Microsoft are ONLY offering patent protection under very limited conditions.
Microsoft provide protection only for code they write. If the code in patented is part of what you provide or from a third party, even down to the enterprise glue code, Microsoft is not liable, even if it is based on calling Microsoft's API ( see the Timeline case ). You have to agree to let Microsoft take over your legal defence and if Microsoft prejudge that you are at all at fault then you have to agree to pay ALL damages and costs.
Cryptoviral extortion, which uses public key cryptography, is a denial
of resources attack that was introduced in [YY96a]. It is
a three-round protocol that is carried out by an
attacker against a victim. The attack is carried out via a cryptovirus that uses a
hybrid cryptosystem to encrypt host data while deleting or overwriting the original
data in the process. The protocol is as follows:
(protocol setup phase) An asymmetric key pair is generated by the virus author on
a smartcard and the public key is placed within the virus. The private key is designated as
"non-exportable" so that even the virus author cannot obtain it's bit representation.
Thus, the private key is generated, stored, and used on the smartcard.
Ideally, the smartcard will implement two-factor security: something the virus author
knows (a PIN number) and something the virus writer has (the smartcard that contains the private key).
Also, the card will ideally be immune to differential power analysis, timing attacks, etc. to prevent
the virus author from ever learning the bits of the private key. A standards-based approach
can be used, e.g., the use of an approved FIPS 140-2 level 2 or higher device (e.g., when it
is level 4 the private key will be
destroyed if the casing is breached). In the U.S. the virus author cannot be forced to bear
witness against himself or herself (Fifth Amendment) and so the PIN can remain confidential.
The purpose of this setup phase is to limit the effectiveness of seizing and analyzing the
smartcard under subpoena or warrant (competent evidence).
1) (virus author -> victim) The virus author deploys the cryptovirus.
At a later time the virus activates on what could be tens or even hundreds of thousands of machines.
The remainder
of this description will cover the protocol for just one such machine. When the virus activates,
it uses a true random bit generator (TRBG) to generate a symmetric key and initialization vector (IV)
uniformly at random. It is essential that the TRBG produce truly random bits to prevent the
symmetric key and IV from being guessed
or otherwise determined by the victim at a later date. The virus then encrypts host data
with this random symmetric key and IV (e.g., using cipher-block chaining (CBC) mode). The virus
concatenates the IV with the symmetric key and then encrypts the resulting string
using the public key of the virus author (e.g., using RSA-OAEP).
The encrypted plaintext is then held ransom. The virus notifies the victim that the attack
has occured (e.g., via a
dialog box on the victim's screen) and states that the asymmetric ciphertext
will be needed to restore the data. The virus author states his or her demands in return for
the data. The virus author and victim can send asymmetrically encrypted messages to each other
via a public bulletin board to try to preserve the attacker's anonymity. Alternatively,
digital pseudonyms and mix-networks can be used.
2) (victim -> virus author) If the victim complies by
paying the ransom and transmitting the asymmetric ciphertext to the virus author then
the virus author decrypts the ciphertext using the private key that only the virus author
has access to (the one on his or her smartcard). This reveals the symmetric key and IV that
was used in the attack.
3) (virus author -> victim) The virus author sends the symmetric key and IV to the
victim. These are then used to decrypt the data that was held ransom.
(security) The attack is ineffective if the data can be recovered from backups.
Antiviral experts cannot retrieve the private decryption key by analyzing the virus
since only the public key will be found. The importance of using hybrid encryption can
be seen from the followi
Except in this case the user has to do a bunch of things - download the EFI software from Intel, a sudo command and a reboot. While some of this can be automated, OS X won't just allow all this to be run without the user helping it along.
Substitute "user" with Malware.
Download the EFI software from Intel: Or include an copy in the malware. a sudo command: Or use an escalation of privilege vulnerability and reboot : Err, not that difficult to achive in software.
Hackers discover vulnerabilities and someone creates malware ( Worm, Trojan, Attack kit or Virus ) that screws with the BIOS settings effectively turning your DRM restricted system into a useless brick.
It is inevitable that someone mucking around trying to get their XBox360 to do something will trip the hardwired Trusted Platform Modules lock down. Effectively turning the trusted black box into a useless dead heap.
It is inevitable that this and other methods discovered will be publicly known, since the discoverer will want to warn others.
It is also inevitable this and other methods will become the basis for a widespread denial of service attack. Firstly through a fake Email campaign ( "Microsoft alert - follow these instructions to secure your XBox" or "Get Free games/porn - do this to your XBox" ) and later through viruses and networked worms embedded in Microsoft's mediaplayer formats.
Soon a worm that locks users out of their Xbox will be spread via Microsoft's Xbox live service.
Then it will be inevitable that criminals adapt the malware to display a message instructing the hapless victim how to make a payment to fix the problem. The messages would soon contain threats that their Xbox now contains contraband installed by the malware that would get the user in legal peril if they choose to take the Xbox back for repair or to the authorities. The potential rewards to the offshore cyber-criminals would far outweigh the risks.
http://itheresies.blogspot.com/2005_08_01_itheresi es_archive.html Hollywood and the recording industry hold an effective monopoly on a large section of popular content. Both Microsoft and Apple are now offering the ability to content providers to demand that users must use unmodified systems to view said content. It locks you out of parts of your system that will inevitably be abused by third parties wanting to abuse you.
The problem with high end all-in-one media center PCs is that despite the claims of the vendors, they are either unable to scale to do all the high definition media encoding/decoding/storage tasks you need at once or are very noisy due to the cooling requirements of the high end processor.
A solution is to use a rack of dedicated relatively low cost embedded systems that connect via ethernet to each other. You could purchase the components separately over time to meet your needs within your budget.
1) Network switch : Either standalone or built into the Media storage device.
2) Media storage : Either a dedicated file server appliance or an ethernet connection to your PC.
3) Digital receiver : A dedicated component that pulls content out of the airwaves and encodes it on the fly to an acceptable format. You can have multiple receivers putting content on demand into the Media storage component.
4) Digital players : Either a dedicated component or a networkable games console that pulls the content from the media storage, decodes it then puts it out to the displays.
5) Digital processors : Either a dedicated component or a networkable games console that translates content from one media format to another and possibly mixes it with other digital content [slashdot.org].
The point is that the above system using freely deployable Linux and commonly used network standards such as http,NFS and SAMBA could scale to meet your desires. You want to record multiple channels of content at the same time? Just add another digital receiver. You want to expand your storage capacity? Just upgrade the hard drives or just purchase another fileserver.
The market potential is larger for rackable systems than it is for standalone media PCs.
Now that Microsoft is getting into the signiture and behavour based antivirus industry, maybe Symantic could turn its patten matching technology to checking source code instead of binaries.
New Zealand has a higher ratio of non-European population, it also has lower socio-economic areas, a vibrant hip hop community and similar ratio of illicit drug abuse to the USA. It does not suffer anywhere near the proportion of gun related crimes in comparison.
I have relatives who live out in the country who can expect at minimum of at least an hour response time from the police. In the same area there have been at least two cases of home invasion by burglars, with one elderly couple being brutally beaten to the point where the husband died soon afterwards. The local police quietly recomended that people in the area should expect to defend themselves.
llegal drugs are at least a big of a problem as copyright violation in the world today. In fact many of the artists promoted by Hollywood and the American recording industry include many positive drug related references in their scripts and lyrics. So the question is : Would you endorse forced illicit drug testing for all artists, actors and executives involved in content production?
Over 11,000 people die in America each year at the hands of gun violence. The USA has the highest murder rate in the developed world. So the question is : Would you endorse taking away the legal capability of all Americans to bare arms?
In the USA there are over 12,000 speeding-related traffic deaths per year. The technological capability exists to install a "governor" in every new automobile which would deny the driver the ability to exceed the speed limit. So the question is : Would you endorse restricting access to roads and highways to only vehicles that have such a speed restriction system installed?
( If the questioned person says yes to any of the above then pass the quote along to the Hollywood/recording/NRA/automobile media, bloggers and lobby groups etc)
Spam advertising and spyware has become a major problem for computer users. The DRM capability that Intel is offering to content providers would also be available to those wanting to abuse those same user restrictions. Intel is effectively offering the ability to hide malicious content or deny access to content needed to gather evidence for the basis of a complaint. So the question becomes: Why are you offering up this ability to content providers when it denies the owners of the computer the ability to protect themselves?
Whether it is a war on drugs, gun, or road crime restrictive and technological solutions that lock the end users out of the ability to make personal decisions perform actions are effectively a fundamental violation of a person's civil rights, even if taking that action could violate the law of the land.
Even though illicit drug consumption is against the law, wholesale drug testing would be seen as a violation of a persons right to privacy. In fact most American courts would not accept evidence gathered though such an action.
Even though gun related crime is a major problem, taking away the right for any citizens to bare arms would leave them at risk from criminals who would ignore the law as a matter of course.
Even though speeding is a major problem, there are cases it is needed for safety. Overtaking vehicles may require the driver to exceed the speed limit to safely avoid oncoming traffic. Also there are rare cases, such as transporting someone requiring urgent medical treatment, where the even the courts have found that exceeding the speed limit was preferable to the affected person's demise.
While making a copy of copyrighted content may seem trivial in comparison to the examples in the above three paragraphs, remember that Intel along with Adobe and Microsoft is talking of offering this same DRM technology for business, legal and even governmental documents. The ability to blow the whistle on suspect dealings, and pass copies along to the press and even authorities, may be severely restricted in the future.
So the final question to everybody has become: Why should the consumers and citizens have to put up with DRM restrictions on their general purpose computers that they own?
[12] Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existance of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.
The term fourth estate is frequently attributed to the nineteenth century historian Carlyle, though he himself seems to have attributed it to Edmund Burke:
Burke said there were Three Estates in Parliament; but, in the Reporters' Gallery yonder, there sat a Fourth Estate more important than they all. It is not a figure of speech, or a witty saying; it is a literal fact,.... Printing, which comes necessarily out of Writing, I say often, is equivalent to Democracy: invent Writing, Democracy is inevitable...... Whoever can speak, speaking now to the whole nation, becomes a power, a branch of government, with inalienable weight in law-making, in all acts of authority. It matters not what rank he has, what revenues or garnitures: the requisite thing is that he have a tongue which others will listen to; this and nothing more is requisite.
... Windows administrators should be aware that if a user, even one running with a limited account, can execute just one program of their choice that they also can circumvent many group policy settings, including ones aimed specifically at tightening security such as Software Restriction Policies and Internet Explorer Zones....
... It's also important to note that the ability of limited users to override these settings is not due to a bug in Windows, but rather enabled by design decisions made by the Microsoft Group Policy team.
Hey CmdrTaco and Roblimo! Want to help Wikipedia and at the same time deliver more page views to your advertisers?
wiki.slashdot.org : WikiSlashdot
Add a Wiki plugin to slashode and host it on slashdot.
This it will attract the trolls away from Wikipedia and introduce a persistant layer to the debate that takes place on slashdot.
Individual changes could be moderated just like on slashdot and the user could elect to ignore changes with a low score.
The realization that to get DRM'ed content will require you to do so though Windows XP and/or Microsoft...
[ With deepest apologies to Mark Knofler and Dire Straits ]
"Money for Microsoft" by Dire Warning
Sung by Steve Ballmer, backing by Bill Gates
You must buy...
You must buy Win-XP
You must buy...
You must buy Win-XP
You must buy...
You must buy Win-XP
You must buy...
You must buy Win-XP
Now look at them bozo's that's the way you do it
You lock them always on the Win-XP
That ain't workin' thats the way we do it
Money for Microsoft from Dot Net usage fees
Now that ain't workin' thats the way we do it
Lemme tell ya them guys are dumb
Maybe get a licence on your little desktop
Maybe get a licence on everyone
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
Look at that, look at that
See the little Win-Troll spreading spin we makeup
Yeah buddy thats our own fear
That little Win-Troll got them always complain'
That little Win-Troll makes us billionares
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
They shoulda learned to use the Linux
They shoulda learned to use them Macs
Look at that user, we got it stickin' to the customer
Man we could have some fun
And their down there, whats that? Protesting noises?
Plannin' on me dancing like a chimpanzee
That ain't workin' thats the way we do it
Get the money for Microsoft get our usage fee
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
That ain't workin' thats the way we do it
You lock them always on the Win-XP
That ain't workin' thats the way we do it
Money for Microsoft from the license fee
Money for Microsoft from subscription fees
Don't just go after Sony. The REAL THREAT comes from the operating vendors themselves.
ALL third party and more importantly operating system based DRM puts the user at greater risk. If the DRM code itself is not exploited then there are always new vulnerabilities being discovered in the media players and browsers used to play and display encoded content.
Both Microsoft and Apple have plans for media-digital-content-viewers that, at the request of a digital content provider, will not allow the user to view or access specific digital content if the operating system has been modified in certain ways.
Because, for the foreseeable future, it is impossible for the digital rights management software to detect if an individual modification to a particular subsystem is hostile to the goals of the demanded digital rights, all software and subsystems relating to the operating system with storage and input to display will have to be digitally signed by Microsoft or Apple before it can be accepted by the DRM subsystem. Microsoft and Apple are effectively locking the user out from changing parts of the operating environment.
Because it is possible for hackers to read digital keys used to encrypt content direct from the computer's memory, the operating system has to be built with the ability to lock the user from being able to access pages of memory used by the mediaplayer and digital rights management system.
OS based Digital Right Management systems are based on the principle of locking the owner of the computer out of the ability to access sections of memory and disk space used by the DRM mediaplayer systems.
Locking the owner out of parts of the computer has become a major security issue.
Microsoft's Mediaplayer, Active-X ( still used with some DRM ), Real's realplayer, Adobe's PDF viewers, Apple's Quicktime and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities.
OS based DRM combined with TPM based encryption along with enviable future vulnerability holes in media access offers the malware/virus/worm creator the ability to hide a virus from any antivirus tool or live forensic analysis. Existing stealth viruses already have ability to hide the modifications it has made to files, going undetected by antivirus programs. DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, keep it hidden from any forensic analysis.
Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release. The focus on the code use d in such systems also comes to the attention of malware/virus creators. The same holes discovered by those who just want to freely access content may possibly also be abused by those wanting to crack into your computer. Similar holes in other types media viewers, the webbrowser and email programs, are increasingly being used for criminal gain by phishers and spyware makers.
Some vendors reportedly have in the past purposely left backdoors in the source code to allow access by US intelligence agencies. This has not only become a major issue for other countries who fear spying, since discovered backdoors quickly become the criminal's frontdoor i
GR Security includes PaX for protection against stack smashing and other similar attacks. But it also has an ACL system of it's own and limited chroot's (IE process in chroot can't touch the outside environment or other chroot's).
SE Linux is an implementation of the domain-type security model. The domain a process is in determines that access it is given. Domains can change automatically on execution of certain processes (eg getty, login, and ping) or when executing a process a SE Linux aware program can specify the security context of the child process (within a certain range), login, sshd, and cron do this.
The grsec ACL system and RSBAC don't support modifying applications to specify the security context, so they don't support giving different access to different non-root users.
I think that Grsec has better support for some aspects of IP networking control, such as controlling which IP address a process can bind to (currently SE Linux only supports controlling bind access by port).
RSBAC has lots of options for a huge number of things as they take the kitchen sink approach. You have to answer about 40 questions at kernel configuration time, and it's not clear which combinations of options are viable.
Also Larry Wall, author of Perl, was originally funded by the U.S. National Security Administration (NSA) as part of the "Blacker" project ; AND
DARPA grants largely funded the development of UNIX 4.1 BSD (Berkeley Software Distribution) as well as the later development of the TCP/IP networking protocols.
Browsers and internet accessing applications really need a series of targeted policies that can limit what third party extention, plugins and applet/scripting systems have access to.
Almost all plugins should only need read access to its install directory/libraries, to a dedicated subdirectory for plugin for each application, and maybe ( at the users agreement ) common incoming and outgoing directory.
Slashdot Mirror
Microsoft provide protection only for code they write. If the code in patented is part of what you provide or from a third party, even down to the enterprise glue code, Microsoft is not liable, even if it is based on calling Microsoft's API ( see the Timeline case ). You have to agree to let Microsoft take over your legal defence and if Microsoft prejudge that you are at all at fault then you have to agree to pay ALL damages and costs.
... Microsoft to design and implement any restricted code execution environment that could run web hosted hostile code?
Substitute "user" with Malware.
Download the EFI software from Intel: Or include an copy in the malware.
a sudo command: Or use an escalation of privilege vulnerability
and reboot : Err, not that difficult to achive in software.
Just substitute Apple for Microsoft, Mac for Xbox and Internet for Xbox Live in the following...
Denial Of Service - Putting people at threat:
by NZheretic (23872) on Mon 08 Aug 02:57PM (#13266481)
Complaint to the SEC about the activities arising from the SCO lawsuits
George Formby's When I'm Cleaning Windows
Stanford is also the home of the Meta-level Compilation (MC) project, a useful auditing tool for trusted build agents.
Now that Microsoft is getting into the signiture and behavour based antivirus industry, maybe Symantic could turn its patten matching technology to checking source code instead of binaries.
What evidence of origin,ownership,copyright + GPL
by NZheretic on Mon 09 June 2003.
New Zealand has a higher ratio of non-European population, it also has lower socio-economic areas, a vibrant hip hop community and similar ratio of illicit drug abuse to the USA. It does not suffer anywhere near the proportion of gun related crimes in comparison.
The ratio of gun ownership in New Zealand, Australia, Canada and the USA is roughly the same, but only the USA suffers from such a high rate of gun related crime. Why is that?
llegal drugs are at least a big of a problem as copyright violation in the world today. In fact many of the artists promoted by Hollywood and the American recording industry include many positive drug related references in their scripts and lyrics. So the question is : Would you endorse forced illicit drug testing for all artists, actors and executives involved in content production?
Over 11,000 people die in America each year at the hands of gun violence. The USA has the highest murder rate in the developed world. So the question is : Would you endorse taking away the legal capability of all Americans to bare arms?
In the USA there are over 12,000 speeding-related traffic deaths per year. The technological capability exists to install a "governor" in every new automobile which would deny the driver the ability to exceed the speed limit. So the question is : Would you endorse restricting access to roads and highways to only vehicles that have such a speed restriction system installed?
( If the questioned person says yes to any of the above then pass the quote along to the Hollywood/recording/NRA/automobile media, bloggers and lobby groups etc)
Spam advertising and spyware has become a major problem for computer users. The DRM capability that Intel is offering to content providers would also be available to those wanting to abuse those same user restrictions. Intel is effectively offering the ability to hide malicious content or deny access to content needed to gather evidence for the basis of a complaint. So the question becomes: Why are you offering up this ability to content providers when it denies the owners of the computer the ability to protect themselves?
Whether it is a war on drugs, gun, or road crime restrictive and technological solutions that lock the end users out of the ability to make personal decisions perform actions are effectively a fundamental violation of a person's civil rights, even if taking that action could violate the law of the land.
Even though illicit drug consumption is against the law, wholesale drug testing would be seen as a violation of a persons right to privacy. In fact most American courts would not accept evidence gathered though such an action.
Even though gun related crime is a major problem, taking away the right for any citizens to bare arms would leave them at risk from criminals who would ignore the law as a matter of course.
Even though speeding is a major problem, there are cases it is needed for safety. Overtaking vehicles may require the driver to exceed the speed limit to safely avoid oncoming traffic. Also there are rare cases, such as transporting someone requiring urgent medical treatment, where the even the courts have found that exceeding the speed limit was preferable to the affected person's demise.
While making a copy of copyrighted content may seem trivial in comparison to the examples in the above three paragraphs, remember that Intel along with Adobe and Microsoft is talking of offering this same DRM technology for business, legal and even governmental documents. The ability to blow the whistle on suspect dealings, and pass copies along to the press and even authorities, may be severely restricted in the future.
So the final question to everybody has become: Why should the consumers and citizens have to put up with DRM restrictions on their general purpose computers that they own?
Thanks to the Telecom monopoly almost all New Zealand ADSL has been limited to 128kbs upstream.
wiki.slashdot.org : WikiSlashdot
Add a Wiki plugin to slashode and host it on slashdot. This it will attract the trolls away from Wikipedia and introduce a persistant layer to the debate that takes place on slashdot.
Individual changes could be moderated just like on slashdot and the user could elect to ignore changes with a low score.
Could her smile be the result of one of da Vinci's inventions, ie the vibrating commode that the lady in question was sitting upon?
[ With deepest apologies to Mark Knofler and Dire Straits ]
"Money for Microsoft" by Dire Warning
Sung by Steve Ballmer, backing by Bill Gates
You must buy ...
You must buy Win-XP
You must buy ...
You must buy Win-XP
You must buy ...
You must buy Win-XP
You must buy ...
You must buy Win-XP
Now look at them bozo's that's the way you do it
You lock them always on the Win-XP
That ain't workin' thats the way we do it
Money for Microsoft from Dot Net usage fees
Now that ain't workin' thats the way we do it
Lemme tell ya them guys are dumb
Maybe get a licence on your little desktop
Maybe get a licence on everyone
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
Look at that, look at that
See the little Win-Troll spreading spin we makeup
Yeah buddy thats our own fear
That little Win-Troll got them always complain'
That little Win-Troll makes us billionares
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
They shoulda learned to use the Linux
They shoulda learned to use them Macs
Look at that user, we got it stickin' to the customer
Man we could have some fun
And their down there, whats that? Protesting noises?
Plannin' on me dancing like a chimpanzee
That ain't workin' thats the way we do it
Get the money for Microsoft get our usage fee
They gotta install Media Player
Passport Dot-Net deliveries
They gotta take these applications
They gotta take these subscription fees
That ain't workin' thats the way we do it
You lock them always on the Win-XP
That ain't workin' thats the way we do it
Money for Microsoft from the license fee
Money for Microsoft from subscription fees
David Mohring - Original author
See: A plea for relief from Microsoft's escalating anti-competitive tactics.
An open letter to antitrust, competition, consumer and trade practice monitoring agency officials worldwide.
ALL third party and more importantly operating system based DRM puts the user at greater risk. If the DRM code itself is not exploited then there are always new vulnerabilities being discovered in the media players and browsers used to play and display encoded content.
August 02, 2005 "Remote Attestation" and content access monopolies
Also Larry Wall, author of Perl, was originally funded by the U.S. National Security Administration (NSA) as part of the "Blacker" project ; AND
DARPA grants largely funded the development of UNIX 4.1 BSD (Berkeley Software Distribution) as well as the later development of the TCP/IP networking protocols.
Almost all plugins should only need read access to its install directory/libraries, to a dedicated subdirectory for plugin for each application, and maybe ( at the users agreement ) common incoming and outgoing directory.
Why It Makes Sense for Sun to Open-Source Java Libraries & Solaris Kernel
Published Jun. 6, 2004