Slashdot Mirror
MPAA Opens Anti-filesharing Website
PontifexPrimus writes "The MPAA's new advertising campaign against movie piracy has a home on the internet. Did you know that 'Network users have a back door to your hard drive while you're online, thereby seeing your personal, private information, such as bank records, social security number, etc.'? Learn about the dangers of filesharing!"
In case this pathetic site (or routes to this pathetic site) get slashdotted, here is a mirror to the main page, but it's mostly flash so it probably won't do much good. Here is a mirror to just that one popup mentioned in the article. Like we're really going to need a mirror for all this...but hey. Just in case.
Actually, the Windows Media Player has had several known buffer overflow problems. A carefully chosen media file could therefore exploit this buffer overflow to execute malicious code after the buffer overflow error is encountered. Although I am unaware of any such bugs in other media viewing software, I am sure that they exist.
--Be human.
Maybe they're using that same ISP that the RIAA uses (Tomorrow's Solutions Today, Inc), but after further investigation, they are on Ware(z)net, but of course we'll have to put this bit of information in (not that they have learnt from the RIAA but..) Windows 2000 - Microsoft-IIS/5.0 and for those who havent checked netcraft, it's also running on the same ip as mpaa.org
... and since Microsoft Internet Explorer is also part of the operating system it must be secure too, right? Unfortunately some rogue "experts" are tying to prove otherwise but don't trust them! Those infidel bastards!
MSIE and programs embedding its MSHTML engine are totally secure and trustworthy, mkay!?
As far as I was aware, the majority of the "crew" for the films are paid a flat rate before the movie goes out. Then specific people (mostly the copyright holder.. aka the company aka its shareholders/execs) get a cut of any profits from boxoffice/dvd/vhs.. I know the director and actors usually do get a slice of the profits depending on their contracts etc.
Obviously I do not know the actual payment structure of the whole movie industry and am making some guesses. Downloading the movie and not paying to see it/buy it on dvd is wrong. I believe artists/actors/directors should get paid for their skills, which is why I will pay to see the movies I like the look of and/or will buy the dvd.
There is a more serious MP3 buffer exploit in the Windows Shell of Windows XP (including SP1). All you have to do is hover the mouse pointer over an MP3 or file with a corrupted ID3 tag to trigger the exploit. Sure, that may not be the easiest way to spread a virus or a backdoor trojan, but what about code that simply formats your hard drive? I'm sure there are plenty of trojan EXEs that will gladly re-format your HD; now what if hovering your mouse over an MP3 could have the same effect? That would be a great method for "destroying" filesharers' PCs a la Senator Orrin Hatch.
Microsoft is quite innovative in the field of security. They find ways to open up exploits in all kinds of data formats that were previously thought to be safe: MP3s, WMAs, E-mail, etc. (Okay, that was a bit of a troll and extremely unoriginal, but what the hell.)
also, the respectcopyrights.org website was mentioned sometime ago on slashdot:
http://slashdot.org/comments.pl?sid=72066&cid=6504 160
In real life, I run a movie theatre.
At the tail end of last week I received trailers for "Anti Piracy PSA" from "respectcopyrights.org". No explanatory note or anything came with the trailers; they were just tossed in with my regular shipment from the film warehouse.
So I guess you can expect to see these trailers soon at a theatre near you; I'm sure I'm far from the only one who got them.
If you're a zombie and you know it, bite your friend!
9 Linux vunderablilites in the last month
2003-07-29: Linux Kernel 2.4 XDR Packet Handler For NFSv3 Remote Denial Of Service Vulnerability 2003-07-24: Linux /proc Filesystem Potential Information Disclosure Vulnerability
2003-07-24:
Linux Kernel MXCSR Handler Unspecified Vulnerability
2003-07-24:
Linux TTY Layer Kernel Panic Denial Of Service Vulnerability
2003-07-22:
Linux Kernel Route Cache Entry Remote Denial Of Service Vulnerability
2003-07-22:
Linux Kernel Fragment Reassembly Remote Denial Of Service Vulnerability
2003-07-22:
Linux Kernel IOPERM System Call I/O Port Access Vulnerability
2003-07-22:
Linux Kernel Privileged Process Hijacking Vulnerability
2003-07-22:
Multiple Vendor Network Device Driver Frame Padding Information Disclosure Vulnerability
There is no god
Ah, Spider-Man. Now that is a pirated movie:
The original scriptwriter sued Sony for ripping off his script.
Marvel sued Sony for hijacking the character of Spider-Man and trying to make it sound like a Sony creation.
The actual creator of Spider-Man, Stan Lee, sued Marvel for not getting his fair share of the movie profits.
That is all allegedly done by Sony, a MPAA member, and Marvel, a major comic book publisher.
The above allegations, if true, are a drop in the bucket of all the things the members of MPAA and RIAA and done in the last few decades to rip off artists, each other, and the general public. It sounds to me like they need to clean up their own acts before they start worrying about the security of file-sharers' PCs.
Bells are ringing: Mothra, Mothra! Every heart is calling: Mothra, Mothra!
Come on, Tok Wira, these sharks have gotta pay! New Kirk calling Mothra, we need you today!
" I saw in the theatre (T3) had a commerical for one of the local broadband providers with the tag line "listen to music online". Talk about mixed messages eh?"
Not really. Go download Winamp and you can listen to streamed music legally and for free.
"Derp de derp."
Slightly OT, but you have no idea how bad ads can get in the movie theatre. At one of the theatres in NYC, the UA Union Square to be precise, there is something called "The Twenty." It's this "hip, new" (their words) reason to come to the movies early to see (sit down) twenty minutes of ads, music video and TV show previews, and "short films" that are really ads for television networks. Imagine twenty minutes of commercials, BEFORE the previews, coming soon to a theatre near you.
Let's get drunk and delete production data!
While you're rgiht that Linux is not perfectly secure, you must admit that those are rather different classes of vulnerability. The two Windows ones were a remote root exploits in the default configuration, and a root exploit that could be easily used by a webpage/email. The Linux ones were mostly DOS vulnerabilities, most of which would require substantial access (ie, a shell account or more) to exploit, and many of which are not present in a standard configuration (eg, you have to have NFS turned on).
I would say that considering the kinds of vulnerabilities we're talking about, Linux's track record is at least as good as Windows' in this department.
I hereby place the above post in the public domain.
If I loan my car to a friend and he gets drunk and runs someone over, am I at fault?
In some states, at least, if you lend your car to your friend, knowing that he is drunk, you can be charged with a "permissive DUI". I very nearly got one for my fiancee by driving her car drunk. I recommend NOT trying it.
"I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
Those were all dead links.
/proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information.
s/yro.slashdot.org/www.securityfocus.com
1.Linux Kernel 2.4 XDR handler routines for NFSv3 have been reported prone to a remote denial of service vulnerability.
The issue presents itself in the XDR handler routine contained in the nfs3xdr.c kernel source file. The issue is due to a signed/unsigned mismatch, when processing the size field of an XDR packet.
A remote attacker may exploit this issue to trigger a kernel panic and deny service to legitimate users of the system.
2. A potential information disclosure vulnerability has been reported for the Linux
3.The Linux Kernel MXCSR handler code has been reported prone to an unspecified vulnerability. The issue presents itself when low-level MXCSR kernel code encounters a malformed address. It has been reported that the MXCSR code fails to sufficiently handle malformed address data and will leave garbage in the CPU state registers. Although speculative, it has been conjectured that this issue may allow an attacker to trigger a denial of service condition. Although unconfirmed other attacks may also be possible.
4.A vulnerability has been reported in the TTY layer that may result in a kernel panic. The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.
5. It has been reported that the Linux kernel does not properly handle a low volume flood of some types of traffic. Because of this, an attacker may be able to cause excessive consumption of resources and failure to route traffic.
6. It has been reported that the Linux kernel does not properly handle some specific types of network traffic. Because of this, an attacker may be able to cause excessive consumption of resources with malicious TCP/IP packets, resulting in a denial of service.
7. A vulnerability has been discovered in the ioperm system call for Linux. Due to a programming error, permissions may not be correctly configured on I/O ports used by a process. As a result, an unprivileged local user may be capable of reading and writing to I/O port addresses which they would not normally have access to.
8. A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes. This vulnerability affects both the 2.2 and 2.4 Linux kernel trees.
9. Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers do not do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across ethernet segments. As the ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked. Cisco has state
Why, o why must the sky fall when I've learned to fly?
OK, now I'll respond to the 2 vs. 7 post and i'll entitle it: "Lies, damn lies, and Statistics."
First off, you've got the kernel source, and anybody can look for bugs.
Second, you are encouraged to report bugs in linux so that they will be promptly fixed. Microsoft asks that you inform only them and if you tell the world, then Microsoft will likely get mad at you.
Third, what is the bug comparision total over the long term? A lot of the bugs you stated were similar and one was a vendor driver problem and only one gave the user root access.
In conclusion, bug count totals are meaningless when used in comparison, much like counting lines of code. They only speak of the quality of the code along with other factors.
The fact is linux is designed with security in mind, and windows is not. Even microsoft people say so. Linux is updated much more frequently than windows, and new kernel roll outs are simple. Windows is closed source and bugs reporting is discouraged and may be illegal under the DMCA.
I would then expect Linux to have more bugs reported, but that says nothing about the number of bugs present in windows. And as other posters have said the linux bugs are predominately unlikely to work remotely, and even if they did, only a couple are root cracks the rest are DOS bugs.
Why, o why must the sky fall when I've learned to fly?
I've already got my personal rebuttal and thoughts written down.
Colin Dean Go a year without DRM
Microsoft != MPAA
After all, isn't that the orginization we are here to bash?
The Studios may at any time revise these Terms and Conditions by updating this posting. You are bound by any such revisions and should therefore periodically visit this page to review the then current Terms and Conditions to which you are bound.
They could revise the terms at any time and I'd be bound to them!
Yikes!
I'd better take their advice and periodically go back and get a fresh copy of their terms. What do you think...is every 100ms is periodic enough? Of course, if they could change them at any time I might miss a short lived change. Maybe I'd better check back every 10ms.
-- MarkusQ
Well, good to know someone has a parody site up at DISRESPECTCOPYRIGHTS.ORG, huh?
Done.
My Greasemonkey scripts for Digg &
Godwins law doeesn't say anything about winning or losing - it merely states that at some point in any heated internet discussion someone will mention the Nazis. At this point the conversations/argument no longer has anything useful to be said and has most likely become a slanging match.
There is nothing about winners or losers.
Read all about it: http://c2.com/cgi/wiki?GodwinsLaw
1. printf is undeclared
2. stdio.h is not bug free
3. compiler bugs
-Turkey
Acronym Finder. It works better than you'd think. And it can give you multiple meanings, not just the one most popular one.
Sick of people knocking on Gentoo's greatness in completely unrelated