Tag: Security
-
SonyBMG DRM Customer Survival Kit
Here’s a handy bag of tricks for people whose computers are (or might be) infected by the SonyBMG/First4Internet rootkit DRM. The instructions here draw heavily from research by Alex Halderman and Mark Russinovich. This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about…
-
SonyBMG "Protection" is Spyware
Mark Russinovich has yet another great post on the now-notorious SonyBMG/First4Internet CD “copy protection” software. His conclusion: “Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall.” Here’s how the uninstall process works: The user somehow finds the obscure web page from which he can request…
-
SonyBMG and First4Internet Release Mysterious Software Update
SonyBMG and First4Internet, the companies caught installing rootkit-like software on the computers of people who bought certain CDs, have taken their first baby steps toward addressing the problem. But they still have a long way to go; and they might even have made the situation worse. Yesterday, the companies released a software update that they…
-
CD-DRM Rootkit: Repairing the Damage
SonyBMG and First4Internet are in the doghouse now, having been caught installing rootkit-like software on the computers of SonyBMG music customers, thereby exposing the customers to security risk. The question now is whether the companies will face up to their mistake and try to remedy it. First4Internet seems to be trying to dodge the issue.…
-
CD DRM Makes Computers Less Secure
Yesterday, Sysinternals’s Mark Russinovich posted an excellent analysis of a CD copy protection system called XCP2. This scheme, created by British-based First4Internet, has been deployed on many Sony/BMG albums released in the last six months. Like the SunnComm MediaMax system that I wrote about in 2003, XCP2 uses an “active” software-based approach in an attempt…
-
Tax Breaks for Security Tools
Congress may be considering offering tax breaks to companies that deploy cybersecurity tools, according to an Anne Broache story at news.com. This might be a good idea, depending on how it’s done. I’ve written before about the economics of cybersecurity. A user’s investment in security protects the user himself; and he has an incentive to…
-
Cellphone Denial of Service
A new paper by Enck, Traynor, McDaniel, and La Porta argues that cellphone networks that support SMS, a technology for sending short text messages to phones, are subject to denial of service attacks. The researchers claim that a clever person with a fast home broadband connection could potentially block cell phone calling in Manhattan or…
-
Secure Flight: Shifting Goals, Vague Plan
The Transportation Security Administration (TSA) released Friday a previously confidential report by the Secure Flight Working Group (SFWG), an independent expert committee on which I served. The committee’s charter was to study the privacy implications of the Secure Flight program. The final report is critical of TSA’s management of Secure Flight. (Besides me, the committee…
-
Secrecy in Science
There’s an interesting dispute between astronomers about who deserves credit for discovering a solar system object called 2003EL61. Its existence was first announced by Spanish astronomers, but another team in the U.S. believes that the Spaniards may have learned about the object due to an information leak from the U.S. team. The U.S. team’s account…
-
Acoustic Snooping on Typed Information
Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you…