Forgot your password?
typodupeerror
The Courts Government Media Music News Your Rights Online

Oklahoma Security Expert Attacks RIAA Claims 280

Posted by kdawson
from the resting-on-shifting-sands dept.
NewYorkCountryLawyer writes "A group of Oklahoma University students has made a motion to vacate the ex parte order the RIAA had obtained compelling the university to turn over their names and addresses. In support of their motion was the expert witness declaration (PDF) of a computer security and forensics expert who essentially attacked the entire premise of the RIAA's lawsuit, characterizing the declaration upon which the RIAA based its motion as 'factually erroneous' and 'misleading.' Among other things he pointed out that 'An individual cannot be uniquely identified by an IP address,' and that 'Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points.' The students are represented by the same Oklahoma lawyer who recently obtained a award for $68,000-plus in attorneys fees against the RIAA in Capitol v. Foster."
This discussion has been archived. No new comments can be posted.

Oklahoma Security Expert Attacks RIAA Claims

Comments Filter:
  • by ScrewMaster (602015) on Tuesday August 07, 2007 @08:56PM (#20150597)
    "Oh SHIT ... not this guy again."
  • Sad thing is... (Score:4, Insightful)

    by Hsensei (1055922) on Tuesday August 07, 2007 @08:57PM (#20150613) Homepage
    No matter who comes out on top only the lawyers win. :/
    • Re:Sad thing is... (Score:5, Insightful)

      by couchslug (175151) on Tuesday August 07, 2007 @09:24PM (#20150855)
      It is to be hoped that some of those students are going to BE lawyers one day, and all this lawyer hatin' conveniently ignores that many lawyers are idealists and work pro bono for good causes.

      I delight in seeing young people use the system to fight for their freedoms.
    • by nurb432 (527695)
      Thats beacuse they now effectively run this country. ( and are in the process of running it into the ground, for a profit )
    • Makes me wish I was a lawyer, but law school would be too long and expensive for me :/
    • Re:Sad thing is... (Score:4, Informative)

      by Anonymous Coward on Tuesday August 07, 2007 @11:34PM (#20151911)
      No matter who comes out on top only the lawyers win. :/


      Mmm.. I doubt it. I'd be surprised if most of the lawyers defending RIAA "victims" (for lack of a better word) are charging their full rates, considering they're mostly defending poor college students.

      On the other hand RIAA lawyers aren't paid by the hour, and whether they win or lose their salary is the same (you think they're working for a percentage of a $10,000 settlement?)

      They've created a climate of fear, which is all this has been about from the beginning. If they win a case the reward is a pittance to them, if they lose, well, they can afford it. Either way, considering the press it's still generating a lawsuit costs much less and is much more effective than a prime time television ad campaign. Unless there's some way to assign a penalty that really hurts or put a stop to their abuse of the legal system altogether they will continue to sue even if they lose almost every case.
  • Oh come on (Score:4, Insightful)

    by Token_Internet_Girl (1131287) on Tuesday August 07, 2007 @09:09PM (#20150705)
    "Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points" Did the MAFIAA really think someone would overlook this point? Anyone with a class in Internet 101 knows that routers assign one IP address to represent whatever computers are attached to it. I'm glad their having their asanine package of BS handed right back to them.
    • Re: (Score:3, Insightful)

      by jfclavette (961511)
      Maybe you should retake that Internet 101 class then. There are a few routers out there that assign different IP adresses to different 'computers.' In fact, that was pretty much the whole point of routers before NAT showed its ugly face.
      • by russ1337 (938915) on Tuesday August 07, 2007 @09:51PM (#20151085)
        >>> There are a few routers out there that assign different IP adresses to different 'computers.'

        I guess I'm only safe when my local Starbucks has had 4,294,967,296 unique wi-fi visitors and has to start over...
        • by guruevi (827432)
          You really think that there is any appliance that keeps a database of all IP's it has passed out through the days/months/years?

          Just to give you the (raw) calculation: you would need
          (IP + MAC + newspace + (2* blank space)) * available hosts in the subnet to get it in any readable format

          (12+ 16 + 1 + 2) * 65534 bytes (the average subnet) would cost you 2MB of raw space.

          It is possible and probable for a full-fledged server system for an ISP (and even they don't keep track of it longer than a number of
          • by Curien (267780)
            There's a cool program out there called "syslog". I know it's new and not widely used, but maybe google's heard of it.
    • Re:Oh come on (Score:5, Interesting)

      by fredklein (532096) on Tuesday August 07, 2007 @09:36PM (#20150959)
      I think the RIAAs point is that whoever runs that router (and, presumably, the network connection) is responsible for the traffic it passes.

      Like a Red-light camera: they send the ticket to the owner of the car, not necessarily the driver. (Of course, in that case, the owner can simply prove it was not them, and provide the name of the driver, and the ticket will be re-assigned.)

      I don't necessarily agree with this, but most ISP's have similar clauses in their TOS: You are responsible for whatever your equipment puts out/takes in over the network connection. I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP gets their PCs confiscated by the cops. But I wish the 'immunity' applied to anyone.
      • Re:Oh come on (Score:4, Interesting)

        by proverbialcow (177020) on Tuesday August 07, 2007 @10:25PM (#20151385) Journal
        Like a Red-light camera: they send the ticket to the owner of the car, not necessarily the driver. (Of course, in that case, the owner can simply prove it was not them, and provide the name of the driver, and the ticket will be re-assigned.)

        Or, as in the case of Minneapolis' red-light cameras, the entire process is deemed unconstitutional because it presumes guilt rather than innocence.
        • Re: (Score:2, Offtopic)

          by fredklein (532096)
          I don't know about that- a PICTURE of a car running a red light is pretty good evidence that the crime actually took place. Which means someone is guilty of comitting that crime. Since they cannot I.D. the driver (Facial recognition's not that good. Yet.), but they CAN I.D. the car (thru the plates), they send the notification to the registered owner of the car. Since the drive should know who was driving their car*, the driver can then tell the court who is actually guilty.

          *unless it was stolen.
          • Re: (Score:3, Informative)

            by Buran (150348)
            Wow, did you miss the point. You yourself admitted that the driver (the guilty party) can't be identified. You can't accuse anyone of doing something illegal and prosecute them unless you can prove beyond a reasonable doubt that the individual is guilty. And the accused has a right to face their accuser in court.
            • by fredklein (532096)
              the driver (the guilty party) can't be identified,/i>

              It's reasonable to assume that, since it's YOUR car, YOU are the driver.

              Just like, if YOUR specially autographed baseball bat was used to beat someone to death, it's reasonable for the cops to assume YOU did it. It's YOUR bat.

              If you have evidence to the contrary (like you know who was really driving the car, or you lent your bat to a friend), then you can present it.

              You can't accuse anyone of doing something illegal and prosecute them unless you can pr
              • Re: (Score:3, Insightful)

                by fredklein (532096)
                ARGH. Shudda previewed.

                the driver (the guilty party) can't be identified

                It's reasonable to assume that, since it's YOUR car, YOU are the driver.

                Just like, if YOUR specially autographed baseball bat was used to beat someone to death, it's reasonable for the cops to assume YOU did it. It's YOUR bat.

                If you have evidence to the contrary (like you know who was really driving the car, or you lent your bat to a friend), then you can present it.

                You can't accuse anyone of doing something illegal and prosecute them u
                • by Curien (267780)
                  It's reasonable to assume that, since it's YOUR car, YOU are the driver.

                  So you've never had roommates, aren't married, and never left your keys anywhere for more than 30 minutes without direct supervision. Oh, and everyone KNOWS that you need the keys to steal a car. My best friend's wife had her car stolen while she was on vacation. She didn't even know it was gone until two weeks after it was stolen.

                  It's a reasonable assumption -- but it's just that, an assumption. It is not reasonable *proof*. In the cas
              • by Buran (150348)
                It would seem that since the actual offender cannot be identified from the photos, it is not reasonable. That would be the whole reason why these aren't allowed in the place the original poster mentioned.

                It is not in fact reasonable to automatically assume that the owner of an object is guilty of a crime committed with that object. All you have proof of is that something owned by a particular individual was used in the commission of a crime. You do not have proof that that individual was the guilty party.

                Yo
                • Re: (Score:3, Interesting)

                  by fredklein (532096)
                  All you have proof of is that something owned by a particular individual was used in the commission of a crime. You do not have proof that that individual was the guilty party.


                  But that is enough for the police to arrest (or at LEAST question) you. It's enough to get you put on trial.

                  If the item is a common item (a Yellow #2 pencil), then there is loads of doubt. Was it MY Yellow #2 pencil, or one of the MILLIONS of others that are made each year? Even if it was mine, anyone could have taken one from by de
          • Oh I wasn't in it.

            I think my daughter was driving it.

            But I'm not sure. It may have been my son.

            Or one of their friends.

            They were moving that night and lots of different people used the car.

            Car Person.

            Lots of different people drive the same car in some circles.
            • by fredklein (532096)

              "Oh, officer. I know you found my gun at the murder scene, but..."

              I wasn't carrying it.

              I think my daughter was carrying it.

              But I'm not sure. It may have been my son.

              Or one of their friends.

              Puh-leaze. Do you really think the cops would let you go if you told them that? Of course not.

              Then why should they 'let you go' from paying the Traffic Fine?

              Now, IF you had evidence that showed you were not guilty*... then that's a different story.

              *like the name of person who actually drove the car/carried the gun that d

              • Or, if you could simply show that more than one person had access to your gun?

                "Now, IF you had evidence that showed you were not guilty*... then that's a different story."

                What you are describing is "guilty until proven innocent"

                • by fredklein (532096)
                  Or, if you could simply show that more than one person had access to your gun?

                  You try telling that to the cops when they show up to arrest you, and see what happens.

                  Hint: they'll still arrest you.
          • You don't have many siblings or kids, do you?

            Father: "Okay, who ran a red light last Saturday at 11:30 pm?" Kid1: "not me" Kid2: "not me" Kid3: "not me" Father: "Sorry, officer, I don't know who was driving"

            The situation gets even worse if you have a large extended family that allows each other to borrow vehicles. Either way, there is no way for law enforcement to know who was driving...

            • by fredklein (532096)
              "Sorry, officer, I don't know who was driving"

              "Well, Sir, since it is Your car, it is Your responsibility. Will you pay by cash or check?"

              Either way, there is no way for law enforcement to know who was driving...

              But they know who the car is registered to. Who is responsible for the use of the car.
              • But thankfully, that's not how traffic laws work. The operator is the responsible party when it comes to criminal charges. The gun analogy used above is correct in that sense. For example, I let my high-school buddy Billy Bob borrow my rifle to go hunting. He uses it to kill his ex-girlfriend's new boyfriend and leaves the gun at the scene. It's traced back to me, cops come to see me but find that I've been on vacation for the two weeks surrounding the murder (plane tickets, hotel receipts and cellphone rec
                • by fredklein (532096)
                  It's traced back to me, cops come to see me...

                  If they thought you guilty of a homicide (I mean, what else can they think- it's your gun!), they'd do more than 'come see you'. They'd burst in the door, guns drawn, throw you on the ground, and arrest you. If you can prove your alibi, then they'll let you go.
                  Just like, if your car is photo'd running a red light, they send the ticket to you, and if you can prove it was not you, they'll 'let you go'.
            • Re: (Score:3, Interesting)

              by richie2000 (159732)

              Either way, there is no way for law enforcement to know who was driving...
              Unless the camera takes a picture of the driver and the Police compares this shot to the photo of the car's registered owner that the DMV should have on file. If they match, they send out the fine. If it doesn't, they drop the case as it's too much work digging up and comparing photos of all possible drivers. BTW, this is how automated speeding cameras work here in Sweden.
      • by Kaseijin (766041) on Wednesday August 08, 2007 @12:05AM (#20152173)

        I think the RIAAs point is that whoever runs that router (and, presumably, the network connection) is responsible for the traffic it passes.
        That's their theory. To the best of my knowledge, no court has ever bought it.

        ...I don't necessarily agree with this, but most ISP's have similar clauses in their TOS: You are responsible for whatever your equipment puts out/takes in over the network connection.
        That's a contract between the ISP, the customer, and no one else.

        I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP gets their PCs confiscated by the cops.
        The person is, reasonably, a suspect.
        • by fredklein (532096)
          I think the RIAAs point is that whoever runs that router (and, presumably, the network connection) is responsible for the traffic it passes.
          That's their theory. To the best of my knowledge, no court has ever bought it.


          I'm curious who YOU would hold responsible for the traffic coming out of YOUR router, which is hooked to YOUR broadband line in YOUR house. The Tooth Fairy?

          I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP g
      • The problem with that logic is holding one person responsible for the crimes committed by another. That's not likely to go over well in the courts.

        If an employee misuses their computer and network connection, is the employer responsible for the crimes of the employee? If someone breaks into one of your computers at work and uses them to commit a crime, are you responsible because the equipment is yours?

        As much as the RIAA may wish it so, holding someone responsible for the crimes of another just isn't going
        • by fredklein (532096)
          The problem with that logic is holding one person responsible for the crimes committed by another.

          No. They are ACCUSING the person who pays for the internet service of (mis-)using that service to commit Copyright violations.
          If the person who pays for the connection can show they are not the ones who did it, then the RIAA will move on to the real perpetrators. Otherwise, it's completely reasonable to hold the 'owner' responsible for damage done by his property.

          If an employee misuses their computer and netwo
        • by gravesb (967413)
          Actually, through vicarious liability, the employer could be liable, depending on the type of misuse.
    • Re:Oh come on (Score:5, Interesting)

      by ScrewMaster (602015) on Tuesday August 07, 2007 @09:36PM (#20150963)
      The problem seems to be growing the awareness of these basic facts among the judiciary: cases like this can only help in that regard, I'd think. Those of the legal mind are fond of informing laymen that the law is complex and ever-changing and that only one who is properly trained could possibly comprehend its intricacies. I personally believe that the law is often more complex than it needs to be (and that is certainly no accident) but, okay, I'll buy that argument. As an engineer I cheerfully admit that the law is an arcane mystery, and I would certainly never set foot in court without proper representation.

      However, the truth is that the global network and the technologies behind it are pretty goddamn complex as well, and change more often than the average trial lawyer changes his boxers. Gross oversimplifications and prevarifications regarding network technology, such as those pulled out of thin air by the RIAA's so-called "expert witness", have so far resulted in several severe miscarriages of justice. Unfortunately, while it is a necessity to have legal representation in a technical case, there seems to be no corresponding requirement that the legal beagles involved have a clue about technological underpinnings of said case. Given how successful the RIAA has been with the testimony of Mr. Linares, it's apparent that expert witnesses are of no help when the people making the legal decisions don't have the mental knowledge base to tell the wheat from the chaff.
      • Re:Oh come on (Score:5, Informative)

        The problem seems to be growing the awareness of these basic facts among the judiciary: cases like this can only help in that regard, I'd think. Those of the legal mind are fond of informing laymen that the law is complex and ever-changing and that only one who is properly trained could possibly comprehend its intricacies. I personally believe that the law is often more complex than it needs to be (and that is certainly no accident) but, okay, I'll buy that argument. As an engineer I cheerfully admit that the law is an arcane mystery, and I would certainly never set foot in court without proper representation. However, the truth is that the global network and the technologies behind it are pretty goddamn complex as well, and change more often than the average trial lawyer changes his boxers. Gross oversimplifications and prevarifications regarding network technology, such as those pulled out of thin air by the RIAA's so-called "expert witness", have so far resulted in several severe miscarriages of justice. Unfortunately, while it is a necessity to have legal representation in a technical case, there seems to be no corresponding requirement that the legal beagles involved have a clue about technological underpinnings of said case. Given how successful the RIAA has been with the testimony of Mr. Linares, it's apparent that expert witnesses are of no help when the people making the legal decisions don't have the mental knowledge base to tell the wheat from the chaff.
        The Linares dribble -- like the Whitehead dribble which preceded it -- "succeeded" only because it was used only in ex parte cases, where there was no opposition. Now that opposition is starting to form, and now that judges are starting to reject [blogspot.com] even the ex parte motions [slashdot.org], awareness may be growing among members of the judiciary.
        • Re: (Score:2, Funny)

          by Anonymous Coward
          Dribble is a good word. So is drivel. Although they are both good words they are not interchangable.
        • Well, that's the most positive thing I've heard all day. Of course, it's only 6:14 am. Hopefully this represents a trend.
    • by LarsG (31008)
      You might want to retake Internet 101. Routers don't assign IPs.
      • Re:Oh come on (Score:4, Insightful)

        by TooMuchToDo (882796) on Wednesday August 08, 2007 @12:12AM (#20152231)
        I've got a Cisco 2600 series router that begs to differ with you.
        • by LarsG (31008)
          So any network device that reports a command unknown to "Router(config)# service dhcp" is not a router?

          That many routers happen to include a DHCP server does not mean that 'does DHCP' is one of the criteria that defines what a router is.
  • by willow (19698) on Tuesday August 07, 2007 @09:11PM (#20150735)
    I'm wondering why it's taken other lawyers so long to realize the RIAA is ripe for fleecing with their undefendable suits. Surely the lawyer vs. lawyer guys would have figured out by now that the RIAA, with so much $$$, is ripe for plucking...

    I'm actually ashamed of this, BTW :)
    • Lawyers who make their living with that type of litigation never want to be the first, they tend to wait for someone else to show that it can be done. I'm betting the flood-gate will soon open, and this type of RIAA tactic will fade. But you can bet that the RIAA will try a different approach.
  • OSU, not OU (Score:3, Informative)

    by epmos (468595) on Tuesday August 07, 2007 @09:12PM (#20150745)
    Nitpick:
    TFA says the 11 students are at Oklahoma State University (OSU), not that Other University to the south (OU).

    [ Yes, I am an alumni of OSU. ]
  • by japhar81 (640163)
    One can only hope that if they get hit upside the head with a proverbial baseball bat often enough, perhaps they'll learn? After all, even the dumbest dog learns after a while, right? Nah, probably won't happen..
  • by PhysicsPhil (880677) on Tuesday August 07, 2007 @09:17PM (#20150795)
    ...how big is the school in question? I've been wondering recently whether the RIAA has ever gone after schools with big legal programs. Have they been avoiding a fight with students who might have a large number of friends training to be lawyers? I have visions of some professor who gets sufficiently aggravated that he assigns his entire class to bury the RIAA in legal briefs.
    • Re: (Score:3, Informative)

      by i)ave (716746)
      As some have pointed out, this legal attack involves students from Oklahoma State University, about 15,000-20,000 students. For the record, OSU does not have a school of law. The University of Oklahoma has a school of law, as does the University of Tulsa, and Oklahoma City Univesity. One wonders if the RIAA is focusing its efforts on big universities and the publicity they generate, but avoiding those universities that have a school of law (and the professors of law that accompany them) to avoid the scenari
  • So what is the most likely outcome of the motion?
  • by edashofy (265252) on Tuesday August 07, 2007 @09:30PM (#20150905)
    "Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points."

    Yes, we all know this is true from a technical perspective. However, the RIAA is not as dumb as to ignore it. From the depositions in the Lindor case (posted earlier by NewYorkCountryLawyer) they are also relying on the fact that Kazaa (and workalikes) apparently include the local IP in the protocol. So if I'm behind my router, and my IP is 192.168.1.1, but my router's IP is 123.45.6.78, then the RIAA will see BOTH addresses and know whether there's some NATting going on with a pretty high degree of certainty. However, if Kazaa reports the local IP as 123.45.6.78 as well, then it's highly unlikely any more than a single computer is behind that IP.

    Reading the report, the "expert" here appears to be completely ignorant of this fact.

    Also, some of this is really atrocious. Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured. If you connect to 'linksys' are you "hacking" that network? Would you use that term No. No "hacking" (in any reasonable sense) is going on.

    Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes." A back-door is not a "code" or a program, nor are botnets. Bots are, Trojan (Horses) are, and they can open back doors. Precision, please?

    Do look at the expert's biography page [f0rb1dd3n.com] on the site shilling his book. Plenty of asserted qualifications and certifications, although I don't see any formal degrees listed anywhere. It also asserts that "One final note Jayson was chosen as one of Time's persons of the year for 2006." (hint: so were you). The grammar in the bio is even worse than in the expert brief. Do a search for his name and you'll find precious little at all.

    I'm not saying that the RIAA is doing due diligence; the Lindor briefs leave a lot in question (although less than most slashdotters would like). However, fighting back with equally specious and unresearched information doesn't seem to be a much better strategy.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Most large internal private networks work off of DHCP, and that means the IP usually changes for each user after they shutdown their computer (depending on the DHCP lease of course, it could be shorter or longer). The next time the user logs back on to the network or resolves DHCP they will more then likely have a new IP.

      **For the RIAA to have sufficent evidence the internal IP would have to be accompianined by the actual MAC Address of the physical computers NIC (this would also be the same for the externa
    • by tftp (111690) on Tuesday August 07, 2007 @09:54PM (#20151115) Homepage
      Indeed, I read his deposition and basically all he does is state that you are anonymous behind a NAT. I am sure the logs do not indicate that 192.168.1.250 is the offender. There must be something more tangible. The expert probably just refuted literal RIAA's statements, ignoring the context (I haven't seen the logs so can't say for sure.)

      One thing, though, he could have mentioned - various IP spoofing methods. Imagine you are on a DHCP network (on campus, for example.) You ask for an IP and you will get it, and this will be logged: "00:f0:3e:45:33:66, authorized as belonging to John Doe, asked for an IP and got 10.0.15.213 for 6 hours". Nice. However what if you want to misrepresent yourself? An enterprising student can use ping and arp (if not some better tools) to find out what IP and MAC addresses are online, and once some of those computers go to class (or to sleep, for example,) take over the MAC address and ask for a new DHCP lease ... done, and you have a new shiny IP address, perfectly logged as belonging to John Doe whereas you are someone else entirely.

      This would clearly demonstrate that the DHCP has no authentication beyond the MAC address, and that can be easily changed [nthelp.com] on many cards. Any judge, however technically illiterate, can understand that if you can get any identity by just asking then it's pointless to hold the identity owner responsible.

      This text, as seen here [windowsecurity.com], would be relevant in the expert's refutation:

      Unfortunately it's the very simplicity of DHCP that's actually the problem as far as security goes. No authentication or authorization takes place during an exchange between a DHCP server and DCHP client, so the server has no way of knowing if the client requesting the address is a legitimate client on the network, and the client has no way of knowing if the server that assigned the address is a legitimate DHCP server. The possibility of rogue clients and servers on your network can create all kinds of problems.

    • by langelgjm (860756) on Tuesday August 07, 2007 @10:04PM (#20151197) Journal

      Did you read the same brief I did? Because your quotes don't match with what is in the PDF file.

      Also, some of this is really atrocious. Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured. If you connect to 'linksys' are you "hacking" that network? Would you use that term No. No "hacking" (in any reasonable sense) is going on.

      Here's what I see in the PDF: "An example of the dangers of open networks is the case of Walter Nowakoski. Nowakoski connected to unsecured home networks and used the bandwidth via unencrypted wireless networks to download child pornography. This is an example of criminals using networks of others to commit crimes so that the innocent are victims twice - once for the theft of their own network resource and then when they are wrongly accused for the illegal activity."

      Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes."

      Not to be picky, but if you're going to comment on the man's grammar, at least have the courtesy to quote him correctly. He conjugates the verb correctly, saying "... are examples of malicious codes..."

      • by edashofy (265252)
        Page 7:

        "Exhibit 6: Sci-Tech November 23, 2003 article from CTA News Staff reporting a driver of a motor vehicle engaged in internet child pornography utilizing a laptop computer and Wi-Fi (wireless fidelity) card to crack into a computer in a nearby home."

        The text you cite is, as I explained, separate at the end of the article.

        You're correct, 'example' was my typo. My bad.
        • by langelgjm (860756)
          Ok, fair enough, though that of 'cracking' could simply be taken from the "article" he is talking about... It sure doesn't help that the text isn't searchable/selectable.
    • by Dunbal (464142) on Tuesday August 07, 2007 @10:20PM (#20151345)
      Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured.

            Ok, now tell me how hard it is to hack a WEP-enabled wireless network? It takes all of what, 90 seconds?
    • Even supposing that the local IP was included there's two major problems:

      1) They only way that can be gotten is by the computer itself reporting it. What makes you think a computer couldn't just have changed that? I've never seen a cheap NAT-router that has ANY sort of enforcement on IPs, much less seen a user that'd turn it on.

      2) Show me the consumer router that keeps logs after power off (if it keeps logs at all). I've again never seen it. Unless someone went out of their way to keep any sort of logs, the
    • He does qualify the person of the year statement by saying it is a joke, and linking to the time.com website.

      If you look about half way down the page, there is a small light blue line that looks like part of the background. It is a hyperlink to a photo of him (I presume) (I think it's titled 'spot the geek'). Just from glancing at the rig he's got there, he looks like a pretty dedicated nerd!
    • Re: (Score:2, Informative)

      by mdmkolbe (944892)

      Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes." A back-door is not a "code" or a program, nor are botnets. Bots are, Trojan (Horses) are, and they can open back doors. Precision, please?

      First, this is an ad hominem attack.

      Second, it's not even a very good ad hominem attack. There are a lot of (native English speaking) people that use the plural form (i.e. "codes") instead of treating it as a mass noun (i.e. "code"). It seems to be more common among the older generations of programmers. (I personally think it should be a mass noun, but I'm just pointing out that a significant minority use the plural form. Sort of like "ketchup" vs "catsup".)

    • by Eskarel (565631)
      The problem I have with this argument is that, presuming that this IP is actually encoded into the protocol it's completely unverifiable as being accurate. Kazaa was hacked a long time ago and a lot of the new alternatives have the source code available, or have been equally hacked. If the IP in the protocol isn't actively used for routing(and if it is it's no more use than the ip on the packet due to NAT and the like), then there's nothing to stop anything at all being inserted into that position.

      To give a

    • by jgoemat (565882)

      Yes, we all know this is true from a technical perspective. However, the RIAA is not as dumb as to ignore it. From the depositions in the Lindor case (posted earlier by NewYorkCountryLawyer) they are also relying on the fact that Kazaa (and workalikes) apparently include the local IP in the protocol. So if I'm behind my router, and my IP is 192.168.1.1, but my router's IP is 123.45.6.78, then the RIAA will see BOTH addresses and know whether there's some NATting going on with a pretty high degree of certain

    • by jgoemat (565882)

      Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes." A back-door is not a "code" or a program, nor are botnets. Bots are, Trojan (Horses) are, and they can open back doors. Precision, please?

      I don't see how not being a native English speaker would affect any of his reasoning, but I thought the declaration as a whole use

  • Everything that the security expert says in his submission to the court is, of course, true. But in the same way as the RIAA's submission doesn't tell the whole story, neither does this.

    Universities have large IP blocks, and - for the most part - are in no danger of running out of IP addresses (negating the need - but not necessarily the use) of NAT technologies to get around this.

    So while all of the assertions are true - there is still a reasonable (if not completely deterministic) chance that the IP addr
    • by Sycraft-fu (314770) on Wednesday August 08, 2007 @12:50AM (#20152471)
      Ummm few things:

      1) Where did you get the idea all universities have tons of IPs? Some do, some don't. Also, a class B might seem like a lot, but if you've got 50,000 students, 20,000 departmental computers and servers, and you dole the IPs out in subnets to different departments (so they aren't 100% utilized) you start feeling the crunch more than you might think. Where I work we've got two class Bs (as we were in on the Internet game fairly early) and network operations has already begun working on renumbering the network to try and reclaim unused IPs. We haven't had to implement NAT on any campus level (though there are tons of little ones that random people run) but it is not something out of the question. Take a larger university with less IP space, you'd have little choice.

      2) NAT has other uses such as cloaking the activities of individual computers. You'll see places use NAT just for that, they don't want individual activity being traced based on IP. So they get a many-to-many NAT set up. You have say a couple hundred routable IPs with a couple thousand non-routable IPs behind them. The router picks out which public IP you get randomly, or round-robin, or whatever. Thus it ends up being impossible to figure out what is happening.

      3) Who says the university runs the NAT? You telling me you don't think students stick routers in their dorms? You telling me that you don't think they do that, and turn on unsecured WiFi (especially since many universities have extremely poor or non existent WiFi)? I know for a fact they do, because we always have problems with this on our campus.
    • Using public or private IP address space makes no difference. The problem is with the contention itself.

      An IP/MAC address doesn't tell you who was operating a computer at the time. Bottom line. All it means is that at a particular time, a computer was in use. You can't even be for certain what computer, since MAC spoofing is fairly easy to anyone knowledgeable enough. Network accounts are meaningless, when a simple glance over a shoulder or 5 minutes of uninterrupted rummaging around a desk can allow me to
  • I hope he attacked his claims with a chain saw... Christ! Enough RIAA. We get it, dont illegal trade your terrible music. We get it, but we dont give a shit.
  • The RIAA are like sharks, seeking out a lone victims and quickly eviscerating them, particularly the weak or the slow, and those already leaving a tempting blood-trail in the water.

    By contrast, the defendents are starting to behave like dolphins, which individually will easily fall prey to sharks, but as a group may band together to rapidly ram the sharks in the gills or other sensitive organs until they break off, or eventually, due.

    Give 'em another jab in the gills boys, and we'll see if the sharks wi
  • why aren't judges protecting the people?

    The law is not really in the RIAA's favor here.

    The RIAA has shown a history of fradulent law suits.

    Why aren't people countersuing for malicious prosecution?

The universe does not have laws -- it has habits, and habits can be broken.

Working...