ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Uk Could Ban Pirates from using the web



I was listening to the radio this morning, and it said that P2P is often used for "legal" file sharing. Who on here has EVER used P2P for legal stuff?! PMSL
 
  clio 16v
the simple fact is that if all downloaders started using encryption the ISP's simply dont have the capacity to decrypt all the data being sent. I don't see this happening simply because I don't think its possible.
 
  ValverInBits
baahahahaha. Thats some idiot sat at a desk dreaming. ISPs couldnt do that. You could probably say it invades privacy and in any case the level of processing infastructure would not be achievable
 
  clio 16v
^^ exactly my thoughts. In theory it is possible but the ISP's simply dont have the infrastructure. Also im assuming the bill payer gets banned so what happens in my house when the account is in my parents name? They get banned and I can just transfer the account to me then other family members if need be? Or would they ban the address? If so what happens when you move house etc. The whole notion is totally unworkable and what worries me is it was thought up by the idiots supposedly running the country:eek:
 
  Citroen DS3 DSport
My account uses 256-bit SSL encryption so it's not exactly straight forward to know what I'm downloading. I can't see these plans going very far.
 
  172 Cup
Be* aren't taking it very seriously..

Hi,

Interesting story not sure how this will be policed or how the DPA will be changed to release personnal info of our members to other ISP's without a court order!

If I do hear any more of this I will keep you posted but at this point I would not worry to much.....
 

KDF

  Audi TT Stronic
PMSL.. I read

"Some six million people are estimated to download files illegally every year in the UK, costing music and film companies billions in lost revenue."

and my thought was... only 6 million.. thats got to be an underestimate !


Music industries rip off the consumers.... taste of their own medicine etc.
 
  Evo 8 Jap Crap
Its a nice idea but in principle wont work. There are big problems to policing it namely

1) Proving any content you have donwloaded is illegal, monitoring millions of simultaneous connections and checking sources of content will become immense

2) With wifi taking over homes and businesses people will either download from "open" wireless connections or hack into poorly managed ones. Try pinning the downloading onto a certain person when a wifi connection is involved mr Internet Police!!

3) People will downgrade their internet package to a slower one as already mentioned meaning the investment ISPs have made in making the networks faster will be a massive waste of money.

4) Millions of people will be banned from ISPs again losing the ISPs vast amounts of revenue

5) ISPs already operate fair useage policys yet there are people downloading in some cases GB's of data daily!! Yet they do nothing about it. Whats going to make ISPs police this new banning policy any better?
 
Last edited:
  clio 16v
im also wondering how this can be enforced without massive changes to existing copyright laws. Downloading a copyrighted film does not mean you are breaching copyright. It's the person who made it available to download that is on the wrong side of the law. Another thing are newsgroups illegal? There is no mention of them on the news its all P2P.
 
  Formally Clio 182
I think they are just trying to scare us as a minority will believe it and stop downloading content illegally.

So yeah it will reduce how much illegal content is downloaded, but the real geeks out there who understands how the internet works will just carry on and not get caught.
 
  Clio F1 R27
Using a 256 bit cipher to encrypt your session makes it virtually impossible for anyone anywhere to hack.

There are services readily available that allow you to do this.

As security becomes more of an issue on the net more applications will have the option to use encrypted tunnelling (much like online banking does). This will give people more privacy when sending and receiving data.
 
Last edited:
  clio 16v
Using a 256 bit cipher to encrypt your session makes it virtually impossible for anyone anywhere to hack.

There are services readily available that allow you to do this.

As security becomes more of an issue on the net more applications will have the option to use encrypted tunnelling (much like online banking does). This will give people more privacy when sending and receiving data.


exactly! What I dont understand is why the fools in westminster dont already know this thus making what they propose impossible. I dont use torrents just newsgoups which download with 256bit SSL encryption. I read somewhere today that there are like 4 supercomputers in existence on the planet which could break this level of encryption with a brut force attack and even then it would take weeks. The funny thing is the government seem to think BT are capable of this:lolup: :lolup:
 

sn00p

ClioSport Club Member
  A blue one.
Using a 256 bit cipher to encrypt your session makes it virtually impossible for anyone anywhere to hack.

There are services readily available that allow you to do this.

As security becomes more of an issue on the net more applications will have the option to use encrypted tunnelling (much like online banking does). This will give people more privacy when sending and receiving data.


exactly! What I dont understand is why the fools in westminster dont already know this thus making what they propose impossible. I dont use torrents just newsgoups which download with 256bit SSL encryption. I read somewhere today that there are like 4 supercomputers in existence on the planet which could break this level of encryption with a brut force attack and even then it would take weeks. The funny thing is the government seem to think BT are capable of this:lolup: :lolup:

I wouldn't count on thinking that SSL/TLS ensures your security, you should always check the certificate of the site that you are connected to.

TLS/SSL is susceptable to a number of different "man in the middle" style attacks. If you pretend to be the server to the client and the client to the server then only requirement is that the client has to accept the server certificate.

There are two ways of doing this:

A) Either the user has to say "yes" to the warning that pops up that the server certificate wasn't signed by a root ca.

B) Your ISP forces you to install a root ca certificate that they've generated. They dynamically create server certificates as you connect and sign them with their root ca.

'B' would allow complete transparent spoofing, you would only be able to tell by viewing the certificate (double clicking on your padlock) and checking who signed the certificate.

Plusnet (iirc) did at one point in time throttle encrypted traffic with their very expensive equipment.
 
  clio 16v
exactly! What I dont understand is why the fools in westminster dont already know this thus making what they propose impossible. I dont use torrents just newsgoups which download with 256bit SSL encryption. I read somewhere today that there are like 4 supercomputers in existence on the planet which could break this level of encryption with a brut force attack and even then it would take weeks. The funny thing is the government seem to think BT are capable of this:lolup: :lolup:

I wouldn't count on thinking that SSL/TLS ensures your security, you should always check the certificate of the site that you are connected to.

TLS/SSL is susceptable to a number of different "man in the middle" style attacks. If you pretend to be the server to the client and the client to the server then only requirement is that the client has to accept the server certificate.

There are two ways of doing this:

A) Either the user has to say "yes" to the warning that pops up that the server certificate wasn't signed by a root ca.

B) Your ISP forces you to install a root ca certificate that they've generated. They dynamically create server certificates as you connect and sign them with their root ca.

'B' would allow complete transparent spoofing, you would only be able to tell by viewing the certificate (double clicking on your padlock) and checking who signed the certificate.

Plusnet (iirc) did at one point in time throttle encrypted traffic with their very expensive equipment.


have to say i never knew that.


moz-screenshot-6.jpg




Any idea how a view the certificate? The secure connection is set up through my news reader as above.
 

sn00p

ClioSport Club Member
  A blue one.
sorry never worked:

Sorry, no idea. I can't find any specific details on what newsbin does with it's handling of SSL.

Things that would be interesting to know about it:

* what it does when the certificate is not signed by a trusted root ca
* what key exchange & encryption options it offers to the server.

It should be pointed out that it's also highly unlikely that you would be subject to the kind of attack I mentioned above....i'm just pointing out that because you think you're talking ssl to a server, doesn't necessarily mean that you can trust that server. It requires interaction on your part to be 100% sure that you are talking to who you think you are!
 
  clio 16v
sorry never worked:

Sorry, no idea. I can't find any specific details on what newsbin does with it's handling of SSL.

Things that would be interesting to know about it:

* what it does when the certificate is not signed by a trusted root ca
* what key exchange & encryption options it offers to the server.

It should be pointed out that it's also highly unlikely that you would be subject to the kind of attack I mentioned above....i'm just pointing out that because you think you're talking ssl to a server, doesn't necessarily mean that you can trust that server. It requires interaction on your part to be 100% sure that you are talking to who you think you are!


So you dont think it's likely that BT would attempt an attack like this? I've been reading around on some tech forums and it would appear the way newsbin handles SSL is vulnerable to the types of attacks you mentioned. I canot find out how to view the root certificate through newsbin so Im beggining to wonder if it's possible. From what I can gather you have to use a program to create an ssl tunnel. In that newsbin communicates with the program and the program then communicates with the newsgroup server. A program called "stunnel" appears to be mentioned a lot and it should only accept root certificates signed by the newsgroup server. However it got way to technical for my level of PC understanding so I think I will have to ask my brother:S
 

sn00p

ClioSport Club Member
  A blue one.
Sorry, no idea. I can't find any specific details on what newsbin does with it's handling of SSL.

Things that would be interesting to know about it:

* what it does when the certificate is not signed by a trusted root ca
* what key exchange & encryption options it offers to the server.

It should be pointed out that it's also highly unlikely that you would be subject to the kind of attack I mentioned above....i'm just pointing out that because you think you're talking ssl to a server, doesn't necessarily mean that you can trust that server. It requires interaction on your part to be 100% sure that you are talking to who you think you are!


So you dont think it's likely that BT would attempt an attack like this? I've been reading around on some tech forums and it would appear the way newsbin handles SSL is vulnerable to the types of attacks you mentioned. I canot find out how to view the root certificate through newsbin so Im beggining to wonder if it's possible. From what I can gather you have to use a program to create an ssl tunnel. In that newsbin communicates with the program and the program then communicates with the newsgroup server. A program called "stunnel" appears to be mentioned a lot and it should only accept root certificates signed by the newsgroup server. However it got way to technical for my level of PC understanding so I think I will have to ask my brother:S

Zero chance!

My point was more to do with SSL/TLS. Just because you see a padlock on your web browser, you shouldn't assume that you have a nice secure connection, you should always verify the certificate yourself.
 
  clio 16v
So you dont think it's likely that BT would attempt an attack like this? I've been reading around on some tech forums and it would appear the way newsbin handles SSL is vulnerable to the types of attacks you mentioned. I canot find out how to view the root certificate through newsbin so Im beggining to wonder if it's possible. From what I can gather you have to use a program to create an ssl tunnel. In that newsbin communicates with the program and the program then communicates with the newsgroup server. A program called "stunnel" appears to be mentioned a lot and it should only accept root certificates signed by the newsgroup server. However it got way to technical for my level of PC understanding so I think I will have to ask my brother:S

Zero chance!

My point was more to do with SSL/TLS. Just because you see a padlock on your web browser, you shouldn't assume that you have a nice secure connection, you should always verify the certificate yourself.

Ok no problem. Cheers for the advice I would have been blissfully unaware of this otherewise:)
 


Top