Diebold's notoriously insecure voting machines — in use across the USA — have been found to have an even deeper vulnerability than previously known. A new report by Harri Hursti, released on BlackBoxVoting, documents how an attacker with a few moments' of private physical access to a machine could compromise it and load it with his own software, compromising every function of the machine, including the ability to count votes. — Read the rest
As part of his ongoing series on the failings in the HDCP video crippleware being build into HD TVs, video-game consoles and PCs, Princeton engineering prof Ed Felten describes how easy it is to subvert the system:
…[I]t has a very large problem: if any [forty] devices conspire, they can break the security of the system.
— Read the rest
Princeton's Ed Felten has written a terrific article explaining the ins and outs of watermarking for audiovisual material, providing an excellent guide for anyone who wants to understand how the new proposals to mandate watermark detectors are doomed.
Congress is considering a bill to "plug the analog hole," that is, to prevent the use of recording equipment for capturing digital programs while they're been played back (one outcome of this is that you couldn't video your child's first step if he was taking it in the living-room with the TV playing in the shot). — Read the rest
Kathryn Cramer, an investigative blogger, has begun to publish the results of her research into VEIL. VEIL is a technology that the entertainment industry has proposed to turn into a legal requirement for all devices capable of turning an analog signal into a digital one: cameras, recorders and mics of all kinds, in other words. — Read the rest
Here's the sixth installment of the Sony DRM Debacle, tracing the history of all the misdeeds committed by Sony when it covertly installed malicious software on millions of music fans' PCs in order to restrict their ability to make lawful copies of their music. — Read the rest
Princeton's Ed Felten and Alex Halderman have published the final version of "Lessons from the Sony CD DRM Episode," a spectacular paper that they published in draft form in a series of blog posts reported on here. The final paper is required reading for anyone who wants to understand the technology and business behind sneakily crippling our PCs in the name of stopping us from copying. — Read the rest
When an audio CD infects your computer with anti-copying software, it installs its own player. This player is intended to allow minimal, listen-only use of your CDs, while locking you out of copying those tracks to an unauthorized portable device, your laptop, or your next computer. — Read the rest
No one woke up this morning wishing that there was a way to do less with their music; so how do companies that distribute audio CDs with copy- and use-restriction DRM on them get you to install it?
Princeton's Ed Felten and Alex Halderman continue to post excerpts from their forthcoming major paper on the lessons learned from Sony's covert infection of millions of its customers' computers with malicious software that was intended to restrict their ability to use the music on the CDs they bought. — Read the rest
Princeton DRM researchers Alex Halderman and Ed Felten have posted the latest in a continuing series of excerpts from a long technical paper analyzing the Sony DRM debacle, in which the company was found to have deliberately infected its customers with malicious software covertly included on audio CDs. — Read the rest
When you infect a music CD with malicious anti-copying software, how long can you expect it to work for? Unlike most software, music CDs are liable to be loaded into computers decades after they're pressed; can an anti-copying program anticipate the state of computers in twenty years and ensure that their programs won't destabilize computers in the future? — Read the rest
Security researchers at Princeton are making great strides in picking apart the systems used by copy-restriction companies to corrupt the CDs sold by music labels like Sony-BMG. Princeton's Alex Halderman has published preliminary results of his and Ed Felten's work on reverse-engineering the Digital Rights Management systems that were the subject of so much controversy when Sony was caught infecting its customers' computers with them: MediaMax from Suncomm and XCP from First4Internet. — Read the rest
If the controversial Analog Hole bill makes it into law, US technologists will have to obey a law whose most important details are a trade-secret.
The entertainment industry, always a bastion of media savvy, has proposed its "A-Hole" bill as a legal means of limiting the conversion of analog music and video to digital files. — Read the rest
Ed Felten has posted about the question that must scare Sony the most: have they committed a criminal act by distributing music CDs with spyware and rootkits on them?
The Computer Fraud and Abuse Act is a US federal criminal statute that punishes people who gain unauthorized access to computers, misappropriate their information, and break their machines. — Read the rest
The Sony rootkit debacle continues to gain steam, with fresh revelations of incompetence and malice every day, and with fresh news of lawsuits too. Previously, I published two roundups of news on this leading up to Nov 17 (Sony Rootkit Roundup Part I, Sony Rootkit Roundup Part II, Sony Rootkit Roundup Part IV, Sony Rootkit Roundup V, Sony Rootkit Roundup VI) and what with all the news, it's time for a third:
- Nov 17: Sony still advising public to install rootkits
- 18 days after the revelation that Sony's CDs contain dangerous rootkits, Sony still has live web-pages advising its customers to go ahead and install their software (This is still the case as of Nov 22!).
— Read the rest
Here's the night's dispatches on the Sony rootkit fiasco:
Pre-order your I HEART ROOTKIT shirts today Link
Get a (partial?) list of Suncomm Mediamax-infected CDs from the "CD in Question" drop-down menu on this page. Link (Thanks, Claire!)
Ed Felten and Alex Halderman report that they're working with Suncomm to fix the Mediamax uninstaller, which currently leaves your computer is worse state than it started. — Read the rest
See Part I, Part III, Part IV, Part V and Part VI of this post for more.
It's been three days since the first roundup post on Sony's rootkit DRM and lots of new stuff has come to light since. — Read the rest
Princeton's Ed Felten and Alex Halderman have published new research into a grave security vulnerability opened up if you run the "uninstaller" that Sony supplies to rid your PC of its malicious rootkit software, which it installs when you insert an audio CD into your PC, as a means of restricting your use of the music on the CD. — Read the rest
We've written here that the "uninstaller" that Sony provides for getting rid of the malicious trojan horse that is installed on your computer when you play one of their music CDs introduces some pretty big security holes into your PC.
But it looks like it might be worse than we suspected. — Read the rest
See Part II, Part III, Part IV, Part V and Part VI of this post for more.
Since Hallowe'en, we've been posting the details about he revelations relating to Sony's DRM systems, which show jaw-dropping contempt for their customers, for copyright law, for fair trading and for the public interest. — Read the rest
On today's edition of the NPR News program "Day to Day," I report on the closure of file-sharing software firm Grokster, and the company's agreeement to pay a $50-million penalty to settle a lawsuit with entertainment companies. The move comes five months after the U.S. — Read the rest