Can this be done??

[Spyder32]

Yeah, I know you weren't addressing anyone in particular but I was the only one with the complaint of his now-debated whining. My conclusion (liked or not) was that he was. And that's it.

Oh, xierox. I believe Neg greened him aswell, although I dunno.. which explains going extremely positive. That's all irrelevant though.

And Dries, I apologize for arguing with you on a thread. We were doing so well for so long too..

[foxyloxley]

Guilty ...............

I don't do power trips
but, I too read it as a whine.

memo to self :
take it slowwwwwww, ease off the trigger finger

[codenamevirus]

Thanks everyone for all the information u provided to me..

ummm actually there is sort of a way of doing it using software which 'encrypts' the source like :

http://www.tagslock.com/

this turns the HTML into a non-human readable form making it harder for people to rip off your code. Your browser can still read/render it - but your average person will not be able to read it. Making it difficult for them to take/re-use your code.

not a ideal solution but def a hinderance

The software does encrypt the code, but if I copy the whole encrypted source code, will it make any difference to a normal code?? Like, I have an html page say 'a.html' which has the encrypted code, and I copy the whole encrypted code to 'b.html', I think It'll work the same, wont it?

[Mystery Man]

Hi

Well the topic here is to stop piracy. The pages are modified to be used for bad purposes. Even if the code woks for b.html it doesnt make a difference. This is so because until the code is modified what good is it for the person usinng it for some fake login etc..

Well if this software provides strong encryption then the modificaton of pages would be difficult and this serves the purpose of stopping it from being used again for evil purposes.

[sec_ware]

Hi

codenamevirus, let us look at the issue from another
perspective, since it is all about this:

Originally posted here by codenamevirus
As you know, many people use the yahoo page as the fake login to
get login information out of people n then harming them by leaking their information.

How can we make sure that the login-page
we have loaded actually is the "real" one? How can we
make sure that what we send (e.g. login-information)
is not captured and understood somewhere?

In other words: forget about protecting the "source code" -
In the end, it can always be copied or "reverse engineered".



The terms, you should look for, are:


- confidentiality[1]
- integrity[2a,2b]
- authenticity[3]
...
- digital signatures [4]
- message authentication code[5]
...



One has to make sure that
- the party you are corresponding to is who it claims to be
(a lot of attack vectors here, starting from server compromise,
to private key compromise etc. hence you can only be confident)
- the data sent has not been intercepted and/or altered
- the data you sent only can be viewed and/or understood by the intended receiver
- etc.


It's all known, and it's all out there - that is my point
of view on this issue


Cheers


[1] http://en.wikipedia.org/wiki/Confidentiality
[2a] http://en.wikipedia.org/wiki/Data_integrity
[2b] http://www.pcmag.com/encyclopedia_te...i=46823,00.asp
[3] http://en.wikipedia.org/wiki/Authentication
[4] http://en.wikipedia.org/wiki/Digital_signature
[5] http://en.wikipedia.org/wiki/Message...ntication_Code

[Deeboe]

Hello,

Originally posted here by codenamevirus

the other day i was thinking of stopping piracy after being negged by many users over my last post, which was !!

I was negged today for posting an article about a vuln. in IE that a hacker used to exploit Google desktop. The person negged me because they thought I was ripping Google, due to a poor choice of words on my part.

I have been searching around for other posts of people with similar situations. My concern is that I am still a "newbie" and that negging caused me to go grey. Maybe it is just me, but I think I might have a hard time bringing my points back up as people will view me as just an annoying "grey" AO poster.

Any advice?

Thanks,
-Deeboe

[Mystery Man]

Well i was banned once here but i came back because of the quality of stuff here. Well as far as antipoints are concerned i am also unlucky.

Banned because i posted the same post twice in different forums.
Gray because many someone didnt liked my idea.
http://www.antionline.com/showthread...n+on+new+forum

Well its not about antipoints. Its about knowledge and willingness to learn and help others in every manner. The users here are good and informative and thats the best thing.

[ZomBieMann77]

Anybody can pull themselves out of an AP hole. All it takes is good posting and no whining. Its politics ,people, plain and simple.

As for the "encryption" of HTML i have a question that I am somewhat to lazy to go find the answer to. im just curious so Im asking someone who uses the program instead of looking into it myself. If noone chooses to answer so be it.

How about using the same program to revers engineer pages encrypted with said program. Is it doable? Sure you wuld have to break the algorith but how strong is said algorith?

[sec_ware]

Hi


These programs, like "tagslock", have usually two "obfuscation" levels:


- the obfuscator: the idea is to render the code so unreadable that it actually
is less time-consuming to create a new "page", which does the same than the original
(hence the word "reverse engineering"), than to analyse the mess. I completely fail
to see how this protects the "intellectual property": Can a client-side script
be called "protectworthy intellectual property"? What is a scenario, where the complexity
is so high that it cannot be just copied?


- the encryptor: I fail to see the idea and use. If you want to protect your code,
use AES. If you send your encrypted page, but you provide the key in order to
enable the user to actually view the page, it's pointless.

How about using the same program to revers engineer pages encrypted with said program. Is it doable?
Sure you wuld have to break the algorith but how strong is said algorith?

Of course, once you know the key it is a matter of a few minutes to write a program,
which allows you to extract the source code (usually obfuscated however).

To extract the key is feasible. You have two sources of information
- the algorithm is extremely simple: a "one char"-function (bitwise XOR on it).
- prior to actually perform the decryption, the password even is tested: that "hash" enables
you to quickly test your candidate, and might allow to restrict the key-space significantly.


I say it again: there are ways to ensure message authenticity and integrity.
Maybe one should educate the people not to accept "certified by unknown authority",
or send sensitive data over unencrypted lines. But then, maybe I see the issue over-simplified

Cheers