Other
Commentary
8/1/2007
08:13 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Black Hat Keynote: Cybersecurity Is Enemy Of Progress

In This Issue:
1. Editor's Note: DRM Scorecard: Hackers Batting 1,000, Industry Zero
2. Today's Top Story
    - Richard Clarke: Computers Are Best Friend Of Progress, And Security Its Worst Enemy
    - Apple Issues Giant Patch; Fixes iPhone At Eleventh Hour
3. Breaking News
    - Qwest Reports Income Gains As CEO Paves The Way For New Leader
    - Consumer Electronics Revenue Growth Slows; Lower Prices Are Blamed
    - IBM Consolidates Its Own Data Centers
    - 29 Companies Selected For $50 Billion Federal IT Contract
    - Data Center Blackout In San Francisco Caused By A Bug
    - FCC Airwave Auction Rules Praised For Supporting Openness
    - Lufthansa, T-Mobile Eye Internet Access For Long Flights
    - Microsoft Releases Mac-Friendly Tools For Vista, Office 2007
    - Microsoft Patent: Biometric Recognition Used To Personalize Ads
    - In A Big Win For HP, Wal-Mart Chooses Neoview Data Warehouse
    - War-Driving Pornographic Spammer Escapes Jail Time
    - Salesforce.com CEO Selling Off 20,000 Shares Per Day
4. The Latest Security Blog Posts
    - Terrorism In Second Life? Give Me A Break
    - Cybercriminal Innovation Will Continue To Drive The IT Security Market
5. Job Listings From TechCareers
6. White Papers
    - Enterprise Security And Compliance Through Identity Log Monitoring
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription

Quote of the day:
"You don't get anything clean without getting something else dirty." -- Cecil Baxter


1. Editor's Note: DRM Scorecard: Hackers Batting 1,000, Industry Zero

Forget the moral questions: Whether the millions of kids who load up their iPods from LimeWire are thieves, or whether there's something incongruous about Sheryl Crow, a millionaire many times over, railing against piracy. When you look at the technology, there's no getting around the fact that DRM is an abject failure. I put together a scorecard that shows that every single significant attempt at consumer-music DRM has been cracked. Here it is:

CSS: Cracked

The 10-year-old Content Scrambling System employed on early DVDs is such a technological relic at this point that CrunchGear recently reported this: "According to the Finnish courts, CSS is so weak that it doesn't even count as a protective measure anymore."

FairPlay: Cracked

In a game of iPod cat and mouse, the DRM system used in iTunes' music has been repeatedly cracked and then "fixed" by Apple. Last fall, the cracking program called QTFairUse6 had been updated so it could continue to perform its DRM-stripping duties within hours after Apple released iTunes 7.

AACS: Cracked

There's been no update from the Advanced Access Content System people on the cracking of their AACS DRM, which is used in the new high-definition HD DVD and Blu-ray DVDs, since May 7. That was the date the AACS publicized its response to the news that the crack of its DRM had been widely posted on the Web, saying it had "requested the removal solely of illegal circumvention tools, including encryption keys, from a number of Web sites."

In response to the crack, AACS-compliant vendors are apparently looking at both key revocation and the use of digital watermarks as the answer to their problems. Hey, why don't they just take a page from a World War II movie and issue a daily codebook?

Windows Media DRM: Cracked

The widely circulated crack comes in the form of a program called FairUse4M. The first iteration of this crack worked with Windows Media Player 10 under Windows XP, but for a long time wouldn't work on Vista. Alas, FairUse4M has now been updated to crack WMP11 running on Vista.

Most recently, the cracking of Windows Media DRM has thrown a bit of a monkey wrench into the BBC's plans to release its iPlayer. However, like true Brits, they're soldiering on and releasing it, possibly convinced that it's not much use worrying about what those stupid Americans are up to with their software schemes, anyway.

Sony-BMG Rootkit: Busted

The big DRM scandal of 2005, this one wasn't so much cracked as it was kicked to the curb. The unhappy recap: A bunch of Sony CDs were equipped with either XCP or MediaMax copy-protection software. Unbeknownst to users, XCP installed concealed software ("rootkits") on users' PCs. MediaMax sent user info over the Internet. The whole mess was a big scandal for Sony, resulting in a spate of legal activity, the most recent instance being a suit filed by Sony against the developer of MediaMax.

The one major online music DRM technology about which I couldn't find any definitive cracking information is Rhapsody DNA, used by the RealNetworks subscription music service. Regardless of the status here, since Rhapsody, while nice, isn't rocking the online music world, I think it's safe to say I've made my point.

What do you think? Are the hackers winning? Does industry stand a chance? Read my blog for more on this topic, and make sure to post your feedback, too.

Alexander Wolfe
awolfe@cmp.com
www.informationweek.com


2. Today's Top Story

Richard Clarke: Computers Are Best Friend Of Progress, And Security Its Worst Enemy
The former federal counterterrorism adviser tells security pros at the Black Hat USA conference that continuing to build more of the global economy on cyberspace as it exists today is dangerous business.

Related Story:

Apple Issues Giant Patch; Fixes iPhone At Eleventh Hour
Apple was racing the clock when it released patches for iPhone bugs that researchers are planning to discuss at the Black Hat conference today.


3. Breaking News

Qwest Reports Income Gains As CEO Paves The Way For New Leader
Second-quarter income more than doubles over the previous year's, to $246 million.

Consumer Electronics Revenue Growth Slows; Lower Prices Are Blamed
Consumer electronics sales are expected to increase by 5.2% to $344 billion this year, compared with $327 billion in 2006.

IBM Consolidates Its Own Data Centers
Cost cuts of a quarter of a billion dollars are expected over the next five years through reduced energy use, software, and system support.

29 Companies Selected For $50 Billion Federal IT Contract
The winners of the contract can compete for individual government IT projects ranging from software applications to networking deployments.

Data Center Blackout In San Francisco Caused By A Bug
Backup generators at 365 Main failed to complete their start sequence because of a memory problem in the engine monitoring and control component.

FCC Airwave Auction Rules Praised For Supporting Openness
However, the commission faces criticism from business and consumer groups for neglecting wholesale licensing and other broadband access issues.

Lufthansa, T-Mobile Eye Internet Access For Long Flights
Luxembourg satellite operator SES Global and ViaSat also are involved in discussions that could lead to the implementation of Internet service in Lufthansa's planes.

Microsoft Releases Mac-Friendly Tools For Vista, Office 2007
The file-converter software lets users of the Mac version of Microsoft Office open files created in Microsoft's new Office Open XML format.

Microsoft Patent: Biometric Recognition Used To Personalize Ads
Identification could come from biometric sensors, cameras, or more traditional login methods.

In A Big Win For HP, Wal-Mart Chooses Neoview Data Warehouse
Wal-Mart's choice gives HP a much-needed endorsement of its business intelligence software play and raises questions about the retailer's relationship with Teradata.

War-Driving Pornographic Spammer Escapes Jail Time
A California man who pleaded guilty to using unprotected wireless access accounts to send out porn site advertisements was sentenced to probation and home detention.

Salesforce.com CEO Selling Off 20,000 Shares Per Day
Marc Benioff now holds roughly 14% of Salesforce.com's outstanding stock, compared with about 25% when he began selling.

All Our Latest News

On the go?
See InformationWeek's daily breaking news on your mobile device, visit wap.informationweek.com and sign up for daily SMS notifications.


----- The latest research, polls, and tools -----

Unified Communications
The concept has been the "next big thing" for a long time. But as with a lot of innovative technologies, time brings improvements in the products and the business benefits, as well as some interesting new players. Learn how more than 300 companies are deploying unified communications and VoIP in this new report by InformationWeek Research.

Benchmark Your Compensation
Learn how your pay compares to that of your peers with our free and confidential online tool. Featuring more than 20 job functions and tracking IT compensation across 20 metropolitan areas, InformationWeek Research's 2007 IT Salary Adviser makes it easy to compare your salary and compensation.

-----------------------------------------


4. The Latest Security Blog Posts
http://www.informationweek.com/blog/main/archives/security/index.html

Terrorism In Second Life? Give Me A Break
Here in America, we have our share of stupid journalism, but we have trouble competing in the global market. For evidence, I point you to an article in The Australian about terrorists in Second Life.

Cybercriminal Innovation Will Continue To Drive The IT Security Market
The creativity and ambition of cybercriminals all but ensure for years to come there will be a market not only for security technology but for individual security components provided by a multiplicity of vendors.


5. Job Listings From TechCareers

ISES, Inc. seeking SAP Plant Maintenance Business Analyst in Swiftwater, PA

Genworth Financial seeking IT Solutions Leader in Richmond, VA

[X+1] seeking Client Solutions Architect in New York, NY

ITT Corporation seeking IT Business Systems Mgr. in Fort Wayne, IN

McFadyen Consulting seeking eBusiness Project Manager in Vienna, VA

For more great jobs, career-related news, features and services, please visit CMP Media's TechCareers.


6. White Papers

Enterprise Security And Compliance Through Identity Log Monitoring
Well-structured IT user management is crucial for minimizing operational risk and protecting data. Companies that do not control IT resource usage are inviting internal users to illicitly access confidential information. This paper explains why identity management and log monitoring are crucial for maintaining corporate security.


7. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.

Visit InformationWeek's Online Marketplace to learn more about the products, technologies and companies that will help you meet your business technology needs.


8. Manage Your Newsletter Subscription

You are subscribed as #emailaddr#. To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
InfoWeek@update.informationweek.com

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2007 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.