Security

Sony has said it will “temporarily” stop making CDs with the problematic DRM technology. I’m sure they’ll make more in the future with a modified version or a new DRM technology.

As reported at Brian Krebs’ Washington Post blog, there has been a class action lawsuit filed against Sony in California and another one about to be filed in New York. The California lawsuit alleges violations of California’s anti-spyware law, the Consumer Legal Remedies Act, and the California Unfair Competition law. In other news from Krebs, there is now real malware exploiting Sony’s DRM to hide itself. Krebs seems to be breaking the key news on this story–there are a number of other related articles on his blog worth reading, such as the one on Sony’s past history of cavalier and inconsistent actions on DRM. The EFF has an analysis of the EULA for Sony’s software–it’s something no reasonable person should agree to. Back at Mark Russinovich’s blog that exposed this issue and began the controversy, he rebuts a response from First 4 Internet, the implementers of the Sony DRM, and points out more evidence that their software is poorly written and can crash Windows.

The March 1952 document “A Brief History of Communications Intelligence in the United States” by Captain Laurance F. Stafford, USN (Retired) has been declassified by the National Security Agency and released to the public. It was originally classified TOP SECRET SUEDE. The document is a 24-page PDF. The document tells the history of COMINT prior to Pearl Harbor, beginning with the entry of the U.S. into WWI, when Herbert O. Yardley set up MI-8, the “American Black Chamber” to do cryptology work. On a quick scan I didn’t see anything that wouldn’t already be familiar in broad strokes to readers of James Bamford’s The Puzzle Palace or Body of Secrets, though there may be some details not previously public, such as the number of staff working on cryptography.

My presentation on “Defending Against Botnets” for ASU’s Computer Security Week is online in streaming video and MP3 audio formats. Unfortunately, the audience was quite small. ASU’s Polytechnic Campus is way out east of Phoenix, on the former Williams Air Force Base which ASU purchased and turned into its east campus. It doesn’t appear that it has a very large student population yet. I was amused that the streets are named after military figures. To get to the Student Union I drove on a street called Twining, named after General Nathan Twining. Twining is a name well-known to UFO enthusiasts, as his name was used on one of the forged “MJ-12” documents known as the Cutler-Twining memo, and also authored a genuine document that discusses UFOs (and is often misinterpreted by UFO advocates as claiming that crashed saucers have been recovered). My talk was followed by a talk on Wireless Security by Erik Graham of General Dynamics, which covered threats and defenses for 802.11 and Bluetooth.

Mark Russinovich at Sysinternals.com, a security professional who is careful about what software he installs on his computer, found a rootkit on his Windows machine. A rootkit is a set of applications designed to hide malicious activity from the owner or administrator of a machine. He found a hidden directory, several hidden device drivers, and a hidden application. After further investigation, he found that the software installed on his machine without his consent or authorization included files identified via Sigcheck as part of “Essential System Tools” from a company called First 4 Internet. Google revealed that First 4 Internet has implemented Digital Rights Management for several record companies, including Sony. It turned out that a recent CD he had purchased, “Get Right with The Man” by the Van Zant brothers, contained Sony’s DRM. Additional experimentation shows that the software is poorly written, and creates a load on the system by scanning the executable files associated with every running process every two seconds, and querying file information including size eight times per scan. The End User License Agreement (EULA) gives no indication that this software will be installed to your machine, and provides no mechanism for removing it. (They have apparently since modified the EULA in response to Russinovich’s analysis.) Russinovich took the trouble to take the steps necessary to remove the software (and return his computer to a functional condition), but as his analysis points out, this would be very difficult for an inexperienced user. A typical responsible computer user who saw the rootkit files and simply deleted them would cripple their computer. This software appears to me no different from spyware, which was made illegal in the U.S. under the SPY ACT (Securely Protect Yourself Against Cyber Trespass), and also appears (as a commenters on Russinovich’s blog note) to violate California state law, UK law, and Australian law. Arizona’s anti-spyware law doesn’t seem to apply. Russinovich’s detailed step-by-step analysis may be found here. Don’t purchase CDs with such irresponsible and sleazy DRM software. ...

I’ll be speaking next week at Arizona State University’s “Computer Security Awareness Week” on the above topic. My talk is on Wednesday, November 2 at 11 a.m. at the Polytechnic Campus in Union Ballroom C, and will be followed by Erik Graham of General Dynamics speaking on Wireless Security. I’ve been told to be as technically detailed as I like, though I think this is a problem which is in greater need of having its economic aspects addressed, in order to drive the implementation of the existing technical solutions. Bruce Schneier has suggested that ISPs need to be held liable for malicious traffic they originate; I’d amend that to say that they should be held liable to the extent there are commercially reasonable measures to prevent, detect, and respond to such traffic and they don’t do it. I agree with Schneier that the ISPs whose end users have compromised machines are in the best position to address the problems those compromised machines create–along with the manufacturers of the operating systems they run. ...

The Electronic Frontier Foundation has published information about tracking codes printed in every document by laser printers from Xerox, Canon, Brother, Dell, Epson and other companies. These codes, which have been decrypted for one model of Xerox printer, indicate the date and time the document was printed and the serial number of the printer. The codes have apparently been in effect for at least a decade.