Couldn't the Split Tunnel still be used, but all lookups are resolved via the company's DNS? You may resolve 'Pron' names, etc. but you would not be carrying the traffic for them.
IIRC, the IP address they would see would be the anonymizer's address, not his IP address. The Trojan would 'announce' his local IP address, which would give his 'identity'.
Plan:
Immediately search for the same file on Google
Get an equivalent.torrent file from a different source
Insist prosecutor go after Google for 'assisting making available'
(Even though we are totally off-topic here:>)
Autozone will neither loan you the reader, nor reset the codes for you, at least in Arizona. They claim that people have been resetting the codes, heading to the DMV for their emissions check, and then being told that they cannot bring a vehicle in for emissions check so soon after the reset. Customer then gripes at Autozone about their wasted trip, etc....
Why not put up a Web page that will 'generate' the last character, given the first 19? This of course assumes that it can be determined from the first 19, or it could possibly look up the first 19 in a database?
(IANAL)
My concerns would mostly be about having in-house servers vs using an outside provider A few points:
- Would there be security/privacy/liability issues with having sensitive information on these servers, such as grades, student financial info, etc.? - Who in your organization can access messages? - If we drop your service (going in-house), will we be able to export all existing 'data' from your services? - How long must we contract for? - How many students/faculty/etc. are we allowed, and how much for overage? - How much 'space' are we allowed? - How long is your message retention for both closed and current e-mail accounts? - Can our IT administrators access the system for archiving, backups, legal queries?
(Quote from end of article) He said that if the problem worsens, publishers may have to take other steps to prevent piracy, such as releasing a new version of most textbooks every semester. The versions could include slight modifications that could be changed easily--such as altering the numbers in math problems. "They may be compelled to," he said, "in order to stay one step ahead of the pirates." (End quote)
Copying of anything gets easier and easier. Actions such as this may even encourage the development of a underground 'industry', that copies books and sells them in some form on the Web, or just torrents them. One of the key problems people have with these publishers, is their re-arrangement of material at an inflated price, just to be able to sell a new edition every year. Have they ever heard of releasing a supplement, with the new material? A complete new version every semester will just give them another reason to copy or download their books, vs buying a new copy. They really need to look at the recording industry model, and see how 'gouging' the customer on price at every opportunity is not how to sell more copies, and how new distribution methods such as E-Books (or equivalent) could make money for them, too.
If the certificate was used to verify identity, I can see your concern on this. However, if it is being used solely for encryption/privacy (piratebay, possibly?), I am depending on the key strength, which I can verify locally, rather than the identity. My priority is the privacy of my SSL connection, rather than the identity of the entity.
No coffee yet......
I was impressed by their openness, up to the point where they say 'certain amount of time'. What is that 'certain amount of time'? It may also be more palatable, if they only 'phoned home' to require moving between levels, or their equivalent, in the game. Not a perfect compromise, but I suspect it would be more acceptable.
(Didn't see this above anywhere, and please excuse a possibly obvious tip or two:-> )
1. Do others (such as your neighbor(s)) get the same results?
If so, obviously back to finding out who Yahoo uses to geo-locate your ISP.
If not, there is possibly something on your computer, don't know what, that is mis-identifying you. Some sort of plugin from Yahoo, Google, MSN or the like, or your using Dynamic DNS or similar?
Also, I would try a release/renew of IP address on your router, or power cycle the cable/DSL modem. (Some ISPs changes addresses when you do so), or ask your ISP to change your IP if possible.
Hope this is some help.
-K-
Yeah, I too prefer to email myself everywhere these days.
the fragmentation and out-of-order packet delivery is a REAL BITCH, I'll have to tell you.
parts of my left arm and my right big toe are still not here yet. harumph!
And whatever you do, watch out for the RST packets. No telling where they will strike!
Falcon,
Yes, but I don't recall exactly where. If you haven't seen it, it is well worth watching, almost a cautionary tale, considering the current U.S. Government security hysteria.
Caution, spoiler in this link!!! http://en.wikiquote.org/wiki/V_for_Vendetta_(film)
Not naive at all, and potentially a valid attack. This assumes the bot has that command in its design. Otherwise, it would be necessary to overwrite the bot with a different program, which makes just about any form of counter-attack possible, as you are now the bot-master for that bot and its subordinates.
To the ones worried about the ethics, at least in this case: What the researchers did, in a sense, is change the 'name' and/or 'password' the bot uses to call the bot master and authenticate itself. In short, they removed the ability of the 'bot to get more commands.
Do you realize the amount of wasted time the operators of some websites will spend, processing the trash data that doing this will create? I speak mainly of feedback forms, e-mail signups, and the like. Also, what about the excess click-throughs that some websites may be paying an outside entity for? Finally, what of the time spent by IIS in examining the logs for yet another anomaly. Maybe these are unlikely possiblities, or maybe not, but it will come back to affect your image.
Just a thought exercise: Consider the fun to be had in leading Google through dynamically generated pages, when a google Deep Web crawler comes to visit >:-)
I would assume that the detection or tracking would have to occur in the router in question. If so, would the typical router even log usage/activity by default, or even be capable of it? Second, anyone knowledgable enough to enable said logging, I would not expect to leave their router unsecured. Therefore, who is going to start the ball rolling, as far as making the charge? Do the 'wireless police' have the ability to detect or even log authorized vs unauthorized use of a router by their 'neighbor'? Also, to the poster about Vista nagging you to death - very few of the offending users are likely to be using Vista, simply due to the real number of users of Vista vs XP or earlier.
(Need coffee, I'm rambling a bit ----)
It looks like they are now hosting their own DNS, and changed their registrar, if I read their whois correctly.
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: WIKILEAKS.COM
(....)
Domain servers in listed order:
NS1.WIKIA.COM
NS2.WIKIA.COM
This may backfire on them. If they are anything like US cell phones,when they do not receive a signal from a tower, they kick into a higher power transmit mode in search of any tower. If anything, this would make them even more detectable. Also, what would prevent the 'opposition' from setting up other better-protected/secured towers, which they would then connect to?
Interesting.... Therefore, if the license is not presented in Linux, you would be free to use it with WINE, etc:> (I know, not really, but if you didn't see / were not presented with the license, what have you legally agreed to?)
I find it interesting that Silverlight is announced as 'cross-platform' on its home page, and the compatibility chart lists Mac OS-10X, yet the license agreement only permits use on XP and Vista????
Is it relevant that the 'monetary gain' is not from the users of TPB as subscribers, but from advertisers, which are likely not the users of the site? Also, on the Google vs TPB searching ability; assuming there is no record of which bittorrent 'links' are actually used vs what is offered, how do they determine the ratio of infringing vs non-infringing activity? It seems they would need to show this, to differentiate between Google allowing searching for copyright-infringing torrents, and TPB doing so. Outside of their (copyright holders) own usage of the link in downloading files as 'evidence', they appear to have no proof the links are actually used.
If that is the case (liability), he needs to say that in his request to get rid of your copies. Otherwise, what moral/legal reason would anyone have to get rid of their copies, or not to spread it all over the internet? In short, why should we?
Slashdot Mirror
Couldn't the Split Tunnel still be used, but all lookups are resolved via the company's DNS? You may resolve 'Pron' names, etc. but you would not be carrying the traffic for them.
IIRC, the IP address they would see would be the anonymizer's address, not his IP address. The Trojan would 'announce' his local IP address, which would give his 'identity'.
Plan: .torrent file from a different source
Immediately search for the same file on Google
Get an equivalent
Insist prosecutor go after Google for 'assisting making available'
(Even though we are totally off-topic here :>)
Autozone will neither loan you the reader, nor reset the codes for you, at least in Arizona. They claim that people have been resetting the codes, heading to the DMV for their emissions check, and then being told that they cannot bring a vehicle in for emissions check so soon after the reset. Customer then gripes at Autozone about their wasted trip, etc....
Maybe it is so the cafes are limited to software that runs on Linux? Does Red Flag Linux have/support WINE or an equivalent?
Why not put up a Web page that will 'generate' the last character, given the first 19? This of course assumes that it can be determined from the first 19, or it could possibly look up the first 19 in a database?
(IANAL)
My concerns would mostly be about having in-house servers vs using an outside provider
A few points:
- Would there be security/privacy/liability issues with having sensitive information on these servers, such as grades, student financial info, etc.?
- Who in your organization can access messages?
- If we drop your service (going in-house), will we be able to export all existing 'data' from your services?
- How long must we contract for?
- How many students/faculty/etc. are we allowed, and how much for overage?
- How much 'space' are we allowed?
- How long is your message retention for both closed and current e-mail accounts?
- Can our IT administrators access the system for archiving, backups, legal queries?
Good luck!
(Quote from end of article)
He said that if the problem worsens, publishers may have to take other steps to prevent piracy, such as releasing a new version of most textbooks every semester. The versions could include slight modifications that could be changed easily--such as altering the numbers in math problems.
"They may be compelled to," he said, "in order to stay one step ahead of the pirates."
(End quote)
Copying of anything gets easier and easier. Actions such as this may even encourage the development of a underground 'industry', that copies books and sells them in some form on the Web, or just torrents them. One of the key problems people have with these publishers, is their re-arrangement of material at an inflated price, just to be able to sell a new edition every year. Have they ever heard of releasing a supplement, with the new material? A complete new version every semester will just give them another reason to copy or download their books, vs buying a new copy. They really need to look at the recording industry model, and see how 'gouging' the customer on price at every opportunity is not how to sell more copies, and how new distribution methods such as E-Books (or equivalent) could make money for them, too.
If the certificate was used to verify identity, I can see your concern on this. However, if it is being used solely for encryption/privacy (piratebay, possibly?), I am depending on the key strength, which I can verify locally, rather than the identity. My priority is the privacy of my SSL connection, rather than the identity of the entity. No coffee yet......
I was impressed by their openness, up to the point where they say 'certain amount of time'. What is that 'certain amount of time'? It may also be more palatable, if they only 'phoned home' to require moving between levels, or their equivalent, in the game. Not a perfect compromise, but I suspect it would be more acceptable.
(Didn't see this above anywhere, and please excuse a possibly obvious tip or two :-> )
1. Do others (such as your neighbor(s)) get the same results?
If so, obviously back to finding out who Yahoo uses to geo-locate your ISP.
If not, there is possibly something on your computer, don't know what, that is mis-identifying you. Some sort of plugin from Yahoo, Google, MSN or the like, or your using Dynamic DNS or similar?
Also, I would try a release/renew of IP address on your router, or power cycle the cable/DSL modem. (Some ISPs changes addresses when you do so), or ask your ISP to change your IP if possible.
Hope this is some help.
-K-
Yeah, I too prefer to email myself everywhere these days. the fragmentation and out-of-order packet delivery is a REAL BITCH, I'll have to tell you. parts of my left arm and my right big toe are still not here yet. harumph!
And whatever you do, watch out for the RST packets. No telling where they will strike!
Falcon, Yes, but I don't recall exactly where. If you haven't seen it, it is well worth watching, almost a cautionary tale, considering the current U.S. Government security hysteria. Caution, spoiler in this link!!! http://en.wikiquote.org/wiki/V_for_Vendetta_(film)
Does anyone else find it funny/ironic that the one of the sidebar 'Related Links' is to '* Compare prices on Spam Software' ??? K
Not naive at all, and potentially a valid attack. This assumes the bot has that command in its design. Otherwise, it would be necessary to overwrite the bot with a different program, which makes just about any form of counter-attack possible, as you are now the bot-master for that bot and its subordinates.
To the ones worried about the ethics, at least in this case: What the researchers did, in a sense, is change the 'name' and/or 'password' the bot uses to call the bot master and authenticate itself. In short, they removed the ability of the 'bot to get more commands.
Do you realize the amount of wasted time the operators of some websites will spend, processing the trash data that doing this will create? I speak mainly of feedback forms, e-mail signups, and the like. Also, what about the excess click-throughs that some websites may be paying an outside entity for? Finally, what of the time spent by IIS in examining the logs for yet another anomaly. Maybe these are unlikely possiblities, or maybe not, but it will come back to affect your image. Just a thought exercise: Consider the fun to be had in leading Google through dynamically generated pages, when a google Deep Web crawler comes to visit >:-)
I would assume that the detection or tracking would have to occur in the router in question. If so, would the typical router even log usage/activity by default, or even be capable of it? Second, anyone knowledgable enough to enable said logging, I would not expect to leave their router unsecured. Therefore, who is going to start the ball rolling, as far as making the charge? Do the 'wireless police' have the ability to detect or even log authorized vs unauthorized use of a router by their 'neighbor'? Also, to the poster about Vista nagging you to death - very few of the offending users are likely to be using Vista, simply due to the real number of users of Vista vs XP or earlier. (Need coffee, I'm rambling a bit ----)
It looks like they are now hosting their own DNS, and changed their registrar, if I read their whois correctly. Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: WIKILEAKS.COM (....) Domain servers in listed order: NS1.WIKIA.COM NS2.WIKIA.COM
'User Friendly' nailed it almost 2 years ago! http://ars.userfriendly.org/cartoons/?id=20060404 User Friendly Cartoon of April 4,2006
This may backfire on them. If they are anything like US cell phones,when they do not receive a signal from a tower, they kick into a higher power transmit mode in search of any tower. If anything, this would make them even more detectable. Also, what would prevent the 'opposition' from setting up other better-protected/secured towers, which they would then connect to?
Interesting.... Therefore, if the license is not presented in Linux, you would be free to use it with WINE, etc :> (I know, not really, but if you didn't see / were not presented with the license, what have you legally agreed to?)
I find it interesting that Silverlight is announced as 'cross-platform' on its home page, and the compatibility chart lists Mac OS-10X, yet the license agreement only permits use on XP and Vista????
Is it relevant that the 'monetary gain' is not from the users of TPB as subscribers, but from advertisers, which are likely not the users of the site? Also, on the Google vs TPB searching ability; assuming there is no record of which bittorrent 'links' are actually used vs what is offered, how do they determine the ratio of infringing vs non-infringing activity? It seems they would need to show this, to differentiate between Google allowing searching for copyright-infringing torrents, and TPB doing so. Outside of their (copyright holders) own usage of the link in downloading files as 'evidence', they appear to have no proof the links are actually used.
If that is the case (liability), he needs to say that in his request to get rid of your copies. Otherwise, what moral/legal reason would anyone have to get rid of their copies, or not to spread it all over the internet? In short, why should we?