Technology

MediaDefender, a company that attempts to disrupt the sharing of copyrighted material owned by its clients on peer-to-peer filesharing networks, has suffered an embarassing security breach–the leaking of 700 MB of emails from senior employees in the company. The leak allegedly occurred because one senior employee was forwarding company email to his Gmail account, and he used the same password for his Gmail account that he used to register for a P2P service of some kind. This breach demonstrates the importance of adhering to corporate policies about use of external mail providers and using good password security–anything really important should have a unique password, not the same one used for accessing a variety of online websites and services. UPDATE: It’s now being claimed that MediaDefender’s phone systems have also been compromised for the last nine months, and a 25-minute phone call between MediaDefender and the New York Attorney General’s office is circulating, as well as a transcript. The transcript indicates that the AG’s office was concerned (rightly so, apparently) about a possible mail server compromise at MediaDefender; the MediaDefender representative states at one point that he is speaking over a VoIP connection. UPDATE: It seems the record companies are using information about P2P downloads collected by MediaDefender to make marketing decisions. Here’s a quote from one of the leaked emails (quoted from SlashDot): Subject: Nicole Scherzinger Date: Fri, 24 Aug 2007 15:14:31 -0700 Nicole from pussy cat dolls has a single called “whatever u like”. It’s not selling well on itunes or playing that great on radio. A song called “Baby Love” just leaked (I don’t know how long ago). Interscope wants to know if Baby Love is picking up steam on p2p. They need to make a decision by early next week on whether they should switch to this song as the single. Please get me a score comparison on Monday for these two tracks. Also, please put beyonces, fergie, gwen, and nelly furtado singles as comparisons.UPDATE (September 17, 2007): Ars Technica has a good summary of the breach and what the leaked information shows about what MediaDefender has been up to with its video upload service (apparently designed to encourage the upload of copyrighted content as a sort of sting operation), MiiVi. MediaDefender says it was an “internal project” that was supposed to be password protected but was inadvertently made public. CNet has a story on MediaDefender which notes: ...

I’ve not read Bjorn Lomborg’s new book (nor his previous one), but I have read enough of what he has written to suspect that some of those who are ridiculing one of his arguments don’t understand it. For example, Bob Park of the American Physical Society’s “What’s New” writes: Bjorn Lomborg’s “Cool It: The Skeptical Environmentalist’s Guide to Global Warming” is out. Well, yes it is getting warmer he finds, but aside from polar bears, it just means more beach weather. We’ve got bigger problems, he says. Instead of spending all that money trying to prevent warming, let’s focus on making everyone rich so they can all buy air conditioners.P.Z. Myers at Pharyngula writes: He also has a bad argument about relative spending: he suggests that spending on climate change would reduce spending on other pressing issues, like the fight against malaria. It’s a bad choice. Malaria research is already underfunded — it’s a third-world disease, don’t you know, one that mainly affects those tropical countries, so the wealthy western nations typically don’t prioritize it very highly. We don’t take our big pots of money and allocate it into aliquots appropriate to the world’s needs already, so for an economist to sit there and pretend that climate research is a drain on tropical disease research is comical. Especially since he seems unaware of how one feeds into the other. Hey, if the world warms up, tropical diseases will creep northward into Europe and North America, and then we’ll be fighting the economic effects of both direct effects of climate change and new diseases.But as I understand it, Lomborg is making a simple point about opportunity costs–that money spent on climate change mitigation can’t be spent on other things, and that it would be better off spent on things like fighting malaria (which I’m sure he would agree with Myers is underfunded, since it’s #4 on the Copenhagen Consensus 2004 list of “very good projects” to spend money on), because the amount of benefit received for each dollar spent is so much greater. To make the same point–I have looked into putting solar cells on my house, both to reduce my carbon footprint and my long-term energy costs, but I’ve decided against it because even with the tax incentives and my power company’s willingness to subsidize half the cost, it’s still not cost-effective. (I’m hoping new solar cell technologies will improve efficiency and lower cost so that I will be able to become less dependent upon the electrical grid). Instead, I’ve spent much smaller amounts of money that have had far more bang for the buck, replacing my incandescent lights with CFLs (though LEDs and other new promising technologies are on the way as better sources of light), adding insulation, and improving the efficiency of my air conditioning units through regular maintenance. These things I’ve done not only have an impact on my energy use and climate change, they are things which provide me with direct economic benefit as well–thus these are things that rational people will be doing independently of government regulation and spending. Lomborg–or at least the Copenhagen Consensus–is not saying that climate change deserves no attention. The premise of the Copenhagen Consensus is that if the world spent an additional $50 billion over the next five years to address ten categories of global challenges (one of which is climate change), how would that money best be spent to provide the greatest net benefit. That seems to me to be an entirely worthy effort, and this kind of cost-benefit calculation should be given greater weight in public policy decisions. Instead, however, most politicians like to make arguments based on the assumption that any law, regulation, or government spending that saves even one life (or prevents one child from seeing something offensive) is worth doing, whether or not that generates enormous opportunity costs. My personal behavior–and I suspect that of those criticizing Lomborg on this point–demonstrates that I don’t consider climate change my number one priority. In my case, I live in a large house that uses a lot of electricity, I travel frequently by plane, I drive a car instead of using public transportation, I eat meat instead of being a vegetarian like my wife. Each of these things causes, directly or indirectly, an increase in carbon dioxide emissions over the alternatives. UPDATE (December 16, 2008): I just came across this description of Lomborg’s overall behavior with respect to the climate change debate, which I think is likely accurate. ...

F-Secure announced yesterday that it has found another Sony product that installs a rootkit and hidden directory on Windows machines. Last time it was the copy protection associated with music CDs, this time it’s software associated with a fingerprint reader for the Sony MicroVault USM-F memory stick, which Sony says is now no longer for sale. The use of the memory stick causes files to be installed into a hidden directory on your hard drive which is hidden from the operating system, including antivirus scanning. This means that, like the hidden directory created by the CD copy protection scheme, the directory can be used by other malicious software to hide itself.

Long or Short Capital takes a look at a few investment strategies available to the time traveler, including “groundhog maximization,” “terminator option protection,” and “alien/squid technology asset allocation.”

Julian Sanchez points out the staggering misrepresentation by those arguing that the recent increase in wiretapping power amounts to nothing more than an update of FISA procedures to reflect current technology. (Hat tip to Tim Lee at the Technology Liberation Front.)

Bruce Schneier has posted all five parts of his interview with Transportation Security Administration head Kip Hawley: Part 1, Part 2, Part 3, Part 4, Part 5.

Virgil Griffith has put together a fascinating data-mining tool that compares anonymous Wikipedia edits to WHOIS records for IP addresses, to allow users to examine edits made by people at particular organizations. The tool can be used to examine edits by people at the NSA (Ft. Meade), the CIA, the Church of Scientology, Bob Jones University, the Environmental Protection Agency, Diebold, the Electronic Frontier Foundation, Wal-Mart, Pfizer, Raytheon, The New York Times, Al-Jazeera, the WorldNetDaily, Fox News, the Republican and Democratic Party, the Vatican, among many others. The organizations listed here are all listed on the side of the tool’s main search page, but there are many more in the drop-down list of user-submitted organizations, and you can specify organization names and locations. Wired magazine has assembled a list of some of the more interesting edits, such as someone at Diebold deleting references to security flaws in electronic voting machines and someone at the CIA editing song lyrics from an episode of Buffy the Vampire Slayer. Griffith, who built Wikiscanner while working at the Santa Fe Institute, begins graduate work in September at Caltech on theoretical neurobiology and artificial life under Christoph Koch and Chris Adami. It’s wonderful when data mining can be used for good purposes. (Hat tip to Scott Peterson on the SKEPTIC list.)

The July 21, 2007 issue of The Economist has an article about a Swiss company that has opened a market for software vulnerabilities: Since economics, like nature, abhors a vacuum, a small industry of “security companies” has emerged to exploit the hackers’ dilemma. These outfits buy bugs from hackers (euphemistically known as “security researchers”). They then either sell them to software companies affected by the flaws, sometimes with a corrective “patch” as a sweetener, or use them for further “research”, such as looking for more significant—and therefore more lucrative—bugs on their own account. Such firms seek to act as third parties that are trusted by hacker and target alike; the idea is that they know the market and thus know the price it will bear. Often, though, neither side trusts them. Hackers complain that, if they go to such companies to try to ascertain what represents a fair price, the value of their information plummets because too many people now know about it. Software companies, meanwhile, reckon such middlemen are offered only uninteresting information. They suspect, perhaps cynically, that the good stuff is going straight to the black market.Last week, therefore, saw the launch of a service intended to make the whole process of selling bugs more transparent while giving greater rewards to hackers who do the right thing. The company behind it, a Swiss firm called WabiSabiLabi, differs from traditional security companies in that it does not buy or sell information in its own right. Instead, it provides a marketplace for such transactions. A bug-hunter can use this marketplace in one of three ways. He can offer his discovery in a straightforward auction, with the highest bidder getting exclusive rights. He can sell the bug at a fixed price to as many buyers as want it. Or he can try to sell the bug at a fixed price exclusively to one company, without going through an auction. ...

The fact that color printers print a pattern of yellow dots on all pages that indicate which printer was used, for the purposes of being able to track the identity of who has printed any page, has been known since the EFF decrypted the codes and publicized the information in 2005. Now, however, the MIT Media Lab has started a project called “Seeing Yellow” to encourage printer owners to contact the manufacturers and complain, after it has been found that those who do so get reported to the U.S. Secret Service as subversives. (There is one known case, in which someone called to ask a printer manufacturer if there was a way to turn off the “feature.”) (Via Don Lloyd at Distributed Republic.)

While looking through multiple pages of results from a Google query that contained some operators like negations and “site:” specifications, Google was periodically failing to give results or displaying raw HTML in my browser, then ultimately came back with: Google Error We’re sorry… … but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can’t process your request right now. ...