Technology

Sony has said it will “temporarily” stop making CDs with the problematic DRM technology. I’m sure they’ll make more in the future with a modified version or a new DRM technology.

As reported at Brian Krebs’ Washington Post blog, there has been a class action lawsuit filed against Sony in California and another one about to be filed in New York. The California lawsuit alleges violations of California’s anti-spyware law, the Consumer Legal Remedies Act, and the California Unfair Competition law. In other news from Krebs, there is now real malware exploiting Sony’s DRM to hide itself. Krebs seems to be breaking the key news on this story–there are a number of other related articles on his blog worth reading, such as the one on Sony’s past history of cavalier and inconsistent actions on DRM. The EFF has an analysis of the EULA for Sony’s software–it’s something no reasonable person should agree to. Back at Mark Russinovich’s blog that exposed this issue and began the controversy, he rebuts a response from First 4 Internet, the implementers of the Sony DRM, and points out more evidence that their software is poorly written and can crash Windows.

The March 1952 document “A Brief History of Communications Intelligence in the United States” by Captain Laurance F. Stafford, USN (Retired) has been declassified by the National Security Agency and released to the public. It was originally classified TOP SECRET SUEDE. The document is a 24-page PDF. The document tells the history of COMINT prior to Pearl Harbor, beginning with the entry of the U.S. into WWI, when Herbert O. Yardley set up MI-8, the “American Black Chamber” to do cryptology work. On a quick scan I didn’t see anything that wouldn’t already be familiar in broad strokes to readers of James Bamford’s The Puzzle Palace or Body of Secrets, though there may be some details not previously public, such as the number of staff working on cryptography.

My presentation on “Defending Against Botnets” for ASU’s Computer Security Week is online in streaming video and MP3 audio formats. Unfortunately, the audience was quite small. ASU’s Polytechnic Campus is way out east of Phoenix, on the former Williams Air Force Base which ASU purchased and turned into its east campus. It doesn’t appear that it has a very large student population yet. I was amused that the streets are named after military figures. To get to the Student Union I drove on a street called Twining, named after General Nathan Twining. Twining is a name well-known to UFO enthusiasts, as his name was used on one of the forged “MJ-12” documents known as the Cutler-Twining memo, and also authored a genuine document that discusses UFOs (and is often misinterpreted by UFO advocates as claiming that crashed saucers have been recovered). My talk was followed by a talk on Wireless Security by Erik Graham of General Dynamics, which covered threats and defenses for 802.11 and Bluetooth.

Mark Russinovich at Sysinternals.com, a security professional who is careful about what software he installs on his computer, found a rootkit on his Windows machine. A rootkit is a set of applications designed to hide malicious activity from the owner or administrator of a machine. He found a hidden directory, several hidden device drivers, and a hidden application. After further investigation, he found that the software installed on his machine without his consent or authorization included files identified via Sigcheck as part of “Essential System Tools” from a company called First 4 Internet. Google revealed that First 4 Internet has implemented Digital Rights Management for several record companies, including Sony. It turned out that a recent CD he had purchased, “Get Right with The Man” by the Van Zant brothers, contained Sony’s DRM. Additional experimentation shows that the software is poorly written, and creates a load on the system by scanning the executable files associated with every running process every two seconds, and querying file information including size eight times per scan. The End User License Agreement (EULA) gives no indication that this software will be installed to your machine, and provides no mechanism for removing it. (They have apparently since modified the EULA in response to Russinovich’s analysis.) Russinovich took the trouble to take the steps necessary to remove the software (and return his computer to a functional condition), but as his analysis points out, this would be very difficult for an inexperienced user. A typical responsible computer user who saw the rootkit files and simply deleted them would cripple their computer. This software appears to me no different from spyware, which was made illegal in the U.S. under the SPY ACT (Securely Protect Yourself Against Cyber Trespass), and also appears (as a commenters on Russinovich’s blog note) to violate California state law, UK law, and Australian law. Arizona’s anti-spyware law doesn’t seem to apply. Russinovich’s detailed step-by-step analysis may be found here. Don’t purchase CDs with such irresponsible and sleazy DRM software. ...

I’ll be speaking next week at Arizona State University’s “Computer Security Awareness Week” on the above topic. My talk is on Wednesday, November 2 at 11 a.m. at the Polytechnic Campus in Union Ballroom C, and will be followed by Erik Graham of General Dynamics speaking on Wireless Security. I’ve been told to be as technically detailed as I like, though I think this is a problem which is in greater need of having its economic aspects addressed, in order to drive the implementation of the existing technical solutions. Bruce Schneier has suggested that ISPs need to be held liable for malicious traffic they originate; I’d amend that to say that they should be held liable to the extent there are commercially reasonable measures to prevent, detect, and respond to such traffic and they don’t do it. I agree with Schneier that the ISPs whose end users have compromised machines are in the best position to address the problems those compromised machines create–along with the manufacturers of the operating systems they run. ...

The Electronic Frontier Foundation has published information about tracking codes printed in every document by laser printers from Xerox, Canon, Brother, Dell, Epson and other companies. These codes, which have been decrypted for one model of Xerox printer, indicate the date and time the document was printed and the serial number of the printer. The codes have apparently been in effect for at least a decade.

InfoWorld: A financial dispute between two major Internet backbones has led to dropped traffic between their networks, a high-stakes game of chicken that’s angering customers affected by the network disruptions. Early Wednesday morning Level 3 Communications Inc. terminated its “peering” agreement with Cogent Communications Inc., a step Level 3 says it took after months of fruitless negotiations. This has had no effect on customers of any tier-1 providers other than Level 3. It only affects customers (and customers of customers, ad infinitum) who purchase service only from Level 3 or Cogent, without purchasing transit service from someone who has reachability to the other. Tier-1 providers are those that connect to each other (to all other tier-1’s) with settlement-free interconnections (SFI); these include MCI, AT&T, Sprint, Qwest, Verio, and Global Crossing. Part of the agreement is usually that the amount of traffic passed in each direction is on a par–the reason for entering into such an arrangement without exchanging money is that the connectivity is considered of equal value to both parties. To quote a paper by Geoff Huston, The bottom line is that a true peer relationship is based on the supposition that either party can terminate the interconnection relationship and that the other party does not consider such an action a competitively hostile act. If one party has a high reliance on the interconnection arrangement and the other does not, then the most stable business outcome is that this reliance is expressed in terms of a service contract with the other party, and a provider/client relationship is established. If a balance of mutual requirement exists between both parties, then a stable basis for a peer interconnection relationship also exists. Such a statement has no intrinsic metrics that allow the requirements to be quantified. Peering in such an environment is best expressed as the balance of perceptions, in which each party perceives an acceptable approximation of equal benefit in the interconnection relationship in their own terms.Cogent, unlike Level 3, is not a tier-1 provider; they purchase transit from Verio in order to get to Sprint and AOL, among other places. Cogent has applied filters to announcements of their routes to their transit providers for all of its peers, so that traffic to those peers can only go over the links where they don’t pay for traffic (the peering links) rather than the ones where they do have to pay (the transit links). Level 3 has apparently decided that it is not getting as much as it’s giving from the peer relationship with Cogent, and so has ended it, with 75 days notice. This is a situation which Cogent could rectify by entering into a customer relationship with Level 3 or by removing their filters on Level 3 to use a transit provider such as Verio to reach Level 3. This is a scenario that either party has the power to resolve–Level 3 by allowing peering from Cogent (which they have already clearly indicated is not a high priority for them); Cogent by purchasing service from Level 3 or reaching Level 3 by purchasing IP transit from someone else. Cogent has been caught in this situation at least three times previously–it was depeered by OpenTransit (France Telecom) on April 14, 2005. Cogent gave in on April 17 by removing its filters that prevented traffic to OpenTransit from going across transit links. Teleglobe apparently attempted a similar move, but after paying Savvis for transit to resolve the issue, decided the peering was worthwhile. Back in 2002, AOL ended its peering with Cogent. So of these three peering battles, Cogent lost two and won one. It’s possible that Cogent generates more outbound than inbound traffic on its peering connection with Level 3; that kind of imbalance can be caused by, say, Cogent having more websites than individual customers on its network. Websites receive very small requests for pages, and send back very large amounts of data (web pages, images, streaming audio and video). Individual customers typically send out small requests (for web pages or files to download) and receive back large amounts of data. Peer-to-peer traffic can have high volume in either direction, but tends to cancel out since it’s usually between individual customers. (UPDATE: Cogent denies that this is the case, saying that their inbound and outbound traffic with Level 3 was balanced.) Cogent has been aggressive in price reductions on IP transit costs, allowing them to take customers from providers that they peer with; this is also being attributed as a reason for Level 3 to want to depeer with them. It remains to be seen who will blink first this time. We may see calls for government regulation to address this issue, but those who have lost connectivity should complain to their upstream providers; those complaints will pass up to either Level 3 or Cogent. (And, if you are one of those affected, that means your provider is not purchasing sufficient connectivity to be able to withstand an issue like this.) UPDATE (July 25, 2008): It was Level 3 that blinked first (back in 2005; I neglected to update this post), and as of June 2008, Cogent is no longer buying transit from anyone, joining the ranks of tier-1 providers. ...