Was the news article about ES5 removed from the main page?

Not that I cared about the article but we had a valid discussion going on in it.

This one I mean:

http://www.zeropaid.com/news/read_comments.php?id=09042003b

the origional news article is here (http://www.zeropaid.com/news/articles/auto/09042003b.php). I am not sure why it was removed from the 'file sharing news' on the front page, but yes, it appears to be gone.

Also on ES5 offering a reward for $50,000 for anyone that breaks their full security features, what exactly do they mean by that?
If the program was written by humans, it can be hacked, de-compiled and broken just as well. Regarding anonymity on the internet, there is NO such thing (I.E. firewalls, proxies, ssl, etc)

This IS $50k that we're talking about here, so we'll see if they pay through :black

Originally posted by Krypt0
the origional news article is here (http://www.zeropaid.com/news/articles/auto/09042003b.php). I am not sure why it was removed from the 'file sharing news' on the front page, but yes, it appears to be gone.

Also on ES5 offering a reward for $50,000 for anyone that breaks their full security features, what exactly do they mean by that?
If the program was written by humans, it can be hacked, de-compiled and broken just as well. Regarding anonymity on the internet, there is NO such thing (I.E. firewalls, proxies, ssl, etc)

This IS $50k that we're talking about here, so we'll see if they pay through :black

I don't think they are going to pay one cent to anyone one way or another.

I also don't belive that you or anyone else is going to crack the security in ES5.

If you claim otherwise then prove it and I'll stand corrected.

If you define online anonymity that it is techincally or economically infeasible to try to find your identity then yes there is anonymity on the internet.

I was close to removing the article myself, somebody beat me to it.

The problem with it, was that its VERY easy to lie, even in an interview. If you've spent some time looking at the ESV forums, they impersonate ZP users, lie about facts, and make things up to make us look bad.

While I'm not sure why this particular story was removed, in the past they have not cooperated with us, so I believe we are trying phase them out of our site, and have nothing to do with them.


^^^^^^^^^^^ not actual comments from an admin, just my oppinion ^^^^^^^^^^

Originally posted by random nut
They won't pay a dime, you can be sure of that => Everyone knows that => ES5 knows that everyone knows that => ES5 knows that no-one will try to break their program => ES5 can then say "Hey, it's been 1 year and still no-one has broken our program. It's secure!".

Luckily we have people like you who wouldn't hesitate to show off by breaking it (for free) if they only could do it.

And of course the RIAA, I don't think we'll have to pay them to test it out. In fact it'll be vice versa.

This sounds familar. If i remember correctly Steve15 also offered to put up 10,000 as bet that he could provide evidence for the 15 million esv users worldwide.

Assuming this is not hot air, I wonder how it'll be set up (legally) so both parties can meet thier obligations.

Originally posted by random nut
Could you give me the URL to bugtraq where I can read about the ES5 vulnerabilities I discovered.

I'm not going to help ES5 by telling them about their bugs. Go do your job and fix your program. Until they're fixed and ES5 stops their constant lying, I don't recommend anyone using your program. If I know the vulnerabilities, then surely the RIAA hired companies already know about them too and may be exploiting them right now without you even knowing it!

That is exactly what I mean, there is nothing in bugtraq nor anywhere else because you got nothing.

You sound just like Ras and steve15 with your wild allegations and zero evidence.

PS. It's no more "my program" than KaZaA is "my program".

PPS. I said it to you on ES5 and I'll say it here, if you want to prove that you're not just atlking out of your ass, I'm ready to run a test with you anytime, if you demonstrate to me that you're able to compromise my security on ES5, I have no problems verifying that here or at ES5. You don't even have to reveal your methods if you don't want to.

Originally posted by random nut
You sound like a smart person, and I really mean that, but I just can't understand how you can fall for their constant lies and not question them and their program.

You know they're lying about their 15 million simultaneous users. How can you trust that their program is secure when they lie all the time?


Why you ask. Because I understand that the press releases and the PR is just a marketing trick to gain popularity fast.

I'd find it difficult to believe that someone would invest millions of dollars into "safe P2P" unless they know what they are doing.

The moment someone shows that it's not secure after all, their project would be flushed down the toilet.

It simply does not make sense that anyone would waste such amount of money into something that he knows will not work.

To continue, I don't know that their program is secure, but

1. I DO know that the methods they describe are secure if implemented correctly

and

2. I DO know that NO OTHER program is the least bit secure and NO OTHER program is even trying to be secure.

That's what I DO know.

NO OTHER program is even trying to be secure.

*cough* Freenet *cough*

Originally posted by tMoD
*cough* Freenet *cough*

Freenet is not really a file sharing program. I use it sometimes and I hope it becomes usable some day, but so far, it simply isn't.

Sharing files with it is simply impossible as it is. It takes a week to "insert" a movie (with a 100Mbps connection that is) and when you hand out the CHK for it, no one is able to recieve it. Maybe NGR will make it better, but I doubt it.

And here's what Clarke himself says about FreeNet:

it *is* about freedom of communication, after-all not trading copyrighted
material.

Any effort specifically intended to target people interested in
copyright violation is an absolute no-no, that isn't what Freenet is
about

That means that they are not going to make anything just to improve FreeNet for filesharing, if it's not otherwise necessary.

*cough* Filetopia, Frost (I think that's what tMoD meant), DC *cough*

It depend what you call security. Frost is secure in the same way ES5 claims to be. Filetopia and DC are secure in the sense that they can be as secure as the owner wants them to be.

KL++ could be considered secure if you click the little box that prevents others from reading your shared files. Showing up for a single song is of little danger. Correct me if that doesn't work RN.

I admire you, Random Nut....

*cough* Filetopia, Frost (I think that's what tMoD meant), DC *cough*

Thanks, CP. I got Freenet and Frost a little mixed up.

Originally posted by eivioolla
Freenet is not really a file sharing program. I use it sometimes and I hope it becomes usable some day, but so far, it simply isn't.

Sharing files with it is simply impossible as it is. It takes a week to "insert" a movie (with a 100Mbps connection that is) and when you hand out the CHK for it, no one is able to recieve it. Maybe NGR will make it better, but I doubt it.

And here's what Clarke himself says about FreeNet:



That means that they are not going to make anything just to improve FreeNet for filesharing, if it's not otherwise necessary.

Ever heard of Frost?

http://jtcfrost.sourceforge.net/faq.html

It is better to have no security than a false sense of security.

Originally posted by eivioolla
PS. It's no more "my program" than KaZaA is "my program".
So are you saying ES5 is run by Sharman Networks?

Originally posted by cheapprick
*cough* Filetopia, Frost (I think that's what tMoD meant), DC *cough*

It depend what you call security. Frost is secure in the same way ES5 claims to be. Filetopia and DC are secure in the sense that they can be as secure as the owner wants them to be.

KL++ could be considered secure if you click the little box that prevents others from reading your shared files. Showing up for a single song is of little danger. Correct me if that doesn't work RN.

We were talking about secure sharing to the general public, FileTopia, DC and K++ do not belong to that group as they offer any security only if you personally know and trust your peers. One song, hundred songs it will make no difference. The industry bots get a hit and send a letter, they don't count the files. And someone here at the other side of the globe looses his connection, that's the way it goes.

Frost... Yeah maybe. I tried it a long time ago, didn't work, thought the whole project went dead, but I see there's new news additions so maybe there's someone alive after all.

But can someone actually say that they believe Frost will be good enough for their primary sharing needs in near future? I don't think so.

Buggy as ES5 may be, if you need a secureish application now, it seems to be your best bet.

Yeah, I wouldn't confess a murder on ES5 like some people seem to be doing on FreeNet (joke or not), but I feel good enough about it to share movies and music.

Originally posted by eclectica
So are you saying ES5 is run by Sharman Networks?

Not that I know of. In fact ES5 seems to use every opportunity to put down Sharman and KaZaA just as well as ZP.

Originally posted by eivioolla

Frost... Yeah maybe. I tried it a long time ago, didn't work, thought the whole project went dead, but I see there's new news additions so maybe there's someone alive after all.

But can someone actually say that they believe Frost will be good enough for their primary sharing needs in near future? I don't think so.



Frost is alive and well, thank you very much - I made the last update on Sept 4. As far as filesharing is concerned, frost depends entirely on the speed of Freenet which varies.

And the signing of uploads feature helps greatly against child porn. As a matter of fact, I haven't seen any of it since I changed the format - perhaps the perverts are simply afraid to sign their uploads :)

Originally posted by zab
Frost is alive and well, thank you very much - I made the last update on Sept 4. As far as filesharing is concerned, frost depends entirely on the speed of Freenet which varies.

And the signing of uploads feature helps greatly against child porn. As a matter of fact, I haven't seen any of it since I changed the format - perhaps the perverts are simply afraid to sign their uploads :)

Well, I'm glad to hear that. :D It's not like there's too much competition on the secure sharing market...

So, what would be your honest opinion, if I share some movies with Frost and give the CHKs to a friend, what kind of performance can we expect these days? It's been like half a year since I tried it.

[i]
So, what would be your honest opinion, if I share some movies with Frost and give the CHKs to a friend, what kind of performance can we expect these days? It's been like half a year since I tried it. [/B]

my honest opinion is that if we're talking about 600+MB file you better make sure that it will be a movie that many, many people will like and try to download. In that case you can expect speeds close to bittorrent. Otherwise forget about it.

But the whole point of frost is not to worry about CHKs - it has a search feature.

Originally posted by random nut
Have you done any research showing that ES5 is secure? How come you believe ES5 is secure when their security experts aren't experts and ES5 lie about everything?

A program that is supposed to be secure can be open sourced without making it any less secure. ES5 is not open sourced. As an example, you can get the PGP source code for free, but (AFAIK) you can't use their work other than verify that their code really is secure and doesn't contain any backdoors or other nasty things. Now ask your ES5 friends if you can have a look at their code. They will not let you because they know it's not as secure as they claim it to be.

It depends what kind of research you mean. Of course I can't reverse engineer programs or anything fancy like that, so I have to rely on what I can read about it (including between the lines) and what I can make up on the network connections.

When my ES5 is uploading the only TCP connections from my machine goes to the proxies in ES5 proxy list. So the downloading part will only see a incoming TCP connection from the address of one of the proxy servers. About the UDP search and index protocol I can't say one way or another, but like I said if someone could prove that it's not secure, they could say goodbye to their users and any advertisement moneys they were hoping for, so I don't believe they would have invested this much in it if it could be broken just like that.

Originally posted by aqlo
That's great news zab, I am going to go try that immediately, I had no idea things had gotten so good (and I do follow freenet.) Thanks very much!

I'm curious how are you going to ensure that many many people download it shortly after you insert it. You must coordinate it through irc or something?

Originally posted by aqlo
Woops no all I'm doing is looking on Frost for some popular movies! I have found several already yes, as soon as I get one I want I will answer back how fast it was
you can't really know whether movies are popular on Frost. If you see them as offline it means they're not yet inserted in freenet, i.e. not popular at all.

I've been thinking about implementing some popularity rating scheme, or something that counts the number of successful downloads and estimates whether your download will be successful. Don't expect it anytime soon though :)

I think I'll give Frost another try when the NGR goes to the official FN release. I don't want to install the old one anymore. But you sure make it sound promising. :)

Originally posted by eivioolla
I think I'll give Frost another try when the NGR goes to the official FN release. I don't want to install the old one anymore. But you sure make it sound promising. :)

That reminds me of an old joke "Brazil is the country of the future, and always will be". :)

Freenet has been "promising" for 3 years now. We need more coders to join us, more coders are always welcome. I'm getting tired of it being "promising", I want it "working" now.

I would say that considering the sense of "online security" ES5 sounds, and (looks) to be the best so far compared to other p2p programs.

I would totally agree with random nut. How can you trust a "secure" program when it's known to be buggy?

If you put your trust in SSL and Proxies, just think of the h4x0rz that access SUPPOSETLY secure servers, databases, and computers to get credit card numbers, personal customer information, as well as other important stuff even with the company’s high security.

As for routing traffic through other proxies; it works excellent for the average and moderately advanced users, but for experienced cryptologists, and ssl programmers it wouldn't be TOO hard to trace through proxies and get to the end user, especially when they’re not used or implemented correctly.

Yes, the riaa has the money to hire them, and probably will.

I personally think that ES5 puts on a false sense of security to the public. True, the riaa might not be able to get to users right now, but give it time; either one of their hired companies, or an individual sparked by the reward WILL BREAK THEIR SYSTEM.

Just my thoughts.

Note: I am awfully pessimistic.. lol

peace!

Originally posted by Krypt0

If the program was written by humans, it can be hacked, de-compiled and broken just as well.

Your are totally right.

Ok.. if they are challenging hackers, and they wanna have some problems, they will get them!

I'll take care of that.

Originally posted by Krypt0
I would say that considering the sense of "online security" ES5 sounds, and (looks) to be the best so far compared to other p2p programs.

I would totally agree with random nut. How can you trust a "secure" program when it's known to be buggy?

So what are you saying really? That you don't use a system unless you get some sort of mathematical evidence that it can't be broken? There is no such system. Security is not some static never changing state, it's a process. Security holes are found and then they are patched.


If you put your trust in SSL and Proxies, just think of the h4x0rz that access SUPPOSETLY secure servers, databases, and computers to get credit card numbers, personal customer information, as well as other important stuff even with the company’s high security.

Yes, but think how many systems there are that they are not able to break in compared to every one that they can. Plenty.


As for routing traffic through other proxies; it works excellent for the average and moderately advanced users, but for experienced cryptologists, and ssl programmers it wouldn't be TOO hard to trace through proxies and get to the end user, especially when they’re not used or implemented correctly.

No cryptologist will tell you that SSL can be h4x0r3d.

And proxies and hiding your IP doesn't really have anything to do with cryptology or "ssl-programming".

If the proxy doesn't forward your information then the process of finding out your identity is identical for anyone who is seeking it. Only way is to get hold on to the proxy logs, if there are any.

Currently it's awfully easy for RIAA to get the identities of American users. Note that they aren't really going after other countries. Using a foreign anonymous proxy would make something that is awfully easy into awfully difficult. There are no DMCAs or subpoenas in other countries. To get any information from the proxy they would need a Judge order or something similar. Even if it was theoretically possible to track users, it would be a whole lot more difficult than it is now. That means directly reduced risk in sharing.

Originally posted by random nut
That's not what he said. He said that ES5 is buggy, and you even admit it. So again, how can you trust a buggy program to be secure. And how can you trust liars who write buggy programs to write secure programs?
Yes, but, the real problem is that ES5 is causing a crack in the earth's crust which is slowing down the rotation of the earth's core.

This is causing the magnetic field of the earth to get weak. Pretty soon we will all be fried because the bugs in ES5 will let the full impact of cosmic radiation to reach the surface of the earth.

Damn ES5 users! THEY ARE DESTROYING THE WORLD!!!

Jello, you're posts have begun to simply ridicule/attack any user that has concerns about a p2p app. As Zeropaid is a filesharing portal, ZP must maintain some level of independence from the various apps. As such, responses such as your own can only be seen as needless.

Legitimate concerns cannot be dissuaded by abusive words. Please try to curb negativity, and support your program on it's merits.

No, I am not saying that I will not use a program that needs to have mathematical evidence that it can't be broken. That would be just plain dumb. lol. I was just pointing out that es5 is not as secure and trouble-free as they would like to have you believe. (Here again, I am a major pessimistic)
And proxies and hiding your IP doesn't really have anything to do with cryptology or "ssl-programming".
I was attempting to refer to the overall security methods used in es5, and that they COULD be broken. Sorry if I confused it with proxies & cryptology issues.
No cryptologist will tell you that SSL can be h4x0r3d
Hell no they won't. Why would they? That would be just like a car manufacturer tell you that your car might randomly burst into flames, air bags might go off for not reason, and tires fall off at will. There's a chance that it might happen, but why would they tell you its possible, and in the case of SSL, tell you how to hack it and all the bugs & flaws it has. (Yes, very bad example I know)

Every program created / written that I have seen so far has bugs, errors, flaws, and security updates. No program can ever be created perfect from the start (from my previous knowledge). This would include security methods & technology used and implemented today... THUS leaving all the bugs, flaws, and errors open to the public.

I know this is getting away from the riaa and such, but just think about this:
Do you think the government would allow the public to have public access to technology that is as good, or better than theirs? No! Not only would this put national security at a HUGE risk, but also allow for public users to be more knowledgeable and have greater technological skills then used and implemented today in the Government & Military.

Anyways... I’m hungry... time for dinner. Cheers!

Originally posted by aqlo
I let it buffer up without playing for about 5 mins

I understand you're trying to be nice but you're doing Frost a bad favor. It does not support streaming, buffering or all that fancy stuff yet. You must be using something else, not Freenet/Frost.

Originally posted by aqlo
The video I am still waiting for is making no attempt to even open the player as of yet, acting much more like what I expect from Freenet.

Frost and Freenet do not support autorun for media files. They will download the file and save it on disk for you, but not start a player or anything like that.

make sure you got freenet from freenetproject.org and frost from jtcfrost.sf.net

Sorry for the confusion then, I have someone coming by later who is smarter than me about some of this and if I find a reasonable explanation for what happened to me I will probably just keep it to myself.

Originally posted by random nut
That's not what he said. He said that ES5 is buggy, and you even admit it. So again, how can you trust a buggy program to be secure. And how can you trust liars who write buggy programs to write secure programs?

What, a big software that's in beta is buggy? Isn't that just unheard of. Think about the majority of computer programs that have no bugs at all!

It depends what you mean with "trust". I don't think it's impossible to find security holes in it (though the fact that you can't point out any of course strengthens my confidence), but if such are found, they will fix them.

Originally posted by Krypt0

Hell no they won't. Why would they? That would be just like a car manufacturer tell you that your car might randomly burst into flames, air bags might go off for not reason, and tires fall off at will. There's a chance that it might happen, but why would they tell you its possible, and in the case of SSL, tell you how to hack it and all the bugs & flaws it has. (Yes, very bad example I know)

Cryptology is a science that consists of not only cryptography (how to encrypt information) but also cryptoanalysis (how to break encryption). The basic cryptoprotocols such as Diffie-Hellman, RSA, AES that are the foundation of any sytem claminig to be secure are old. The basic ideas behind them were introduced already in the 70's so there has been a lot of time to research them. If you don't believe me when I say that if science community would find a flaw in them they would publish it then at least study the matter yourself a bit and tell us what kind of attacks did you find.

Every program created / written that I have seen so far has bugs, errors, flaws, and security updates. No program can ever be created perfect from the start (from my previous knowledge). This would include security methods & technology used and implemented today... THUS leaving all the bugs, flaws, and errors open to the public.

I still don't get what you are saying. Because there can be flaws in a security system one should not use such at all? Then why does every company, institution and organization use different kind of methods to protect themselves against security breaches? I mean surely every system has flaws, right?

I know this is getting away from the riaa and such, but just think about this:Do you think the government would allow the public to have public access to technology that is as good, or better than theirs? No! Not only would this put national security at a HUGE risk, but also allow for public users to be more knowledgeable and have greater technological skills then used and implemented today in the Government & Military.

Well I guess it depends on whether you live in a totalitarian country or not. I know that my government has not set any limits into key lengths like some have. I'd ask you please do not just throw in some paranoid theories how the government is on us and has the technology to break anything, let's keep it to the facts.

still don't get what you are saying. Because there can be flaws in a security system one should not use such at all? Then why does every company, institution and organization use different kind of methods to protect themselves against security breaches? I mean surely every system has flaws, right?
Ok.. I just proved my point. SEVERAL times eivioolla has posted (and agreed with me) that all programs have bugs, and are not perfect. That's EXACTLY what I was trying to point out about ES5. Thus, making the program vulnerable.
If you don't believe me when I say that if science community would find a flaw in them they would publish it then at least study the matter yourself a bit and tell us what kind of attacks did you find.
Not necessarily, if I personally found a flaw in something, and was using it, or planning to use it in the future, why the hell would I make it public? Obviously making it public would ultimately fix the flaw.
Well I guess it depends on whether you live in a totalitarian country or not. I know that my government has not set any limits into key lengths like some have. I'd ask you please do not just throw in some paranoid theories how the government is on us and has the technology to break anything, let's keep it to the facts
I'm not necessarily talking about limits on keys, and strength of encryption, but for example IPv6 was implemented (http://www.defenselink.mil/releases/2003/nr20030613-0097.html) in the government several weeks before I heard about it in the public news. Don't you think that they (the government) would have technology (I.E. different methods, styles, and software) that would have an advantage over the general public? I'm not saying that they would necessarily use them AGAINST us, but how could the government stay in control if terrorists and the public had access to the exact same technology as what the military and government uses. *ending government discussion because it has nothing really to do about this forum*

I'm leaving for vacation right now, so I won't be back for a few weeks. Cheers!