LEARN ABOUT DIGITAL RIGHTS MANAGEMENT, Palladium/Trusted Computing DRM Embedded in New Intel Macs.
INFORMATION ON DIGITAL RIGHTS MANAGEMENT
K 12 Public Education Hacker Ethics
The first thing you need to know is there are 2 words that are constantly misunderstood and incorrectly used by the media.
- A security cracker is a person who breaks computer security systems.
- A software cracker is one who circumvents software copy protection schemes.
Digital Rights Management and Fair Use
See Technology Ethics Defined
Black Hat hacking is the act of compromising the security of a system without permission from an authorized party, with the intent of accessing computers connected to the network.
Report Sony Cracking to: The U.S. Department of Justice
10th & Constitution Ave., NW
Criminal Division,
(Computer Crime & Intellectual Property Section)
John C. Keeney Building, Suite 600
Washington, DC 20530
Main (202) 514-1026 * Fax (202) 514-6113
Media Inquiries: Office of Public Affairs * (202) 514-2007
IP: 149.101.1.119
Company Name: US Dept of Justice.
Location: Maryland, USA 149.101.0.0 - 149.101.255.255
CIDR: 149.101.0.0/16
NetName: USDOJ
NetHandle: NET-149-101-0-0-1
Parent: NET-149-0-0-0-0
NetType: Direct Assignment
NameServer: JUSTICE2.USDOJ.GOV
NameServer: NS22.USDOJ.GOV
RegDate: 1994-12-02
Updated: 2002-06-05
RTechHandle: ZU85-ARIN
RTechName: U.S. Department of Justice
RTechPhone: +1-202-307-6846
RTechEmail: EWS@usdoj.gov
Macs - iMacs/Mac Mini/MacBook Pro are designed by Apple, not Intel. It's Apple's responsibility to tell their customers what is inside their machines, not Intel's. Apparently Apple is trying to use the TPM to lock OS X to Apple hardware, but it doesn't work and can't work. Mac users can now run Windows XP or OSX and switch between them with the newly released Boot Camp.
Mac has installed the DRM protection in its Infineon chip. Infineon is the name of a chip manufacturer; an Infineon TPM has nothing to do with Intel.
The basic idea of Trusted Computing is that security on a computer is obtained via hardware, through a specific chip
dedicated exclusively to this task and called Trusted Platform Module (TPM). Originally sold as a beneficial security system for users (which is partially true), trusted Computing and Palladium risk to open the doors to inviolable copy-protection systems and to censorship and surveillance issues to unprecedented levels.
The Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium, is a software architecture designed by Microsoft which is expected to implement controversial parts of their Trustworthy Computing concept on future versions of the Microsoft Windows operating system. Microsofts stated aim for NGSCB is to increase the security and privacy of computer users but critics assert that the technology will not only fail to solve the majority of contemporary IT security problems, but also result in an increase in vendor lock-in and a resulting reduction in competition in the IT marketplace.
"Palladium/Trusted Computing DRM": These are three different things.
Palladium is a Windows-specific technology that is not shipping and will not be shipped any time soon (if ever). Macs don't contain Palladium. The TPM is indeed part of trusted computing, but actually using a TPM to implement strong DRM is very difficult - it requires the OS to be redesigned to provide mandatory security.
Paladium
" As Seth Schoen of the EFF paraphrases Microsoft, "So the protection of privacy was the same technical problem as the protection of copyright, because in each case bits owned by one party were being entrusted to another party and there was an attempt to enforce a policy."
(3rd bullet point)
11 July 2002. See Microsoft's second digital rights management patent issued a week before this one, invented by the same three persons
Sony is a Cracker
Boycott SONY & settles rootkit case.
Andy Lack of Sony BMG Music Entertainment Division was responsible for the rootkit cracker software fiasco and as of 4/4/06 resigned from Sony.
12/2006 Sony BMG, jointly operated by Sony and Bertelsmann Music Group settles rootkit case. Under the agreement, Sony BMG is prohibited from using similar DRM software in the future.
Record label to pay $4.25 million a year after acknowledging that it secretly installed antipiracy software on music CDs to a consortium of 39 states after acknowledging the company loaded antipiracy software on music CDs without notifying buyers. Sony BMG will also pay up to $175 apiece to consumers whose computers were damaged by the software. The music label announced similar deals with Texas and California, each receive $750,000. The 13 states that started the settlement process with Sony BMG including New York, Florida, Oregon and Pennsylvania will each receive $316,538, while the rest will get $5,000, Sony must still contend with an investigation into the matter by the Federal Trade Commission.
New Word: Rootkit - Rootkit.com's 41,533 members do rootkit source code anonymously, then discuss and share the open source code. Buy and install F-Secure to protect your machine against any root kit. The trend is toward embedding stealth technologies with varying forms
of spyware and malware, such as Backdoor-CEB, AdClicker-BA, W32/Feebs,Backdoor-CTV, Qoolaid, PWS-LDPinch, Opanki.worm, and W32/Sdbot.worm.
Learn how to uninstall the Sony Root Kit.
The root kit problem was first found by a Finnish researcher named Muzzy - scroll down for this . . but on Oct. 31, Windows Expert Mark Russinovich revealed that Sony installed a rootkit to hide its "XCP" DRM software on users' PCs in his blog: Sony BMG Music Entertainment distributed a DRM copy-protection scheme on 52 music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent -- if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it. Sony also ships a separate system called SunComm on 27 other CDs (all shipped in the US) is also sypware. Sony didn't disclose its practices in its installer or even in its license agreement. Sony initially provided no uninstall for the rootkit, and when Sony added an uninstaller, the process was needlessly complicated, prone to crashing, and a security risk.
Problem: The web-based uninstaller that SunnComm provides opens up a major security hole very similar to the one created by the web-based uninstaller for Sony's other DRM, XCP it is possible for a malicious web site to use the SunnComm hole to take control of PCs where the uninstaller has been used. In fact, the the SunnComm problem is easier to exploit than the XCP uninstaller flaw.
Digital Rights Management DRM is only about
- giving the vendors control over your usage of the products you buy;
- they can decide if you're using it in ways they don't like;
- force you to upgrade;
- time to start selling the information they've collected about you to the highest bidder.
- MediaMax discs look on the back where the album covers usually contain a label that includes a sunncomm.com URL.
SunnComm threatened J. Alex Halderman with charges of violating the DMCA's anti-circumvention provisions a few years ago when he revealed how their technology could be thwarted by holding down the shift key.
Princeton University computer scientist J. Alex Halderman compared the different DRM approaches between Sony's use of First4Internet's XCP DRM they said was intended only to protect their CDs from music pirates and MediaMax DRM rootkit another form of DRM it was using on music CDs from SunnComm, Inc.
Their product activation and other forms of copy protection aren't really about stopping piracy - they admit their DRM won't stop the software counterfeiters.
Halderman findings discovered the spyware attributes of the Sony CDs equipped with MediaMax which "phones home" every time you play a protected CD with a code identifying what music you're listening to. And in the SunnComm server's response to these transmissions Halderman also uncovered a very important clue to what Sony's really up to: a URL including the term "perfectplacement." An e-commerce revenue generation "feature of dynamic on-line and off-line banner ads. Generate revenue or added value through the placement of 3rd party dynamic, interactive ads that can be changed at any time by the content owner."
Sony's EULA, using MediaMax has already installed a dozen files on your hard drive and started running the copy protection code. Even if you say NO to the EULA, files still remain and Sony CDs provide no option for uninstalling the files at a later date.
"You want to save the music?
Make stuff people want to own for decades. And sell it to them in a way they want to listen to it. The whole MUSIC business has been irreparably harmed. By the inane actions of ignorant people under the moniker of saving the music. Elected officials walk away from crises. They only want to be involved if they can grandstand to great effect. Defending the labels is not going to benefit them with the public. The CD recall is going to cost Sony BMG tens of millions of dollars! And, they get more money from Microsoft and the Silicon Valley players than they do from these old wave mafia-type operators in the music industry".
CD DRM: Threat Models and Business Models Record Label Goals and Monetizing the Platform even beyond its effect on controlling copying and use of content . The DRM vendor’s primary goal, obviously, is to provide value to the record label, in order to maximize the price that the vendor can charge the label for using the DRM technology. In the case of CD DRM, the system’s goals are purely economic, and the technical goals of the system exist only to protect or enable the business models of the record label and the DRM vendor.
Sony Numbers Add Up to Trouble
More than half a million networks, including military and government sites, were likely infected by copy-restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts Tuesday. Sony BMG has been on the run for almost two weeks with the public relations debacle of its XCP copy-restriction software, which has installed an exploit-vulnerable rootkit with at least 20 popular music titles on PCs all over the world.The damage spans 165 countries, with the top five countries beingSpain, the Netherlands, Great Britain, the United States and Japan. <snip> Sony's suggested method for removing the program actually widens the security hole the original software created, researchers say.
New rules: don't buy a Sony
January 21, 2006 MP3 comes down with a crash
Software glitch has left users unable to transfer tunes to new player.SONY is advising consumers not to use software supplied with its new range of digital music players after hundreds of users complained that it caused their computers to crash. The new Sony MP3 Walkman was billed as the company’s long-awaited answer to the iPod and became one of the biggest-selling electrical items for Christmas.But Sony admitted that the software sold with the player has “major problems”, which has left many owners unable to use the players. The Connect Player programme is designed to transfer music from the user’s computer to the player and to connect them to Sony’s music sales website. But distraught buyers have been posting messages on websites cursing Sony. Others have returned their £199 players for a refund.
Sony has used a CD with skanky code (installing a rootkit) onto your machine which executes flawed code can now be used by hackers to molest your machine too AND you can't get their crap off your machine, so you're totally screwed. [aka RIAA's "Benjamin" virus ]
I know you don't understand.
Rule: just don't buy a sony cd and put it into your machine and you won't have a problem.
Sony BMG, which had embedded aggressive copy-protection software on the Van Zant CD suspended the use of that software after security companies classified it as malicious. At least two Internet-born worms were discovered attempting to take advantage of the program, which the CD's transferred to computers that played them. And the company was facing lawsuits accusing it of fraud and computer tampering in its efforts at digital rights management, or D.R.M. The removal tool that First4Internet supplies is an ActiveX control marked "safe for scripting". That means it can be invoked by any web page -- and it can be used to install new software on your machine.... The problem was first found by a Finnish researcher named Muzzy; see http://hack.fi/~muzzy/sony-drm/ for details.
What is the difference between a A Massachusetts 17 year old teenager pleaded guilty to cracking who exposes the personal records of 300,000 consumers and Sony breaking the security of hundreds of thousands of innocent computer users?
Sony CD's are shipped with XCP copy protection technology. Apparently this commercial product contains GPL DRM-circumvention code. Sony CDs protected with their technology automatically install several megabytes of files without any meaningful notice or consent, silently phone home every time you play a protected album, and fail to include any uninstall option. The scope of the misstep has left the realm of public relations and entered that of the criminal. Sony has recalled affected CDs and announced an exchange program to swap customers' affected CDs for XCP-free replacements.
DRM on a Sony CD installed a rootkit on a customer's PC
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. See Rootkit Resources
Sony, Rootkits and Digital Rights Management Gone Too Far Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, sony cd drm software deposits a hidden directory, several hidden device drivers, and a hidden application in your OS.
World of Warcraft hackers using Sony BMG rootkit sony offers a patch but researchers say it is extreamly complicated to use and it will leave your OS damaged.
Sony non apology apology - Sorry seems to be the hardest word . . .
The latest copy-protected CDs from Sony DADC
- Key2audio, Sony DADC - Campaign for Digital Rights
Where was your security company? Why didn't they protect YOU and report the Sony malicious code instead of keeping quiet?
Why did Microsoft provide the functionality that allows a hidden program on an audio CD to automatically install software on the PC that is invisible to the user? Why didn't it's protection software detect and stop it?
Who are the security companies really working for? Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time. What happens when the creators of malware collude with the very companies we hire to protect us from that malware? We users lose, that's what happens. A dangerous and damaging rootkit gets introduced into the wild, and half a million computers get infected before anyone does anything.
F-Secure Chief Research Officer Mikko Hypponen helped to get info about Sony out there when no one was listening. I bought and recommend you buy F-secure for your computer ~ KE
According to F-Secure, a Finnish antivirus vendor, the German DVD release of "Mr. & Mrs. Smith," contains a digital rights management
protection tool that uses rootkit-like cloaking technology. The movie is distributed by 20th Century Fox. Archives
Symantec bites the hand that feeds... 12/ 6/05
Just over ten years ago (95-09-15) *Hobbit* wrote a little tool called netcat (aka nc), swiftly dubbed the "TCP/IP Swiss Army knife". *Hobbit* was affiliated with the l0pht, which was later purchased by @stake, which was later purchased by Symantec. At some point (circa 1998), Weld Pond ported the netcat utility to Windows. Weld was an
original member of the l0pht and later the Director of Research and Development with @stake. Weld's version was distributed at @stake for some time. Suffice it to say, the l0pht, @stake and its members/employees supported netcat's use and distribution.
Jump forward to today, and Symantec now classifies netcat on a system as a High Risk Impact. As aj reznor asked, "is that to say that SYM bought a company known then for offering naughty things?" Let us also remember that Symantec owns SecurityFocus which conveniently offers
the tool in their tool repository.<snip>
BAD PRESS - POLICE INVESTIGATION - SCANDAL IN PROGRESS
Sony faces police investigation into DRM code 44/8/05
ALCEI-EFI (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) has filed a complaint with Colonel Umberto Rapetto of the Guardia di Finanza, head of Italy's cybercrime investigations unit, requesting a criminal investigation of Sony BMG for its use of copy-protection software that acts as a rootkit. ALCEI-EFI alleges that the software damages computers and contains malicious features forbidden under Italian law. First 4 Internet, developer of the Sony software, says use of rootkit features was necessary to prevent users from working around the copy-protection. Computer Associates has classified the Sony copy- protection as a form of spyware.
Isn't it interesting that all the negative publicity has been directed at SONY, not BMG.
BMG doesn't have a famous brand name in the U.S. Bertelsmann is a faceless corporation. The average person is unaware that the German company owns Sony Music. Andy Lack is the head of Sony Music.
The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, and the EFF are suing Sony BMG which is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General.
Spitzer Gets on Sony BMG's Case
New York's Attorney General has turned his attention to Sony BMG's copyright-protection fiasco. Sony BMG Music Entertainment is getting a lot of unwanted attention for its use of copyright-protection software that left CD users open
to computer viruses. They have also admitted to Plugola & Payola activity costing them 10 million $'s.
Proposed Settlement 12/30/05 Sony reaches provisional settlement in rootkit fiasco PDF
It may provide the starting point for a future statute that protects against the misuse of digital rights management technologies.
Don't Mess with Texas <:-)
Sony is being sued by the state of Texas, which contends that the electronics giant violated the state's new spyware law.
"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," said Greg Abbott, the Texas attorney general.
United States Computer Emergency Readiness Team
Vulnerability Note VU#312073
A vulnerability has been reported in First4Internet XCP's uninstallation ActiveX control, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "CodeSupport.ocx" ActiveX control that is installed via Internet Explorer when the user un-installs the XCP DRM software by visiting the vendor's website.
The ActiveX control is marked safe-for-scripting and supports several potentially dangerous methods like "RebootMachine", "InstallUpdate", and "IsAdministrator". This may be exploited to install arbitrary code on the user's system.
Military assessing possible threat posed by Sony security
It seems innocent enough. A Sony BMG music CD bought at a Power Zone, when inserted into a computer, requires the Sony player be downloaded in order to play the music.
But the software also includes anti-piracy software and a "root kit" that secretly enables Sony to track usage and alter the computer's operating system.
This surreptitious software allows hackers to access data stored on the computer and introduce viruses.
Military network analysts are assessing a possible security threat that could result if the software is installed on government computers, according to Tom Ryan, an information assurance manager with the 5th Signal Command based in Mannheim, Germany.
"It's not so much [a threat] on the classified network because everything on it is already encrypted," Ryan said. "But as far as [operational security], on the unclassified side it's possible for somebody to pull down enough information to put together some really sensitive stuff."
Ryan said that the command is about to install a security patch developed by Defense Information Systems Agency.
"You have a certain amount of time to comply with installing those security patches," Ryan said, adding that the current patch needs to be installed by Dec. 14.
About 2 million Sony BMG music CDs have been sold with the anti-piracy software embedded on the discs, which makes computers running Windows products more vulnerable to hackers.
The CDs, released under 52 different titles, install a program on Windows-based computers that limits the number of copies that can be made, such as is done with MP3 files.
Tim Madden, a spokesman for Joint Task Force Global Network Operations, a component of U.S. Strategic Command that oversees the operation and protection of military networks, downplayed the risk to Department of Defense computer security.
"It doesn't pose any threat," Madden said. "You can't install [the software] because of security configurations on DOD computers.
"If somebody were to get [an affected CD] and put it on a government computer, it asks them to install [the software], but they can't because they don't have the permissions."
When asked if someone could bring an infected computer from home and hook it up to a military network, Madden said, "there are a lot of 'what ifs.'"
"This has not been an issue for DOD computers because of the blocks that have been put in place," Madden said. "Whatever processes and procedures we may do to manage that is something we're not going to talk about publicly."
The Army and Air Force Exchange Service, which operates Power Zones and other stores that sell CDs, is offering customers a full refund for opened or unopened packages.
Army Lt. Col. Dave Accetta, a spokesman for AAFES Europe, said stores are complying with the Sony recall and pulling the affected CDs from its shelves.
"It is a voluntary recall, but we want to make sure customers are aware and are not placing computer systems at risk," he said.
The software does not affect stereo equipment, just computers, according to Sony and AAFES.
COPYFIGHT
Out of tune
SONY BMG, THE WORLD'S second-largest record company, shot itself in the foot so badly this month that it may have wounded the entire music industry. Its disastrous dalliance with invasive anti-piracy technology gives music fans yet another reason to view the major record labels as victimizers, not victims.
The court didn't rule P2P networks illegal. The Internet itself is a peer-to-peer network.
sneakernet: /snee´ker·net/, n. Term used (generally with ironic intent) for transfer of electronic information by physically carrying tape, disks, or some other media from one machine to another. “Never underestimate the bandwidth of a station wagon filled with magtape, or a 747 filled with CD-ROMs.” Also called ‘Tennis-Net’, ‘Armpit-Net’, ‘Floppy-Net’ or ‘Shoenet’; in the 1990s, ‘Nike network’ after a well-known sneaker brand.
Copyfight
It's been six years since the entertainment industry loosed its lawyers on the makers of Internet file-sharing software, and two years since the industry began suing the people who use it. By and large, it's winning these legal battles -- including a court-ordered shutdown of Napster in 2001 and a 9-0 Supreme Court ruling against Grokster in June. But that doesn't mean it's winning the war.
In fact, Americans continue to download music and movies using these so-called "peer-to-peer," or P2P, networks in record numbers. Through its trade association, the Recording Industry Association of America (RIAA), the music industry has sued more than 15,000 people in the past two years alone. Yet over that same period, traffic on file-sharing networks doubled, according to Big Champagne, a media company that measures P2P activity. Halfway through this year, volume had climbed to nearly nine million downloads, a new high and a 20% increase over last year. SNIP
Songwriters tried to sue the player piano out of existence a century ago. Vaudeville performers sued Guglielmo Marconi for inventing the radio. Disney and Universal sued Sony for making the Betamax VCR. And cable entrepreneurs over the years have been dragged into court by everyone from television broadcasters to the Motion Picture Association of America. If music and movie moguls had their druthers, they would have monopoly control over any device or platform capable of reproducing sound or pictures.
Oh yes, one last thing - RIAA threatens anyone who sells their mp3 player WITH the songs still on it with a lawsuit. What a crock. These people are not living in the real world. They are trying to control the secondary market.
