Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document-Destroying Copy Protection System

Posted by timothy on from the five-vier-tres-deux-b'boom dept.

Jeff Scarpace writes: "Defense and intelligence alums, including former Defense Secretary Frank Carlucci, are marketing a copy-protection system that works by taking control of your computer. Try to hack InTether, the creators say, and it destroys the document. Check out the article article here." Strangely, this system works only with Windows. Hmmm. Interesting too is the mention of SPOCK, or Security Proof-of-Concept Keystone.

15 of 152 comments (clear)

  1. Cool! by superid · · Score: 3

    WOM - Write Only Memory!

  2. Re:Snake oil for the 21st century! by Tackhead · · Score: 4
    There's a reason he's going to Disney and AOL, and it ain't just because they pay better.

    Note the only "military" application: Preventing casual users of turnkey systems ("Here, Sargeant. Use this machine.") from inadvertently emailing sensitive documents home.

    Note what isn't in his DOD application: Preventing highly-trained adversaries (spies) from gaining access to the data.

    Finally - the FUD factor: Multiple "snake-oil crypto" signs are here... "11 different layers", as though that makes it more secure than, say, 10 different layers? More layers mean more security, right? I mean, there are more of them! Or phrases like "white screen of death", as opposed to "if the software detects tampering, it deletes itself".

    It's a cute hack to wrap DRM in an executable and bundle it with a file for 'doze, but it's hardly worthy of the "military grade document-destroying copy protection system" kind of hype it got in the puff piece at inside.com.

    Go, Schneier, go.

  3. Why it's Windows only? by Stephen · · Score: 3
    One relatively mild step, Friedman explains, is to force you to reboot your computer. Since the fastest reboot is about six minutes [...] Forcing a six-minute pause between each attack "shifts the advantage from the offense to the defense," Friedman maintains.
    Presumably requiring a six minute reboot cycle precludes developing a Linux or Mac version.
    --
    11.00100100001111110110101010001000100001011010001 1000010001101001100010011
    1. Re:Why it's Windows only? by sulli · · Score: 4
      Presumably requiring a six minute reboot cycle precludes developing a Linux or Mac version.

      Correct. A Mac version would require a twelve minute reboot.

      --

      sulli
      RTFJ.
  4. Linux is to Windows as Control is to Regulation by Bonker · · Score: 5

    The more and more content providors, be they government, entertainment or computer industry want to control information, the more and more Microsoft complies, probably more than anything to get on the government's good side. This is a disturbing trend, but sadly, not a surprising one.

    Since this system and others like it are by definition incompatible with open-source software like Linux, Linux has become the defacto standard if you want to be sure that you control your own computer and the information on it. The benifits are plain to see. You can 'hack' any document you choose and know the format for, be it a PDF (as mentioned in previous story) or something that is marked as secret, or something like the format listed here.

    Linux gives users the ability to control their information.

    Turn that around and you can see that Microsoft is building all sorts of hooks into newer versions of Windows that allow companies to try to enforce copy control and try to preserve their 'intellectual property rights'.

    Windows gives companies the ability to control their information.

    If it were this simple, it's obvious what operating system that the masses would prefer if given this choice. Unfortuneately, Linux developers have shown again and again that they have no people skills, and therefore no ability to make their software usuably by Granny and Uncle Jimbo. The vast majority of Linux software has had no usability testing whatsoever. Compare this to Microsoft Windows and MacOS, for whom usuability testing with non-technical people is a major, albeit understated part of software development.

    The onus here is on Linux developers and distributors. The software you work with and produce provides the ability to fight for freedom of information. Unfortuneately, these abilities go underused because the vast majority of computer users will never understand anything other than a simple point-and-click interface. Because Linux is a OS for hackers by hackers, the gains in information freedom it engenders will never be shared by the non-technically inclined.

    Making Linux *easier* to use may dumb down the interface, but it means more freedom for all concerned, and therefore, a sweeter victory in the information wars.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  5. simple (?) solution by Noryungi · · Score: 5

    This is a little bit more serious than my previous post...

    I can think of, at least, two or three workarounds for this:

    In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the .EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.

    Using WinICE under Windows, while executing the .EXE to "read" a file would certainly yield interesting results...

    Under Linux, mount the Windows disk with appropriate rights and use Linux equivalents.

    Cracking the encryption scheme is, of course, left as an exercise for the reader. But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?

    Additionnal brownie points will be given to the reader who determines which compiler and programming language has been used to create this little thing. (Hint: look at the end of the EXE file for informative compiler strings).

    Estimated time to crack: anywhere from 24 hours to 1 month.

    Repeat after me: security through obscurity does not work. End of transmission.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:simple (?) solution by BigMeanBear · · Score: 3

      You're not getting it, man. I used to be one of the programmers on InTether. It works on any kind of file, you will not be able to mount it under linux and copy anything out. And you can fit quite a bit in 300k. Its not normal application code, man.... didnt' you even read the article? It's all driver-type code. and one more thing, you say that security through obscurity does not work--InTether isn't a security application, its a content/document control application. At this point, there is no perfect solution for content control, but InTether is a vast step beyond anything else that exists today. none of those methods you described would even phase InTether. I should know, I was there cracking and fixing it on a regular basis.

      --
      += E
  6. this is scary... by wunderhorn1 · · Score: 3
    But is it scary enough that the general public could be convinced not to buy content that has been encrypted using this software?

    I'll assume it to be self-evident that this kind of copy-protection is Bad and Wrong. Other people can start that debate.

    We need to get some bad publicity going about this kind of technology:
    *What if the RIAA could destroy your entire CD collection by sending the correct message to your computer?
    *What if Windows crashing could destroy every book own?
    *What if the MPAA could render your home-video collection useless?

    If we're talking about digital copies of the above media with this kind of copy protection, *it could happen*
    But what if no one bought the songs or movies or books encoded with this technology? Hmm?
    Let's not let them take away our rights as we sleep!

    --
    Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
  7. Nothing new, really... by zyqqh · · Score: 3

    Back in the days of yore before I saw The Light of real OSen, my MS Word 95 would spontaneously do the same thing to random documents after some random actions. Microsoft -- half a decade ahead of the game, yet again!

    --
    // zyqqh
  8. Re:A little extreme, don't you think? by b0z · · Score: 3

    I can see this coming in handy at work as well. Any time a user sends me requirements for a project, I simply type in the wrong password...I can continue reading slashdot and kuro5hin idefinitely now. :o)

    --
    Mas vale cholo, que mal acompañado.
  9. This sounds good.... by the_crowbar · · Score: 3

    Don't worry, your documents will never fall into the wrong hands....no one will have them. Hope your backups are good.

    --
    Have you read the Moderator Guidelines
  10. A little extreme, don't you think? by rellort · · Score: 5

    The security system destroys a document if it thinks someone is trying to access it illegally?

    So what your saying is... my kid can blow up my dissertation by sitting at the keyboard and banging random keys?

    That's kind of why I password-locked my computer in the first place, fellas. :)

    --

    -- In the future, everyone will code Perl for 15 minutes. --
  11. Re:What about... by Azog · · Score: 3

    Exactly... look out, or the Turing theory of machine equivalences will become restricted information under the DMCA! (Any Turing-complete computer can emulate any other Turing-complete computer.) Heh. Teaching theoretical computer science will become illegal! Really, that's the logical end result of the DMCA.

    That would be the obvious way to break this thing... Use Wine, or VMWare, or whatever to emulate a regular Windows machine so completely that the software running on it can't tell it isn't talking to the hardware.

    Then your "virtual video card" can make copies of anything, and your "virtual sound card" can save everything to disk, and the pathetic copy management software running in the emulator doesn't know and can't stop it.

    Of course, it might be difficult to write a good enough emulator. One obvious challenge would be for the copy management software to only allow playback/display on devices with digitally signed drivers. If I understand how VMWare works, that would be a problem because VMWare uses special Windows video and sound drivers that interface to the VMware virtual machine. But that can be solved as well, by emulating the video and sound hardware and running signed drivers on it.

    The only way this stuff could ever be somewhat secure is if the software runs on sealed-box, tamper-proof, non-upgradable, un-documented hardware. That would make writing an emulator so difficult that most people wouldn't bother.

    These companies should stop wasting everyone's time and just change their business models. I, for one, would be happy to pay for a music downloading service that reliably supplied me with top-quality, high bitrate MP3s, or even better, Vorbis Ogg files. Of course, the price should be fair (i.e. low), I should be able to get just one or two songs without having to buy the whole album, and most of the money should go to the artist. One dollar per song would be acceptable to me, and the artists could make more money that way.

    But that destroys the business model of the big record labels, so they will fight it to the death... their business death or the death of our freedom, whichever is the weakest.

    Torrey Hoffman (Azog)

    --
    Torrey Hoffman (Azog)
    "HTML needs a rant tag" - Alan Cox
  12. What about... by _Marvin_ · · Score: 3

    ... running it in VMWare, then suspending the
    virtual machine and looking in the RAM file...?
    Bet they didn't think of that!
    Muahahahaha.....

    --
    "We won't use guns, we won't use bombs, we'll use the one thing we've got more of and that's our minds" - Pulp
  13. Re:Excellent! by jimhill · · Score: 4

    Ah, but you are missing the point that anti-DMCA people like me are trying to hammer home: this software will NOT allow legitimate, beneficial fair uses. The entire driving force behind the content industry's search for the perfect digital-rights management scheme is that digital control over digital content finally delivers the holy grail of pay-per-use into their hands. All they need is one or two more laws and maybe an object lesson or two wherein Norwegian teens or magazine publishers are slapped down by the bought guns of government to make their long-deferred dream a reality.

    If I pay for a book or recording, I have an absolute and irrevocable right to do what I want to with it within my home. If I want to print a million copies and use the paper to insulate the house in winter, I have that right. Technology allows the publisher -- generally not the author, I might add -- to abridge my right. You'll pardon me if I don't get excited at that prospect.

    Caught between a rock and a hard place: between distaste for those who would trade in copyrighted material without paying the creator his due and my utter loathing for the corporate swine whose millions have subverted the very government that allegedly exists to serve the people who feed the corporate machine.

    --
    Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus