Skip to main content

Home/ LumpysCorner/ Group items tagged tools security

Rss Feed Group items tagged

John Lemke

What happens with digital rights management in the real world? | Technology | theguardi... - 0 views

  • In 1997's Bernstein v United States, another US appeals court found that code was protected expression. Bernstein was a turning point in the history of computers and the law: it concerned itself with a UC Berkeley mathematician named Daniel Bernstein who challenged the American prohibition on producing cryptographic tools that could scramble messages with such efficiency that the police could not unscramble them. The US National Security Agency (NSA) called such programs "munitions" and severely restricted their use and publication. Bernstein published his encryption programs on the internet, and successfully defended his right to do so by citing the First Amendment. When the appellate court agreed, the NSA's ability to control civilian use of strong cryptography was destroyed. Ever since, our computers have had the power to keep secrets that none may extract except with our permission – that's why the NSA and GCHQ's secret anti-security initiatives, Bullrun and Edgehill, targetted vulnerabilities in operating systems, programs, and hardware. They couldn't defeat the maths (they also tried to subvert the maths, getting the US National Institute for Standards in Technology to adopt a weak algorithm for producing random numbers).
    • John Lemke
       
      This is also why they have a hard on for developing a quantum computer.
  • An increase in the security of the companies you buy your media from means a decrease in your own security. When your computer is designed to treat you as an untrusted party, you are at serious risk: anyone who can put malicious software on your computer has only to take advantage of your computer's intentional capacity to disguise its operation from you in order to make it much harder for you to know when and how you've been compromised.
  • The DMCA's injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.
  • ...4 more annotations...
  • For example, in 2005, Sony-BMG music shipped a DRM called the "Sony Rootkit" on 51m audio CDs. When one of these CDs was inserted into a PC, it automatically and undetectably changed the operating system so that it could no longer see files or programs that started with "$SYS$." The rootkit infected millions of computers, including over 200,000 US military and government networks, before its existence became public. However, various large and respected security organisations say they knew about the Sony Rootkit months before the disclosure, but did not publish because they feared punishment under the DMCA. Meanwhile, virus-writers immediately began renaming their programs to begin with $SYS$, because these files would be invisible to virus-checkers if they landed on a computer that had been compromised by Sony.
    • John Lemke
       
      How the Sony DRM created serious security issues.  It should also be considered a violation of our civil rights.  Who the hell gave Sony permission to modify my OS!  Furthermore why didn't the OS companies sue Sony?  Likely because they are in bed together.
  • If I was a canny entrepreneur with a high appetite for risk -- and a reasonable war-chest for litigation – I would be thinking very seriously about how to build a technology that adds legal features to a DRM-enfeebled system (say, Itunes/Netflix/Amazon video), features that all my competitors are too cowardly to contemplate. The potential market for devices that do legal things that people want to do is titanic, and a judgment that went the right way on this would eliminate a serious existential threat to computer security, which, these days, is a synonym for security itself.And once anti-circumvention is a dead letter in America, it can't survive long in the rest of the world. For one thing, a product like a notional Itunes/Amazon/Netflix video unlocker would leak across national borders very easily, making non-US bans demonstrably pointless. For another, most countries that have anti-circumvention on the books got there due to pressure from the US Trade Representative; if the US drops anti-circumvention, the trading partners it armed-twisted into the same position won't be far behind.I've talked to some lawyers who are intimate with all the relevant cases and none of them told me it was a lost cause (on the other hand, none of them said it was a sure thing, either). It's a risky proposition, but something must be done. You see, contrary to what the judge in Reimerdes said in 2000, this has nothing to do with whether information is free or not – it's all about whether people are free.
  • The DMCA is a long and complex instrument, but what I'm talking about here is section 1201: the notorious "anti-circumvention" provisions. They make it illegal to circumvent an "effective means of access control" that restricts a copyrighted work. The companies that make DRM and the courts have interpreted this very broadly, enjoining people from publishing information about vulnerabilities in DRM, from publishing the secret keys hidden in the DRM, from publishing instructions for getting around the DRM – basically, anything that could conceivably give aid and comfort to someone who wanted to do something that the manufacturer or the copyright holder forbade.
  • Significantly, in 2000, a US appeals court found (in Universal City Studios, Inc v Reimerdes) that breaking DRM was illegal, even if you were trying to do something that would otherwise be legal. In other words, if your ebook has a restriction that stops you reading it on Wednesdays, you can't break that restriction, even if it would be otherwise legal to read the book on Wednesdays.
John Lemke

Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution. - 0 views

  •  
    This particular Linux distro is intended to test your security.
1 - 2 of 2
Showing 20 items per page