Full Disclosure mailing list archives

Re: Re: Case ID 51560370 - Notice of ClaimedInfringement

From: Valdis.Kletnieks () vt edu
Date: Fri, 08 Apr 2005 14:53:31 -0400

On Fri, 08 Apr 2005 13:45:51 EDT, Jason said:

I get the point just fine. Injecting files C and D results in a 
situation that cannot be resolved without downloading both files.

Song A = mp3 format file with valid license to BSA
Song B = mp3 format file without valid license to BSA
Song C = zip of Song A plus pad to generate MD5
Song D = zip of Song B plus pad to generate same MD5

It is now impossible to distinguish between C and D without downloading 
both. The content inside is still fully usable and valid but a violation 
cannot be confirmed without yourself violating the law.


On the other hand, note the following:

1) The copyright nazi's aren't going to be looking for C *or* D, because they're
only looking for files that have the same hash as A.  They'd have to actually
download C and D and *listen* to it, and identify it (quick - how do you tell
the difference between the audio content of the original Beatles "Come Together"
and the Aerosmith cover of the same song?)

2) It's of course simple to create an arms race where the copyright nazis need to
expend more effort because they can't just go after the MD5 sum.  However, it cuts
both ways - if you see 15 copies of a file available with the same MD5 sum, you can
have *some* trust it's not corrupted.  If you see 15 copies with 15 different hashes,
which one do you trust?

3) If you change the size, date, and MD5 hash and rename it to "Frozzle-bar.doc",
you're not likely to get a note from Metallica's representative about the
pirated copy of their album.  But it's probably not going to be accessed very
much unless you re-rename it to Frozzle-bar-really-metallica-master-of-puppets.doc.
Of course, at that point, you *may* get a note from their representative.. :)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Re: Case ID 51560370 - Notice of ClaimedInfringement, (continued)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Anders Breindahl (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 07)
  - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement AJ C (Apr 07)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 07)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement bkfsec (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement dk (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Thierry Zoller (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Thierry Zoller (Apr 09)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Scott Edwards (Apr 08)
    - Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Honza Vlach (Apr 09)
    - Re: Re: Case ID 51560370 - Notice ofClaimedInfringement class101 () HAT-SQUAD com (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason Coombs (Apr 07)