Black Hat Keynote: Cybersecurity Is Enemy Of Progress
In This Issue:
1. Editor's Note: DRM Scorecard: Hackers Batting 1,000, Industry Zero
2. Today's Top Story
- Richard Clarke: Computers Are Best Friend Of Progress, And Security Its Worst Enemy
- Apple Issues Giant Patch; Fixes iPhone At Eleventh Hour
3. Breaking News
- Qwest Reports Income Gains As CEO Paves The Way For New Leader
- Consumer Electronics Revenue Growth Slows; Lower Prices Are Blamed
- IBM Consolidates Its Own Data Centers
- 29 Companies Selected For $50 Billion Federal IT Contract
- Data Center Blackout In San Francisco Caused By A Bug
- FCC Airwave Auction Rules Praised For Supporting Openness
- Lufthansa, T-Mobile Eye Internet Access For Long Flights
- Microsoft Releases Mac-Friendly Tools For Vista, Office 2007
- Microsoft Patent: Biometric Recognition Used To Personalize Ads
- In A Big Win For HP, Wal-Mart Chooses Neoview Data Warehouse
- War-Driving Pornographic Spammer Escapes Jail Time
- Salesforce.com CEO Selling Off 20,000 Shares Per Day
4. The Latest Security Blog Posts
- Terrorism In Second Life? Give Me A Break
- Cybercriminal Innovation Will Continue To Drive The IT Security Market
5. Job Listings From TechCareers
6. White Papers
- Enterprise Security And Compliance Through Identity Log Monitoring
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription
Quote of the day:
"You don't get anything clean without getting something else dirty." -- Cecil Baxter
1. Editor's Note: DRM Scorecard: Hackers Batting 1,000, Industry Zero
Forget the moral questions: Whether the millions of kids who load up their iPods from LimeWire are thieves, or whether there's something incongruous about Sheryl Crow, a millionaire many times over, railing against piracy. When you look at the technology, there's no getting around the fact that DRM is an abject failure. I put together a scorecard that shows that every single significant attempt at consumer-music DRM has been cracked. Here it is:
The 10-year-old Content Scrambling System employed on early DVDs is such a technological relic at this point that CrunchGear recently reported this: "According to the Finnish courts, CSS is so weak that it doesn't even count as a protective measure anymore."
In a game of iPod cat and mouse, the DRM system used in iTunes' music has been repeatedly cracked and then "fixed" by Apple. Last fall, the cracking program called QTFairUse6 had been updated so it could continue to perform its DRM-stripping duties within hours after Apple released iTunes 7.
There's been no update from the Advanced Access Content System people on the cracking of their AACS DRM, which is used in the new high-definition HD DVD and Blu-ray DVDs, since May 7. That was the date the AACS publicized its response to the news that the crack of its DRM had been widely posted on the Web, saying it had "requested the removal solely of illegal circumvention tools, including encryption keys, from a number of Web sites."
In response to the crack, AACS-compliant vendors are apparently looking at both key revocation and the use of digital watermarks as the answer to their problems. Hey, why don't they just take a page from a World War II movie and issue a daily codebook?
Windows Media DRM: Cracked
The widely circulated crack comes in the form of a program called FairUse4M. The first iteration of this crack worked with Windows Media Player 10 under Windows XP, but for a long time wouldn't work on Vista. Alas, FairUse4M has now been updated to crack WMP11 running on Vista.
Most recently, the cracking of Windows Media DRM has thrown a bit of a monkey wrench into the BBC's plans to release its iPlayer. However, like true Brits, they're soldiering on and releasing it, possibly convinced that it's not much use worrying about what those stupid Americans are up to with their software schemes, anyway.
Sony-BMG Rootkit: Busted
The big DRM scandal of 2005, this one wasn't so much cracked as it was kicked to the curb. The unhappy recap: A bunch of Sony CDs were equipped with either XCP or MediaMax copy-protection software. Unbeknownst to users, XCP installed concealed software ("rootkits") on users' PCs. MediaMax sent user info over the Internet. The whole mess was a big scandal for Sony, resulting in a spate of legal activity, the most recent instance being a suit filed by Sony against the developer of MediaMax.
The one major online music DRM technology about which I couldn't find any definitive cracking information is Rhapsody DNA, used by the RealNetworks subscription music service. Regardless of the status here, since Rhapsody, while nice, isn't rocking the online music world, I think it's safe to say I've made my point.
What do you think? Are the hackers winning? Does industry stand a chance? Read my blog for more on this topic, and make sure to post your feedback, too.
On the go?
See InformationWeek's daily breaking news on your mobile device, visit wap.informationweek.com and sign up for daily SMS notifications.
----- The latest research, polls, and tools -----
The concept has been the "next big thing" for a long time. But as with a lot of innovative technologies, time brings improvements in the products and the business benefits, as well as some interesting new players. Learn how more than 300 companies are deploying unified communications and VoIP in this new report by InformationWeek Research.
Benchmark Your Compensation
Learn how your pay compares to that of your peers with our free and confidential online tool. Featuring more than 20 job functions and tracking IT compensation across 20 metropolitan areas, InformationWeek Research's 2007 IT Salary Adviser makes it easy to compare your salary and compensation.
Terrorism In Second Life? Give Me A Break
Here in America, we have our share of stupid journalism, but we have trouble competing in the global market. For evidence, I point you to an article in The Australian about terrorists in Second Life.
Enterprise Security And Compliance Through Identity Log Monitoring
Well-structured IT user management is crucial for minimizing operational risk and protecting data. Companies that do not control IT resource usage are inviting internal users to illicitly access confidential information. This paper explains why identity management and log monitoring are crucial for maintaining corporate security.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.