Security Predictions of 2004

scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."

fp

DRINK!

to all jews

burn in hell, israel

First Post

As lame as this little internet tradition is, I can't believe I caught a /. post with no responses.

I rawk!

Re:First Post

Loser.

Re:Don't put your email address online

What is the name of our planet?

Terra? Gaia? Sol III? La Terre? Sekai? The world?

Whoops... looks like your filter filters out inventive or foreign humans, as well as computers.

GPL CODE THEFT!!?? POST A STORY ABOUT THIS!!

from www.mplayerhq.hu (The home of award winning MPlayer software)

2004.01.03, Saturday :: Another stolen software in Kiss firmware posted by Gabucino It has been brought to my attention, that the now famous Kiss Technology - already in violation of the GNU General Public License - has been confirmed stealing another program which is also completely under the GPL license. The software in question is the high-quality MPEG audio codec, MAD (libmad). This codec is used by a lot of other audio players, like mpg321, a command line MP3 player found in most Linux distributions - including Debian. The strings from the Kiss firmware (matching libmad sources), can be viewed here - but you can also check it for yourself, it's really easy. And if you do: don't be surprised when you run into more strings - which match libjpeg's. 2004.01.03, Saturday :: Kiss Tech comment posted by Gabucino Before I get another 10 mails about this: the GPL.ZIP file which they offer for download on their site contains only the Linux kernel and busybox sources, not MPlayer's! Thanks.

2004.01.02, Friday :: Another GPL violation: Kiss Technology posted by Gabucino Basically Kiss Technology is specialized in particular kinds of media hardware, namely DVD and MPEG-4 players, set-top-boxes, and such. There is nothing wrong with that. However, if a careless user initiates a string search in one of their firmwares: $ strings KiSS_DP-508_FW2.7.4_PAL.iso | grep -A 3 -B 6 MPSub
Microdvd Subrip Subviewer Sami Vplayer Unknown MPSub Subviewer 2.0 Subrip 0.9 Jacosub

Running the same command on the MPlayer binary:

$ strings /usr/bin/mplayer | grep -B 8 mpsub -A 4

L>microdvd subrip subviewer
sami vplayer dunnowhat mpsub subviewer 2.0 subrip 0.9 jacosub

You can also check the subreader.h or the subreader.c files in MPlayer sources. As you can see, the KiSS firmware contains the subtitle formats in the very same order as we do. The thing that really catches the eye is the MPSub format, which is our own subtitle format, which hasn't been used anywhere else so far.

Another nice nit is the "dunnowhat" AKA "unknown" subtitle format, whose name remains unknown for us - thus the naming. It's the same in KiSS' files.

This of course is hardly enough for a proof. What really makes it a one hundred percent stealing is quite obvious: the sscanf() calls which contains the patterns of the subtitle formats known to the subtitle parser, in order to identify the chosen subtitle file.

Corporate Security = Personality Stripping

[http101]

I used to work at HP, yeah, USED to work there. You see, we were subcontracted with a staffing agency to "save the company some money" because the staffing agency would put the job listing out and would only list "some" of the daily tasks and could put a price tag on those tasks. However, once hired, more tasks were piled on the top of what we already had and not given compensation to justify it.

It appears HP wanted to break the contract with the staffing agency, so what they did was put higher restrictions on what kind of media and personal hardware could traverse the building. We were blindly following managers who invoked "no USB media" rules and "no personal hardware" rules. To complicate things, we were denied playing ANY kind of games whether web or local system based games. We were even being denied access to certain websites like /. Yes, forums were not allowed either! If we spoke in jest to any coworker about our job tasks or even saying something to the effect of "I don't get paid enough for some of this stuff I do..." we were severely repremanded. Thank you, Sir, may I have more gruel?

So, to wrap this up, what happened was, HP eventually trimmed enough of us out and opened a support facility in INDIA and paying them 1/5th of what the quality, American-speaking people made. Our lesson here is to keep jobs in the US and stop letting our managers push us around. If I want to bring a USB media stick to work with some soothing music on it so I can relax a little at lunch, I will. If a company looks like a place you wouldn't really want to work, have some balls and tell them, "Thanks, but no thanks, your money can't buy me off - I stand for something more important." I have stopped buying HP products because I believe in America and support the American worker for supporting me. Thank you America!