Tag: Security
-
RIAA Says Future DRM Might "Threaten Critical Infrastructure and Potentially Endanger Lives"
We’re in the middle of the U.S. Copyright Office’s triennial DMCA exemption rulemaking. As you might expect, most of the filings are dry as dust, but buried in the latest submission by a coalition of big copyright owners (publishers, Authors’ Guild, BSA, MPAA, RIAA, etc.) is an utterly astonishing argument. Some background: In light of…
-
How Watermarks Fail
I wrote Wednesday about Randy Picker’s suggestion of using digital watermarks to embed users’ personal financial information into media files, to discourage users from sharing the files. Today, I want to talk more generally about watermarks and how they tend to fail. First, some background. Watermarks are subtle signals embedded in the background of media…
-
Mistrust-Based DRM
Randy Picker has an interesting post on the Chicago Law Faculty blog, describing what he calls “mistrust-based DRM”. The idea is that when an online music store gives you a song, it embeds into the song a watermark that contains your credit card number, or some other information that would let a (dishonest) person spend…
-
Software Security: Creativity in a New Discipline
This is the last excerpt from my new book, Software Security: Building Security In. This might be a good time to buy the book. Creativity in a New Discipline We are experiencing a time of great creativity in computer security and must seize the opportunity presented by our current situation while we can. The diversity…
-
Software Security: A Case Study
Here is another excerpt from my new book, Software Security: Building Security In.. An Example: Java Card Security Testing Doing effective security testing requires experience and knowledge. Examples and case studies like the one I present here are thus useful tools for understanding the approach. In an effort to enhance payment cards with new functionality—such…
-
Software Security: The Badness-ometer
Here is another excerpt from my new book, Software Security: Building Security In. Application Security Tools: Good or Bad? Application security testing products are being sold as a solution to the problem of insecure software. Unfortunately, these first-generation solutions are not all they are cracked up to be. They may help us diagnose, describe, and…
-
Software Security: The Trinity of Trouble
[Ed Felten says: Please welcome Gary McGraw as guest blogger for the next week. Gary is CTO at Cigital and co-author of two past books with me. He’s here to post excerpts from his new book, Software Security: Building Security In, which was released this week. The book offers practical advice about how to design…
-
Sony CD DRM Paper Released
Today Alex and I released our paper about the Sony CD DRM episode. This is the full, extended version of the paper, with a bunch of new material that hasn’t been published or posted before. As an experiment, we posted draft sections of the paper here and asked readers for comments and feedback. The experiment…
-
Secure Flight Mothballed
Secure Flight, the planned next-generation system for screening airline passengers, has been mothballed by the Transportation Security Administration, according to an AP story by Leslie Miller. TSA chief Kip Hawley cited security concerns and questions about the program’s overall direction. Last year I served on the Secure Flight Working Group, a committee of outside technology…
-
Report: Many Apps Misconfigure Security Settings
My fellow Princeton computer scientists Sudhakar Govindavajhala and Andrew Appel released an eye-opening report this week on access control problems in several popular applications. In the old days, operating systems had simple access control mechanisms. In Unix, each file belonged to an owner and a (single) group of users. The owner had the option to…