Feeds

PETA protests SCO's cruelty to vocabulary

And you spend time getting back to your rootkits

  • alert
  • submit to reddit

High performance access to file storage

Letters Jumping straight in to the post bag, we can report that Sony's DRM rootkit has not made any of you happy bunnies this week:

Hmm, so Daniel Cuthbert is convicted of a CMA offence for typing a URL containing "../../.." into his web browser, but Sony Music is entitled to install replacement operating system libraries on my windows machine without violating the "unauthorised modification" provisions of the same law? Surely Shome Mishtake?

Andrew


I'm curious about this on two levels:

1.) If I run my PC as a non-administrative user does the DRM actually work? As I understand things, you can only install drivers and meddle with system registry settings in Windows if you have administrative rights. Running as a non-administrative user does generally provide a great deal of protection against everyday malware threats; I ensure all my non-techical staff run their PCs in that way for precisely that reason.

2.) If it does circumvent the above, are Sony potentially in breach of the computer misuse act; by running their software as non-adminstrative user, I am effectively declaring that I do not authorize software that I am running to make adminstrator level changes to the system!

Regards John Jameson


Would it be considered industrial espionage if I took one of these CDs and put it in a computer at work (legitimately, following corporate guidelines) and the rootkit or measures to remove it hosed the computer? It is nice to see Sony following in the footsteps of organized crime in order to turn a profit (unauthorized installation of software on others' computers). Soon, perhaps, they will lead the field. I wonder if their marketing department has a virus developers group.

Yours,

Sam Wallace


After reading your informative articles about Sony's latest DRM strongarm tactics I was idly wondering if they were legally responsible for a PC which is rendered inoperable by their malicious code.

My personal feeling is that by installing cloaked files without the owners consent that they have crossed the line and could be sued.

I'm sure that trespass, malicious code and purposely putting a machine at risk is certainly up there with the spammers, Virus Writers and Malware producers and should be treated as such in court of law and I look forward to the anti virus people to come up with an antidote A.S.A.P.

It is after all why we buy virus protection........isn't it. The only thing that I will do now is make absolutely certain that when I come across a new CD from Sony, I will not buy it even if I want the music.

Bernie


Rolling back the clocks a couple of weeks, you may remember we carried a story about internet banking security, which referred to forthcoming US legislation that will require US banks to have two-factor authentication. You had some interesting views on the subject:

I am a Brit who lived in The Netherlands for several years, during this time I opened up an ABN AMRO bank account (in 2001). The Internet Banking provided makes use of 2 pass authentication. I place my bank card into the device, and put in my pin. Then, the website gives me a 6 digit number which I enter into my little device, it responds with a 6 digit answer and by entering this answer into the web site form, I am allowed access to Internet Banking.

At first I thought it was a pain, for example if you leave the device at home whilst you're away on business or holiday then obviously you cannot use Internet Banking. Also they charged 15euro for the device which at the time I thought was a cheeky money-spinner for them. However, with the rise of phishing, key loggers and associated risks, I now see the true value of my little device!

Sam


Re: Two-factor Banking (Pass on to 'Letters' if appropriate)

Has anyone stopped to consider how many of these things we will end up carrying around? Take the SecurID offering for example; I have a fob on my keyring measuring 65x40x19mm. This is for a non-banking service. From my understanding of how it works, this fob can only be used with one service (i.e. company) - allowing another company to use the same fob would potentially enable someone at one company to 'be me' at the other company (given the other factors). So that'll be one fob per institution then.

I currently deal with 7 separate financial institutions. No way do I want to have 8 of these 'lying around', let alone have to carry them about.

Paul


Amen!

I'd even pay for the damned token myself (even as a subscription!) - rather than a pesky ID card. And hopefully you'd only need one token for *everything*.

4-digit PIN + 6-digit securID number == "Try and crack that, bitch!"

Tom


It does surprise me that more banks in GB and the rest of EU do not use an authentication system which the Swedish NordBank uses in the PlusGiro (formerly Post Giro) system. You write about 2-factor banking. What am I now using - 4-factor?

Look at the inlogging at https://eplusgiro.plusgirot.se/eplusgiro_comp.html . This is an encrypted page for all the transaction. The USER ID is my company registration nr (which anyone might know) or a special number. Then the Inlogging code is a 4-siffer number returned by the bank and usable for 4 minutes. Then comes the certificate. It is produced in a little calculator that I have my chip/pincode card inserted into.

The Inlogging code + my card + the date and my payment pincode give me the CERTIFICAT which I type in to get at my account.

To authenticate payments it works about the same but the bank sends an 8-siffer code that I put into my calculator with the date and amount and password to authorize the payment.

This will work from any computer in the world (as long as I have the calculator with me) and I believe that it is very safe even from an internet cafe. The one time codes both from the bank and from me can not be used again. A very good system.

Regards, Art


I read your article with interest, and would like to say that 2-factor is a nice to have. My South African bank provided me with an ActivCard unit at the minimal cost of $7 and it makes me feel more secure, BUT I also would never fall for a phishing email.

If some savvy cracker did cotton on to the idea of defrauding a consumer of said bank in real-time they could channel the victim via a phishing portal to the bank's website. These tokens change access codes every time you push a button, but there is a "validity window" and a margin of error if your unit has generated codes which have not been utilised (by pressing the on button).

What stops a phisher from taking the victim's valid input info, saving it and submitting an altered code to the bank, with the correct code being saved and utilised immediately by a bot/person? Sure, the user may notice an issue with their inability to login, but will keep getting login failures if he keeps using the phisher portal, meanwhile someone is cleaning his account out... However, my bank has an additional feature up its sleeve, because it will SMS me and email me on successful login to the site. It also informs me when anything is done to the account (recipient added, money transferred, etc). So, even clueless user would be aware that something "phishy" was going on.

In conclusion, 2-factor in itself is not the answer, however the sum of the above parts makes it a worthwhile alternative to password only solutions...

The above bank’s website: www.fnb.co.za

Cheers, Erik.


Three comments:

1) The folks who lived through WWII may have "trusted" banks, plural, but not any one bank. When my mother died, it took me two weeks to find and deal with all of the banks at which she had accounts.

2) Bank procedures are crap, completely aside from online banking. Again, dealing with my mother's estate, it sometimes astonished me how easy it was to close an account and move it elsewhere, based on typed documents and little else. And don't even get me started on the general screw-ups like "helpfully" assigning the same Taxpayer ID number to two accounts, of two different people, then "fixing" it by assigning the other TIN to both accounts.

3) Bank websites are no better than average, which means they probably don't work at all unless you are running IE.latest on Windows.whatever.the.bank.uses, and even then you have to turn the security options down to total-web-slut (pop-ups and javascript enabled, allow images and scripts from different domains, etc.)

I can do something about (1) and (3), and do, but there's nothing I can do about (2), they are all incompetent, as far as I can tell. That's why I still do (1). :-)

Mike


Sun's Zettabyte File System is not a figment of your imaginations and will be shipping this month, says Sun. Hooray, said you, but...

It's great to see Sun are finally getting around to launching ZFS but it raises an important question for me.

When details were announced, I spoke to a friend who used to work as an admin on some large SGI systems. He told me that he's not impressed with ZFS since it doesn't appear to offer anything that SGIs own XFS already supports, and has supported for many years. Not only that, but SGI have ported XFS to Linux, mainly as part of their drive to gain support for their Altix/Prism IA64 based systems amongst the existing IRIX/MIPS customers. In one of Sun's regular web-chats, I questioned them about ZFS being inferior to XFS and they (I don't remember who it was who answered my question) skirted around the subject, as they often do when compared to old SGI hardware or software which can still outperform many new Sun developments. Don't get me wrong, I'm a huge Sun advocate, in fact I'm running Solaris10 at the moment on a Blade1000, but is ZFS really such a huge development or is it another case of overhype?

Anthony


Another super-pupper file system. As if Wind0ze/Linux had created not enough of them - now Sun tries to join the fame: confuse customers even more deeply on what to do with theirs hard drives, especially after hard drive crash. But my real point follows. Why nobody - absolutely nobody - wants to develop writeable file system for portable devices and make it intl standard? Just what was done with ISO9660 (one for CDs) & UDF (one for DVDs) - but just writable one. People tired of FAT12/16/32 on their external hard drives and memory cards - but no industry body/participant tries to amend the situation. Everyone supports it - but nobody ever recommend to use it. FAT incorporates all possible errors ever made and even M$ itself discourage its use.

Please, please, somebody hear my voiceless scream...

Ihar


SCO does stuff in its court case, but you're all more interested in the language they've been using:

"The _numerosity_ and _substantiality_ of the disclosures reflects the pervasive extent and sustained degree as to which IBM disclosed methods, ..."

What is it with executivites (executives) at this point in the timifiication system (time). It's as though the expressification of the English language was not just an evolvorating process but needified a proactivated modification (gotcha there!) to generalate syntheticatious word variants that sort of meanify something but not quite. In England we have the Malapropism (as in Sheldon's Mrs Malaprop). I guess the US has Mr Bush (as in Bushism). Fortunately for us, Mrs Malaprop, being fictitious, was not in a position of power and didn't influencificatorify supposedly intelligentorated leaders of businessication.

Please can we have an ongoing 'Bushism Bingo' poll where readers can point out made up words from executive's and politician's quotes on your site and keep a tally for each dumb-ass personality. You could keep a graph or something. Once a year, you could award a 'BaBUSHka' (a gold statue of the venerable GWB) to the idiot who wins the poll.

Just an Idea

Cheers,

Greg

Something for the Strategy Boutique boys to mull over, perhaps...


Ignoring the rights and wrongs of SCO's allegations, anyone who starts a sentence with "The numerosity and substantiality of the disclosures" deserves to be fed to angry bears.

Cheers

Simon Riley


Now on to the less techie, more silly stuff. The advertising standards lot here in blighty fail to take offence at a Mazda advert depicting a mannequin engaging in smartie smuggling. We're not so sure that this isn't offensive to women. I mean, the idea that something as everyday as a Mazda would have such an effect... really.

But we digress. You of course were far more amused by he number of complainants. We had a fair few that matched this first one. Thanks to all. You know who you are:

"The ASA received complaints from 404 viewers..." - who, presumably, cannot be found.

I'll get me coat...

Graham


Well, it's certainly demeaning to mannequins.

Ken


In any case, you all seem to have forgotten about the portrayal of a shop mannequin in the film (...erm...) "Mannequin", by Kim Cattrall of "Sex & the City" fame.

Now if anyone could get aroused by being driven around in the back of a car, it's her (or at least, Samantha).

Regards, Mike


Just wanted to add, that the mazda commercial is basically a cheap copy of an older tv commercial by Toyota, where you see a woman's chest dressed with a relatively tight sweater, see the seatbelt and hear the engine start. Seconds later her nipples start to stick out, fade to black and a claim like "The new Toyota Corolla - Now with air conditioning"

http://www.adrants.com/2004/12/toyota-ad-demonstrates-effects-of-good.php

Marc


Sticking with our motoring theme, we have some thoughts from you on the revealing research that gay and lesbian car lovers are more likely to buy hybrid motors than straight petrol heads:

Why might gays et al prefer flashier cars:

1) More disposable income: No rugrats to gnaw away at the lucre. 2) Need for more practical vehicles: You don't really want two yoghurt-tossing agents of entropy strapped in the back seat of the flash-mobile. You need more space for the nappies, piles of soccer gear, school runs etc.

Now I know that not all gay people are child-free and nor are all straight folk blessed with sprogs, but the above generalisations are the overwhelming majority that drive the stats.

Charles


Aaaah, now - it would be rude to ignore this story

:-)

I drive a new Range Rover and my hubby drives a new mini. He's much more discrete about his sexuality (despite, or perhaps because of his, being an upcoming artist. Ironic, then, that the mini blokes are entirely homo friendly. Neither making an issue of our relationship, nor apparently deliberately *not* making an issue.

I drove Porsches and the like in the UK, so I've no idea what its like there when you buy a Land Rover product, but here in the wilds of Africa (with our 5-star hotels, fine wine, etc), you are lavished with feel-good off road courses so you can go scratch your investment with carefree impunity.

When I did mine, I was the only Range Rover owner amongst a sea of butch, macho Real Men driving mostly Defenders (why?) a few Discoveries (if you must) and the painful Freelander. Unlike my man, I'm shameless in my orientation. It was delightful to see the confusion of the LR people - there I was in my top of their range car, but clearly, unworthy of their respect. Interestingly, the other car owners didnt seem to give a damn.

I revel in it.

Paul

You think a Mini out machos a Range Rover?


And finally, to the subject of fur, who should or shouldn't wear it, and the bizarre things people will do to protect animals from having it nicked. Yes, the president of PETA auctioning herself on eBay. You have a few suggestions as to how she could fill her time assisting you. The Dalai Llama never had to deal with this kind of thing:

I was thinking of pimping her out to Ted Nuggent. Americas #1 hunting and fishing activist and the only person i know of who scares the people of PETA so bad that he can wear fur whenever he wants and the PETA people are afraid to throw paint on him like they do everyone else. of course that could also be cause Mr. Cat Scratch Fever has a concealed carry permit.

Shad


I have an idea for the pres of PETA.

The city council of Chicago, IL is currently in the midst of a fight to ban foie gras (you know, goose liver) in all its eating establishments...How about force feeding her with goose liver after you win the auction? I'd pay a dollar to see that.

Kevin


She has one of those faces that you wouldn't tire of [needlessly?] testing new cosmetic products on.

What is about these evangelical vegan idiots that elicits the smash-brick-into-smug-face response. I could probably write a phd on it.

Cheers

Gav


As much as I think PETA goes overboard on damn near everything, ya have to admit this woman has balls. Great big brass balls. I have to give respect to any person willing to go to that length to stand up for what they believe.

very cool.

Scott


Even though your article is a jest, I would have thought that in this post 911 world, giving any column space/publicity to these fu*king terrorist supporting scum would be frowned upon. (esp if it boosts their little terrorist fund raiser on EBay.)

I'll get me (fur) coat.....

Nev


Our family owns a beef packing house/abattoir... we're SERIOUSLY considering sniping this auction and hiring the luuurvly Mizzz OldKirk to be our slaughter floor supervisor's assistant for the day. Not the nicest environment but just to see that would be worth spending 8 hours out there.

Jeff


Interesting what the person that is "selling" the services has bought to get their eBay rating of 6... these items include... "Super Seal Three-Pin Connector" rather appropriate for the PETA president? Two boat trailer lights and a new dell... just what on earth is this person doing?

Stuart

A good question to end on. That's all for this week, folks. Enjoy the weekend. ®

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.