Shadows from the Past

Thursday, July 19th, 2001 at 12:00 am | 1,644 views | trackback url


    First thing’s first.

    I haven’t posted in awhile, but I must say I think I’ve had my first “real” birthday. Unbelievable. Definitely won’t forget this one. Nonstop stuff from all sides.

    How did I end up doing so much in only 3 days? Missed the flight out, got put on standby, caught that flight, stuffed in the middle seat. Massages, boat shopping, homemade gluten-free chocolate-chip cake, Jet Li movies, a new DVD player and some new DVDs (has anyone noticed that the dubbed version of Crouching Tiger, Hidden Dragon on the DVD is entirely different than the subtitled version? It’s really apparent when you turn on English dubbing with English subtitles), reclaimed gnu-designs server from colo, mall shopping, talked to “Mom”, broken email, presents presents presents (the most memorable was in a glass jar).

    Apparently when you have a round-trip ticket, and miss the outbound flight and are put on standby, the return trip is automatically canceled. I don’t see the logic there. Once again, my PhD in Social Engineering wins. I managed to get a free flight out, connection was made without any standby hassles, and the return flight was canceled then re-established, transparently, by the ticketing agent at the airport. Whew!

    It’s funny the things and people you meet on an airplane. I could write volumes of material on the experiences I’ve had talking to people and sitting on airplanes. Maybe some later diary entries.

    So now I’m 30. What’s that supposed to feel like? I think even when I’m 90, I’ll still not even feel like I’m 30.

    deven, dsifry, thanks for the birthday wishes.

    Now down to business…

ROT13, Adobe, Hacking

    It seems that another one of our own has been snatched up by the “Gubbermint” for doing nothing wrong.

    This time, the DMCA (note the ironic link to the DMCA (different link) in Adobe PDF format on the page) has decided to enact “prohibition on circumvention of technological measures that control access to copyrighted works”. This includes ROT13, Base64/XOR (ala :CueCat), and others.

    Simply put, if a vendor implements a weak encryption system on their software or hardware, and someone figures it out, and documents it, codes around it, or in any other way brings it to public view, they are now liable and in violation of the DMCA.

    Does this mean I’m now liable, because I figured out the encryption used in the new PalmOS4 devices and have documented 4 exploits possible using said encryption? I have had my own
    Adobe PDF reverse-engineering fun back in May too with their Windows-only PalmOS reader.

    A Russian developer, Dmitry Sklyarov, was attending Defcon 2001 (which
    unfortunately, I could not make it to this year, but a friend of mine that was in attendance emailed me this Alexis Park Hotel staff fax. Could be a hoax, but…) and was presenting a paper on eBook security. He wrote a small program which demonstrated how to decode the protected pdf’s created with Adobe‘s tool, and manipulate them as unprotected. Adobe decided to use this wonderfully inept method to protect their pdf documents.

    What Dmitry did, some (the media) would call this “cracking”, however, you still have to buy the protected version of the pdf, or “warez” it, however, Dmitry is not responsible for people warez’ing protected pdfs. If our wonderful government decides so, he will be made an example of and probably blamed for that as well. What I find interesting though, is that Adobe’s software is ILLEGAL to use in Russia, Dmitry’s home country. Adobe forbids backups to be made, and Russia requires them. Interesting quandary.

    This “crime” is akin to someone saying “Yale locks are insecure, you can break them open with a flat-bladed screwdriver”. Am I now responsible for every house that is a result of that crime? Can someone slap a class-action lawsuit on me? They probably could. It is right? No!

    This reminds me of a case that was not made too public back east when I lived in CT which involved the Foxwoods Casino (biggest casino in the world, I lived about 10 miles from it). An elderly couple had saved all their lives for this one plot of land they purchased, and were going to put a Dunkin Donuts on it and retire on that. Foxwoods, however, had different plans. They wanted to use the land for a parking lot of some such. They took the elderly couple to court, drained them of their entire life savings while dragging the court case on, and then finally, the elderly couple decided to give the land to the casino, just because they couldn’t afford to pay for any more legal fees. The couple owned the land. They had every right to the land, but the casino sucked their entire life savings dry.


    One of my friends was at Defcon and said that there were Feds all over the place, and at one point, during a Social Engineering Contest, they had apparently said that they would haul them off if they completed the phone call they were in the process of making. (the contest was to cold-call someone, pick a random ‘thing’ to get from them, and see how long it would take to get it. For example, they would call an ISP, and see if they could get the technician who answered the phones password, etc.)

    Now if I call someone and ask them for their password, and they give it to me, in some twisted way, I’m responsible?! Run that by me again? What the hell is our country coming to?

    In any case, there’s more information available on the Boycodd Adobe site for the curious. Also, if you haven’t already joined, join the Electronic Freedom Foundation (EFF) to help fight these ridiculous cases. This kind of stuff boils my blood. From the random garbage that Kevin Mitnick had to deal with (4am rides in a van to nowhere, which ended up smashing into a telephone pole, hospitalizing Mitnick) to other common assaults on innocents.

    There is nothing wrong with what he’s done. DMCA is slowly trying to clamp down and regulate what we can and cannot do with our own software that we’ve bought, paid for, and paid taxes on. People like Dmitry and others are trying (as with anyone else in the security community) to point out flaws in common security measures, the result of which should be stronger security, not federally-executes search and seizure cases which end up in lawsuits.

    Relevant EFF article links are here.

Shadows from the Past

    Interesting that my good friend Valerie’s roomate “Dave” is dating a girl that had a crush on me in high school.

    My only memories of her or her crush are from dozens and dozens of notes that she gave me throughout the two years I was in school with her. This cobweb of friends keeps getting more and more tangled. What irks me though, is that she said I was a “…big time bullshit artist…” in high school. Grr. I hate small town rumors.

Kerry Lauder Band

    My friend Kerry is coming out with a new album soon. She’s going to be traveling around California, Oregon, Washington soon. Check out her concert date book here. If you haven’t seen her play before, go see her soon!

So much going on these days.

Last Modified: Monday, September 12th, 2011 @ 15:01

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 415 access attempts in the last 7 days.