rosco
Premium
join:2003-11-10
USA
 ·Verizon Online DSL
| reply to MyDogHsFleas
Re: If it's easy to break into your house, it's OK then?
said by MyDogHsFleas  :Seems like faulty logic to me. "Sir, we are going to let the guy go who ransacked your house and stole all your stuff, because you didn't lock your back window. This is definitely your fault. Why did you even threaten him with prosecution? You have no right. In fact, we are going to release the information about your back window on the Internet, and make sarcastic remarks about how stupid you are." No but if I call his house and say "can I have your stuff" and then he brings it to me...did I steal it? |
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
 ·AT&T U-Verse
·AT&T Southwest
| said by rosco :but if I call his house and say "can I have your stuff" and then he brings it to me...did I steal it? No, but that's not what happened here. No one gave them permission. |
|
elios
join:2005-11-15
Springfield, MO
 ·Mediacom
| said by MyDogHsFleas :said by rosco :but if I call his house and say "can I have your stuff" and then he brings it to me...did I steal it? No, but that's not what happened here. No one gave them permission. the server did
i type in the URL asking the server for the data the server HERE YOU GO and send it to me
IF they were smart they would have at lest check the IP of were its coming from and better yet ask for a log in of some kind
its as much stealing as asking youtube for a video |
|
rosco
Premium
join:2003-11-10
USA
·Verizon Online DSL
1 edit | said by elios :said by MyDogHsFleas :said by rosco :but if I call his house and say "can I have your stuff" and then he brings it to me...did I steal it? No, but that's not what happened here. No one gave them permission. the server did i type in the URL asking the server for the data the server HERE YOU GO and send it to me IF they were smart they would have at lest check the IP of were its coming from and better yet ask for a log in of some kind its as much stealing as asking youtube for a video exactly, the server granted the request, and sent the stream/text file back. the server didn't HAVE to send it back, it served the page because no security rules were being violated..probably because there were no rules in place. |
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
·AT&T U-Verse
·AT&T Southwest
| reply to elios
said by elios :its as much stealing as asking youtube for a video Again, this is the mentality of "if it's easy to take, it's legal".
The YouTube case is completely different. YouTube's business model IS to make the videos freely available, and they make money on advertising. |
|
elios
join:2005-11-15
Springfield, MO
·Mediacom
| said by MyDogHsFleas :said by elios :its as much stealing as asking youtube for a video Again, this is the mentality of "if it's easy to take, it's legal". The YouTube case is completely different. YouTube's business model IS to make the videos freely available, and they make money on advertising. you do not seem to know how the net works do you?
let me help
if i send a request for a file to a server
and that server sends me want i ask for back
no law has been broken that server did exactly what its admins told it to do
if you dont want people using your service that are not intended to you need to protect it
for god sakes at lest put a password on it if not more
most of the steams off that are available to any one that as basic cable so imo its not even copyright infringement
maybe you could make a case for theft of service for the bandwidth used but you would have track down EVERY user that didnt pay for the service and good luck doing that
as i have said once on the net always on the net no putting it back now other then to secure it
GG MobiTV GG |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| reply to MyDogHsFleas
said by MyDogHsFleas :said by rosco :but if I call his house and say "can I have your stuff" and then he brings it to me...did I steal it? No, but that's not what happened here. No one gave them permission. Nor did they bother to secure anything. Whose fault is that? Howard Forums? I don't think so.
They got nailed, now they are trying to cover their butts for a really bad mistake on their part.
Have they bothered to secure anything even now, which would solve the problem? Doesn't appear so. They are wasting time bugging Howard Forums.
--
10,690 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
·AT&T U-Verse
·AT&T Southwest
| reply to elios
said by elios :said by MyDogHsFleas :said by elios :its as much stealing as asking youtube for a video Again, this is the mentality of "if it's easy to take, it's legal". The YouTube case is completely different. YouTube's business model IS to make the videos freely available, and they make money on advertising. you do not seem to know how the net works do you? let me help if i send a request for a file to a server and that server sends me want i ask for back no law has been broken that server did exactly what its admins told it to do if you dont want people using your service that are not intended to you need to protect it for god sakes at lest put a password on it if not more most of the steams off that are available to any one that as basic cable so imo its not even copyright infringement maybe you could make a case for theft of service for the bandwidth used but you would have track down EVERY user that didnt pay for the service and good luck doing that as i have said once on the net always on the net no putting it back now other then to secure it GG MobiTV GG Yes, I know how the Web works.
Let me try one more time.
Just because someone told you how to take it, that doesn't mean it's legal.
Someone figured out a non-obvious deep URL that loads a file that has embedded in it other deep URLs that, if manually cut/pasted, bypass the signup/authentication system on this website. That is far from "I just accessed a Web page".
And, you insist on blaming them for not having strong enough security. And that there's nothing wrong with bypassing it. Because, it's "easy".
And, by the way, programs carried on basic cable, or over-the-air, are still copyrighted. This is yet another "if it's easy to take, then there's nothing wrong with taking it" mentality at work. |
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
·AT&T U-Verse
·AT&T Southwest
| reply to La Luna
said by La Luna :Nor did they bother to secure anything. Whose fault is that? Howard Forums? I don't think so. Yeah, actually, it is Howard Forums' fault. Reputable forums don't post security bypasses, even if l33t hackers think they're "simple". And if someone posts one, and they are asked to take it down, they do.
They got nailed, now they are trying to cover their butts for a really bad mistake on their part.
Have they bothered to secure anything even now, which would solve the problem? Doesn't appear so. They are wasting time bugging Howard Forums.
You are right about this, from a practical point of view. |
|
rosco
Premium
join:2003-11-10
USA
·Verizon Online DSL
| said by MyDogHsFleas :said by La Luna :Nor did they bother to secure anything. Whose fault is that? Howard Forums? I don't think so. Yeah, actually, it is Howard Forums' fault. Reputable forums don't post security bypasses, even if l33t hackers think they're "simple". And if someone posts one, and they are asked to take it down, they do. They got nailed, now they are trying to cover their butts for a really bad mistake on their part.
Have they bothered to secure anything even now, which would solve the problem? Doesn't appear so. They are wasting time bugging Howard Forums.
You are right about this, from a practical point of view. I have to point out that it is not a security bypass. There was NO security in place. obscurity != security |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
| reply to La Luna
said by La Luna :Nor did they bother to secure anything. Whose fault is that? Howard Forums? I don't think so. They got nailed, now they are trying to cover their butts for a really bad mistake on their part.
Have they bothered to secure anything even now, which would solve the problem? Doesn't appear so. They are wasting time bugging Howard Forums. Securing their system will take some time and negotiations with the carriers. All the users from Sprint, AT&T, Palm, etc(see their web page to see how many »www.mobitv.com/channels/ ) have paid about $10/mo for access. To add in security now means downloading code in to hundreds of thousands of devices from many different carriers. That isn't something they will just dash off. It could be quite a while before they fix any security holes.
--
My BLOG .. .. Internet News .. .. My Web Page |
|
rosco
Premium
join:2003-11-10
USA | they could start with an IP block restriction...it cant be that hard to figure out sprint's ip's.
even a username/password page could be inserted with generated passwords for subscribed phone numbers sent to the phone via text message.. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
1 edit | said by rosco :they could start with an IP block restriction...it cant be that hard to figure out sprint's ip's. even a username/password page could be inserted with generated passwords for subscribed phone numbers sent to the phone via text message.. It isn't just Sprint.
»www.mobitv.com/channels/
They have this product available for multiple vendors. One is Palm WiFi. That is, the connection could be coming from any HotSpot anywhere. IP blocks won't work there.
And anyway, their system is just feeding Real Player streams:
Where 554/X could be 554/"any # 1 to 9999"
and "station name" can be any characters. And if your device supports 3gpp it works.
--
My BLOG .. .. Internet News .. .. My Web Page |
|
rosco
Premium
join:2003-11-10
USA
·Verizon Online DSL
| said by TKJunkMail :said by rosco :they could start with an IP block restriction...it cant be that hard to figure out sprint's ip's. even a username/password page could be inserted with generated passwords for subscribed phone numbers sent to the phone via text message.. It isn't just Sprint. »www.mobitv.com/channels/ They have this product available for multiple vendors. One is Palm WiFi. That is, the connection could be coming from any HotSpot anywhere. IP blocks won't work there. And anyway, their system is just feeding Real Player streams: Where 554/X could be 554/"any # 1 to 9999" and "station name" can be any characters. And if your device supports 3gpp it works. good points, it will be challenging to secure their product.
This is still MobiTV's fault for not addressing these issues earlier on in their business process...like before they launched.
Even though I still feel that howardforums.com should not give in to mobitv, this will probably turn into a very expensive legal battle, and I don't know if it would really be worth it to howard chui. |
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
·AT&T U-Verse
·AT&T Southwest
| reply to rosco
said by rosco : I have to point out that it is not a security bypass. There was NO security in place. obscurity != security You are absolutely correct, technically. There is no question their "security" is technically an easily-bypassed joke. I think they are now realizing this.
You are wrong, legally. It is a security bypass. |
|
dot_null
Premium
join:2004-06-28
Kennesaw, GA
·Callcentric
·Comcast
·VoiceStick
·AT&T Southeast
| How could it be a security bypass if MobiTV has no security?
Their webserver will serve up that text file to anyone who asks for it, even if the referrer is listed as HowardForums. No one had to crack, hack or do anything else to receive these streams. If you look at how web servers work, this is akin to asking a building with a doorman permission to enter the premises and he blindly grants it, without stopping to ask whether you had legitimate business in the building. |
|
MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
·AT&T U-Verse
·AT&T Southwest
| said by dot_null :How could it be a security bypass if MobiTV has no security? Their webserver will serve up that text file to anyone who asks for it, even if the referrer is listed as HowardForums. No one had to crack, hack or do anything else to receive these streams. If you look at how web servers work, this is akin to asking a building with a doorman permission to enter the premises and he blindly grants it, without stopping to ask whether you had legitimate business in the building. Again, you are confusing the technical means of securing a website with the legalities involved. In DMCA terms, there was a circumvention of protection.
Here's a summary of RealNetworks vs. Streambox that I found. In this case, RealNetworks sued Streambox for bypassing their (weak) security and accessing their servers and streaming content to a VCR-like piece of software, that would record video for later playback. RealNetworks won the lawsuit, brought under DMCA.
quote:
Court rejected defendant's argument that its product did not constitute a violation of the DMCA because Plaintiff's effort to stop copying did not "effectively protect" against unauthorized infringement. The only question the court considered was whether there was a technological protection, not whether it was effective.
|
|
dot_null
Premium
join:2004-06-28
Kennesaw, GA
·Callcentric
·Comcast
·VoiceStick
·AT&T Southeast
| MobiTV themselves facilitated such infringement, because their server still, as I'm typing this, serves up that list of video links. I think it's a wee bit draconian to serve HoFo a takedown notice because they posted a URL that, in point of fact, is located on MobiTV's servers. Thus, the onus is on MobiTV to correct their glaring security hole. |
|
wierdo
join:2001-02-16
Tulsa, OK
·Future Nine Corpor..
·Teliax VOIP
| reply to MyDogHsFleas
said by MyDogHsFleas :said by dot_null :How could it be a security bypass if MobiTV has no security? Their webserver will serve up that text file to anyone who asks for it, even if the referrer is listed as HowardForums. No one had to crack, hack or do anything else to receive these streams. If you look at how web servers work, this is akin to asking a building with a doorman permission to enter the premises and he blindly grants it, without stopping to ask whether you had legitimate business in the building. Again, you are confusing the technical means of securing a website with the legalities involved. In DMCA terms, there was a circumvention of protection. Here's a summary of RealNetworks vs. Streambox that I found. In this case, RealNetworks sued Streambox for bypassing their (weak) security and accessing their servers and streaming content to a VCR-like piece of software, that would record video for later playback. RealNetworks won the lawsuit, brought under DMCA. quote:
Court rejected defendant's argument that its product did not constitute a violation of the DMCA because Plaintiff's effort to stop copying did not "effectively protect" against unauthorized infringement. The only question the court considered was whether there was a technological protection, not whether it was effective.
In this case there is no technological protection whatsoever.
--
It's wierdo, not weirdo. Yes, I know that's not the 'proper' spelling of the similar english language word.  |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
1 edit | reply to TKJunkMail
said by TKJunkMail :said by La Luna :Nor did they bother to secure anything. Whose fault is that? Howard Forums? I don't think so. They got nailed, now they are trying to cover their butts for a really bad mistake on their part.
Have they bothered to secure anything even now, which would solve the problem? Doesn't appear so. They are wasting time bugging Howard Forums. Securing their system will take some time and negotiations with the carriers. All the users from Sprint, AT&T, Palm, etc(see their web page to see how many »www.mobitv.com/channels/ ) have paid about $10/mo for access. To add in security now means downloading code in to hundreds of thousands of devices from many different carriers. That isn't something they will just dash off. It could be quite a while before they fix any security holes. Ok. Are they working on it at all? If they are so bent out of shape over the gross negligence on their part this, why not just take down the site and all access until they have it "fixed"?
The bottom line is that they screwed up, royally, and now they are trying to blame the fact that the links were out there naked on others. They should be going after whoever they have minding the store, so to speak. If it's anyone like their clueless "lawyer", I can see why they had a problem.
edit: just saw your post below. Looks like they finally figured it out. 
--
10,690 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
