Earlier this month, the Advanced Access Content System Licensing Administrator (AACSLA), the organization that oversees the licensing of HD-DVD and Blu-Ray video players, infuriated DRM foes by sending Digital Millennium Copyright Act takedown notices to Web sites demanding the removal of the online posts containing the compromised AACS code.
Digg, one of the sites that received a takedown notice, angered its users by attempting to censor user-submitted posts that contained the code. The site's users retaliated by posting the code faster than it could be removed and ultimately succeeded in ending the censorship effort.
In mid-April, the AACSLA said that it had "expired" cracked AACS encryption keys, requiring consumers and manufacturers to update their video players with a new key though an online download.
Discs to be released next week will be the first to blacklist compromised keys, according to J. Alex Halderman, a Princeton computer science graduate student.
But SlySoft appears to have a new key to the AACS digital lock. The AACSLA can also expire this key but it will take weeks. In the meantime, the discs on the market will be copyable.
"To be successful in the long run, AACS needs to outpace such attacks," Halderman said in a blog post. "Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don't even have to wait this long before they start to crack another player. Like SlySoft, they can extract keys from several players and keep some of them secret until all publicly known keys are blacklisted. Then they can release the other keys one at a time to buy additional time. All of this is yet more bad news for AACS."