Slashdot Mirror

← Back to Stories (view on slashdot.org)

Leaks Prove MediaDefender's Deception

Posted by ryuzaki0 on from the well-lookie-there dept.

Who will defend the defenders? writes "Ars Technica has posted the first installment in their analysis of the leaked MediaDefender emails and found some very interesting things. Apparently, the New York Attorney General's office is working on a big anti-piracy sting and they were working on finding viable targets. It also discusses how some of the emails show MediaDefender trying to spy on their competitors, sanitize their own Wikipedia entry, deal with the hackers targeting their systems, and to quash the MiiVi story even while they were rebuilding it as Viide. Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."

52 of 230 comments (clear)

  1. Mixed feelings... by KingSkippus · · Score: 4, Insightful

    You know, I hope people keep this incident in mind if they are considering going to work for a disreputable company, a company whose primary missions is screwing people, especially when those people that are being screwed have a Robin Hood-like reputation and are a lot smarter than you. The sad fact is that there will undoubtedly be a lot of collateral damage due to this episode. As pointed out in the Ars Technica article, a secretary who happened to be working for MediaDefender whose worst crime was answering phones and getting coffee for his or her bosses now has the social security number, home address and phone number, and salary information out there for everyone to download and look at.

    I think that an even worse fallout of all this is that companies are going to be even more anal about stuff like e-mail policies and such. At my company now, they content-block us from accessing Gmail. I'll be that companies will start doing crap like blocking employees from even sending e-mail to Gmail now, the attack vector that allowed these e-mails to get leaked.

    But still, even after having said all that, I love it when an evil company doing evil things gets their due like this. It's entirely possible that MediaDefender might go out of business because of this. If you're one of their customers whose detailed contract information got leaked, how likely are you to do business with them again? Although it occurred in a totally scummy way that I just can't endorse, I can't deny the end result of big media companies being a little more skittish to hiring these outfits to do their dirty work is a Good Thing.

    1. Re:Mixed feelings... by dc29A · · Score: 4, Informative

      MediaDefender wasn't only screwing people. They were screwing their clients as well (the big labels). I read a few of their emails, and one particulary caught my attention. I think Universal asked MD to produce stats about illegal downloads after they started another wave of lawsuits to see if these lawsuits have any effect on downloading (they were hoping it goes down).

      One MD scumbag then forwards this email to his lackeys and he adds: "If you want a good laugh" to the forwarded mail.

      These scumbag know that what they are doing is worthless, it doesn't stop piracy, but they both piss off users and rip off their own clients.

      They also received one confidential study from a think-tank in Washington DC, the nice presentation had some extremely disgusting stats: only about 17% of the piracy comes from illegal downloads, the vast majority comes from people borrowing CDs ... so much for the MAFIAA's claims.

    2. Re:Mixed feelings... by lanswitch · · Score: 5, Insightful

      Most businesses are in the business of making money, bottom line
      and at the bottom line you'll only find the bottom feeders.

    3. Re:Mixed feelings... by badenglishihave · · Score: 5, Informative

      I do find it funny that people will be paranoid about GMail now... the only reason these MediaDefender-Defender guys got in is because they knew the password. Perhaps GMail is more insecure than other email providers; however, afaik they didn't hack into his account, they just found out his password from another site and used it to log into his email. Not exactly GMail's fault.

    4. Re:Mixed feelings... by yoder · · Score: 3, Insightful

      "and at the bottom line you'll only find the bottom feeders."

      Spot on. Granted, businesses are there to make money, but unless they employ only robots, there is a human factor there as well. Oversimplifying this to the point that "money trumps everything else" is exactly how these companies get into such shitloads of trouble.

      --
      "In a time of universal deceit, telling the truth is a revolutionary act!" -- George Orwell (Eric Arthur Blair)
    5. Re:Mixed feelings... by discogravy · · Score: 2, Interesting

      congrats on not understanding strict security policy. you are the type of person who let this miivi/media defender thing go down: the guy who is technical enough to get around the security measures put in place to avoid things like this happening.

      --
      FreeBSD for the impatient.
    6. Re:Mixed feelings... by renoX · · Score: 2, Insightful

      Sigh, I wonder how this got moderated insightful?

      What MediaDefender does is making the download of real files difficult by seeding false files and gathering data on downloaders for statistics and maybe also for prosecution.

      A client wants to know if the lawsuit stopped people from downloading so they provide statistics to see by how much, how is-it 'ripping off their client'?

    7. Re:Mixed feelings... by TheVelvetFlamebait · · Score: 2, Interesting

      These scumbag know that what they are doing is worthless, it doesn't stop piracy, but they both piss off users and rip off their own clients.
      Why is a measure to curb piracy always "worthless"? Just because piracy won't stop tomorrow doesn't mean the approach is bad, or that it isn't making a difference. We still haven't eliminated crime, yet we still pour government funding into police. We can't cure a plethora of diseases, yet we still try to treat them. Why is it always so black and white?
      --
      You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
    8. Re:Mixed feelings... by the_lesser_gatsby · · Score: 2, Interesting

      Maybe because the MD's actions on receiving the email was to forward it to his employees with a cover message that basically insulted his customer and implied that he knew that what he (or the customer) was doing was worthless.

      At the very least it's rather unprofessional behaviour. I won't go into how unprofessional it is to have your company's emails leaked onto the internet...

    9. Re:Mixed feelings... by Anonymous Coward · · Score: 3, Insightful

      Yeah, because the Holocaust is roughly comparable to MediaDefender. Do you have any respect whatsoever for the 10 million people who died at the hands of the German government?

      Following orders to gas somebody is one thing. Following orders to make coffee and answer phones is another. One involves the murder of ten million jews. The other involves a fresh pot of joe.

      If you have any sense of perspective whatsoever you'd see that there's a pretty important difference.

    10. Re:Mixed feelings... by Sloppy · · Score: 2, Interesting

      Why is a measure to curb piracy always "worthless"?

      When that's really all it's about, it's not worthless. But these guys aren't working on the problem of curbing piracy. The only way to curb piracy is to make ethical arguments (to the pirates) about the consequences of taking without paying -- the effects of denying patronage to artists (e.g. causing people to simply give up, causing some to "sell out" and seek dubious/compromising sources of funding, etc). These guys just put up minor roadblocks but don't actually give anyone a good reason to not pirate. Perhaps they are making piracy slightly less attractive compared to purchasing, but whatever they do is going to be so minor that the ill will it generates (and long term: technical resistance) counteracts it.

      Also, one can't help look at these people, without thinking about the snakeoil salesmen who sell DRM to the media companies. DRM causes piracy, and loss of goodwill and revenue to whoever implements it -- the tangible costs to the snakeoil salesmen aside. There's simply no upside, and lots of downside. DRM truly is [less than] worthless, and these guys efforts are going to be tarnished by association, no matter how unfair, because they're going to be seen as part of the same overall misguided strategy. (That strategy being: telling potential customers "fuck you, we don't want your money.")

      Funding police isn't like that. Funding police generally doesn't increase crime, unless you've got corrupt cops.

      The comparison to disease treatment is more interesting, though, in that it evokes images of antibiotic-resistant pathogens. It's possible that these guys' attempts to sabotage communication will result in sabotage-resistant protocols (using signatures and distributed reputation systems, for example). But even in the treatment of disease, it's known and understood that you have to fight it all the way, and using a weak antibiotic ineffectively is a bad idea. That sounds a lot like what these guys are doing. They're training resistance, without actually making the effort to win.

      The xxAA's money would be much better spent on education/propaganda (call it whatever, depending on your point of view ;-).

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    11. Re:Mixed feelings... by gobbo · · Score: 4, Insightful

      Granted, businesses are there to make money, but unless they employ only robots, there is a human factor there as well. Oversimplifying this to the point that "money trumps everything else" is exactly how these companies get into such shitloads of trouble.

      Yes, and more: Businesses are not there just to make money, I'm getting tired of this old trope. It's like saying Humans are there to make more Humans.

      Enterprise means getting things done, making stuff, acheiving goals. Businesses are there to do things and compensate their investors and staff for their efforts or risk-taking. People start a business (or should) because they want to provide, create, or change something. Let them be judged by what they do and how they do it, not how much they've managed to skim off the top.

      Let's not reduce capitalism to The Trough, it's nihilistic and will lead people further into market fundamentalism.

      --
      Damn those pesky terrorists
    12. Re:Mixed feelings... by raju1kabir · · Score: 2, Insightful

      Why is a measure to curb piracy always "worthless"? Just because piracy won't stop tomorrow doesn't mean the approach is bad, or that it isn't making a difference. We still haven't eliminated crime, yet we still pour government funding into police. We can't cure a plethora of diseases, yet we still try to treat them. Why is it always so black and white?

      We still try to treat diseases, yes, but that doesn't meant that anything someone does in the name of fighting disease is automatically admirable.

      When Media Defender and its clients take an adversarial, immature, destructive, and ultimately futile approach to dealing with piracy, they don't score any points with me. Similarly, if someone says they are "fighting disease" by hauling away kids with the flu and tossing them into quarantine cells in Guantanamo Bay, I don't think they deserve a pass just because their stated purpose sounds nice.

      As others have said, there are plenty of ways to fight piracy that don't involve a digital arms race. Probably nobody has done more to fight piracy than Steve Jobs, who finally made a way to buy music online that was so easy and low-friction that people actually used it. The recording companies ought to spend less time talking about child porn with the boobs at Media Defender, and a whole lot more time studying what Apple did right.

      --
      "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
  2. A lesson from this episode by jkrise · · Score: 4, Insightful

    I think this revelation brings to light the extent to which companies will go - to deceive the public, the mainstream media... and then continue with their illegal practices after a short time.

    Microsoft's recent downplaying of the unexplained Windows Updates is another case in point. Where is Mark Russinovich's article that does a 'diff' of the replaced files, and explaining the 'new behaviour' in detail - like he did in the Sony rootkit case?

    It is a bit sad that many of these incidents do not figure in the mainstream media - which seems to be in the powerful grips of these Corporate thugs.

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:A lesson from this episode by radarjd · · Score: 5, Insightful

      It is a bit sad that many of these incidents do not figure in the mainstream media - which seems to be in the powerful grips of these Corporate thugs. While it's possible that some corporation may be exercising some undue influence, it seems just as likely (if not more) to me that people simply don't care. Have Sony's CD sales been hurt by the rootkit incident? (And I mean on a meaningful level, not anecdotally.) Has Microsoft lost business from its anti-trust issues? Those have certainly received a great deal of media attention, but the greatest portion of the public seems not to care.
    2. Re:A lesson from this episode by jkrise · · Score: 4, Insightful

      While it's possible that some corporation may be exercising some undue influence, it seems just as likely (if not more) to me that people simply don't care.

      I did address this issue in my original post. I speculated that this happens becasue Mainstream Media is simply reluctant to publish these issues, which have a vital bearing on true competition in the IT industry. The BBC has an article on the EU anti-trust ruling; but none at all on the Media Defender clowns circus. If it did, there would be much larger pressure on them, than discussions at Slashdot, Digg, Flexbeta ArsTechnica and so on.

      In fact an email at MD discusses precisely this apathy in the mainstream media; and why they should relaunch the whole thing under a different name. Microsoft has simply relaunched the same core Office applications and the Windows operating systems in different names at different points in time. The intention is clear: To subvert proper competitive development, impede progress, ruthlessly maintain lock-in; etc. The media must resist such intereferences... otherwise such secondary media sites will make take away their business in tech reporting at least.

      --
      If you keep throwing chairs, one day you'll break windows....
  3. Oh, you moralists by BadAnalogyGuy · · Score: 2, Funny

    Don't despair!

  4. Totally Unprofessional by CaptainZapp · · Score: 4, Insightful
    This may be nitpicking, but I was somewhat shocked about the tone of the (paraphrased) emails. There seems a lot of f**k and s**t flowing around from the head honchos of this dodgy outfit right to the bottom.

    Now don't get me wrong. I'm neither squeamish, nor easily offended. But in professional, corporate email communications such a tone has about as much justification as surfing porn at work.

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

    1. Re:Totally Unprofessional by eskimoboy · · Score: 2, Informative

      funny you should mention that, as it is, in fact, the other thing they do at "work"

    2. Re:Totally Unprofessional by artg · · Score: 3, Informative

      This sort of thing echoes the Watergate tapes : there is a certain class of person that feels bigger by acting aggressively, and swearing is a socially-acceptable form of aggression.

      Violence is the last refuge of the incompetent.

    3. Re:Totally Unprofessional by JRHelgeson · · Score: 5, Interesting

      But in professional, corporate email communications such a tone has about as much justification as surfing porn at work.

      And to that point - it is their JOB to surf porn at work, to seek out child porn and notify the DoJ and the New York Attorney General's office of the material so that the AG could pursue the offender as part of their own investigation.

      Yet, I do agree that the use of profanity does show a lack of professionalism. Much like the theory that you can tell a lot about a man by the way he treats his waitress. These emails reveal that they have an air of arrogant superiority about themselves, that they operate above the law, and that they are immune from "teh bad d00dz". They are convinced of their moral authority and moral superiority.

      To wit:
      I have a fair level of certainty that they got themselves infected with spyware, adware, trojans. They surf sites in the dark corners of the 'intertoob' seeking out nefarious content, evil trackers and child predators. In going there, they are in the stomping grounds of the best of the worst when it comes to infecting computers using the most current 0day exploits.

      (Side note -- Stick with me here)
      I personally do not run anti-virus. I deal with malicious content all the time. I know what is running on my machine at all times. If I were to run an AntiVirus, it would delete half the files on my hard drive that was gathered as evidence in investigations, or malicious tool kits used to exploit systems that I use in teaching classes.

      Whenever I venture to evil sites, I start up a virtual machine, I have two - they are called "Hindenburg" and "Titanic" that are not current on their patches and run no anti-virus. I purposely seek out infections and malware on these machines so I can analyze the machines postmortem. I have a tremendous amount of respect and even admiration for my opponents. They are VERY good at their game. As such, I am careful not to let my guard down.

      (My point)
      I'll bet that what they've done is get a real machine infected, one that was not sandboxed, connected to the internal domain, and the user was running with not just local admin privileges, but with full domain admin privileges. OOPS! This infected machine reported back to the hackers, who then connected back in to their hacked box and set up user accounts on the network and also rooted the boxes.

      At this point, no amount of changing passwords or firewalls or IDS will get the intruders out. They need to rebuild every box on their network, from scratch. They need to stop thinking of themselves as an "academic institution" that needs full access to the internet (no outbound restrictions on the firewall) and where proper security practices "don't apply to them".

      Proper security and safety protocols were not followed. The arrogant attitude of "we're security folks, policies don't apply to us" is what let this happen.

      Further your affiant sayeth not, :)
      Joel Helgeson
      --
      Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
    4. Re:Totally Unprofessional by Anonymous Coward · · Score: 2, Funny

      And to that point - it is their JOB to surf porn at work, to seek out child porn and notify the DoJ and the New York Attorney General's office of the material so that the AG could pursue the offender as part of their own investigation.
      In other words, a pedo's dream job.
  5. there are more leaks! by wwmedia · · Score: 5, Informative

    there are more leaks!

    MediaDefender Phone Call and Gnutella Tracking Database Leaked

    1. Re:there are more leaks! by apollosfire · · Score: 3, Informative

      http://thepiratebay.org/tor/3808220/Gnutella.Tracking.Database.Leak.INDEPENDENT

  6. The weakest link by kj_in_ottawa · · Score: 4, Interesting

    Some smart yet misguided people have their plot foiled by the weakest link, the human. I'm glad this whole miivi thing has been exposed. I think how it has been brought to light serves as a good reminder to the rest of us. No matter how secure your app, or how great your plan, all it takes is one person who doesn't understand policy or the consequences of following it and all is lost. Cheers

  7. Re:so by sexybomber · · Score: 2, Informative

    IANAL(yet), but I believe the emails would be admissible in court. Even if the identity of the leaker was known, he/she would be protected under the laws we have regarding whistleblowing.

  8. Journamalism 101 by jalefkowit · · Score: 5, Interesting

    I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).

    Would it have killed someone to have rewritten the submission so that it explained:

    • Who MediaDefender is
    • What the "leaked MediaDefender emails" are
    • What the "MiiVi story" is
    • Why I should care

    ?

    I can go Google all that stuff and find out for myself, but why would I bother, if it's not clear to me why the story is important in the first place?

    --

    Read my blog.

    1. Re:Journamalism 101 by ZachPruckowski · · Score: 5, Informative

      MediaDefender is a company that the RIAA and MPAA hire to pollute Bittorrent trackers with fake torrents, track torrent usage, and spew false data out to torrents.

      A group called "MediaDefender-Defender" got someone's password and spilled thousands of emails from within MediaDefender. Apparently some idiot forwarded all his corporate mail to Gmail, and used an easy password.

      "MiiVi" was an attempt by MediaDefender to create a fake file-sharing site to entrap people. About two people fell for it, then they were exposed by Torrentfreak.

      You should care because this company lied about its involvement with an attempt to "entrap" (legally, it's not entrapment, but it's still pretty morally grey). You might also care because it's another attempt by the RIAA and MPAA to screw over file-sharers. Or maybe you don't care about it. There's no assurance that you'll find everything on Slashdot interesting.

  9. Good Time . . . by Dausha · · Score: 2, Insightful

    Is this a good time to mention that access to these internal emails was gained illegally? Sure, he was stupid enough to use the same password on different systems, but that doesn't mitigate the invasion of privacy.

    --
    What those who want activist courts fear is rule by the people.
    1. Re:Good Time . . . by Kadin2048 · · Score: 4, Informative

      Legally, the "fruit of the poisonous tree" doctrine applies only when there's some sort of causative link between the illegal discovery of something and the investigation into it. E.g., if a police officer breaks into your house without cause and finds your coke-cutting equipment, you're probably safe. But if your house gets broken into by a(nother) criminal while you're away, and in the course of the ensuing investigation the police find your stash ... tough luck. That's pretty much how I see this situation. The fact that the information came out because some guy's GMail got hacked pales in significance compared to the content that was disclosed, and I don't see any reason to cover my eyes just because of the source, when the source was just due to chance (or, perhaps, some sort of karma/fate/God).

      Morally, these scumbags gave up any claim to anything a long time ago. Morally, they all deserve to be soundly beaten and left for dead on some island somewhere so they can learn to play nice with each other or starve. Because that's sadly illegal, pointing and laughing at their misfortune is a close second.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  10. Thank God for Data Protection by igb · · Score: 4, Interesting

    Of course, in a country with a sensible data protection regime, forwarding personally identifiable information to a weakly-protected gmail account would be a non-no in and of itself, One of the problems with the US's absolute lack of constraints on companies' use of personal data is that the casual mailing of SSNs can go on, and management have no reason to deal with it. In europe, that sort of stuff is locked down into HR department systems.

    1. Re:Thank God for Data Protection by Martin+Blank · · Score: 4, Interesting

      "Casual mailing" of SSNs can (theoretically) get a company in trouble under federal HIPAA laws and under certain state laws like California's SB1386. Many companies are working on locking down their e-mail, often with smart filters that look for strings like SSNs or driver's license numbers, among other things, and automatically encrypting them before going out, sometimes even before leaving the department while remaining within the company.

      This doesn't stop the need for laws which are much more clear and restrictive on the use and control of personally identifying information, and which have more bite when they are enforced.

      --
      You can never go home again... but I guess you can shop there.
    2. Re:Thank God for Data Protection by Anonymous Coward · · Score: 3, Informative
      "Casual mailing" of SSNs can (theoretically) get a company in trouble under federal HIPAA laws

      As MediaDefender is not a Health Care provider HIPAA does not apply.

  11. Re:MiiVi? Viide? by BadAnalogyGuy · · Score: 2, Funny

    Chinese Nintendo ripoffs.

  12. Online mailbox access.. by AftanGustur · · Score: 4, Informative


    In case someone wants to have a look, Here is a on-line mailbox with all the leaked emails

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  13. When.... by Chineseyes · · Score: 2, Interesting

    When celebrities have their sex tapes stolen no one goes around saying what a tragedy a crime has been committed. We say what kind of idiot would tape themselves having sex. So why on earth would you think that when MediaDefender has their internal e-mails and tracking database stolen people are going to feel pity for them especially when they do business for such an unsympathetic cause. Instead people are gawking and gloating at this the same way they gawk and gloat when some celebrity they don't like gets caught with their pants down.

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  14. Sanitized wikipedia entries by dj245 · · Score: 2, Interesting

    Wikipedia entries tend to be sanitized for companies anyway asa a matter of company policy. Employees aren't supposed to post- its in almost every contract there is. Every contract I have ever seen for a major company has something that basically states you may not act as the PR agent for the company or speak publically for the company. This is basically what you are doing by posting on wikipedia.

    So the guys in PR are the only ones in the company posting over the long term. Anyone else doesn't work for the company, or won't be working there long (yerfired!).

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  15. MiiVi would be such a cool name... by Anonymous Coward · · Score: 3, Funny

    MiiVi would be such a cool name for a text editor. Especially if it ran on Nintendo consoles.

  16. viide.com by zerocool^ · · Score: 4, Funny
    Well, they haven't learned anything, their new miivi replacement site, www.viide.com, which isn't live yet, has the following whois credentials:

    Registrant:
      MediaDefender, Inc.
      11965 Venice
      Venice, CA 90066
      US
      310-306-9110
     
    Domain Name: VIIDE.COM
     
    Administrative Contact:
      Saaf, Randy info@mediadefender.com
      11965 Venice
      Venice, CA 90066
      US
      310-306-9110
     
    Technical Contact:
      Saaf, Randy info@mediadefender.com
      11965 Venice
      Venice, CA 90066
      US
      310-306-9110
     
    Record last updated 07-17-2007 03:10:09 PM
    Record expires on 02-07-2008
    Record created on 02-07-2007
     
    Domain servers in listed order:
            NS0.DIRECTNIC.COM 69.46.233.245
            NS1.DIRECTNIC.COM 69.46.234.245
    --
    sig?
  17. Mediadefender Slashdot trolls. by Lumpy · · Score: 3, Insightful

    Oh yes, they definitely read "techie, geek web sites where everybody already hates us" like Slashdot, too."

    Duh, most of us that are here too much can pick out those shills. They are very obvious to anyone paying attention. I believe there is a website out there that tracks them and even links accounts on different sites to specific people at Idiot-defender.

    What they do is ineffective except for catching the 13 year old girls that dont know anything. they dont even put a mild dent in the real sharing groups. One of the guys at work was running around with a new DL DVD he got in the mail from a group member full of zero day songs and even stuff that has not been released yet all at incredibly high bitrate. He also had a copy of the Simpsons movie in 1080i which was mind blowing, it had to be a digital conversion from a not released yet BluRay master or someone broke the digital cinema format to convert it in a theater projection booth with a laptop.

    --
    Do not look at laser with remaining good eye.
  18. No attempt to get comments from the AG's office? by yuna49 · · Score: 4, Interesting

    I don't see any mention in the article of even an attempt to get the NY AG's office to comment on this story. Nor do I see any mention of it on the AG's own web site. If ars were a newspaper, the editors wouldn't have let this story appear at all without at least an official "no comment" by the Attorney General's office.

    A quick search this am for "new york attorney general mediadefender" turned up no mainstream press reports about this story.

    According the ars piece, by the way, the AG's office appeared to be interested in porn downloads, not, as the editors here put it, "working on a big anti-piracy sting and they were working on finding viable targets." From TFA, "Although the full scope of the project cannot be extrapolated from the e-mails, the information available indicates that MediaDefender intends to provide the Attorney General's office with information about users accessing pornographic content. Other kinds of information could be involved as well." (That last sentence is so vague and general that it could refer to almost any information of any kind anywhere on the planet.)

    Don't the editors at least read the stories themselves before they post them to Slashdot?

    None of these comments is a defense of either MediaDefender or the NYAG. I'm more concerned about the shoddy reporting that passes for journalism on geek news sites like this one and arstechnica. Particularly the latter, since the articles I've read there in the past gave off the semblance of decent journalism.

  19. ViiDi? by ChrisStrickler · · Score: 4, Insightful

    Following the Nintendo pronunciation of Wii (as Wee), would this not be sound like ViiDi would be pronounced "Vee Die" I'd check to see if they are scandinavian and suicidal.

  20. It's like with the mousetraps by Opportunist · · Score: 2, Interesting

    The average mouse is not stupid enough to fall for the average mousetrap. Instead, you will get the really greedy and the really stupid ones. Which in turn means two things. First of all, you think your mousetrap is working (because you catch mice) and second, you breed more intelligent mice.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  21. Re:No attempt to get comments from the AG's office by bjc23 · · Score: 5, Informative

    The WSJ got a 'no comment' from the NY AG ( http://www.moneyweb.co.za/mw/view/mw/en/page94?oid=161203&sn=Detail ). The AG's case was definitely related to child porn; not piracy.

  22. Re:Sanitizing Wikipedia is bad? by z0idberg · · Score: 3, Insightful

    From TFA:

    "When Douglas pointed out that information about MiiVi had been added to the MediaDefender Wikipedia page, Saaf decided that he wanted it taken down. "Can you please do what you can to eliminate the entry? Let me know if you have any success," Saaf wrote. "I will attempt to get all references to miivi removed from wiki," developer Ben Ebert replied. "We'll see if I can get rid of it.""

    They wanted to remove all links between themselves and Miivi. When there definately was a link. They knew it was true, they just didn't want anyone else to know about it.

    That's not the intended use of the tool that is Wikipedia.

  23. Related stories 101 by Scrameustache · · Score: 3, Informative

    I know it's pointless to ask things like this of the /. "editors", but the summary of this story is almost completely useless to anyone who is coming to the story cold (like me).

    Related Stories
    [+] Your Rights Online: MediaDefender Denies Entrapment Accusations 104 comments
    Ortega-Starfire writes "We've previously discussed the subject of MediaDefender setting up a site to catch movie pirates. Ars Technica covers the response from MediaDefender, which basically states the entire thing was a mistake and was only an internal site they forgot to password protect, and that they were not using this with the MPAA. The article asks: 'If this is true, why did MediaDefender immediately remove all contact information from the whois registry for the domain? Saaf said that after everything hit the fan, the company decided to take everything on the site down because it was afraid of a hacker attack or "people sending us spam." Yes, spam. The MPAA's Elizabeth Kaltman also chimed in to say that they had no involvement with MiiVi: "The MediaDefender story is false. We have no relationship with that company at all," she told Ars.'"
    [-] IT: Internal Emails of An RIAA Attack Dog Leaked 412 comments
    qubezz writes "The company MediaDefender works with the RIAA and MPAA against piracy, setting up fake torrents and trackers and disrupting p2p traffic. Previously, the TorrentFreak site accused them of setting up a fake internet video download site designed to catch and bust users. MediaDefender denied the entrapment charges. Now 700MB of MediaDefender's internal emails from the last 6 months have been leaked onto BitTorrent trackers. The emails detail their entire plan, including how they intended to distance themselves from the fake company they set up and future strategies. Other pieces of company information were included in the emails such as logins and passwords, wage negotiations, and numerous other aspect of their internal business."
    --

    You can't take the sky from me...

  24. Re:Sanitizing Wikipedia is bad? by gurps_npc · · Score: 4, Informative
    No it is NOT a feature.

    Wikipedia is clear that it is AGAINST policy to self-edit. Read the Code of Conduct.

    Just because they don't have a very effective police force preventing rude, deceptive bullcrap does mpt mean it is acceptable behavior.

    And YES, changing what OTHER people wrote about you without admitting who you are IS an indication of guilt. When I defend myself from something I do NOT do it anonymously.

    --
    excitingthingstodo.blogspot.com
  25. If you dish it out... by aqui · · Score: 2, Interesting

    If you dish it out, you shouldn't be surprised when something comes back your way.

    Again I agree with the post above I feel sorry for some of the employees caught in the middle, but have little sympathy for the company.

    When you actively seek to disrupt somebody else's activities (legal or not), especially with questionable tactics it won't make you popular and there is going to be backlash.

    Law enforcement activities should be left to law enforcement officers that have been empowered by democratically elected governments and are accountable for their methods and activities. When individuals or companies begin acting as vigilantes ( URL:http://en.wikipedia.org/wiki/Vigilante ) it undermines the very stability and fairness of a legal system. Fair applications of law require law enforcement and police officers to follow a legal process that minimizes the effect an investigation has on innocent bystanders, all further controlled by legal system and the judiciary.

    I find it most disconcerting that a government law enforcement entity (New York Attorney General's Office) is apparently supporting this vigilante behaviour by turning a blind eye to let someone else do their dirty work.

    There is no doubt that some people are using P2P networks to commit acts of piracy but that does not justify disrupting P2P networks and affecting innocent bystanders, using P2P for legitimate purposes.

    --
    ----- "Profanity is the one language that all programmers understand."
  26. Re:Roofers on the Death Star by teh_chrizzle · · Score: 2, Interesting

    you can't tell me that the secretary had no idea what business they were in.

    when i lived in seattle, i worked for a startup company in the same building as 180 solutions. our offices were right across the hall from theirs. at the time i had no idea what they did, and i would run into their people in the hall from time to time, usually it was their receptionist. she was really cute and very outgoing, far too nice to be working for such a despicable company. when i learned what they did and saw the collective internet angst directed at them, i wonder if she quit before word got out about them and she got her tires slashed or whatever.

    i am glad that i haven't had to make any career decisions that put me in such a position. when the dotcoms in seattle all went under, i was worried i would have to take contract work for microsoft and listen to my wallet rather than my personal politics. fortunately, such a situation never arose.

    --
    sarcasm:
    -noun
    1. harsh or bitter derision or irony.
  27. Re:Actually by JRHelgeson · · Score: 4, Interesting

    ...the word on the street is simply that one of their staff signed up to a torrent site from one of MediaDefender's IPs with the same gmail address as username and password as he used for his gmail account where all these e-mails had been archived.

    Heh, they all but went out of their way to provide access to the hackers. The top brass had his emails being forwarded to his Gmail account, bypassing any and all security they had set up on the corporate network.

    Then the hackers got the usernames and passwords and gained internal access to the network, establishing admin access on the domain. They apparently set up packet captures, or if MediaDefender were the ones capturing packets, they found them and this is where they captured the VoIP calls.

    "Keyloggers, we don't need no stinking keyloggers!"
    The worst infections to get rid of are those who have admin access to the network and who maintain their access using normal everyday network admin utilities (From my experience, the French are especially good at this). I have worked with sites that have been hacked where the intruders have obtained an administrator level password, then gone in and set up RPC over HTTPS on the domain servers, then the hackers have set up their own 2003 server, added it to the domain, promoted it to domain controller and had the hacked company's Domain Controller perform an outbound sync (using the RPC over HTTPS) to the hackers 2003 server. Any password changes the users make on the home network will be replicated to their off site "guest host" malicious server.

    The hackers later added Distributed File Shares or DFS, and used it to replicate file shares (i.e. user folders) information to their hacked domain controller. The hackers basically set themselves up as a run-of-the-mill remote office that synchronizes over a low-speed wan link.

    This company was totally Pwn3d... I wouldn't be surprised to see the same thing happened here with the amount of information they collected.
    --
    Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
  28. Re:so by spiffyman · · Score: 4, Informative

    ...he/she would be protected under the laws we have regarding whistleblowing. Wait, how? IANAL (ever), but according to Wikipedia, the legal protections for whistleblowers appear to extend only to employees. My admittedly limited understanding is that MediaDefender-Defender was not an employee or group of employees but someone who claims to have 'infiltrated' the Gmail account in question. I'm not at all sure how that qualifies for whistleblower protection.

    Even if we all want to cheer MD-D, it remains that what they did was very likely a violation of a number of user policy agreements (Gmail, their ISP, etc.) and possibly illegal. Let's not start adorning them with medals yet.
    --
    So you can laugh all you want to...
  29. Re:so by AJWM · · Score: 2, Informative

    i wonder from a legal point of view can these emails constitute as evidence in a court,

    The provenance of them is not verifiable, so their value as evidence is questionable, but if it came to a court case the originals could be subpoenaed in discovery. Whether they'd be available depends on their email retention plan, existence of backups, etc. but some of it would be, from them or gmail.

    --
    -- Alastair