Domain: safenet-inc.com
Stories and comments across the archive that link to safenet-inc.com.
Comments · 13
-
Re:That's why nobody sensible wants them
If you were to encrypt the data a rest, where would you store the key?
- On a smartcard incorporated into an authorized employee's badge...
- On a HTTPS server that only utilizes individually assigned PKI certificates for access...
- On a windows share of an 802.1x network that requires credentials and encryption to access...
- On a USB token issued to an authorized employee...
- On a server that will only make it available with a one-time password provided via employee cell phone...
- etc.
-
Sentinel Key (Dongle)
http://www.safenet-inc.com/
Many, many, MANY industrial software companies use hardware copy protection. You can build several layers of copy protection around and in lieu of the key (in case a dongle emulator come around).
The software company I worked for used them ($10-15k per copy of the software) and my little print shop computer has 5 plugged in as I type this. Pretty common stuff, and way better than DRM, which just pisses your customers off. They key, at least, makes sense to them; just make sure to inform them that it is the heart of their software; it should be insured against damage, loss, and theft (otherwise, all your customers could claim they "lose" their key every time they need a new copy of the software). -
Media Sentry is not dead in the US.
Articled headline is misleading if not completely wrong. MediaSentry is not dead, and the MPAA is still using it. They're just masquerading as "Safenet DMCA". But, it's still the same company. But now they're attempting to escape the horrible PR associated with the name MediaSentry. Exactly like the name of Gator was changed to Claria in an attempt to avoid allegations of spyware that were largely accepted as true.
MediaSentry lives on in the US and ISPs are still bowing to their scare tactics and threat letters, typically this means immediately punishing their customers without due process and based solely on the allegations of SafeNet DMCA/MediaSentry.
-
Re:Why still 'MediaSentry'
Considering I don;t really give a damn, and wont bother to invesitage further, I find it interesting that A: There's no Wiki, and B: On the MediaSentry wiki, it says they were hired for this, and C: http://www.mediasentry.com/ does not redirect to http://www.safenet-inc.com/ it only mentions that SafeNet now owns MediaSentry, but MediaSentry still exists as a company.
That's why I prefer Uncyclopedia! Far superior for serious research! Here's the Safenet wiki!
-
Bunch of clods.
Day by day it seems that slashdot crowd is just a bunch of bigots. Anything Microsoft does is bad. Anything Google/Linux foundation does is good. Even Apple is cool. DRM is bad and hence SafeNet is bad as well. Getting back to the original story, it is interesting to see the referenced article in the poster. How about this article here http://www.drmwatch.com/drmtech/article.php/3763781 I guess this gives you some insight as which division of SafeNet is working on what. Further, SafeNet does own MediaSentry. But there is more to SafeNet than just MediaSentry. In other news this might be interesting as well. http://www.safenet-inc.com/mykotronx/ . Oops shudder Oh Boy I know I am going to be flamed for this.
PS. Now that I have tried to swim against the tide, the bloody "preview" button says "You failed to confirm you are a human. Please start from the beginning and try again. If you are a human, we apologize for the inconvenience." -
Re:Why still 'MediaSentry'
Just call them what they are and reference the fact that they are in fact that company that used to be called MediaSentry.
Oh, I get it, so you'd rather it was "SafeNet (Formerly Known As MediaSentry)"... What difference does it make? I'm sure a lot of people still refer to them as MediaSentry, either because they prefer to, or because they still think it's called that, internally and publicly, most likely because that is what it is still called.
Besides, there's no Wiki for SafeNet yet, only a line: "SafeNet - Owner of the online investigative company MediaSentry."
Considering I don;t really give a damn, and wont bother to invesitage further, I find it interesting that A: There's no Wiki, and B: On the MediaSentry wiki, it says they were hired for this, and C: http://www.mediasentry.com/ does not redirect to http://www.safenet-inc.com/ it only mentions that SafeNet now owns MediaSentry, but MediaSentry still exists as a company.
-
Re:Dongle Almighty!Not to mention that no one would just use the USB block device driver -- they would all require that you install slightly different, conflicting drivers to read their USB dongles.
You act like this is hypothetical. It's not.
We have two of those dongles for our CAD software packages, in addition to multiple authorization codes, the first set of which only lasts for 30 days (when we upgraded from parallel to USB dongles, they wanted to make sure we returned the old ones).
-
Re:Microsoft has blundered badly
On a separate note, wouldn't it be easy to manufacture counterfeit dongles?
I don't think it would be easy but of course I bet it could be done. It still would be much more difficult for the average joe to buy a counterfeit dongle rather than just get an activation key from somewhere. Thats what it is about, stopping the average joe, the hardcore people are not the majority so much less has to be done to worry about them.
There are some really good USB dongle makers out there that provide dongles for software protection. At my company we recently switched to WIBU Systems dongles for our forensic products and they are great. They can be used to encrypt/decrypt portions of the executables as well as to store encrypted data and are easy to setup so software will ONLY run if the dongle is plugged in. They are extremely easy to use as well. Check them out here:
http://wibu.com/wibukey.php
We previously had been using Rainbow Technologies Sentinel keys but they were a big headache. You had to have a file license tied to each individual dongle which caused many headaches when customers lost their original install discs among many other problems. Read about the Sentinel dongle here:
http://www.safenet-inc.com/products/sentinel/hardw are_keys.asp
Working with the Rainbow dongles really made me dispise dongles because people called in with problems ALL the time. After we switched to the other brand nearly a year ago I have only had ONE person call in with a dongle problem and it was because they had not installed the driver for it. My view of dongles did a 180 and I think they are great for software protection now. Another neat thing about the Wibu dongles is they can have many "slots" in them so that you don't need a separate dongle for all of the different companies software out there. If another company uses the Wibu dongles and you already have a Wibu dongle that has slots open then the new company can send you a file to reprogram your key so that it can be used for the new software as well. Granted, this hasn't really happened in my experience but at least the option is there. Another cool thing is if the software you are using is configured for it you can even "share" a dongle over a network and the licenses in it can be "checked out" so you don't have to hassle with carrying the dongles around.
Another thing is I have not heard of the Wibu dongles being cracked so they seem pretty secure in my eyes. I am sure if they were put into use at the magnatude of coming with every copy of Windows Vista that much more effort would be put into cracking them but I still think it could work since the majority of people would not hassle with ordering a counterfeit dongle and would probably end up just purchasing the software. -
Some thoughtsSlashdot Rants
First, let's get the slashdot mentality out of the way.- You're evil because all source code should be free, no matter how much blood, sweat, and tears were put into it.
- Your design is fracked and you should go out of business because you suck.
- It's technically impossible to keep code secure, so again, youre fracked.
There. That's a little better.
Two Distinctly Different Problems
Your question has an unstated assumption that might be steering you in the wrong direction. You assumed that you have to release your source code. You might not have to do that...
Application Layers
In the theoretical world, a web application has the following components:- Back-end storage system, typically some SQL server variant
- Business rules of some sort, most likely the location of the true IP of the company
- A presentataion layer such as PHP or JSP that presents/manipulates the business data
- A web server to execute the presentation layer
Given these layers, what are you willing to open up? The web server is probably already open source or an off-the-shelf purchased product. Same with the back-end storage system. This leaves the presentation layer and the business rules layer. What are your top-tier customers going to do to your application? Change the way it looks, change the way it behaves, or add missing functionality? You need to know the answers to these questions before you move on...
Licensing Models
You can license the whole mess as one big slab of source code, or maybe a bunch of loadable modules and just open source the "glue". If you open source the glue, the customers can make major changes to your application without having the source code... Look at the PDFLib libraries. They are very powerful, cross platform, and completely closed source. Can't you do the same thing? Maybe build all of your business rules into a collection of libraries and make them binary only? Then wrap them with a license key or even a hardware dongle if desired. There are several software vendors that do this for a living. Talk to them.
SAAS
If your core codebase is really "all that", why don't you look at a three-tier model? Your customers can host their own web server and database, and pay for a leased line back to your office for the business rules. There are many variations on this theme.
Other Options
You could open-source your code and copyright it so that only you could release software under the current name. Depending on whether your revenue model makes more money out of service or sales, this might actually be a viable option.
You could offer a turn-key "vendor supplied" package consisting of a pre-loaded server and hard-lock your software to that server. Sort of a Google Appliance for your app model. This way you can retain control of the platform and the customer can have your platform on their site. -
MediaSentry
Apparently (according to their website), MediaSentry was just purchased by "SafeNet Inc".
Slashdot has a new quandry -- SafeNet apparently makes Linux products.
But, on the other hand, they have a bunch of software patents (many of which appear to be devoted to doing DRM in hardware).
Good or bad, good or bad...hmm... -
MediaSentry
Apparently (according to their website), MediaSentry was just purchased by "SafeNet Inc".
Slashdot has a new quandry -- SafeNet apparently makes Linux products.
But, on the other hand, they have a bunch of software patents (many of which appear to be devoted to doing DRM in hardware).
Good or bad, good or bad...hmm... -
If security matters, don't do crypto in Linux
... or in any other general-purpose operating system on a general-purpose computer. PCs are fundamentally insecure. There are a dozen ways to spy on cryptographic operations done in them, ranging from trojans, to hardware side-channel attacks, and dozens more to get copies of keys that they store. This is just one particular attack that may permit an attacker who can't get a trojan running with sufficient privileges to spy on operations directly to obtain some key bits. But if the attacker can't do that, there are lots of other ways to get the keys. General-purpose computers are simply not trustworthy.
If security is important, you do your crypto in a secure crypto module, like the FIPS 140-2 Level 4 IBM 4758 or the Level 3 Luna SA. Or, you use a general-purpose computer with special-purpose, very simple software and then provide strict physical access control to the machine and very limited network access -- often through a serial link using a custom protocol rather than via a real network. Or you could theoretically use a general-purpose machine with a TCPA chip with a regular, general-purpose operating system that has been modified to make use of the TCPA chip and with keys tightly bound to a well-defined system software configuration. But only if you have good physical security. In many situations it's still better to use a FIPS 140-2 Level 3 or Level 4 device.
IMO, the existence of weaknesses like this in Linux, and the fact that they're widely known, is a *good* thing, because it helps convince people not to trust that which is inherently untrustworthy. We need more publicity of similar problems in Windows (and there are lots of them).
-
Re:There's always OTP
You're absolutely right. Except for the "very hard" part.
It costs about a hundred bucks to buy a good (secure) random number generator. Noisy diodes, for instance, work great. Hell, taking photos of lava lamps works, too.
QRNG
SafeXcel
VIA C3 RNG