Barry Manilow Highlights 'Three Strikes' Law Stupidity ISP argues assumed guilt by IP isn't too smart... In the UK, the government is still working toward the entertainment industry's goal of booting heavy P2P users off of the Internet, should they be caught transferring pirated material three times. As we've covered at length, this is a bad idea for a number of reasons. Piracy technology detection systems are unreliable, expensive to implement, require tracking offenders across ISPs, there's usually no independently verifiable protection for falsely accused customers, and booting P2P users removes the possibility of turning these users into paying customers. ISPs don't want to pay for such systems, and unless they've got one foot in content like AT&T or Comcast, why should they? They're essentially using their revenues to pay for the entertainment industry's failure to adapt to the broadband age while at the same time losing a paying customer. Smaller ISPs in particular aren't exactly eager to take on the added support costs of such systems. All of this even assumes such a system would work. In order to highlight how susceptible such a system would be to manipulation and false positives, UK broadband ISP TalkTalk conducted a bit of a publicity stunt by driving around and leeching Barry Manilow songs via open hotspots: Within a couple of hours he had identified 23 wireless connections on the street more than one-third of the total which are vulnerable to Wi-Fi hijacking. These connections are either completely unsecured (6%) or use WEP technology (28%) which many users think is secure but is in fact easily hackable by anyone with a laptop computer. To show how vulnerable people are to unauthorised filesharing, our expert downloaded legal music files from two connections, including Barry Manilows hit Mandy and the soundtrack from the 1992 film Peters Friends. Obviously, assuming guilt by IP alone isn't too bright. In France, where President Nicolas Sarkozy has made that country's three strikes initiative a personal pet project, they've included provisions that fine broadband users who leave wireless access points unsecured. Again though, do you fine users for using WEP and being hacked? Who tracks this? Who tracks P2P users between ISPs? Who pays? It all seems like layer upon layer of unreliable technology, potential legal problems, and added taxpayer and ISP expense. Nothing will ever stop piracy, but it seems like an easier solution to weakening piracy exists: lawmakers should tell the entertainment industry to suck it up and adapt. Put the money spent lobbying for three strikes laws and suing customers into developing easy and inexpensive content platforms that compete with piracy.
|
 El QuintronResident Mouth BreatherPremium join:2008-04-28 Etobicoke, ON kudos:2 | Its almost poetic We used to have rick-rolling...
Now when MAFIAA trolls come into forums we should Barry-roll? Manilow-roll?
Fun fun... | |
|  |  zipjay join:2003-03-11 South Williamson, KY | Re: Its almost poetic DO A BARRY ROLL!! | |
|  |  |  | | Re: Its almost poetic Oh Mandy! | |
|  |  |  |  ReformCRTCSupport Your Independent ISP join:2004-03-07 Canada | Re: Its almost poetic And I need you today oh Mandy
You kissed me and stopped me from shaking...
and I need yoooooooooouuuuuuu..... | |
|
 |  ReformCRTCSupport Your Independent ISP join:2004-03-07 Canada | I write the songs that make the Whole World Siiiiiiiiiiiing... | |
|  |  |  ReformCRTCSupport Your Independent ISP join:2004-03-07 Canada | Re: Its almost poetic I write the songs of love and special things,
I write the songs that make the young girls cry....
I write the songs! | |
|  |  |  |  Noah VailSon made my AvatarPremium join:2004-12-10 Lorton, VA kudos:2 Reviews:
·Bright House
| I've Been Alive Forever Barry Barry Old |
And I Wrote the Very First Song...
NV | |
|  |  |  |  |  BeachieStranded in paradise join:2001-07-12 St. Pete, FL kudos:2 | Re: I've Been Alive Forever I'm a Pepper, he's a Pepper, she's a Pepper, wouldn't you like to be a Pepper, too?
(Be a Pepper. Drink Dr Pepper...) | |
|  |  |  |  |  |  | | Re: I've Been Alive Forever I am stuck on Band-Ade, Because Band-Ade's stuck on me. | |
|
 |  MospawMy socks don't match.Hawaiian Jellyfish join:2001-01-08 Mile High kudos:1 | It's the Mani-roll! | |
|  |  |  El QuintronResident Mouth BreatherPremium join:2008-04-28 Etobicoke, ON kudos:2 | Re: Its almost poetic
said by Mospaw:It's the Mani-roll! And the winnah for the naming is!!!
I love Mani-roll! | |
|
 |  | | and they should be scared cause the more folks they kick off the more folks will be pissed off and will never spend a dime on their shitty greedy industry. | |
|  |  | | said by El Quintron:We used to have rick-rolling... Now when MAFIAA trolls come into forums we should Barry-roll? Manilow-roll? Fun fun... Karl is just showing his feminine side. | |
|
 LinklistPremium join:2002-03-03 Longport, NJ kudos:5 | Fine unsecured APs
I like France's idea. Users with unsecured APs SHOULD be fined. Until individuals, and their ISPs, make sure computers are secure, they should be kicked off the internet. It will be the only way to minimize malware on the internet. | |
|  |  Lazlow join:2006-08-07 Saint Louis, MO 1 edit | Re: Fine unsecured APs But how secure is secure enough? Is wep enough? WPA? WPA2? All of these can and have been hacked. So is a higher layer required?
Edit: Keep in mind that Docsis has also been hacked. | |
|  |  |  | | Re: Fine unsecured APs said by Lazlow:But how secure is secure enough? Is wep enough? WPA? WPA2? All of these can and have been hacked. So is a higher layer required? Edit: Keep in mind that Docsis has also been hacked. Maybe I am behind the times, but when was WPA2/PSK cracked? | |
|  |  |  |  Lazlow join:2006-08-07 Saint Louis, MO | Re: Fine unsecured APs Just google WPA2 crack and you will see tons of howtos. The basics method has been around for at least a couple of years. | |
|  |  |  |  |  |  |  |  |  |  |  | | Re: Fine unsecured APs No, there is no "crack" for WPA or WPA2. Contrary to popular belief and numerous news articles here, brute force is still the only option. | |
|  |  |  |  |  |  |  | | Re: Fine unsecured APs It does, indeed, take time to brute-force the WPA/2 keys. However, the whole "GPU-based cracking" approach speeds things up dramatically.
Now imagine someone with an SLI, quad-core laptop. That's two GPUs and four 'CPUs'.
Now imagine someone with an SLI, I7 laptop. That's two GPUs and eight "CPUs" crunching the data at an incredible rate. | |
|  |  |  |  |  |  |  IanPremium join:2002-06-18 ON kudos:1 Reviews:
·Rogers Hi-Speed
| said by DataRiker:No, there is no "crack" for WPA or WPA2. Contrary to popular belief and numerous news articles here, brute force is still the only option. Correct. And I don't care how many nVidia GPUs you have connected, my 256 bit WPA2 passphrase would be brute-forced open right about the time that the sun explodes. At which point you're free to use my WiFi for free.  -- Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong | |
|  |  |  |  |  |  |  |  | | Re: Fine unsecured APs Pride goeth before destruction, and a haughty spirit before a fall. | |
|  |  |  |  |  |  |  |  |  IanPremium join:2002-06-18 ON kudos:1 Reviews:
·Rogers Hi-Speed
| Re: Fine unsecured APs said by Angrychair:Pride goeth before destruction, and a haughty spirit before a fall. If an actual flaw in the WPA2 algorithm is discovered it is vulnerable, but the math dictates that brute force against a 256 bit key is not easy to do. And since the OP was referencing that software based brute-force attack and not a flaw here's how the math breaks down.
Number of possible keys = 2^256 which is 115,792,089,237,316,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 in base 10.
They showed examples of 100 million guesses a second. Impressive, yes, except even if we assume getting it right on average in half the keys, that would still take 578,960,446,186,581,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 seconds. Which is 18,358,715,315,404,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years. Which incidentally is many times more than the age of the Universe itself. Now let's say they for some reason get 100 million such equipped PCs to work on the problem of leeching my bandwidth around the world (for some reason). That would still take 183,587,153,154,040,000,000,000,000,000,000,000,000,000,000,000,000,000 years. 
Granted if you set your passphrase as "Linksys" the problem is simpler.... -- Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong | |
|  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  Lazlow join:2006-08-07 Saint Louis, MO | Ian
The thing you are leaving out of the equation is the human element. The vast majority of users will only use common phrases, which (generally) narrows down the choices to a few hundred thousand variations(which is where GPUs can really shine). Since one can passively grab the encrypted phrase and brute force it off line, it drops the attackers risk to almost zero. Add this to the fact that the vast majority of people seldom change their pass phrase more than once a year, and it becomes obvious how easy access can be obtained. | |
|  |  |  |  |  |  |  |  |  |  IanPremium join:2002-06-18 ON kudos:1 Reviews:
·Rogers Hi-Speed
| Re: Fine unsecured APs said by Lazlow:Ian The thing you are leaving out of the equation is the human element. The vast majority of users will only use common phrases, which (generally) narrows down the choices to a few hundred thousand variations(which is where GPUs can really shine). Since one can passively grab the encrypted phrase and brute force it off line, it drops the attackers risk to almost zero. Add this to the fact that the vast majority of people seldom change their pass phrase more than once a year, and it becomes obvious how easy access can be obtained. Oh, I know. And as was stated, the vast majority of users leave it with WEP, or entirely unsecured. However, we're talking about hypothetically fining people for leaving their access unsecured. To me, that includes users who set up weak passwords that can be dictionary attacked.
That said, even a passphrase generated with dictionary words sky-rockets in complexity when the word count is beyond two words and includes numbers and other symbols.
And looking at the real world implications... So I want to leech off of my neighbours WiFi, which is protected by WPA2. Do I shell out hundreds of dollars for a Russian program to attempt to crack into it, not knowing (yet) whether or not he used his pet's name "Princess" or "Gh6$#@L!(s72tTyfij6sb2hidFFWEFdfsd" to encrypt it? -- Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong | |
|  |  |  |  |  |  |  |  |  |  Lazlow join:2006-08-07 Saint Louis, MO | Re: Fine unsecured APs »dookie.dkearns.ca/?p=49
Above is an example of breaking a probably above average password. The tools used to break it are all open source (no cost). It probably took less than 15 minutes from start to finish.
You can change my original question to how(and who) decides if a pass phrase is strong enough? Remember one can add any pass phrase one wishes to one's attack dictionary. You can even link it to things like john the ripper, that will generate even your example password. It is just a matter of time. With the use of rainbow tables and simple parallel processors(GPUs), the time required is dramatically reduces. | |
|  |  |  |  |  |  |  |  |  |  IanPremium join:2002-06-18 ON kudos:1 Reviews:
·Rogers Hi-Speed
1 edit | Re: Fine unsecured APs said by Lazlow:» dookie.dkearns.ca/?p=49Above is an example of breaking a probably above average password. The tools used to break it are all open source (no cost). It probably took less than 15 minutes from start to finish. You can change my original question to how(and who) decides if a pass phrase is strong enough? Remember one can add any pass phrase one wishes to one's attack dictionary. You can even link it to things like john the ripper, that will generate even your example password. It is just a matter of time. With the use of rainbow tables and simple parallel processors(GPUs), the time required is dramatically reduces. Interesting video. Although that was WPA, not WPA2, and with an extremely short password.
Still calls to question though the lengths that the "average" person should go through to have their home wireless considered "secure" enough to avoid the hypothetical fine. And the flip-side is that if we consider WPA2 with a decent passphrase "insecure", we've now created a defense for someone who has allegedly broken copyright by trading files.
"I'm sorry your honour, but that wasn't my accessing those files. Someone must have cracked my WPA2."
But as an intellectual exercise, let's say my WPA2 password is not gibberish (much more secure), but three English language words separated by 2 random characters.
The use of Rainbow Tables, I assume, is already part of this Russian software to achieve 100 million guesses per second.
There are 500,000 words in the Oxford English Dictionary. If we assume the random characters are among even a short set (128), and assuming even all lower case for the words, that gives 2,048,000,000,000,000,000,000 possible word/character combinations to test. Even at 100 million per second, we're talking 300-700 millenia to crack with one machine. And that's with the foreknowledge that the vector to attack is three English words separated by 2 random characters. Which is not likely to have been known. -- Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong | |
|  |  |  |  |  |  |  |  |  |  | | Re: Fine unsecured APs Firstly, there are no rainbow tables ( technically precomputed hash tables) large enough to store anything but "worded" dictionaries. Even good dictionaries contain several languages and are enormous, hundred's and thousands of gigabytes.
Secondly, a good password, say 21+ characters when chosen properly is secure against any GPU or CPU attack ( assuming WPA or WPA2 ).
To reiterate, even the fastest GPU on the market is just a drop in the bucket when it comes to brute forcing anything but the lamest passwords. | |
|  |  |  |  |  |  |  |  |  |  Lazlow join:2006-08-07 Saint Louis, MO 1 edit | 1st. In reality that is a relatively secure password as compared to what is commonly used. Yes, much stronger(and longer) passwords can (and probably should be) used, but the fact is that they are not.
The other thing you are missing (again) is that people do not (generally) use the vast majority of words in the (regular) dictionary. The vast majority of passwords(actually used) use a very small subset of those words. First names, god, and other key words, are still used in the vast majority of passwords. Even the selection of "random" characters chosen in a password is subject to human limitations. People will generally only use characters that they can easily type (in other words, ones that they commonly use).
Edit: After auditing a lot of small business over the last few years, VERY few had even a 15 character pass phrase much less a 21 character. | |
|  |  |  |  |  |  |  |  |  |  2 edits | Re: Fine unsecured APs I agree 100%. Bad passwords are to blame, not a falsely accused "cracked" cipher like WPA and WPA2.
Also I would like to note that anything above 8-9 characters is a formidable password ( assuming its not in the dictionary )
My issue is with the fact that people assume a rainbow table is helpful. I have found most passwords contain a NAME + some simple number like "Austin21" for example.
You can kiss that rainbow table goodbye. | |
|  |  |  |  |  |  |  |  |  |  See 8 replies to this post |
 |  |  |  |  |  |  menumorutBE an American. join:2005-07-04 Queens Village, NY | Thank GOD (and you)!
I was panicking there for a minute! | |
|
 |  |  |  |  |  |
 |  Host: Time Warner Intern.. PC gaming GAMES PC gaming Tech
1 edit | I like France's idea Who would have guessed. 
What about WEP. Do you fine a user for using WEP?
Do you like the idea of taxpayer dollars going toward a government agency that tracks P2P users between ISPs for the entertainment industry? | |
|  |  |  LinklistPremium join:2002-03-03 Longport, NJ kudos:5 2 edits | Re: Fine unsecured APs said by Karl Bode:I like France's idea Who would have guessed.  What about WEP. Do you fine a user for using WEP? Do you like the idea of taxpayer dollars going toward a government agency that tracks P2P users between ISPs for the entertainment industry? NO. Only the "throw the infected bums who won't secure their system off the internet" idea. -- My BLOG .. .. Internet News .. .. My Web Page
| |
|  |  |  |  Ebolla join:2005-09-28 Dracut, MA | Re: Fine unsecured APs unsecured wireless does not mean infected PC's, you know this as well as the rest of us. | |
|  |  |  |  |  1 edit | Re: Fine unsecured APs Yes, but he is playing games with us. | |
|
 |  |  |  FBGuyPremium join:2005-03-19 Evanston, IL 1 edit | so you think starbucks will start running secured wireless? thats lame. | |
|
 |  |  ReformCRTCSupport Your Independent ISP join:2004-03-07 Canada | People think WEP is lockbox secure! lol | |
|
 |  ck9 join:2004-06-12 Portland, OR | said by Linklist:I like France's idea. Users with unsecured APs SHOULD be fined. Until individuals, and their ISPs, make sure computers are secure, they should be kicked off the internet. It will be the only way to minimize malware on the internet. So we are going to fine grandma and grandpa who have a wireless network at home which is unsecured because they didn't know that BY LAW all wireless AP's/routers must ship with SECURITY DISABLED BY DEFAULT and don't know how to enable it?
Hmmm, great idea...And it's already been brought up about people who have WEP enabled and get hacked, that's their fault as well because they are the ones who placed their faith in something they were told would secure their network...Doesn't seem very well thought out to me... | |
|  |  |  See 6 replies to this post | |
 |  | | Right...
Grandma needs to be a net admin in order to use the internet.
LOL.... | |
|  |  JamesonPremium join:2004-05-28 Fallbrook, CA kudos:1 1 edit | said by Linklist:I like France's idea. Users with unsecured APs SHOULD be fined. Until individuals, and their ISPs, make sure computers are secure, they should be kicked off the internet. It will be the only way to minimize malware on the internet. Hahaha..that's got to be the stupidest thing I've ever herd. What is a fine going to do? Grandma and Grandpa are still not going to know how to secure their wirless.
Also, how would you plan on tracking down these "Unsecured" wireless APs? From personal experience, any unconfigured AP from a retail store usually has their wireless name set as Linksys, Dlink, etc.. Do you really think the government is going to send around people to knock door by door to confirm that the unsecured wireless access point that they are going to be fining for belongs to the house? No. | |
|  |  |  LinklistPremium join:2002-03-03 Longport, NJ kudos:5 | Re: Fine unsecured APs said by Jameson: Grandma and Grandpa are still not going to know how to secure their wireless. Then they can hire someone to do it. | |
|  |  |  |  JamesonPremium join:2004-05-28 Fallbrook, CA kudos:1 | Re: Fine unsecured APs You missed an important part of my post. | |
|
 | | Cracking WPA and WPA2 is not all that hard Nifty thing these new video cards...they outdo CPU's in cracking passwords...
»www.i-hacked.com/content/view/285/1/ WPA cracking is supported by CUDA  | |
|  |  | | Re: Cracking WPA and WPA2 is not all that hard Good luck breaking anything but the lamest of passwords with that. CUDA is not some magical crack against WPA, but a slight acceleration on CPU's ( although the new i7's are closing that gap rapidly ).
Since no one has ever produced a real crack for WPA - on the order of the WEP crack - a reasonable password will keep your AP secure.
and a little footnote, the so called WPA "crack" is not even close. Under the most unbelievable circumstances somebody **could** decrypt some of your packets. Almost completely useless if trying to gain IP access to an AP. | |
|
 | | Manilow?? Anyone caught pirating (or buying or listening to) Barry Manilow should be locked in a rubber room!
BURY MANILOW! | |
|  |  | | Re: Manilow?? Aww...cmon now...Barry Manilow music is in your head right now.
Her name was Lola...she was a showgirl... | |
|
 Stumbles join:2002-12-17 Port Saint Lucie, FL Reviews:
·AT&T U-Verse
1 edit | Ha! That'll never happen. This part made me giggle; "...developing easy and inexpensive content platforms that compete with piracy...", like that will ever happen. The entertainment industry along with their mafia styled RIAA/MPAA have had butt-cheek blinders on for so long competing is a foreign concept. | |
|  cline3621Mr. Yuk is MEAN Mr. Yuk is GREENPremium join:2006-06-14 Clarksville, TN | Mandy? or Bob? I was unaware that Barry Manilow did the voice of Krusty the Clown on the Simpsons. | |
|  |  |  |
 | | Anyone, anywhere.... If you have an internet connection, or a wireless network, people can still get to your music if they wanna break into your computer. Music will never be fully secure on any medium. RIAA go blow it out your ***.
- A -- LETS GO METS! | |
|
 | |
|
|