Pastebin.com and the Hotmail password leak

It seems that a list of 10,000 Hotmail usernames and passwords has been posted on pastebin.com in recent days.

Pastebin was created as a tool to aid software development, not to distribute this sort of material.

As a result of the interest this story is generating, pastebin.com is experiencing huge levels of activity – as a result I took it offline to ensure all the offending material has been removed, and have adjusted the abuse filters prevent re-occurence.

Edit: please don’t ask if you name was on the list. I have no way of knowing. Just change your password.

Edit #2: things have calmed down now, and I’ve written a longer post about the incident here.

Pastebin, the Ti-89 signing keys, and the DMCA

I’ve had a DMCA takedown request sent in relation to a pastebin post containing the signing keys for a range of Texas Instruments calculators which, if I understand correctly, allow you to digitally sign a replacement operating system so that the hardware will accept it.

If you buy a piece of hardware, I firmly believe you should be able to do whatever you like with it, and people installing their own operating systems and *improving the damn product* is something TI should be happy about.

There’s a blog over at http://brandonw.net/ which is enthusiastic about this sort thing, and you can read wide and varied discussion about the issue on SlashDot too. (Edit: on 23rd Sep The Register weighed in with this article)

So, here is the DMCA takedown request Texas Instruments sent to me:

September 17, 2009
To Whom It May Concern:
Re: Illegal Offering of Material to Circumvent TI Copyright Protections
VIA: report abuse at pasetebin.com

It has come to our attention that the web site http://pastebin.com/f23af06b7, contains material and/or links to material that violate the anti-circumvention provisions of the Digital Millennium Copyright Act (“DMCA”). This letter is to notify you, in accordance with the provisions of the DMCA, of these unlawful activities. Pursuant to the safe harbor provisions of the DMCA, we request that you remove any whole or partial reproductions of and/or disable links to the following:

The post located on http://pastebin.com/f23af06b7

Texas Instruments Incorporated (“TI”) owns the copyright in the TI-83 Plus, TI84 Plus and TI-89 operating system software. The TI-83 Plus, TI-84 Plus and TI-89 operating systems use encryption to effectively control access to the operating system code and to protect its rights as a copyright owner in that code. Any unauthorized use of these files is strictly prohibited.

http://pastebin.com/f23af06b7 is distributing or providing links to information that bypasses TI’s anti-circumvention technology. By providing copies of or offering links to such information, http://pastebin.com/f23af06b7 has violated the anti-circumvention provisions of the DMCA at 17 U.S.C. §§ 1201(a)(2) and 1201(b)(1).

Please confirm to the undersigned in writing no later than noon on September 18, 2009 that you have complied with these demands. You may reach the undersigned by telephone at (xxx) xxx-xxxx or by email at xxxxxx@ti.com. TI reserves all further rights and remedies with respect to this matter.
I hereby confirm that I have a good faith belief that use of the Illegal Material in the manner complained of in this letter is not authorized by the copyright owner, its agent, or the law, that the information in this letter is accurate, and that, under penalty of perjury, I am authorized to act on behalf of TI, the owner of the exclusive rights in the TI-83 Plus, TI-84 Plus and TI-89 operating system software that are allegedly misappropriated using unlawful methods.
Texas Instruments Incorporated

XXX XXXXXX
Manager, Business Services
Education Technology Group

I live in the UK, and pastebin.com is hosted in the UK, so hitting me with a DMCA takedown request is rather pointless. However, I do remove copyrighted content on request, so much as it pains me to do so, I’ve deleted that post for now.

It’s no biggie, if you want the keys, just check wikileaks or do a Google search for 82EF4009ED7CAC2A5EE12B5F8E8AD9A0. That’s just a long hexadecimal number. Pretty sure I’m free to express that number in any form I like.

Can you say “Streisand Effect”?

Edit: Interesting post here on dealing with these TI DMCA notices. Persoanlly, I’m not interested in fighting to keep the post on pastebin.com as it is widely available elsewhere. I have a copy of the keys should I ever wish to actively distribute them though…

Edit#2, Oct 14th 2009: The Electronic Frontier Foundation have written the following about this issue: EFF Warns Texas Instruments to Stop Harassing Calculator Hobbyists.

pastebin.org considered harmful

I run pastebin.com, and maintain it daily. I check for abuses of the service, block IP addresses of serial offenders and try to ensure it provides a speedy and useful service.

I make the software available for others to use and improve upon too.

pastebin.org is one such site, but I’m starting to get emails from people who’ve used that site and are now infected with the Win32/Alureo trojan virus. In addition, the site seems to have been compromised in other ways, with extra advertising banners and popups.

I’m not responsible for that site. I’ve tried to make contact with the registrant listed in whois records, but not had a response.

The moral of the story: if you want to stay safe, stick with pastebin.com!