Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Encryption Your Rights Online

CipherCloud Invokes DMCA To Block Discussions of Its Crypto System 85

Posted by timothy
from the at-least-the-letter-is-polite dept.
New submitter brennz writes "Cryptographers on StackExchange were discussing CipherCloud, using some promotional material from the same to provide detail. CipherCloud responded with a DMCA takedown request that some have characterized as abusive."
This discussion has been archived. No new comments can be posted.

CipherCloud Invokes DMCA To Block Discussions of Its Crypto System

Comments Filter:
  • by Anonymous Coward on Sunday April 21, 2013 @01:25PM (#43510791)
    If you have to go to such extremes to cover up what people are saying about your product, your product must really suck.
  • Re:back up again (Score:5, Interesting)

    by Jeremiah Cornelius (137) on Sunday April 21, 2013 @02:06PM (#43511033) Homepage Journal

    There is no copyright "right" that is any equal to Human and Civil rights - including those of free speech.

    There are two broad categories I like to use in describing laws and their application. Oppressive and Protective.

    Oppressive law is mandated for the establishment and defence of Power.

    Protective law seeks the institution and restoration of Justice.

    DMCA is a prime example of oppressive law - and how tricky this distinction can be, as it masquerades itself as a measure for the protection of some natural right. In this case, the "rights" protected are - of course - merely a concession managed by the state, enacted through legislation and constitution.

  • by Opportunist (166417) on Sunday April 21, 2013 @02:59PM (#43511299)

    Allow me to let you in on a secret: A good portion of people writing "security" software don't really understand it either. You can tell when you review it. There is a fair lot of cargo cult programming going on, coupled with the use of libraries without first reviewing them or understanding their inner working or at least knowing to what degree it is self-sealing or how far you have to sanitize the input. This by itself is not yet a huge problem, as long as the libraries themselves work flawlessly, they are well and completely documented (and that documentation actually gets read) and they are being used correctly. And those things are more often than not a real problem.

    Now couple this with programmers using a lot of copy/pasting to get their programs written, often from rather dubious and not reviewed sources (you know the kind, where self proclaimed experts exchange their ideas what programming is like...), possibly copying snippets that were by no means MEANT to be secure or sanitized, and I guess I needn't go into detail.

  • Slight nuance (Score:4, Interesting)

    by Anonymous Coward on Sunday April 21, 2013 @03:06PM (#43511333)

    Cryptographics? In a few hours I could conjure up cryptographic algorithms, which encrypt text in a way I could not decrypt myself in a 1000 years. Too bad I can never be sure that a cryptographic expert could read my encryption almost like plain text. Odds are that exactly something like that would happen.

    You have a healthy respect for cryptography, and that's good. However, I will point out that many standard crypto algorithms have test suites. If your crypto implementation yields the expected result for all the test cases, then you can be reasonably certain that your implementation is correct rather than having self-canceling bugs on encrypt/decrypt.

    However, then you have to ask yourself *why* you are reimplementing a standard crypto algorithm when there are multitudinous well-tested libraries available for such.

    Of course, this neglects implementation concerns like timing attacks, improperly secured key material, etc... which one would hope that the standardized, well-tested implementation libraries have already addressed insofar as possible.

  • Re:back up again (Score:3, Interesting)

    by analyst-cz (1386075) <analyst@centrum.cz> on Monday April 22, 2013 @04:44AM (#43513929)
    Being freelance data security consultant myself, seeing any (regardless of whether law-aligned or law-breaking) attempt to suppress discussion about security of some product/company initiated by producing/that company, it marks it as heavily suspect. This has nothing to do with the legality of the suppression act, rather with the suppression attempt itself.

    Adding CipherCloud on blacklist of non-recommended products/companies for my clients. Point. Issue closed at....

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...