lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Nov 24 10:31:41 2005
From: jlauro at umflint.edu (Lauro, John)
Subject: DMCA letters (testing method)

Not to defend the RIAA, but remember that with peer-2-peer filesharing
you don't have to connect to the machine you want to download the
files from.  You are both connected to a database, and the database
can instruct the person with the file what machine to send it to.
Otherwise no one behind a NAT would be able to "share" their files...

So, you have to not only look at connection attempts to the IP
mentioned, but also connection attempts *FROM* the IP mentioned.
Peer-2-peer is not limitted to pulling, but can also push.
 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Harry Hoffman
> Sent: Wednesday, November 23, 2005 6:39 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] DMCA letters (testing method)
> 
> We have this problem quite frequently. Get a DMCA notice... 
> start doing lookups for the violator only to find out that 
> there is no flow data for the IP and time period.
> 
> Sometimes we will receive a letter a few days later to the 
> effect "Sorry, we made a mistake. The IP we wrote you about 
> doesn't seem to be sharing".
> 
> Perhaps someone is actually checking, just not doing a very 
> good job of it?
> 
> --Harry
> 
> Michael Holstein wrote:
> > I'm not sure who is doing the data collection for the RIAA 
> these days, 
> > but after getting several DMCA notices in the last few days, I've 
> > noticed that there is never any connection attempts to the IP 
> > mentioned, during the time mentioned (and yes, I know how to do
the 
> > math on timezones).
> > 
> > So I conclude the data collection process goes like this :
> > 
> > 1) download something and listen to it.
> > 2) retrieve the hash value for the file
> > 3) search directory nodes for who offeres that hash
> > 4) collect the IP addresses
> > 5) provide list to monkeys in room with typewriters.
> > 
> > So they never really *check* to see if the person accused is
really 
> > hosting file, they just trust what the directory server told them.
> > 
> > This of course begs the question :
> > 
> > How can they ask me to take down something they aren't sure 
> is there?
> > 
> > (nevermind that we're a 'provider' under the DMCA and ignore the 
> > requests unless it's on something we own rather than 
> provide transit 
> > to
> > -- since it's always residence hall IPs).
> > 
> > When they actually go the distance and sue somebody, do 
> they at least 
> > check then?
> > 
> > Cheers,
> > 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ