Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement

• Previous message: Jason: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• In reply to: Jason: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• Next in thread: Thierry Zoller: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Jason <security@brvenik.com>
Date: Fri, 08 Apr 2005 14:53:31 -0400

On Fri, 08 Apr 2005 13:45:51 EDT, Jason said:

> I get the point just fine. Injecting files C and D results in a
> situation that cannot be resolved without downloading both files.
>
> Song A = mp3 format file with valid license to BSA
> Song B = mp3 format file without valid license to BSA
> Song C = zip of Song A plus pad to generate MD5
> Song D = zip of Song B plus pad to generate same MD5
>
> It is now impossible to distinguish between C and D without downloading
> both. The content inside is still fully usable and valid but a violation
> cannot be confirmed without yourself violating the law.

On the other hand, note the following:

1) The copyright nazi's aren't going to be looking for C *or* D, because they're
only looking for files that have the same hash as A. They'd have to actually
download C and D and *listen* to it, and identify it (quick - how do you tell
the difference between the audio content of the original Beatles "Come Together"
and the Aerosmith cover of the same song?)

2) It's of course simple to create an arms race where the copyright nazis need to
expend more effort because they can't just go after the MD5 sum. However, it cuts
both ways - if you see 15 copies of a file available with the same MD5 sum, you can
have *some* trust it's not corrupted. If you see 15 copies with 15 different hashes,
which one do you trust?

3) If you change the size, date, and MD5 hash and rename it to "Frozzle-bar.doc",
you're not likely to get a note from Metallica's representative about the
pirated copy of their album. But it's probably not going to be accessed very
much unless you re-rename it to Frozzle-bar-really-metallica-master-of-puppets.doc.
Of course, at that point, you *may* get a note from their representative.. :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• application/pgp-signature attachment: stored

• Previous message: Jason: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• In reply to: Jason: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• Next in thread: Thierry Zoller: "Re: [Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]