If this is implemented in richer countries, then piracy will go through the roof.
Even an average computer user can find movies at little or no cost, in a range of low-quality formats. 5gb is already easily transferable for some users. Essentially, rampant piracy and a lowering of release quality means that a user with a high speed internet connection and a decent home cinema system will be able to get *exactly* the same experience at home and for free.
The studios' only hope of survival is to focus on delivering the best possible experience; that means higher quality vision, sound and comfort in a theatre - for which a user will pay a premium. Moving away from this would be insane.
I also suggest that they stop selling popcorn. I pay to experience a theatre's sound system too, you know.
You need at least one other client running somewhere.
You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.
Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.
Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).
The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.
Right-click on any names in the browser window to start interacting with them.
it asked what country you were in. This was idiotic, given that the largest pool of visitors were in the US.
This isn't true; boo was highly advertised in Europe so had a far higher European visitor ratio than most.coms have.
Why ask the country up front? Why not wait until late in the transaction?
Because one needs to know how much something costs before deciding to purchase it. And your currency can only be defined if the site knows which country you're in. That was the whole point - to have prices in French Francs or UK pounds or Deutschemarks etc. as appropriate. The alternative? Imagine search results with a list of prices in each of the 19 or so currencies boo supported next to each product. Horrific.
And if you have different warehouses for Europe and North America, then advertise two separate sites, stupid!
So who gets www.boo.com? Should there be a www.boo.com for Europe and a www.us.boo.com or www.boo.com/us for the US? That alienates a whole continent. And if everyone uses www.<countrycode>.boo.com, then what gets shown at www.boo.com?
Forcing people to select a country at entry sucks. But having one universally recognised URL ending in.com for a global company is at the root of that particular problem. If, for example, people in the UK immediately went to <company>.co.uk instead of <company>.com then all would be well -- but they don't. Most people go to www.boo.com and expect to be served there.
If only we all.. had... per...sonal cli....ent cert.....ific...........ates..............
There is no java on the front end. The front end's all html, javascript and the odd flash animation (upon which no functionality is dependent).
I think you'll find that almost every major sunday supplement has had full page colour ads for boo.com. The TV and radio ads were also highly prominent (assuming you watched or listened to the kind of programs that, in general, appealed to boo's target market).
This type of thing isn't a "Windows" problem per se. The targetted OS for this particular attack happens to be Windows - that's all. As weloytty already said, in a previous post, the same sort of thing can happen if one sends a perl or a shell script as an attachment to a unix user.
The fact is that most users of unix systems are relatively competent. Many users of Windows systems are also competent. However, the widespread marketing and subsequent popularity of Windows also means that less technically aware people are more likely to use Windows than Unix.
Given that the less aware a user is, the more likely they are to do something stupid, then by inference Windows users are more likely to contain a group of susceptible users.
The code overwrites files with particular extensions - where permissioned to do so - with copies of itself. On properly permissioned NT systems, no existing files are affected. On poorly permissioned systems, a lot of data is lost.
No system files are overwritten by this code, because no system files have extensions matching the patterns the code looks for. A few new files are created (again, permissions permitting), and these look to the uninformed like system files - but they're not.
Of course, if the coder had wanted, they could have specified.exe,.sys or whatever. This would (permissions permitting) have resulted in a crippled OS and probably prevented further propogation.
The code also messes around with the registry. Again, this is prevented on NT systems with sensible registry permissions.
So fundamentally, Windows systems are typically more vulnerable to this type of attack because the default permissions on some Windows environments are too unrestrictive. Most recent Unix distributions have relatively tight permissions by default, but this is the culmination of 30 years of trial by fire.
Basically, if a naive Unix user (quite possibly logged in as root on a single user system) ran "chmod -R 777/" as the first command in a shell script received as an attachment, they'd be just as vulnerable.
Note that I prefer Unix platforms to Windows; I just can't bear unsupported arguments.
Slashdot Mirror
If this is implemented in richer countries, then piracy will go through the roof.
Even an average computer user can find movies at little or no cost, in a range of low-quality formats. 5gb is already easily transferable for some users. Essentially, rampant piracy and a lowering of release quality means that a user with a high speed internet connection and a decent home cinema system will be able to get *exactly* the same experience at home and for free.
The studios' only hope of survival is to focus on delivering the best possible experience; that means higher quality vision, sound and comfort in a theatre - for which a user will pay a premium. Moving away from this would be insane.
I also suggest that they stop selling popcorn. I pay to experience a theatre's sound system too, you know.
You need at least one other client running somewhere.
You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.
Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.
Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).
The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.
Right-click on any names in the browser window to start interacting with them.
HTH
it asked what country you were in. This was idiotic, given that the largest pool of visitors were in the US.
This isn't true; boo was highly advertised in Europe so had a far higher European visitor ratio than most .coms have.
Why ask the country up front? Why not wait until late in the transaction?
Because one needs to know how much something costs before deciding to purchase it. And your currency can only be defined if the site knows which country you're in. That was the whole point - to have prices in French Francs or UK pounds or Deutschemarks etc. as appropriate. The alternative? Imagine search results with a list of prices in each of the 19 or so currencies boo supported next to each product. Horrific.
And if you have different warehouses for Europe and North America, then advertise two separate sites, stupid!
So who gets www.boo.com? Should there be a www.boo.com for Europe and a www.us.boo.com or www.boo.com/us for the US? That alienates a whole continent. And if everyone uses www.<countrycode>.boo.com, then what gets shown at www.boo.com?
Forcing people to select a country at entry sucks. But having one universally recognised URL ending in .com for a global company is at the root of that particular problem. If, for example, people in the UK immediately went to <company>.co.uk instead of <company>.com then all would be well -- but they don't. Most people go to www.boo.com and expect to be served there.
If only we all.. had... per...sonal cli....ent cert.....ific...........ates..............
tam (~boo)
I think you'll find that almost every major sunday supplement has had full page colour ads for boo.com. The TV and radio ads were also highly prominent (assuming you watched or listened to the kind of programs that, in general, appealed to boo's target market).
tam (~boo)
The fact is that most users of unix systems are relatively competent. Many users of Windows systems are also competent. However, the widespread marketing and subsequent popularity of Windows also means that less technically aware people are more likely to use Windows than Unix.
Given that the less aware a user is, the more likely they are to do something stupid, then by inference Windows users are more likely to contain a group of susceptible users.
The code overwrites files with particular extensions - where permissioned to do so - with copies of itself. On properly permissioned NT systems, no existing files are affected. On poorly permissioned systems, a lot of data is lost.
No system files are overwritten by this code, because no system files have extensions matching the patterns the code looks for. A few new files are created (again, permissions permitting), and these look to the uninformed like system files - but they're not.
Of course, if the coder had wanted, they could have specified .exe, .sys or whatever. This would (permissions permitting) have resulted in a crippled OS and probably prevented further propogation.
The code also messes around with the registry. Again, this is prevented on NT systems with sensible registry permissions.
So fundamentally, Windows systems are typically more vulnerable to this type of attack because the default permissions on some Windows environments are too unrestrictive. Most recent Unix distributions have relatively tight permissions by default, but this is the culmination of 30 years of trial by fire.
Basically, if a naive Unix user (quite possibly logged in as root on a single user system) ran "chmod -R 777 /" as the first command in a shell script received as an attachment, they'd be just as vulnerable.
Note that I prefer Unix platforms to Windows; I just can't bear unsupported arguments.
tam