Jump to content

Megaupload

XUTOS-83

By XUTOS-83
in Geral

 Share

Recommended Posts

Lancer

Lancer

Posted
Posted
É possível chegar lá? Com keystrokes e inputs no teclado a adicionar entropia à criação da chave? Não...

O que o gajo diz no artigo é que é "mais fácil" (o que não quer dizer que é fácil) descobrir a chave de encriptação de alguém com os métodos que estão a ser utilizados. Tudo pq as funções que são utilizadas pelos computadores para gerar números aleatórios, são "pouco" aleatórias. Quando ponho as aspas, quero dizer que esse pouco, mesmo assim, representa uma imensidão de combinações diferentes. Se em cima dessa imensidão, mais ou menos prevista, adicionarmos entropia de movimento do rato (coordenadas, tempos de movimento e de pausa, velocidades dos cliques, etc) e teclado (teclas pressionadas, velocidade de escrita, tempos de idling, etc), epá, não me lixem mas a chave já é mais que segura.

Não sei que variáveis estão a ser recolhidas, mas não me parece mesmo que seja por aí...

O que ele devia ter dito, para clarificar, é que adivinhar a chave é praticamente impossível quando podia e devia ser impossível. Mas isto só estamos a falar da segurança da chave...

No que diz respeito ao restante, concordo.

Atenção que a questão da entropia não está muito clara segundo os dados fornecidos pelo Mega. E a Ars alerta para isso.

Mas continua a adiantar de 0 se eles tem a chave do lado deles tb que me pareceu ser o caso 2o o artigo (e segundo o legal agreement).

Link to comment
Share on other sites
  • 4 weeks later...
MotorBreath

MotorBreath

Posted
Posted

Mega já está disponível no Android

50 GB disponiveis

No passado dia 19 de Janeiro, o polémico Kim Dotcom anunciou o seu

novo serviço de partilha de conteúdos na Internet, o qual baptizou de Mega. Como é sabido, o serviço oferece 50GB de armazenamento totalmente gratuito na cloud

e umas das características fortes do mesmo é o nível de segurança que

implementa, (apesar de recentemente terem sido descobertas 7

vulnerabilidades depois do desafio de Kim Dotcom).

Como actualmente vivemos na era mobile, no dia de ontem apareceu mais

uma aplicação para Android no Google Play que permite a interação com o

serviço.

android_mega_thumb.jpg

Como já era de esperar, existem já algumas aplicações para Android,

para acesso ao serviço na cloud Mega. Apesar de não ser oficial (talvez

venha a ser adoptada como tal), esta aplicação nativa permite total

interação com o serviço de Kim Dotcom.

mega_00_thumb.jpg

Das diversas funcionalidades que oferece há a destacar:

  • Upload/Download de ficheiros

  • Camera Sync – Sincronização de fotográficas e videos diretamente para o serviço

  • Possibilidade de pesquisar por ficheiros

  • Permite a partilha de links para serviço MEGA

  • Apagar ficheiros

  • Renomear ficheiros

  • Mover ficheiros

  • Criar Directórios

Tudo isto presente numa interface moderna, bem organizada e muito fluida

mega_01_thumb1.jpg

A aplicação ainda é beta mas, tendo em conta outras aplicações disponíveis no Google Play, esta parece ser a mais completa.

Link to comment
Share on other sites
skaazi

skaazi

Posted
Posted

Ca raio, tenho lembrança de haver por ai um topico onde se fala dos web hosts em geral, já estou farto de procurar não encontro, portanto fica aqui :

http://starbloghiamo.blogspot.pt/2013/02/premium-accounts-16-febbraio-2013.html

Ando a besourar com uma conta real-debrid com 38 dias de premium restantes e há mais umas cenas para quem quiser dar uma olhadela. ;)

Link to comment
Share on other sites
cyberurbis

cyberurbis

Posted
Posted

Com tantos logins e passwords a circular por aí, começo a ponderar criar uma conta de email especificamente para as minhas "actividades menos lícitas" e para proteger as minhas outras contas e identidade...

Como é que raio conseguem estes dados? Andam constantemente a "hackar" os sites de filehost?

Link to comment
Share on other sites
Jokeman

Jokeman

Posted
Posted

Ca raio, tenho lembrança de haver por ai um topico onde se fala dos web hosts em geral, já estou farto de procurar não encontro, portanto fica aqui :

http://starbloghiamo.blogspot.pt/2013/02/premium-accounts-16-febbraio-2013.html

Ando a besourar com uma conta real-debrid com 38 dias de premium restantes e há mais umas cenas para quem quiser dar uma olhadela. wink4.gif

Impossível sacar seja o que for. Dá sempre "You have too many simultaneous downloads". Também, aquilo está com uma estatística de mais de 5 teras sacados este mês. Só hoje, vai quase nos 400 GB.

Link to comment
Share on other sites
  • 3 months later...
  • 2 weeks later...
  • 3 years later...
MotorBreath

MotorBreath

Posted
Posted

 

Quote

 

Appeals Court Says It's Perfectly Fine For The DOJ To Steal Kim Dotcom's Money Before Any Trial

from the this-is-pretty-fucked-up dept

Last year, there was a series of very troubling rulings by a district court in a case related to the criminal prosecution of Kim Dotcom. This wasn't, technically, part of the actual criminal case against him, but rather a separate effort by the government to steal his money. We've been covering the ridiculous process of civil asset forfeiture for a while, and it's really problematic in general. In Dotcom's case, it's something of a farce. Remember, civil asset forfeiture is the situation where the US government effectively files a civil (not criminal) lawsuit against inanimate objects, rather than people. In this case, it basically filed a lawsuit against all of Kim Dotcom's money, arguing that it was the proceeds of a crime and therefore, the government should just get it all. Again, this is entirely separate from the actual criminal trial of Kim Dotcom, which has been put on hold while the extradition battle plays out in New Zealand (determining if Dotcom can be forcibly sent to the US to stand trial). 

Just the whole process of civil asset forfeiture is troublesome enough. As we've detailed over and over again, it's basically a system whereby law enforcement gets to steal money and other stuff (cars are popular) from people, simply by claiming that they were used in a criminal endeavor. Since the lawsuit is against the stuff, if people want it back, they have to go and make a claim on it, and it's a fairly convoluted process. In this case, things were even more ridiculous, because the government argued that because Dotcom was resisting extradition from New Zealand, he could be declared "a fugitive" and the judge overseeing the case (the same one overseeing his criminal case, Judge Liam O'Grady) agreed. That effectively meant that Dotcom had no legal right to protest the government simply taking and keeping all of his assets -- and they moved forward and did exactly that. 

It is difficult to see how this can be legitimately described as anything but theft by the US government. It got someone locked up in New Zealand, based on questionable legal theories, and while he was (quite reasonably) fighting extradition to the US (a place he's never visited and where he has no business ties), it initiated a separate legal process to keep all his money, no matter what happens in his extradition fight and criminal trial. On top of that, it effectively barred him from making an official claim on that money by having him declared a fugitive for exercising his legal due process rights to fight extradition. So while he exercises his legal due process rights in New Zealand, he's blocked from doing so in the US. And all of his money goes to the US government. 

As we said after O'Grady's ruling came out, even if you think that Dotcom is guilty of a criminal copyright conspiracy, and even if you think he should be extradited, tried and locked up this should concern you. Let him go through the full legal process, with all that due process entails, and then determine what should happen to his assets. To take them before that's happened, through this questionable side process is immensely problematic. 

And that's why Dotcom appealed, and many others -- including a bunch of criminal defense lawyers -- stepped in to argue this was crazy. Unfortunately, earlier today, the 4th Circuit Appeals Courtupheld O'Grady's ruling and rubber stamped the DOJ's legalized theft of Dotcom's assets. You should read the 61 page opinion (which was a 2 to 1 decision, with an interesting dissent), but we'll hit on some of the low points here. 

There were a number of different arguments raised -- with a big one not just being the basic due process question, but a jurisdiction question. Dotcom's assets are not in the US. His work was not in the US. So why does the US get to seize the money. The majority opinion basically says "because that's what Congress wanted -- it created this law to let the US government seize overseas assets." The opinion admits that there's a bit of a circuit split on this, but goes for it anyway.
When the amendments were introduced in the Money Laundering Improvements Act, Senator D’Amato included an explanatory statement indicating that subsection (b) was intended to provide the federal district courts with jurisdiction over foreign property:
Subsection (b)(2) addresses a problem that arises whenever property subject to forfeiture under the laws of the United States is located in a foreign country. As mentioned, under current law, it is probably no longer necessary to base in rem jurisdiction on the location of the property if there have been sufficient contacts with the district in which the suit is filed. See United States v. $10,000 in U.S. Currency[, 860 F.2d 1511 (9th Cir. 1988)]. No statute, however, says this, and the issue has to be repeatedly litigated whenever a foreign government is willing to give effect to a forfeiture order issued by a United States court and turn over seized property to the United States if only the United States is able to obtain such an order. 

Subsection (b)(2) resolves this problem by providing for jurisdiction over such property in the United States District Court for the District of Columbia, in the district court for the district in which any of the acts giving rise to the forfeiture occurred, or in any other district where venue would be appropriate under a venue-for-forfeiture statute.
This is the point that the dissent disagrees on, and argues that the forfeiture should be blocked on jurisdictional questions alone. The key, according to Judge Henry Floyd, is that court decisions must be binding on parties, and not advisory. But that doesn't work when you're talking about an opinion concerning assets overseas, which will still then depend on the local government where those assets live to abide by the ruling.
The majority side-steps this concern by cabining it to the separation of powers context. One of the basic tenets of what constitutes a “case or controversy” cannot be elided so. The defendant in this action--the res--is outside of the United States and beyond the control of the district court. Absent control, no order of the district court can be binding on the res because the fate of the res is ultimately not in the hands of the district court. Instead, the res in this case is subject to the control of the courts of New Zealand and Hong Kong. The district court’s forfeiture order therefore merely advises the courts of a foreign sovereign that (in the district court’s view under the laws of the United States) the United States should have title to the res. Those courts, of course, with control of the res and with the authority vested in them by their own sovereigns, remain free to revise, overturn, or refuse recognition to the judgment of the district court.
As Judge Floyd notes, this makes the opinion nothing more than an advisory opinion, which is prohibited by Article III of the Constitution (concerning the powers of the judiciary). 

Back to the majority opinion, the court rejects the argument that this process to steal Dotcom's money without letting him defend himself violates the Due Process Clause of the Fifth Amendment. First, the court says that because some of Megaupload's servers were based in Virginia, the jurisdiction is fine. Then, the court accepts the lower court's decision that Dotcom can be called a "fugitive" even as he's both in contact with the court and going through a perfectly legal process around extradition in New Zealand. Somewhat incredibly, the court decides that because he's resisting extradition, that's the same thing as being a fugitive hiding out. That... should be troubling for a whole variety of reasons. Basically, the court says that due process means that Dotcom has the right to be heard protesting the forfeiture, but that the only way to do that is to stop fighting extradition. It gets down in the weeds parsing the law in determining what the right standard is for determining if fighting extradition counts as being a fugitive, and decides that this was Congress' intent with the law -- that so long as the person is avoiding court, even if for reasons relating to the legality of extradition, they can still be declared a fugitive.
The claimants’ argument that they have legitimate reasons to remain where they are, such as jobs, businesses, and families does not disprove that avoiding prosecution is the reason they refuse to come to the United States.
I imagine that Dotcom's lawyers will now try to fight this as well -- seeking either an en banc rehearing or petition the Supreme Court to hear the case. Both are pretty risky, with a fairly high probability of being rejected. And, of course, as the dissent pointed out, there's still one other hurdle for the DOJ: the assets are held in Hong Kong and New Zealand, and they now need to convince authorities in those two places to hand over the money. And, as of right now, it's not clear if they'll actually let it happen. 

Again, no matter what you think of Dotcom's actual criminal case, this result should be concerning to you. The use and abuse of civil asset forfeiture is the real issue here -- not the copyright questions. The ability of the US government to simply take millions of dollars based on accusations and without a guilty verdict in a trial should be tremendously worrying. If a full trial happened and he was found guilty, then there's a reasonable argument that, as a result of that, the money can be forfeited. But it's extremely problematic that the money can be forfeited in these circumstances, before the rest of the legal process has occurred. Under this ruling, even if Dotcom came to the US and was found not guilty, the US government would still keep all his stuff. Can anyone explain how that would be a fair and just result?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept