Berkeley CSUA MOTD:Entry 22349
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/25 [General] UID:1000 Activity:popular
5/25    

2001/9/7-8 [Computer/SW/Security] UID:22349 Activity:very high
9/7     The DMCA just plain sucks:
        http://news.cnet.com/news/0-1003-200-7079519.html
        \_ Why are all you liberals trying to get things for free?
           \_ This is not about things being free. I don't mind paying for a
              good security solution. What I don't like is the fact that most
              people are scared into silence by the DMCA.
              Let's say that RSA, DH or AES was covered by DMCA and I found
              a weakness. I'd be scared of reporting my findings because I
              don't want to do hard time in a federal jail for violating the
              DMCA. If I don't report my findings people will continue to use
              a compromised security system. Someone less scrupulous than I
              may discover the same weakness and exploit it, which is very
              frightening.
          \_ yeah, everybody should pay for everything, all the time.  listen to
             the whims of the corporations.  screw fair use too!
          \_ As inconvenient as it might be to your conservative agenda,
             we still have the freedom to speak and think freely.
             \_ Liberals are the ones who try to limit freedoms.
                \_ Who is the one locking everyone up?
                   \_ The Feds, regardless of political associations,
                      have always been about locking up people. That's
                      why we have the second amendment. So that they
                      can't take your rights from you.
2025/05/25 [General] UID:1000 Activity:popular
5/25    

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...
Cache (2457 bytes)
news.cnet.com/news/0-1003-200-7079519.html -> news.com.com/2100-1001-272716.html?legacy=cnet
Along with the 27 threatened lawsuit of Princeton computer-science professor Edward Felten, and the 28 arrest of Russian encryption expert Dmitry Sklyarov, the incidents are the latest to point at what is quickly becoming a touchy environment for security experts. Dug Song, a security expert at network-protection company Arbor Networks, pulled his own site down in protest as well. And last month, fearing retribution, Dutch encryption expert Niels Ferguson refused to publish his discovery that Intel's encryption scheme for Firewire connections, known as the high-bandwidth digital content protection (HDCP) system, had a major flaw. Software makers, Hollywood and the music industry make up the core proponents of the law. The BSA says such laws are necessary to head off software piracy, which the group estimates cost software companies $11 billion in lost revenue last year. Yet, for many security researchers the question is whether stress-testing the security of software products and publicizing vulnerabilities and how they were taken advantage of violates the DMCA. That pretty much turns the question of publishing into a business decision, said consultant Cohen. He said Cohen's forensics tool is a program that is not primarily designed to circumvent the protections of copyrighted work, so his actions are unnecessary. Yet the willingness of software makers and media companies to sue over any potential threat makes security researchers nervous. In 1999, the movie industry 32 filed multiple lawsuits against the creators of a program to decrypt DVD disks. Originally, the program had been created to add DVD playback ability to the Linux operating system. This April, Princeton's Felten found himself on the sticky side of a threatened lawsuit when he planned to release research questioning the effectiveness of a purported Secure Digital Music Initiative. Following the filing of his own suit, the professor presented his paper at the USENIX Security Conference in August. But it was the 33 arrest and criminal indictment of Russian encryption expert Dmitry Sklyarov at the Def Con hacking conference that really drove the point home. The incident also unnerved Russian programmers thinking of visiting the United States. Already, some security researchers are going underground. Last week, when an encryption expert reportedly found a hole in Microsoft's 34 e-Book format, he anonymously went to the news media rather than face arrest.