and the honeynet project's new website with newest challenges is at http://www.honeynet.org/
strange that they have an old and a new site, with no links from the old site going to the new site... but an excellent project anyway!
everyone should go enter their new challenges
The excellent honeynet project has some exciting challenges - examples of viruses and hacking in the wild, well packaged. The old 'Forensic challenge' is perhaps the most exciting for students to do:
http://old.honeynet.org/challenge/index.html
you have to wear two bracelets?
This isn't doing away with prisons, its just keeping them for the worse criminals or repeat offenders.
So its not about doing away with prisons completely, surely?
Fox have successfully created a news story from nothing; the ringing up of donors is a classic.
Whatever you think of Fox's agenda, they did what they do very well on this one!
They use photons to exchange a One Time Pad, using a dedicated point-to-point fibre link.
They then use the Internet to transfer the video.
This doesn't add up, to my way of thinking.
If you have a dedicated point-to-point fibre link, you'd use that for the video.
How does their quantum cryptography fare as soon as the fibre link is no longer point-to-point, but is a normal trunk with repeaters and routers and stuff not owned by the two people having the conversation?
Now if this was entanglement, well... but I'm equally confused how you distribute your entangled photons in the first place, and how this doesn't hit the age-old key distribution problem??
The attack did include uri rewriting from profiles.myspace.com to www.myspace.com precisely to cross the sites with script. Does that count as XSS?
I wonder how many/.ers are about to start seeing what kind of html they can get through the/. forum checker..
But that aside, technical solutions present themselves to me. Maybe they have not be investigated by others, so I give them here in the hope its helpful to those fighting the corruption of _legal_ shares.
As a file downloads, it typically contains sufficient information in parts to be understood without the entirity of the file.
For example, as a movie is downloaded in segments, segments themselves contain keyframes. By fast-forward playing the the movie as it arrives, skipping incomplete segments, in a small thumbnail, bad quality or fake torrents would be easily identifable.
Further statistical tools could measure such things as the rate the scene moves, so fake movies that contain promising keyframes but then garbage to obliterate the content might be tagged as suspicious long before the complete movie is downloaded and ready for viewing fullscreen etc.
If you have downloaded 99% of a movie, you ought to be able to play that 99%.
Why take twice as long? Surely for each hash chunk you have to crunch, it is just an extra compare? You don't need to rehash every possible password to for each chunk..
There was actually a successful fraud using this scheme. An (unknown) gang successfully printed seemly normal paying-in slips but with the magnetic ink account number being their own. They placed these in The Old Lady of Threadneedle Street bank in London. In just a few days, they ran away with millions and were never traced.
One very key thing is that many many developers who aren't open-source fanatics still use OSS when it suites them - development tools mostly, especially mingw etc.
Now from my empirical sampling of programming buddies, I'd say these developers outnumber the OSS crowd 10 to 1. There just are so many of them, and they're going to be writing software primarily for Windows for years to come.
The key thing is supporting windows in order that we can get those developers to start writing portable code accidently rather than by design. I've already managed to get many of them to use wxwidgets but obviously C++, as Havoc pointed out, isn't best for every project.
Any OS framework has to be aimed primarily at infecting the windows world and building accidental dependance there these portable tools, so that windows apps can magically run on our alternative OSS desktop.
An OSS desktop gains momentum through supported apps making it easy for normal (windows) users to use, not through advocacy.
multiplayer gaming is fun if you win.
The people asking you if you want to play doom at lunchtime are the people who whip your ass at it.
How do you make a multiplayer game where everybody wins?
Cue The Sims and zero score game posts
This fantastic classic from Sierra had an ingame editor; you could stop and look at, even change the scripts at the point of the game you were in.
So, no separation between level designer and game player.
Also, the game is, I reckon, a better candidate for demonstrating story skills than, say, a first person mindless shooter.
Loads of fun!
Golly, I had no idea asymetric cryptography was involved!
I envisage a 'watermarker' as being some program you run your app through and it records a signature, which you can treat as a 'fingerprint'. You can then run that watermarked program through a checker, and it will tell you how close (100%) the match is?
There are commercial programs which translate binary applications from one instruction set at a time, sometimes as a simulator, sometimes outputting a compiled program.
A program is just a flowchart. It can be translated into any other equiv form quite easily.
I imagine that translating an x86 binary to ppc and then back again using a different off the shelf tool would be pretty effective.
Things like 'make the app rely on the logic!' type hints are used by shareware authors all the time.. and they are routinely cracked.
On the other hand, digital watermarking is hardly http://lzip.sourceforge.net territory!
Watermarking can't be lossy, since it can't affect operation. Any non-lossy translation, however clever, can be detranslated?
Haven't digital watermarks and obfusication etc got a real bad press recently? There was that DMCA case with the professor not allowed to say how he cracked watermarks, iirc.
we are talking about a bunch of 1s and 0s here. If it can be watermarked, it can be unwatermarked. A simple script will be able to rearrange stuff to disrupt the watermark without affecting the execution of the program.
Slashdot Mirror
and the honeynet project's new website with newest challenges is at http://www.honeynet.org/ strange that they have an old and a new site, with no links from the old site going to the new site... but an excellent project anyway! everyone should go enter their new challenges
The excellent honeynet project has some exciting challenges - examples of viruses and hacking in the wild, well packaged. The old 'Forensic challenge' is perhaps the most exciting for students to do: http://old.honeynet.org/challenge/index.html
you have to wear two bracelets? This isn't doing away with prisons, its just keeping them for the worse criminals or repeat offenders. So its not about doing away with prisons completely, surely?
Fox have successfully created a news story from nothing; the ringing up of donors is a classic. Whatever you think of Fox's agenda, they did what they do very well on this one!
Its clearly not from someone in the business. As someone in the business, but not involved in gphone, take my word for it.
They use photons to exchange a One Time Pad, using a dedicated point-to-point fibre link. They then use the Internet to transfer the video. This doesn't add up, to my way of thinking. If you have a dedicated point-to-point fibre link, you'd use that for the video. How does their quantum cryptography fare as soon as the fibre link is no longer point-to-point, but is a normal trunk with repeaters and routers and stuff not owned by the two people having the conversation? Now if this was entanglement, well... but I'm equally confused how you distribute your entangled photons in the first place, and how this doesn't hit the age-old key distribution problem??
Imagine a Beowoofer Cluster of these!
Because they are using the font "Enron Beelzebub".
b ert-20051011.html
http://www.dilbert.com/comics/dilbert/archive/dil
The attack did include uri rewriting from profiles.myspace.com to www.myspace.com precisely to cross the sites with script. Does that count as XSS? I wonder how many /.ers are about to start seeing what kind of html they can get through the /. forum checker..
I am completely against sharing things illegally.
But that aside, technical solutions present themselves to me. Maybe they have not be investigated by others, so I give them here in the hope its helpful to those fighting the corruption of _legal_ shares.
As a file downloads, it typically contains sufficient information in parts to be understood without the entirity of the file.
For example, as a movie is downloaded in segments, segments themselves contain keyframes. By fast-forward playing the the movie as it arrives, skipping incomplete segments, in a small thumbnail, bad quality or fake torrents would be easily identifable.
Further statistical tools could measure such things as the rate the scene moves, so fake movies that contain promising keyframes but then garbage to obliterate the content might be tagged as suspicious long before the complete movie is downloaded and ready for viewing fullscreen etc.
If you have downloaded 99% of a movie, you ought to be able to play that 99%.
unproven theorems? Is this science or maths?
If it is maths, and it is unproven, it is conjecture..
And if it was actually restricted airspace.. .. not the kind of grounding you meant maybe?
Why take twice as long? Surely for each hash chunk you have to crunch, it is just an extra compare? You don't need to rehash every possible password to for each chunk..
There was actually a successful fraud using this scheme. An (unknown) gang successfully printed seemly normal paying-in slips but with the magnetic ink account number being their own. They placed these in The Old Lady of Threadneedle Street bank in London. In just a few days, they ran away with millions and were never traced.
Something I posted to osnews:
Nice article Havoc!
One very key thing is that many many developers who aren't open-source fanatics still use OSS when it suites them - development tools mostly, especially mingw etc.
Now from my empirical sampling of programming buddies, I'd say these developers outnumber the OSS crowd 10 to 1. There just are so many of them, and they're going to be writing software primarily for Windows for years to come.
The key thing is supporting windows in order that we can get those developers to start writing portable code accidently rather than by design. I've already managed to get many of them to use wxwidgets but obviously C++, as Havoc pointed out, isn't best for every project.
Any OS framework has to be aimed primarily at infecting the windows world and building accidental dependance there these portable tools, so that windows apps can magically run on our alternative OSS desktop.
An OSS desktop gains momentum through supported apps making it easy for normal (windows) users to use, not through advocacy.
multiplayer gaming is fun if you win. The people asking you if you want to play doom at lunchtime are the people who whip your ass at it. How do you make a multiplayer game where everybody wins? Cue The Sims and zero score game posts
This fantastic classic from Sierra had an ingame editor; you could stop and look at, even change the scripts at the point of the game you were in. So, no separation between level designer and game player. Also, the game is, I reckon, a better candidate for demonstrating story skills than, say, a first person mindless shooter. Loads of fun!
Sorry, did mean to come across dismissive.
Has someone yet tried to write a tool specifically to unwatermark their watermarks?
Golly, I had no idea asymetric cryptography was involved!
I envisage a 'watermarker' as being some program you run your app through and it records a signature, which you can treat as a 'fingerprint'. You can then run that watermarked program through a checker, and it will tell you how close (100%) the match is?
There are commercial programs which translate binary applications from one instruction set at a time, sometimes as a simulator, sometimes outputting a compiled program.
A program is just a flowchart. It can be translated into any other equiv form quite easily.
I imagine that translating an x86 binary to ppc and then back again using a different off the shelf tool would be pretty effective.
Things like 'make the app rely on the logic!' type hints are used by shareware authors all the time.. and they are routinely cracked.
Well I think burning is lossy.
On the other hand, digital watermarking is hardly http://lzip.sourceforge.net territory!
Watermarking can't be lossy, since it can't affect operation. Any non-lossy translation, however clever, can be detranslated?
Haven't digital watermarks and obfusication etc got a real bad press recently? There was that DMCA case with the professor not allowed to say how he cracked watermarks, iirc.
we are talking about a bunch of 1s and 0s here. If it can be watermarked, it can be unwatermarked. A simple script will be able to rearrange stuff to disrupt the watermark without affecting the execution of the program.
Are there any similiar bakeoffs that work out efficiency with regards to different file sizes?
It would be nice if non-Linux filesystems (FATxx, NTFS etc) were also benchmarked.
VerySign have already brought that domain-name! verysued.com resolves to VeriSign's own servers (64.94.110.11)
And isn't a hash a 'derived work'??
except for that TIA Admiral? Ah right, he was pardoned wasn't he??