Zeroday 01100100011010010

Midnight Research Labs Boston will have a special guest speaker: Mr.
James Atkinson, who will be giving his “Kill Your Cordless Phone” talk.

***This talk will be announced and open to the general public, and WILL
REQUIRE AN RSVP as space is limited. Given the size and layout of MRLB,
we’ll be doing a bit of re-arranging to accommodate attendees.***

Please RSVP to  rsvp001 at n0where.org

Here’s a brief bio on Mr. Atkinson (more at http://tscm.com/biojma.html)

While digging through youtube html for another project I came upon this interesting error message.

msg["koreaFail"] = “본인확인제로 인해 한국 국가 설정시 동영상/댓글 업로드 기능을자발적으로 비활성화합니다. We have voluntarily disabled this functionality on kr.youtube.com because of the Korean real-name verification law.”;

I looked into this a bit more and South Korea seems to have rallied around the death of a popular actress who killed herself due to online comments about her. The new “anti bully” law requires all sites with at least 100,000 users to verify the posters real name.

“The Cyber Defamation Law, as it’s called, went into effect on April 1st. According
to officials at the Korea Communications Commission (KCC), the country’s
broadcasting and telecommunications regulator, the law is an attempt to
quell the cyber-bullying and spread of misinformation on the internet.”

source: readwriteweb

Google is unwilling to collect this kind of data about its users and instead has opted to disable upload (and I assume comment) capabilities from South Korean IP addresses.

I’ve decided to step down from the Advisory Board of the SourceBoston conference. I still think that it is a fantastic project but I have been so busy with academic projects and class work that I couldn’t give them enough time.

I’m also not going to be a regular columnist at SecurityFocus after this month. This was more a decision on their part than mine however I am not going to fight it. I could use the extra time to focus on two very exciting academic papers I have lined up for this year.

A recent project has me thinking about storing of IP addresses in mysql. The natural tendency is to store it as text. My first attempt stored the address as char(16) with a normal index to help speed searches against it. After some reading about high performance MySQL techniques I was reminded that IP addresses in dotted quad form are the least efficient. Instead of storing as a string of characters I could instead convert the dotted quad into a 32 bit integer.

The magic of converting it is pretty easy to find online however if you are using ruby simply install the IPAddr gem.

>> ip = IPAddr.new(’255.255.255.255′)
=> #
>> puts ip.to_i
4294967295
=> nil

Reversing the process isn’t quite as easy and the documentation fails to mention this possibility. A little digging online will unearth this additional parameter that is needed:

>> ipnum = 4294967295
=> 4294967295
>> ip = IPAddr.new(ipnum, Socket::AF_INET).to_s
=> “255.255.255.255″

When I first tried to store this in MySQL I ran into another problem. In my haste I created the column ip_num as an int(11). The code I ran didn’t raise an exception and converted all the ip addresses in the database. However when I viewed the results a large number of ip addresses came back as 127.255.255.255. This ip address converts to 2147483647 as an integer.

If this number looks familiar it is because it is exactly half of the value of 255.255.255.255. It is also the limit of a signed integer.
“The signed range is -2147483648 to 2147483647″

Ensure that you create an unsigned int column for ip addresses to hold the max value of 4294967295.
The unsigned range is 0 to 4294967295.

U.S. District Judge Michael Davis of Duluth, Minnesota has declared a mistrial in the only win in RIAA’s long legal fight against consumers. He also commented on the laws behind the copyright infringement claims of RIAA stating that they were “unprecedented and oppressive” for

non commercial p2p users

and intended only for operations which sought to compete with record labels.

Full quote from the Thomas ruling[pdf]:

While the Court does not discount Plaintiffs’ claim that, cumulatively, illegal downloading has far‐reaching effects on their businesses, the damages awarded in this case are wholly disproportionate to the damages suffered by Plaintiffs. Thomas allegedly infringed on the copyrights of 24 songs ‐ the equivalent of approximately three CDs, costing less than $54, and yet the total damages awarded is $222,000 – more than five hundred times the cost of buying 24 separate CDs and more than four thousand times the cost of three CDs. While the Copyright Act was intended to permit statutory damages that are larger than the simple cost of the infringed works in order to make infringing a far less attractive alternative than legitimately purchasing the songs, surely damages that are more than one hundred times the cost of the works would serve as a sufficient deterrent.
Thomas not only gained no profits from her alleged illegal activities, she
sought no profits. Part of the justification for large statutory damages awards in
copyright cases is to deter actors by ensuring that the possible penalty for
infringing substantially outweighs the potential gain from infringing. In the case
43 of commercial actors, the potential gain in revenues is enormous and enticing to potential infringers. In the case of individuals who infringe by using peer‐to‐peer networks, the potential gain from infringement is access to free music, not the possibility of hundreds of thousands – or even millions – of dollars in profits.
This fact means that statutory damages awards of hundreds of thousands of
dollars is certainly far greater than necessary to accomplish Congress’s goal of
deterrence.
Unfortunately, by using Kazaa, Thomas acted like countless other Internet
users. Her alleged acts were illegal, but common. Her status as a consumer who
was not seeking to harm her competitors or make a profit does not excuse her
behavior. But it does make the award of hundreds of thousands of dollars in
damages unprecedented and oppressive.

EDIT: If you are visiting this post from Encyclopedia Dramatica your PC may be infected by a drive by download. I captured this pic from a vmware image infected from that site

Denizens of 4Chan’s /b/ spent the better part of yesterday coordinating a search for the identity of a teenager who was stupid enough to upload video of himself abusing a cat to Youtube. Dubbed “Operation Dustyce” anonymous agents gathered in #catraid2 on the EFNet irc network and scoured Facebook and other websites matching photos to portions of the video which showed the interior of the house.

An anonymous person then set up www.kenny-glenn.com with details about the abuser and his immediate family including physical addresses and phone numbers. Local news station KSWO is covering the story and has recently reported that Kenny Glenn was arrested then released to his parents.

A post to a Facebook group supporting the abused cat, “Dusty”, states Oklahoma laws can punish animal cruelty of this magnitude with a felony offense:

Oklahoma Statutes, Title 21, Chapter 67
Section 1685: Acts of Cruelty to Animals
Any person who shall willfully or maliciously overdrive, overload,
torture, destroy or kill, or cruelly beat or injure, maim or mutilate,
any animal in subjugation or captivity, … shall be guilty of a felony and shall be
punished by imprisonment in the State Penitentiary not exceeding five
(5) years, or by imprisonment in the county jail not exceeding one (1)
year, or by a fine not exceeding Five Hundred Dollars ($500.00). Any
officer finding an animal so maltreated or abused shall cause the same
to be taken care of, and the charges therefor shall be a lien upon
such animal, to be collected thereon as upon a pledge or a lien.

It is difficult to predict the outcome of the court in matters like this however the online community is easier to predict. The outrage of the community is inversely proportional to the punishment he receives by the State. That is to say, if he is only fined $500 and given a “slap on the wrist” the same mob that tracked him down will demand justice in other ways. Should he register an account with any service they will be there to “out” his past actions. Kenny Glenn, and all those around him, will be haunted by his cruelty for a long time by any means the community can muster. Hate mail, prank phone calls, and possibly even visits in person are not out of the question.

One thing is for sure. Dusty will be avenged.

Text from the Broadcast Commission

STATEMENT BY THE BROADCASTING COMMISSION ON ACTIONS AND RECENT DIRECTIVES RELATING TO BROADCAST MEDIA CONTENT
The Commission assures the public that it continues to actively work with broadcast licensees, the Minister of Information, the Media Association of Jamaica, the Jamaica Association of Community Cable Operators, the Entertainment Fraternity and other stakeholders to bring a halt to the deluge of inappropriate content on the airwaves. The public will have already seen and should continue to expect strong disciplinary action against those who fail to cooperate and comply with the broadcasting regulations.

The Commission has examined a number of songs, popularly referred to as “daggering songs”. “Daggering” is a colloquial term or phrase used in dancehall culture as a reference to hardcore sex or what is popularly referred to as “dry” sex, or the activities of persons engaged in the public simulation of various sexual acts and positions. The Commission has found these recordings to be explicitly sexual and violent, contrary to the provisions of Regulation 30(d) and Regulation 30(l) of the Television and Sound Broadcasting Regulations which state:

30. No licensee shall permit to be transmitted –

(d) any indecent or profane matter, so, however, that any broadcast to which regulation 26 relates shall be deemed not to be indecent; Reg. 30(d)
(l) any portrayal of violence which offends against good taste, decency or public morality. Reg. 30(l)

This content also offends against the tenets of the Children’s Code for Programming. Consequently, the following directive has been issued to Broadcasters:

DIRECTIVE TO LICENCEES
1. There shall not be transmitted through radio or television or cable services, any recording, live song or music video which promotes the act of ‘daggering’, or which makes reference to, or is otherwise suggestive of ‘daggering’.
2. There shall not be transmitted through radio or television or cable services, any audio recording, song or music video which employs editing
techniques of ‘bleeping’ or ‘beeping’ of its original lyrical content.
3. Programme managers and station owners or operators are hereby required to take immediate steps to prevent transmission of any recorded material relating to ‘daggering’ or which fall into the category of edited musical content using techniques of ‘bleeping’ or ‘beeping’.

CHANGES TO THE BROADCASTING REGULATIONS
The Commission has already recommended to government important changes to the law governing broadcasting and which are intended to be tabled in Parliament soon. The changes include:

• The introduction of financial sanctions for breaches of the regulations. Ensuring that the compilation of music charts is in accordance with an approved methodology.
• Maintaining playlists and programme logs of music played for examination by the Commission and accredited rights agencies.
• Evidence of approval of music sheets and playlists by station management before any song or video is transmitted.
• The arrangements for inclusion of local cable channels within the group of directly regulated operators, further to recent changes in the Broadcasting and Radio Re-Diffusion Act.

EXPANDED CITIZEN-BASED MONITORING
The Commission recognizes the critical role that citizens can and should play in monitoring the numerous radio and television channels that exist. In this regard, the Commission encourages continued submission of complaints about problematic content on electronic media. As a response to the increase in broadcasting and cable outlets, the Commission itself will be establishing islandwide Citizen based Media Monitors to assist in more comprehensive and effective monitoring of radio and television output. The media monitors will be drawn from diverse age groups, communities and organizations across the country. The Commission is also accepting volunteers.

CONTACTING THE COMMISSION
Members of the public are encouraged to support the Commission in monitoring the airwaves and reporting any breach of the directive or otherwise transmission of inappropriate content.

The Broadcasting Commission may be contacted at 1-888-99-CABLE (22253). Email messages can also be sent to  info at broadcom.org to report complaints or to seek additional information.

SIGNED: BROADCASTING COMMISSION

Youtomb has had a blog for quite some time but it was never linked to the front page for technical reasons. Well no more! Expect a lot more posts from the team now that we are linked to the front of our research project.

As some of you may know I consort with the evil geniuses behind ROFLCon. We are really really excited about the ROFLThing NYC event coming up this weekend and there are FIVE tickets left in the entire world. Five.

all proceeds will go to charities (real ones too, not fund the Zeroday Waffle Addiction Foundation)

* ROFLTicket supporting the Electronic Frontier Foundation
* ROFLTicket supporting Big Cat Rescue (in honor of our guest Sockington)
* ROFLTicket supporting the Internet Archive
* ROFLTicket supporting Global Voices
* ROFLTicket supporting New York Cares

Did I mention these auctions are only for 24 hours? I should have.. you have less then 20 hours. GO!

From Ars Technica:

Jones wrote in his opinion that equating each download with a lost sale is a faulty assumption. “Those who download movies and music for free would not necessarily purchase those movies and music at the full purchase price,” Jones wrote. “[A]lthough it is true that someone who copies a digital version of a sound recording has little incentive to purchase the recording through legitimate means, it does not necessarily follow that the downloader would have made a legitimate purchase if the recording had not been available for free.”