[p2p-hackers] amicima MFP and crypto upgrades

David Barrett dbarrett at quinthar.com
Sun Dec 18 05:49:45 UTC 2005 

Well the real money is in bulk counterfeiting.  If only I had access to 
a frickin' huge printer...

Serguei Osokine wrote:
> On Saturday, December 17, 2005 David Barrett wrote:
> 
>>For example, just the other day I was interviewing a candidate (did
>>I mention we are hiring?) who aggregates poker stats on other players. 
> 
> 
> 	Sounds like you're finally switching your development into areas
> that can actually bring heaps of money. I always thought that cheating
> in poker should be more profitable than P2P content delivery - and now
> your hiring approach seems to validate that. Good luck!
> 
> 	Best wishes -
> 	S.Osokine.
> 	17 Dec 2005.
> 
> 
> -----Original Message-----
> From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org]On
> Behalf Of David Barrett
> Sent: Saturday, December 17, 2005 3:01 PM
> To: Peer-to-peer development.
> Subject: Re: [p2p-hackers] amicima MFP and crypto upgrades
> 
> 
> On Sat, 17 Dec 2005 1:58 pm, coderman wrote:
> 
>>On 12/17/05, Matthew Kaufman <matthew at matthew.at> wrote:
>>
>>> ...
>>> 2. We've significantly upgraded the "MFP defcrypto" default 
>>>cryptographic
>>> plug-in.
>>
>>i forgot to mention this previously but it is always a good idea to
>>lock memory pages where key material and cipher state resides.
> 
> 
> I'm not sure I follow how this helps: who is it protecting against?  If 
> you don't want the user to get access to cipher info, requiring root 
> access isn't much of a barrier (any hacker will have root on his own 
> box).  And one user can't access the memory of another user's 
> processes.  I'm not disputing the technique, I just don't understand 
> when to apply it.
> 
> For example, just the other day I was interviewing a candidate (did I 
> mention we are hiring?) who aggregates poker stats on other players.  
> Despite all sorts of clever on-the-wire encryption, he just figured out 
> where all the stats are kept in plaintext in memory and tapped into 
> that.  Doh!
> 
> Ultimately, it's never a good idea to send data to a client that you 
> don't want to fall into the wrong hands.  Memory protection might stop a 
> non-root user from accessing his own memory, but this seems like a 
> boundary case (unless I'm misunderstanding it).
> 
> -david
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
> 
>

More information about the P2p-hackers mailing list