Showing posts with label DRM. Show all posts
Showing posts with label DRM. Show all posts
Monday, February 12, 2007
Steve Jobs and DRM...
I have been waiting to comment on Steve Jobs call to end DRM enabled music becasue I just don't know what to say. To be honest it’s kind of out of my knowledge scope. I sometimes feel like Dr. McCoy: “damn it Jim, I’m a security researcher not a consumer rights advocate”. My thoughts are that it was a very bold move and even if he has done it for various reasons like some people claim if DRM goes away that means consumers win in the end. I think John Gruber does a better job analyzing it than I ever could.
Monday, January 29, 2007
You can tell its Vista launch day....
Bill Gates is on the Daily Show and and Slashdot is alive (buzzing?) with Microsoft stories. Two stories are about MS: one about MS retracting a patent, one about how broken Vista is. A researcher *gasp* found a way to circumvent Vista DRM via patchguard (for more information on subverting patchguard see Skywings excellent paper from uninformed). Now please don't get me wrong I am not knocking the researcher. Alex did good work with an interesting result but as someone who knows a thing or two about the media (I begrudgingly extend that designation to blogs) I can't help but notice the difference between what he stated on his blog and what the anonymous reader submitted to slashdot:
"Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."
This is completely different than what I know to be true. I have attended/spoken at several of Microsoft's internal security conferences and want to dispel the myth that MS is sue happy, unlike other companies. Researchers and developers at Microsoft are actually more interested in solving problems than suing people which seems more productive as we all know suing doesn't work. I know for a fact Alex is in contact with Microsoft and has been for a while but little things like facts never seem to stop people from spinning stories to create sensationalism. Alex details how MS can break his method of bypassing the DRM, and how he can get around that, and helpfully details how MS can fix his evasion....
He confirms what we all know: that security is an arms race, which was also left out of slashdot. In the long run the winner of the DRM conflict will be the person who gets tired first.
UPDATE: While writing this another story popped up on slashdot about
MS getting tough on license dodgers. *GASP* the horror of a company
actually wanting people to PAY for their product. The nerve of them,
lets get the pitch forks and torches together and running them out of
cyberspace! Gotta love launch day!
"Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."
This is completely different than what I know to be true. I have attended/spoken at several of Microsoft's internal security conferences and want to dispel the myth that MS is sue happy, unlike other companies. Researchers and developers at Microsoft are actually more interested in solving problems than suing people which seems more productive as we all know suing doesn't work. I know for a fact Alex is in contact with Microsoft and has been for a while but little things like facts never seem to stop people from spinning stories to create sensationalism. Alex details how MS can break his method of bypassing the DRM, and how he can get around that, and helpfully details how MS can fix his evasion....
He confirms what we all know: that security is an arms race, which was also left out of slashdot. In the long run the winner of the DRM conflict will be the person who gets tired first.
UPDATE: While writing this another story popped up on slashdot about
MS getting tough on license dodgers. *GASP* the horror of a company
actually wanting people to PAY for their product. The nerve of them,
lets get the pitch forks and torches together and running them out of
cyberspace! Gotta love launch day!
Tuesday, December 26, 2006
Quick, audit DRM
http://www.miraesoft.com/karel/2006/12/25/cost-analysis-of-windows-vista-content-protection/
No sooner than I made my previous post that I ran across this excellent analysis of a paper written by Peter Gutmann describing why DRM is bad. This is of course a massive oversimplification of the paper, so I suggest you read the analysis and the paper.
DRM and trusted computing in general is very interesting to me as it has a massive impact on what I do. I am not just saying that because I just started auditing the trusted computing capabilities for Vista (including Bitlocker, those guys really put a lot of thought into different possible attack scenarios). People who write DRM software don’t want people like me poking around in their process address space with my fancy debuggers and stuff like that. This means that doing things like reversing applications and tracing their execution flow will get hard which means that finding and writing exploits for bugs will get harder. Keep in mind this doesn’t mean that the bugs will go away; it means that new techniques for finding them will be developed.
Looking at the use of 0day in targeted attacks these days if I were doing bug hunting for the money I would be targeting DRM apps like crazy now as finding a vuln would give you something of greater value because you know it won’t be easily duplicated, it would be hard to track down, and that a fix would not be anything that a vendor could turn around very quickly.
No sooner than I made my previous post that I ran across this excellent analysis of a paper written by Peter Gutmann describing why DRM is bad. This is of course a massive oversimplification of the paper, so I suggest you read the analysis and the paper.
DRM and trusted computing in general is very interesting to me as it has a massive impact on what I do. I am not just saying that because I just started auditing the trusted computing capabilities for Vista (including Bitlocker, those guys really put a lot of thought into different possible attack scenarios). People who write DRM software don’t want people like me poking around in their process address space with my fancy debuggers and stuff like that. This means that doing things like reversing applications and tracing their execution flow will get hard which means that finding and writing exploits for bugs will get harder. Keep in mind this doesn’t mean that the bugs will go away; it means that new techniques for finding them will be developed.
Looking at the use of 0day in targeted attacks these days if I were doing bug hunting for the money I would be targeting DRM apps like crazy now as finding a vuln would give you something of greater value because you know it won’t be easily duplicated, it would be hard to track down, and that a fix would not be anything that a vendor could turn around very quickly.
Subscribe to:
Posts (Atom)