Thursday, 28. November 2002
David Wagner on Princeton student worried about DMCA
"Straining Digital Copyright Law, Junior Paper Exposes Protection Flaws in CDs" Daily Princetonian Online (11/21/02); Tauberer, Joshua
Alex Halderman, a senior computer science major at Princeton University, has acknowledged the possibility that he could be sued by the music industry for allegedly violating the Digital Millennium Copyright Act (DMCA) if he presents a junior paper at the ACM Conference on Computer & amp;Communication Security in Washington in the spring. His paper focuses on weaknesses in the copy-protection systems of certain CDs, which exploit certain software security holes. However, Halderman does not include any methodology for bypassing such safeguards, and notes that he would only if the DMCA did not exist. The student says the university has promised to provide him with legal defense if a DMCA lawsuit is filed against him. Princeton has previously supplied indemnification for students and faculty when they were carrying out certain duties for the university, but General Counsel Peter McDonough notes that defending research for research's sake is without precedent. He adds that such a move carries the risk of having his office accused of censorship if it refuses to recommend legal defense for researchers; nevertheless, there are strong arguments that the DMCA represents a serious threat to legitimate academic research. Last year, the music industry sent a letter of warning to Princeton professor Edward Felten, claiming that they would sue him for breaking the DMCA if he published certain research. The university responded by forming a committee that assesses threats to academic freedom by judicial strong-arming, according to committee chair Edward Groth. http://www.dailyprincetonian.com/archives/2002/11/21/news/6433.shtml
---
From: David Wagner <daw@cs.berkeley.edu>
Declan,
This might not be as far-fetched as you might think.
Princeton can only guarantee a legal defense against civil suits; they can't indemnify against a possible criminal prosecution. The DMCA comes with felony prohibitions on violations. Having looked at this issue in the past (due to concerns that I or my students might be sued), I couldn't fault anyone for being concerned enough about the criminal provisions of the DMCA to censor themselves.
After spending many hours with lawyers examining the implications of the DMCA, I personally have stopped doing work on copyright protection systems due to the legal overhead and uncertainties. I consider this a cautious, but not irrational, response to the DMCA.
[Politech]
Abzocke mit
Immer öfter lassen sich Unternehmen Strategien einfallen, um an das Geld oftmals ahnungsloser Handy-Besitzer zu kommen. Die neueste Masche: Sogenannte Premium-SMS, die wahllos verschickt werden. Der Vorgang ist vergleichbar mit den bekannten 0190-Rufummern, nur findet kein Telefonat statt. An der Nummer des Absenders ist nicht ersichtlich, dass es sich um einen gebührenpflichtigen Dienst handelt.
Antwortet man etwa auf eine SMS wie "Bekomme ich noch eine SMS von Dir? Mein Handy brummt immer so suess dabei", kann dahinter ein "Premium-SMS"-Dienst stecken und dafür bis zu 2 Euro verlangen. Diese Nummern werden neuerdings auch immer öfter in den 0190-Erotikwerbeblöcken im Fernsehen eingeblendet. Wenn arglose User zu dieser Nummer eine SMS schicken oder auf erhaltene Nachrichten antworten, werden sie anschließend kräftig zur Kasse gebeten.
So wirbt beispielsweise der Dienstleister Top Concepts für seine "Premium-SMS"-Dienste mit dem Slogan "SMS mit Mehrwert". Mit einer kostenpflichtigen SMS-Kurzwahlnummer könne man Geld über die Handyrechnung der Kunden kassieren. So koste eine SMS des Kunden an die Nummer des Anbieters beispielsweise 49 Cent, 99 Cent oder sogar 1,99 Euro. Dies sei die erste Möglichkeit, Informations-Dienste, Gewinnspiele oder Umfragen über SMS abzuwickeln. [heise]
SMS security risks highlighted by Friends Reunited hacking case
Breach of trust by two dismissed mm02 workers, rather than deeper problems, led to the release of private text messages to a jealous boyfriend that sparked a campaign on revenge against his cheating girlfriend. [...] Nourse obtained proof of his girlfriends' infidelity by persuading two friends, employees at O2, to intercept her text messages and pass them on to him. A spokeswoman for O2 told us this was only possible because of a breach of trust by two engineering workers who have subsequently been sacked and convicted for offences under the Data Protection Act. O2 is not prepared to release the names of the pair but tells us both were convicted and fined for DPA offences this July.
The person who intercepted Nourse's girlfriend's messages worked in a "privileged position" at an engineer on 02's text platform. He was aided by another engineer. Cracker tools were not used to extract the text message, O2 told us. The firm said that, despite the incident, it is happy with its systems and users should feel comfortable about the using text messages.
Analysts Gartner said the case illustrates that SMS is not a secure environment suitable for sending confidential messages.
"The contents of SMS messages are known to the network operator's systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realise how easy it may be to intercept," it warns.
Gartner added that the case also showed how important people issues - rather the technologies concerns - are in trying to prevent security breaches. [The Register]
First hackers sighted in high speed mobile phone arena
T-Mobile has installed a firewall on its GPRS network in the States after a small number of users complained of receiving hacker probes when using its high-speed mobile service.
The issue came to light after Mike Palmer, the technology director for the broadcast division of AP, spotted numerous probes against his PC while using T-Mobile's GPRS network, Computerworld reports.
[The Register]
Customer's Orders Exposed on Victoria's Secret Site
disLEXia, a research project by Maximillian Dornseif
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
   |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||