Posts by Mike P

@Jonathan Samuels

Wow, man! Are you a 3rd Reich freak or somewhat? Btw, in 1000, 99.99% of people thought the Earth was flat. So it is flat, then?

>>Being able to install uninstall the software 3 times is sufficient for 99.9% of users.

99.9% ok for most users... most users without children I guess then.

>>The fact is 99.9% of people ARE dishonest if they think they can get away with it, thats human nature.

God, pity yourself. What a prose. Hopefully "Jonathan Samuels" is a nom-de-plume... But I'm afraid you just blew up your chance with that one.

>>DRM has been around for a long time and is here to stay

Yeah. Are you the new Nostradamus? BTW, you just miss this news (http://www.theregister.co.uk/2007/02/06/apple_jobs_drm-free_call/).

But I'm a fool. It's clear now that you're a troll, and I've just been trolled.

Er... Did the guy rape someone ?

4 years for just faking stuff? Ok, we must certainly fight counterfeiting and organized crime, but 4 years seems a bit excessive to me. Especially if it is his first time. Not that I have any sympathy for white-collar criminals, these should be nailed on the public place, but I'm not sure this guy is one of those.

The question is I wonder if the same would happen if someone would sell junk food with an "BIO inside" logo sticker? Would he got fined, and jailed, etc? What about a "Genuine OGM" brand? But I forgot, Bush just said that US has the best economy in the world. If only it was true...

The best AV...

... is VirusTotal (http://www.virustotal.com/), and a good backup software in case of infection.

I have a PC since 1991, WITHOUT any AV, WITHOUT any firewall, and NO spreading infection so far (on Win95/98 and now W2K). And still, I used to visit sites like astalavista.box.sk. How? I know my PC very well, detect all strange behaviours, and in particular avoid running any strange exe. It's only since the last 2 years that I'm much more careful due to explosion of malware, and hence I use VirusTotal much more often, but only on files that I decide to scan. I won't let a stupid AV scanning a file that I know for sure it is clean since it is on my PC for years !

AV SW DON'T HELP YOU! They simply fuck up your PC, turning your superb ferrari into a 2CV ! AV are actually the only true viruses on earth, and you ought to pay for it??? What a joke!

I had an infection on the PC on my wife, however protected by commercial AV. An unfortunate visit on a underground cracking site triggered an exploit on IE. Javascript error, with strange title in the windows. Then few sec later, WinXP telling me that PC is at risk because FW was turned off. Then a strange icon on the desktop of a malware detection software that was not installed on the PC before. The app launched automatically, telling me the PC was infected with more > 50 adware, viruses, ... All this in less than 15-30 sec !!!

I shut off the PC, pull the network plug. Restarted the PC, and run the AV. He detected ~20 virus. By comparing the new files on the PC, I noticed there was at least 50 new files that was created in the last minutes before shut off, and the AV only detected LESS THAN 50%. I copied those files to my own PC, and run a online AV scanner on it. The online scanner detected 90% of the files. Two days later, I rescanned the files, 95% was detected online.

The PC was completely unrecoverable !!! How would you trust any AV to correctly clean the machine, when YOU CAN SIMPLY BACKUP-RESTORE IT very easily, with 100% confidence on the result ???

If you understand computer a bit, you don't need AV ! AV simply sucks the power of your PC, continuously scanning and rescanning over and over the same files again and again. I doesn't make sense. Backup-restore and common sense is the best answer. AV are for neophytes and for company PCs only, and yet...

Reading the License...

... where it says you have to jump off the cliff if you watch the movie, are you going to do it???

In my country, when a contract terms is illegal, it can be considered void, ie. like the term was never written. You simply plain ignore it.

People following too close the rules, we know what it gives. Remember WW II? Remember Milgram's experiment (http://en.wikipedia.org/wiki/Milgram_experiment) ?

Moreover, what's may be allegedly illegal today (like converting to an MP3, Oh you bad boy!), can well be the standard of tomorrow. Remember the revolution? Your ancestors fought and lost their lifes so that YOU can have more freedom, so please respect them by promoting a bit better that freedom.

Re: JimC and Justin

JimC wrote:

"Its not really that unreasonable. It seems to be saying that if a court specifically tells a company to retain the log information then they have to..."

Yes it is unreasonable. These guys don't have a single understanding of modern technologies. The court doesn't say you have to retain data, but that "you must suspend your document destruction policy and stop deleting that relevant information." How can you stop something that you are not doing???

Justin wrote:

"It can be retrieved and examined."

You seem to have advanced skills in your field. But you don't have to go that far. It is well known that data can be retrieved and examined from RAM. That's the main purpose of it. But the key point is that RAM is NOT a *medium*. Do s.o. ever has transmitted or carried on data by giving to s.o. else some pieces of RAM??? RAM is a *transient* memory. By definition, every data there is meant to be deleted. Actually, it is so transient that it's content must be refreshed continuously or information would be deleted. And what if server was regularly shut down say at midnight? May be advanced forensics would still be able to "retrieve and examine" data from unpowered RAM, but this is clearly not a standard. Pushing further, may be this court could hire some Shaman to sense the air in TorrentSpy computer room for spiritual remnants of dead IP connections...

Trend Micro wrong - Sophos better

"Consumer confidence in online transactions and online banking has been waning and better safeguards, such as biometrics or smartcards needs to be considered by other banks,"

Yeah! Thank you for pushing for the technology hype. What about using our brain for 5 secs?

Banking security doesn't need biometrics. Biometrics is for identification only, and in this case it is optional and not sufficient. It is easy to imagine scheme using biometrics (like most scheme today actually) that can't even counter phishing or man-in-the-middle attacks.

To counter 99.99% of current and future internet banking attacks, the only thing you need is a strong transaction authorisation scheme. Authorisation means "signature on the transaction *content*", i.e. integrity protection + non-repudiation.

How to do this? Easy! Example: 1 secure device, 1 secure display (for showing the content) and 1 secure input device (for signature). Like a small calculator with cryptographic keys. You enter the amount, you enter the target account, you enter your password, and you receive an authorisation code. The calculator is the token, the password is the authorisation step --> 2-way authentication.

Now, that is *really* secure! And actually very easy to deploy and use (you can take the calculator anywhere with you).

That banks just keep doing the wrong way is either a proof of their ignorance in the matter or their lack of will to really solve the issue.