracking system. It’s a start.

What is really needed is a program to randomly surf the net while your PC is idle, filling Phorm’s logs up with rubbish. If enough people did it, their data would become worthless and their ad click rate would drop. Hitting them in the wallet is the only language these asshats seem to understand :(

By mojo | Posted in networking, privacy, security | Comments (1)

UK ISPs allowing Phorm fraudsters to track everyone!

08/03/2008 – 13:53

I was horrified when I read about Phorm. Virgin Media, BT and TalkTalk are teaming up with Phorm to track all web browsing on their networks. The tracking info will be used to spam subscribers with targeted ads. The privacy implications are mind bloggling…

I have already written a few letters of complaint, but it seems what it boils down to is there is no easy way to escape being monitored by Phorm – a company run by a fraudster who used to run the PeopleOnPage spyware. Their business is based on raping users privacy, and they clearly don’t give a damn. They do offer a rather patheitic “opt-out”, but people people who regularly clear their cookies it’s next to useless.

The bottom line is what they are doing is most likely illegal, breeching either the Data Protection Act, RIPA or the Human Righs Act. It seems moves are already under way to bring private prosecutions.

See http://www.badphorm.co.uk for more details. More good info here: Spyblog

So, how can we fight back? Well, aside from avoiding ISPs that use Phorm (not an option for many people unfortunately) tracking can be avoided either by using Tor or signing up with an encrypted VPN provider like Relakks or Perfect Privacy. Using a VPN is probably not a bad idea anyway, as is using OpenDNS, because it ensures UK agencies can’t spy on you without going to a lot of effort. Certainly, it should prevent any causal monitoring or censorship, and of course block Phorm.

I also recommend blocking Phorm cookies by adding the following to your blocked list in Firefox:

*.oix.*
*.phorm.*
*.sysip.*
*.webwise.*

By blocking cookies, Phorm will find it impossible to track your specific browsing habits. They will still see what sites you visit and deliver ads, just not be able to join all the dots.

Also sign the petition at: http://petitions.pm.gov.uk/ispphorm/

By mojo | Posted in idiots, law, networking, privacy, security | Comments (5)

G-Archiver stealing login details – a cautionary tale

08/03/2008 – 12:25

Today’s Coding Horror blog entry is rather disturbing, but not particularly surprising. In short, Dustin Brooks downloaded the free G-Archiver program to backup his gmail account. It didn’t work exactly as he wanted, so he used a .NET disassembler to check the source code. Amazingly, not only were the author’s login details hard coded in, but the program was sending an email with the login details of everyone who used the program to his account!

This kind of security breach is very hard to defend against, because no anti-malware software will detect it. Your firewall will need to allow the program access in order to backup your account. It’s not a virus, and even heuristic scanning probably wouldn’t see much wrong with a program sending emails too. I suppose it would be nice to at least warn the user that the program can do that.

The company that produces the software looks pretty dodgy. I suppose the lesson here is stick to open source software, where it’s hard to get away with that sort of thing.

By mojo | Posted in Uncategorized | Comments (1)
Page 16 of 19« First«...10...1415161718...»Last »
たとえ溺れても梦はゆめでしかない

  •  

    February 2012
    M T W T F S S
    « Jan    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • Meta

    • Log in
    • Entries RSS
    • Comments RSS
    • WordPress.org

  • Categories

    • audio (1)
    • avr (20)
    • BBC (1)
    • electronics (29)
    • genius (4)
    • hardware (22)
    • idiots (39)
    • Internet (21)
    • law (20)
    • microcontrollers (12)
    • networking (17)
    • politics (29)
    • privacy (19)
    • Retro Adapter (5)
    • security (17)
    • software (32)
    • Uncategorized (18)
    • windows (25)

  • Archives

    • February 2012
    • January 2012
    • December 2011
    • November 2011
    • October 2011
    • September 2011
    • July 2011
    • June 2011
    • May 2011
    • March 2011
    • January 2011
    • December 2010
    • November 2010
    • August 2010
    • July 2010
    • June 2010
    • May 2010
    • April 2010
    • March 2010
    • February 2010
    • January 2010
    • December 2009
    • November 2009
    • October 2009
    • September 2009
    • August 2009
    • July 2009
    • June 2009
    • May 2009
    • April 2009
    • March 2009
    • February 2009
    • January 2009
    • December 2008
    • November 2008
    • October 2008
    • September 2008
    • August 2008
    • July 2008
    • June 2008
    • May 2008
    • April 2008
    • March 2008
    • February 2008
    • January 2008
    • November 2005

  • Links:

    Main site: world3.net

    Electronics: denki.world3.net

WordPress | Sandbox