Jacob Appelbaum, one of the security researchers who worked on the paper cold boot attack on encryption keys (featured in a previous BBtv episode, above) tells Boing Boing the code has just been released today at the [last] HOPE hacker con in NYC. — Read the rest
Xeni visits the offices of the Electronic Frontier Foundation and speaks with Jake Appelbaum and Bill Paul, two of the authors of a security research paper that shows how your computer's memory can be tricked into revealing data you thought was safely encrypted, and out of the reach of others. — Read the rest
Earlier this week, I blogged about a new set of AACS keys being compromised — a set of keys that can be used to crack the anti-copying technology on HD-DVDs. The fascinating thing about this is that it came six days before the release of a new generation of HD-DVD discs that are hardened against copying using another leaked key (the AACS Licensing Authority's attempt to suppress that key was an unmitigated disaster, leading to more than a million republications of the key). — Read the rest
Princeton DRM UR-scholars Alex Halderman and Ed Felten have begun an examination of the recent crack of AACS, the anti-user system in Blu-Ray and HD-DVD. They promise to go into great depth on what the crack means and where it will go next:
Typical users can't extract title keys on their own, so BackupHDDVD won't be useful to them as it currently stands – hence the claims that BackupHDDVD is a non-event.
— Read the rest
Princeton security researchers Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten have taken apart one of Diebold's notorious voting machines and done a thorough security analysis of its workings. They showed that they could easily install software on the machine that would allow an attacker to steal votes from one candidate and give them to another — they showed that this would be undetectable, and easily done. — Read the rest
Princeton prof Ed Felten (whose work with Alex Halderman on the Sony DRM mess was nothing short of genius) has begun a new series unpicking the failings in HDCP, a crippleware system for home video that is being built into next-gen PCs, game-consoles and home-theater equipment. — Read the rest
Here's the sixth installment of the Sony DRM Debacle, tracing the history of all the misdeeds committed by Sony when it covertly installed malicious software on millions of music fans' PCs in order to restrict their ability to make lawful copies of their music. — Read the rest
Princeton's Ed Felten and Alex Halderman have published the final version of "Lessons from the Sony CD DRM Episode," a spectacular paper that they published in draft form in a series of blog posts reported on here. The final paper is required reading for anyone who wants to understand the technology and business behind sneakily crippling our PCs in the name of stopping us from copying. — Read the rest
When an audio CD infects your computer with anti-copying software, it installs its own player. This player is intended to allow minimal, listen-only use of your CDs, while locking you out of copying those tracks to an unauthorized portable device, your laptop, or your next computer. — Read the rest
No one woke up this morning wishing that there was a way to do less with their music; so how do companies that distribute audio CDs with copy- and use-restriction DRM on them get you to install it?
Princeton's Ed Felten and Alex Halderman continue to post excerpts from their forthcoming major paper on the lessons learned from Sony's covert infection of millions of its customers' computers with malicious software that was intended to restrict their ability to use the music on the CDs they bought. — Read the rest
Princeton DRM researchers Alex Halderman and Ed Felten have posted the latest in a continuing series of excerpts from a long technical paper analyzing the Sony DRM debacle, in which the company was found to have deliberately infected its customers with malicious software covertly included on audio CDs. — Read the rest
When you infect a music CD with malicious anti-copying software, how long can you expect it to work for? Unlike most software, music CDs are liable to be loaded into computers decades after they're pressed; can an anti-copying program anticipate the state of computers in twenty years and ensure that their programs won't destabilize computers in the future? — Read the rest
Security researchers at Princeton are making great strides in picking apart the systems used by copy-restriction companies to corrupt the CDs sold by music labels like Sony-BMG. Princeton's Alex Halderman has published preliminary results of his and Ed Felten's work on reverse-engineering the Digital Rights Management systems that were the subject of so much controversy when Sony was caught infecting its customers' computers with them: MediaMax from Suncomm and XCP from First4Internet. — Read the rest
Here's the last 2005 installment of the Sony DRM Debacle, posted moments before I leave on vacation — tune in after Jan 1 to see what new disasters Sony can create for itself by deploying technology that punishes people who buy its products instead of downloading them from P2P networks. — Read the rest
Alex Halderman, one of the Princeton researchers who's been doggedly revealing the tricks, nastiness, cheating and lies in the Sony DRM Debacle, has published a detailed HOWTO explaining how to make your own malicious "industrial strength" DRM CD, just like Sony's. — Read the rest
Sony's DRM supplier XCP ripped off a free software project so that it could defeat Apple iTunes.
Remember when Sony got nailed for including code an open-source crack for iTunes in its rootkit DRM? Princeton researcher Alex Halderman has been patiently teasing apart the rootkit, looking for an explanation. — Read the rest
Many Sony CDs install a piece of spyware on listeners' PCs. The program, called MediaMax, from SunComm, has received less attention than the rootkit that made headlines on Hallowe'en, but it is even sneakier, in some ways, than the rootkit was. — Read the rest
The Sony rootkit debacle continues to gain steam, with fresh revelations of incompetence and malice every day, and with fresh news of lawsuits too. Previously, I published two roundups of news on this leading up to Nov 17 (Sony Rootkit Roundup Part I, Sony Rootkit Roundup Part II, Sony Rootkit Roundup Part IV, Sony Rootkit Roundup V, Sony Rootkit Roundup VI) and what with all the news, it's time for a third:
- Nov 17: Sony still advising public to install rootkits
- 18 days after the revelation that Sony's CDs contain dangerous rootkits, Sony still has live web-pages advising its customers to go ahead and install their software (This is still the case as of Nov 22!).
— Read the rest
Here's the night's dispatches on the Sony rootkit fiasco:
Pre-order your I HEART ROOTKIT shirts today Link
Get a (partial?) list of Suncomm Mediamax-infected CDs from the "CD in Question" drop-down menu on this page. Link (Thanks, Claire!)
Ed Felten and Alex Halderman report that they're working with Suncomm to fix the Mediamax uninstaller, which currently leaves your computer is worse state than it started. — Read the rest
Last week, I wrote about Princeton DRM researcher Alex Halderman's work on Suncomm's MediaMax, a piece of malware that accompanies the XCP rootkit on many of Sony's DRM CDs. Like the rootkit, Suncomm's software spies on your music usage and finks you out to Sony without your knowledge and consent. — Read the rest