Thursday, December 30, 2010

TorrentFreak Email Update

TorrentFreak Email Update

Radiohead Charity Pay-What-You-Want DVD On BitTorrent

Posted: 30 Dec 2010 03:03 AM PST

In January 2010, in response to the emerging tragedy from the earthquake in Haiti, Radiohead performed before a limited audience at a charity concert in the United States. Since that performance, footage of the event has been painstakingly compiled by fans and now a twin DVD has been released, endorsed by the band. All proceeds are going to charity and the fastest way of acquiring it? BitTorrent of course.

haitiIn 2007, UK band Radiohead went against the grain by offering their latest album to the masses via the Internet in a pay-what-you-want model. Their seventh studio album, combined physical and digital sales went on to break the 3 million copy barrier.

Now the band are back supporting a similar but completely altruistic model, this time for a DVD. In January 2010, Radiohead performed at the Haiti Relief concert at the Henry Ford theater in Los Angeles and the event was filmed and its audio recorded, not by the band or show organizers, but by their fans.

Understandably, that footage went on to be scattered far and wide but thanks to the work of three fans – inez, formengr, andrea – the video and audio has been painstakingly collated to make a two DVD set of the event, which was limited on the day to just 1,400 people present. The trio then decided to make the work available on the Internet for the masses, but supported by a great idea to help those in need.

“It was a SPECIAL show with a SPECIAL purpose – to raise badly needed funds for those who lived through the devastation. And it seemed only appropriate that the DVD should carry on some of these goals,” inez explains.

So plan in hand, inez approached Radiohead for their approval and to find out which charity they would like donations to go to. The band chose Oxfam to handle donations on behalf of Haiti.

Normally with a charity product a whole bunch of funds would go to producing a physical product and then getting it delivered all over the world, but with the magic of BitTorrent none of that is necessary. In fact, even the online distribution costs come to almost nothing meaning that every penny goes in the right direction.

Inez has chosen a handful of trackers to distribute the DVD including the signup only Zombtracker and the one the majority of BitTorrent users will recognize, KickassTorrents.

The official Oxfam donation link can be found here and a copy of the full video can be seen on YouTube, linked below.

Please download and give generously.

Article from: TorrentFreak.

BotTorrent? Using BitTorrent as a DDoS Tool

Posted: 29 Dec 2010 02:08 PM PST

A recent talk at the Chaos Communications Congress revealed how BitTorrent swarms can be exploited to take down large websites with relative ease. A vulnerability in the technology behind so called trackerless torrents makes it possible for someone to trick downloaders of popular files into send thousands of requests to a webserver of choice, taking it down as a result. Basically, this turns BitTorrent into a very effective DDoS tool.

bottorrentBitTorrent is one of the most effective technologies to transfer large digital files to many people at once. Unlike a central server, transfers actually tend to go faster as more people share the same files. This characteristic is one of the reasons why it has evolved into the dominant file-sharing platform in recent years.

Every day millions of people are downloading files via BitTorrent, and in some instances more than 100,000 people are sharing the same file at the same time. These large ‘swarms’ of peers are great for sharing, but they also pose a threat as became apparent at the Chaos Communications Congress (CCC) recently.

In a talk titled “Lying To The Neighbours” it was shown that the DHT technology which powers "trackerless torrents" can be abused to let BitTorrent downloaders effectively DDoS a webserver of choice. DHT's normal function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker. This ensures that downloads can continue even when the central tracker goes offline.

According to the presenter who goes by the name ‘Astro’, Kademlia based DHT can be exploited by a malicious peer to carry out a DDoS attack. If there are enough peers downloading the same file, this could easily take down medium to large websites. The worrying part is that the downloaders who are participating in the DDoS will not be aware of what’s going on.

“The core problem are the random NodeIDs. The address hashing and verification scheme works for scenarios like the old Internet, but becomes almost useless in the big address space of IPv6,” Astro told TorrentFreak in a comment. As a result, any BitTorrent swarm can be abused to target specific websites and potentially take them down.

This and other DHT vulnerabilities are not entirely new concepts for BitTorrent developers. They have been discussed in various places already, but no agreement on how they should be dealt with has yet been reached.

Over the last months DDoS attacks have been in the news regularly, mostly carried out under the flag of Anonymous’ Operation Payback. Initially anti-piracy targets such as the MPAA and RIAA were taken offline, and last month the focus switched to organizations that acted against Wikileaks, including Mastercard and Paypal.

While these attacks required hundreds of people to actively participate and fire up their LOIC application at the same time, the BitTorrent DDoS could take down the same sites from a single computer, using BitTorrent downloads as a ‘botnet’. But, where there’s a problem there’s a solution, and Astro has some pointers for BitTorrent developers.

“Not connecting to privileged ports (< 1024) where most critical services reside," is one ad-hoc solution, but Astro says that since it's a design error, the protocol has to be redefined eventually.

The idea of using BitTorrent as a DDoS tool is not entirely new. In fact, researchers have previously shown that adding a webserver’s IP address as a BitTorrent tracker could result in a similar DDoS. The downside of this method is, however, that it requires a torrent file to become popular, while the DHT method can simply exploit existing torrents that are already being downloaded by thousands of people.

It will be interesting to see if BitTorrent developers are going to act upon the DHT vulnerability in the coming months and come up with a solution to prevent this kind of abuse.

Article from: TorrentFreak.

Hadopi Sends 100,000 Warning Emails To Suspected Pirates

Posted: 29 Dec 2010 05:28 AM PST

Hadopi, the French authority with responsibility for issuing warnings to illicit file-sharers, has just announced that so far it has sent out 100,000 email warnings. While the figure is far below the 50-70,000 reports filed by the entertainment industry every day, around 15% of warning recipients have responded by email, some with confessions, some with confusion.

According to those involved in France’s “3 strikes” illicit file-sharing process, the Hadopi authority has sent a total of 100,000 warning emails to Internet account holders since October.

The figure is substantially below the requirements of the entertainment industries who had begun sending complaints to Hadopi at the rate of 25,000 per day in the hope that they would all be passed on. They weren’t, but that didn’t stop the submissions quickly reaching 50,000 per day. The total capacity is 70,000 per day.

The complaints bottleneck has continued, with magistrates involved in the process informing Le Figaro this week that since November Hadopi has been sending out warning emails at the rate of 2,000 per day.

This much lower rate was set for a reason. Ever since its inception critics have believed that the system would be prone to error and innocent people would be accused of offenses they didn’t commit. That may well prove to be the case, but by keeping the numbers down the error rate will stay low too, an essential requirement if people are to have confidence in the process.

Magistrates involved in the process say “It’s too early to conclude” if the emails will have the required long-term effect on recipients. However, they say that around 15% of those receiving these first warnings have actually responded to them by email.

The warning emails don’t currently mention the infringing material in question, so some responses request additional information on which files the warning refers to. According to Jacques Bille from the Court of Auditors, the omission is deliberate to avoid embarrassment, such as wives and girlfriends discovering their partners have downloaded something questionable.

While some warning recipients simply confess and swear not to do it again, others are reportedly making their excuses. Only time will tell if they have a case, and if that case is heard to their satisfaction as has been promised.

Next year its inevitable that the 2,000 emails being sent out daily will increase and according to Jacques Bille, with this comes a dilemma.

“Either we send out hordes of emails and be seen as horribly repressive,” he told Le Figaro, “or we are more cautious and we qualify as ineffective.”

In January 2011, things will step up a gear, with Hadopi sending out more emails and then letters by registered mail to repeat offenders. The promise is that repeat offenders face having their Internet disconnected. Quite when that will happen, 2011 or 2012, remains to be seen, but the entertainment industries want action, quickly.

Update: Guillaume Champeau from news outlet Numerama has been in touch to say that although French media including Le Figaro have been reporting that 100,000 warnings have been sent, Hadopi has in fact asked ISPs to identify 100,000 alleged infringers. The number of subsequent letters sent out has not yet been verified, but Guillaume believes the number to be lower than 100,000.

Article from: TorrentFreak.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)