andyblair.com

saving the world, one blog post at a time.

  • Increase font size
  • Default font size
  • Decrease font size
andyblair.com

Detecting Deception in Conference Calls

This article abstract got me thinking.  It describes a method for detecting deception in conference calls - focusing on CEOs and CFOs holding financial conference calls and subsequent financial data.  As audiovisual recording devices become more pervasive in our daily lives as part of cell phones, ipads, and other gadgets, everything we do becomes a trail of data "breadcrumbs."  Those breadcrumbs may contain valuable indicators of truth or other tells.

This reminds me a bit of those cop shows where the detective knows a suspect is lying because he looks up and to the left, which indicates access to the creative parts of the brain rather than memories.  If these types of analysis have real scientific merit, it seems logical that cottage industries of analysts will spring up, offering services to both detect and counter detection of insincerity or indices of other valuable information.  Send them an audio or video recording and they'll tell you the probability that the subject is telling the truth.  Whether such techniques are snake oil or actually work certainly remains to be seen, but that won't stop people from trying to make a buck.

 

Social Steganography

This is cool.  It isn't really anything new or earth-shattering - friends have been using code speak to convey messages only they know for a very long time.  It is interesting to see it analyzed in the online social network setting though.

As technology changes, you often hear complaints from (usually older) people that "kids these days" are being "dumbed down" by the new brain-dead technologies or something similar.  This is one of those things that bubble up occasionally that weigh pretty substantially against such claims.  Kids are usually a lot smarter than given credit for.  Their intelligence isn't always focused in a direction likely to be understood by older generations, and therefore is easy to overlook.  Just because it isn't understood doesn't mean it isn't there and isn't valuable.

 

Real gives up on RealDVD

After a long-running legal battle with movie studios over the RealDVD product, RealNetworks has settled the suit on terms very favorable to Hollywood. The issue was over RealDVD's use of a CSS key to allow DVDs to be ripped to personal computers. A disappointing ending for RealNetworks, who lost several important motions including a preliminary injunction against the sale of RealDVD.
 
RealNetworks argued that RealDVD did not remove the CSS encryption - it copied the DVD, encryption and all, to the computer while limiting playback to the computer on which the digital copy was originally ripped. Therefore the copies would not contribute to piracy and would not end up on file sharing networks. The movie studios disagreed and argued that the software bypassed encryption in violation of the DMCA. The preliminary injunction was on appeal, but it appears that the battle will come to an end with Real admitting paying $4.5 million to the studios as well as refunding sales of RealDVD made prior to the injunction.
 
It will be interesting to see if this case results in the death of movie management or copying systems, especially after Kaleidescape lost on appeal after beating an infringement suit at the trial level. It is difficult to get behind suits like this. Real took steps to secure digital copies against piracy and provide consumers with a legitimate way to watch their legally purchased DVDs from a home server. Now consumers interested in creating a central digital library of their legitimately purchased DVDs pretty much have to turn to products that remove CSS and are much more likely to contribute to piracy.
 
The "my way or the highway" approach taken by content owners is not helping them out of the revenue pickle they are in. If you want people to buy DVDs, a good solution is encouraging solutions that add more value to a DVD purchase. There is a consumer need that is not being met by the legitimate market. Rather than giving consumers no legal option then complaining about piracy, movie studios could focus on providing legitimate solutions and providing value to their customers. I'm not holding my breath.
 

Anyone need some snake oil? I can get you a *great* deal...

The ABA tech law bulletin has a short article on companies claiming to have "impenetrable" products to protect sensitive data.  According to the article, the company InZero even offered a Harley Davidson to anyone that could break their product.

These sorts of stories come up pretty frequently, but are almost always a lot of marketing smoke and little security substance.  InZero's claim of 100,000 attacks in two months is not exactly proof of perfect security.  Most websites get tens of thousands of attacks a month just by virtue of being on the Internet.  Everyone from script kiddies to organized criminal gangs have constant scans going looking for unpatched systems.  

The major flaw in the claim, however, comes from the fact that even if their product is impenetrable, their marketing is assuming several things that are simply not true.  First, systems can only protect data it is told to protect.  That means firms need to label and keep track of what information is sensitive and what is not.  That takes a lot of work and a lot of resources that many companies find not worth the effort over the long term.  Second, they assume that attacks will come through the system.  If this is some sort of device that sits on a firm's network, it doesn't work when attorneys are out of the office.  If it runs on each computer's browser, an attack could be successful through email, IM, or another attack vector not covered by the product. 

The point is that security is multi-layered and multi-faceted.  It relies on people every bit as much or more than it relies on machines.  Making people believe they are "secure" by selling some guaranteed web product makes it much more likely that they will be lax in other areas of security and a breach will result.  Vigilance and good security policies are likely to be much cheaper and much more effective than any supposedly perfect web security product.

At the end of the day, the fact is that no product is 100% "secure" and no product can offer 100% security.  People who really know security know this, which is why whenever anyone makes such claims they should be taken with a healthy dose of skepticism.  

 

Ubisoft Ups the Ante on DRM

It is no secret that video games have long been intense digital rights management (DRM) battlefields, with game cracking groups engaging in an endless arms race with game developers. As soon as a new DRM scheme is released it is quickly cracked and released on P2P networks and "warez" group sites. 

Ubisoft has taken this battle to the next level, starting with Assassin's Creed 2 and affecting all future Ubisoft titles. The new DRM scheme requires a constant internet connection in order to play Ubisoft's games on a PC. Yep, you heard that right. If you travel and enjoy playing Ubisoft games on your laptop in-flight you are out of luck. Or in a hotel where you don't want to pay $14.95 for 24 hours of Internet. Or if your Internet connection goes out. Or if their servers go down. Out of luck. 

The new DRM system checks in with a central Ubisoft server when started, preventing the game from running if it cannot connect to the server. Not enough for Ubisoft, the DRM continues to check in during game play. If at any time the DRM system cannot reach Ubisoft's central servers, you are booted out of the game and lose any progress since your last checkpoint. So if your wireless router reboots or for any of a thousand reasons your game can't connect to Ubisoft when it checks in, you lose everything you have done since your last checkpoint and cannot play again until that connection is restored. Ubisoft was asked about the details of this system by CVG, and responded in a nutshell that piracy is "a huge problem" that "all serious companies need to address."

CVG had some legitimate questions for Ubisoft, which were addressed, but not particularly well. If a gamer wants to play back through Assassin's Creed 2 in five years, will the DRM servers still be up? What about maintenance of the update servers? Ubisoft claims that down the road they will "patch-out" the DRM and no longer require the check-in on older games, but if the servers are not available five years after the last time the game was played, how would it patch-out the DRM? Ubisoft essentially says "we plan to keep the servers up and available for a long time." Gamers have no more assurances that the $50-$60 they spend on games is well-spent than "we plan to make it wok." Hm.

More after the break.

Read more...
 
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  Next 
  •  End 
  • »


Page 1 of 4

About this Blog

I am a Second Year law student at The George Washington University Law School. My undergraduate degree is from the University of Minnesota in Computer Science, which after earning I put to use for just over four years working in information security and financial application development at a Fortune 200 company.

My legal interests lie primarily in cyberlaw and Internet/software-related intellectual property.