Domain: classicbeta.com
Stories and comments across the archive that link to classicbeta.com.
Comments · 11
-
"Remote Attestation" and content access monopoliesDon't just go after Sony. The REAL THREAT comes from the operating vendors themselves.
ALL third party and more importantly operating system based DRM puts the user at greater risk. If the DRM code itself is not exploited then there are always new vulnerabilities being discovered in the media players and browsers used to play and display encoded content.
August 02, 2005 "Remote Attestation" and content access monopolies
Remote Attestation" and content access monopolies
The Trusted Platform Module provides the hardware functionality for digital rights software to provide effective remote attestation and digital key withholding.
Both Microsoft and Apple have plans for media-digital-content-viewers that, at the request of a digital content provider, will not allow the user to view or access specific digital content if the operating system has been modified in certain ways.
Because, for the foreseeable future, it is impossible for the digital rights management software to detect if an individual modification to a particular subsystem is hostile to the goals of the demanded digital rights, all software and subsystems relating to the operating system with storage and input to display will have to be digitally signed by Microsoft or Apple before it can be accepted by the DRM subsystem. Microsoft and Apple are effectively locking the user out from changing parts of the operating environment.
Because it is possible for hackers to read digital keys used to encrypt content direct from the computer's memory, the operating system has to be built with the ability to lock the user from being able to access pages of memory used by the mediaplayer and digital rights management system.
OS based Digital Right Management systems are based on the principle of locking the owner of the computer out of the ability to access sections of memory and disk space used by the DRM mediaplayer systems.
Locking the owner out of parts of the computer has become a major security issue.
Microsoft's Mediaplayer, Active-X ( still used with some DRM ), Real's realplayer, Adobe's PDF viewers, Apple's Quicktime and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities.
OS based DRM combined with TPM based encryption along with enviable future vulnerability holes in media access offers the malware/virus/worm creator the ability to hide a virus from any antivirus tool or live forensic analysis. Existing stealth viruses already have ability to hide the modifications it has made to files, going undetected by antivirus programs. DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, keep it hidden from any forensic analysis.
Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release. The focus on the code use d in such systems also comes to the attention of malware/virus creators. The same holes discovered by those who just want to freely access content may possibly also be abused by those wanting to crack into your computer. Similar holes in other types media viewers, the webbrowser and email programs, are increasingly being used for criminal gain by phishers and spyware makers.
Some vendors reportedly have in the past purposely left backdoors in the source code to allow access by US intelligence agencies. This has not only become a major issue for other countries who fear spying, since discovered backdoors quickly become the criminal's frontdoor i
-
I am amazed....
It is amazing that anybody buys this crap. TPM chips are on the motherboards of Intel based Macs. The Intel Dev Kit makes heavy use of TPM to keep the OS from being run on unauthorized computers. As some of you may have heard, an image of the Intel Developers Kit (includes OS X 10.4.1 install) leaked onto the web. There are a number of fake releases - but this particular one is real and the community has been dissecting it rather heavily. Here is their rebut to this specific article:
Classic Beta's Rebuttal of the claims in this article.
I suggest everybody take the time to read this. Yet again we have a slashdot article which not only is wrong but being defended by a bunch of goons who can't be bothered to find out the truth for themselves.
/me sighs.... -
Re:Market opening indeed
Apple won't be the "only", in fact they won't even be one at all. This is because this slashdot article is blatantly wrong; Apple's new x86 macs DO use DRM. They have the TPM chips on the motherboard. They have TPM-related kernel calls. THE OS WILL NOT PROPERLY RUN WITHOUT THE TPM CHIP.
Here is OSx86's official rebuttle saying why this "no DRM in macs" is a load of crap:
http://www.osx86.classicbeta.com/wiki/index.php/Re buttal -
Proof that developer systems use TPMThe photo of the TPM chip on the motherboard shows that the motherboard has TPM, but of course that doesn't mean that the OS actually uses it. You might think that Apple chose that motherboard for other reasons and it just happened to have that chip on it.
Unfortunately that is not so. The kernel has a driver for TPM and Rosetta (the PPC emulator) uses that driver. Take a look at the proof.
-
Bad journalism?
We break it down and let you decide:
#OSx86 Response.
Also be sure to check out the updated TPM Resource Center and take a look at the chip information while you're at it. -
Bad journalism?
We break it down and let you decide:
#OSx86 Response.
Also be sure to check out the updated TPM Resource Center and take a look at the chip information while you're at it. -
Another example of a LIE
There is actually hardware and software proof of DRM in the test machines. This whole story is just made up. You can find all sorts of DRM evicence here:
http://www.osx86.classicbeta.com/wiki/index.php/Ma in_Page -
Becuase Slashdot Editors Are Cowards
We can now confirm that the DVD that was included with the Developer Transition Kits has leaked and has been placed on a major torrent site with the name of "Apple.OS.X.x86.Developer.Kit.Install.DVD-pheNIX.
" According to sources, the DVD image is in .dmg format and an NFO was included. Of course, we can only assume that this DVD will not immediately be ready to install on x86 machines, as it still incorporates SSE3 and the TPM. http://www.osx86.classicbeta.com/wiki/index.php/Ma in_Page/ Source -
Becuase Slashdot Editors Are Cowards
We can now confirm that the DVD that was included with the Developer Transition Kits has leaked and has been placed on a major torrent site with the name of "Apple.OS.X.x86.Developer.Kit.Install.DVD-pheNIX.
" According to sources, the DVD image is in .dmg format and an NFO was included. Of course, we can only assume that this DVD will not immediately be ready to install on x86 machines, as it still incorporates SSE3 and the TPM. http://www.osx86.classicbeta.com/wiki/index.php/Ma in_Page/ Source -
"Trusted Computing chips on the board"
The guys over at OSx86 figured out several days ago that some of the important parts of the OS were already utilizing the TPM. It's interesting to see how this article confirms it - by seeing it's detection in Windows!
-
DVD leak when?
So when will the DVD leak and I'll be able to see hackers working on getting it to run on regular x86-machines at http://www.osx86.classicbeta.com/ ?
:)