[NTLUG:Discuss] FW: motivating shady clients to payup

Daniel Hauck xdesign at hotmail.com
Mon Aug 26 23:48:25 CDT 2002 

I hate to say it, but you can always trap them with the DMCA.  Simply set up
some simple method of protection and explain that circumvention of the
protection is a criminal violation of the DMCA punishable by fine,
imprisonment or both.  If they know what the DMCA means they'll listen.  If
they don't they'll lose a lot more.  The DMCA is a very dangerous law but if
you want to throw some weight around, that's one way to do it.  If these
people are outside of the U.S. it doesn't exactly protect them as can be
shown in the Dmitri Skyarlov case or the other guy who authored DeCSS.

But as for methods of securing the hardware, you can encrypt any of the
volumes that are to be mounted at boot time.  This would remove some of the
problem associated with the "...I'd remove the hard drive..." scenario.

Locking down the hardware and setting up a timer for the software isn't an
inconceivable thing.  It happens all the time.  It's the law that's tough to
circumvent and I suppose that's why the DMCA was created in the first place.
I'm still against the DMCA's existance, but as long as we've got it, you may
as well use it to your advantage.  And let me tell you, there is almost no
"due process" in the DMCA.  You set up some sort of tripwire system to
inform you of tampering and you send them a DMCA threat letter.  You could
own their business before long.


----- Original Message -----
From: "Steve Baker" <sjbaker1 at airmail.net>
To: <discuss at ntlug.org>
Sent: Monday, August 26, 2002 23:34
Subject: Re: [NTLUG:Discuss] FW: motivating shady clients to payup


> Aaron Goldblatt wrote:
> >>If I were an 'unsavory client' - I'd simply unscrew
> >>the hard drive from the PC and place it into another
> >>PC as Drive #2 and voila!  All secrets may be revealed
> >>without worrying about passwords, BIOS's, CD-ROMS
> >
> >
> > It has been my experience that a client sufficiently skilled to pull
> > this off (and modify such files as /etc/passwd or /etc/shadow to
> > permit access once the machine is setup again) doesn't need one
> > of us to set up a traffic analysis tool.
>
> I dunno - it doesn't take much to realise that you just need:
>
>      cp /etc/passwd  /mnt/etc/passwd
>      cp /etc/shadow  /mnt/etc/shadow
>
> ...I know I could pull that off - I'm not sure I could write a
> traffic analysis tool simply because I'm a graphics guy and know
> very little about networking.
>
> I think that what I'd do would be to buy 'dongles'.  You can
> arrange to have those time-out or count the number of usages and
> 'expire' after some set number of runs of the application.
>
> If this is the only project like this then it might not be worth
> the effort - but if you do a lot of this kind of thing then it
> would be worthwhile to learn how to do it.
>
> ----------------------------- Steve Baker -------------------------------
> Mail : <sjbaker1 at airmail.net>   WorkMail: <sjbaker at link.com>
> URLs : http://www.sjbaker.org
>         http://plib.sf.net http://tuxaqfh.sf.net http://tuxkart.sf.net
>         http://prettypoly.sf.net http://freeglut.sf.net
>         http://toobular.sf.net   http://lodestone.sf.net
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list