The first time someone visits your website, you redirect them to a consent form and then if they opt out of being tracked, you just set a cookie showing that they've opted out so that you won't have to ask them again. See, problem solved.
(I say that tongue-in-cheek, but it would actually probably work if you set a "don't track" cookie which wasn't personal to them. Most grocery stores also offer non-tracking versions of their loyalty cards. My dad has one for Harris Teeter and his card number is all zeroes. That's the number they give out to everyone who asks not to be tracked. Similarly you could set a cookie which only includes an "opt-out" code which is the same for everyone opting out so that you can't track them individually.)
I'd love to testify about how I used his Nuit Du Hack talk as part of the Hardware and Media Security class this semester and why I think it's perfectly legitimate and worthwhile security research.
Sony is contending in their court filings that their private key and a text description of elliptic curve DSA together make up a "circumvention device". They're not going after him for physical devices or even source code, but for simply relaying information which, when combined with other public information can be used to sign code which will run on the PS3. They're trying to stretch the meaning of the DMCA so that even information about how to break video game console lock-in schemes is considered a DMCA violation. This is pretty clearly trying to establish a new category of criminalized speech. So, how, exactly, is that not a free speech issue?
He didn't ever post their software. He only posted their private key. Private keys are not intellectual property since they are not protected by copyright, trademark, or patent. Beyond that, the metloader key is what's used to sign new bootloaders, so using it doesn't require using Sony's software at all. It's precisely the key you need to replace Sony's software with your own. So there's nothing he's done which has violated any copyright on Sony's software. Even Sony isn't accusing him of that. What they're saying in their legal filings is that the private keys are a "circumvention device" and, hence, by distributing them he's violating provisions of the DMCA. Now, that seems to me a pretty tremendous stretching of the word "device", but that's what Sony is going with.
Also, if you can get slashdot's user database by only hacking your own computer (and not hacking slashdot's server), then yeah, I tend to think that you are entitled to do so. That's pretty unlikely, though.
As for distributing hacked PS3 firmware updates, sure, Geohot has some responsibility for that (as does Sony given that they screwed the pooch so badly on the cryptographic front that they allowed their private signing keys to become public knowledge), but that's about like blaming Albert Einstein for the bombing of Hiroshima. Geohot didn't build or distribute any of those firmwares. He just found and shared the knowledge which could be used either to do that or to do other things which are better like reenabling OtherOS or creating cool custom software for the PS3. The ultimate responsibility for the acts rests with the people who do them, not with the people who supply them with information.
I think that the next logical thing for IBM to do is spent several more millions to build a new computer which can play an effective game of Win, Lose, or Draw.
Wait, no, that's been off the air for a very long time. How about charades?
Reading the brief they've filed, it's pretty apparent that they're stretching quite a ways. The only evidence of HotFile encouraging users to upload pirated content to their servers is that HotFile encourages users to upload files which are a) heavily downloaded by others and b) large. The MPAA is asking the courts to assume that large, heavily-downloaded files must be illegal content. They make a big deal in their brief of being scandalized by the fact that HotFile is not a service for people to store their own files, as if that's the only legal thing that a website which allows people to upload files can be. That might somehow bolster their case if HotFile was claiming to be an on-line locker service, but there's no reason to believe that they will make any such claim. The MPAA also accuse HotFile of having, prepare to be shocked, an affiliate program.
It's not just that the brief they've filed doesn't contain a smoking gun: it doesn't even assert that one exists. They're accusing HotFile of being what it is: a site which facilitates the distribution of large files to a wide audience and asking the courts to declare any site which does that to automatically be illegal despite full compliance with the DMCA and no evidence that they induced users to engage in piracy. I certainly hope that the courts don't do that because it would set a terrible precedent and effectively rewrite the law to amend the safe harbor clause of the DMCA to say "except for big files which a lot of people download because those must be pirated".
Mostly, though, what all this shows is that the *AA groups are going to have to reach farther and farther. They pretty much got to write the DMCA, but now it turns out that even it doesn't go far enough for them. The problem is that they didn't foresee that sites like HotFile (ad/subscription-supported large-file distribution sites which are completely content-ignorant and have no search or index mechanism) could exist. Now that they do, they want them gone. The reason that these sites can exist and be profitable is that bandwidth and storage costs have fallen so low that a peer-to-peer model is no longer necessary. As bandwidth and storage gets cheaper and cheaper, newer types of sites will be used for piracy too. Next will probably be sites which allow you to host your own blog or other website. As storage becomes cheaper, their maximum allowed file size will reach a point where you can slap a movie up on your blog without violating the maximum file size. Once that happens, the MPAA is going to want those sites gone too. Any site or program which allows ordinary, anonymous users to host and distribute large files (for some definition of large), is going to be on their hit list.
I'm no particular fan of piracy, but you can't remove the sites which allow people to distribute pirated files for free without also removing the sites which allow artists to distribute their own albums and music videos for free because those are the same sites. The long-range eventuality of the plan the MPAA is following will be a total lock-down on any means of widely distributing large files. That's too high a price to pay for stamping out piracy.
Now look here. That video is 51 minutes long. If I spend 51 minutes watching the video before I comment, then my comment isn't going to be up at the top where the most special and important ones are. It's far more important that everyone read whatever I think about things than it is that I have something worthwhile to say. I don't have time for watching videos. Look at that first comment. Two minutes after posting. How can I compete with that if I have to watch a 51 minute video? It's not like I have the ability to stop time to watch the video. And even if I did, would the video even still work? Wouldn't the time stop probably affect the streaming video server? I don't know and just thinking about it makes my head hurt. Enough making me think, I've got commenting to do.
There are people who still have 8-track players in their cars and combine these with cassettte-adapters to people able to hook a portable CD player or mp3 player up. They're few, but they exist.
A scytale was a club carried by every Spartan (not Roman) officer. It was used as a bludgeon first and possibly a cryptographic tool second, but the historical records of its cryptographic use weren't written until a couple hundred years after the claimed use. None of the historical accounts which were contemporary to the time make any mention of them being used for any purpose other than hitting people (Sparta was known more for military might than for its intellect). So it's quite likely that their cryptographic use was invented after-the-fact by some historian and then repeated by others rather than an actual use.
I also disagree with the idea that either the hypothetical scytale or the cryptographic rotor have really gone out of use. People still, unfortunately, roll their own cryptographic schemes and one of the things that this implies is that they reinvent the wheel or sometimes randomly copy ideas from history. Hardware versions of the cryptographic rotor and the scytale are probably extinct, but the software implementations undoubtedly live on and are in use, even though they shouldn't be.
I agree with most everything in the parent post and would also like to add that it's pretty clear that the ECDSA signing keys do not, in fact, compromise a "circumvention device or technique". Suggesting that a set of secret numbers, unto itself, forms a device or technique is stretching the meaning of the words past the breaking point. Further, the part of the order which requires him to turn over to Sony all computers, hard drives, etc. which contain circumvention devices presupposes that he actually has software which would legally be considered a circumvention device. It is not at all clear from the publicly known facts that he possesses anything which would qualify. All of the stuff which he has released has been about gaining access to the hardware without gaining access to any of Sony's software, firmware, etc. The PS3 is not, itself, a copyrighted work. The best that they can argue is that the firmware and OS which run on the PS3 are. That is a silly, but potentially successful legal argument (as the courts have previously held the communicating with running copyrighted software or firmware is a form of "gaining access to a protected work" in several cases, including the Bnetd case despite that being an idiotic interpretation of the language of the DMCA). So that would work as an argument, unless, of course, the keys you've released are the keys used to sign boot loaders and bypass loading any of Sony's firmware or software at all, which, as it happens, are exactly those keys which Geohot released.
So the question is what happens if he complies with the last part of the order by giving them an empty box and saying "I don't have circumvention devices"? Presumably, more legal fun would ensue. I'm curious if that's the tack he'll take. I probably would in his case, since turning anything over to them is tantamount to an admission of violating the DMCA.
I think that this is most likely what he did, realistically speaking. Save game mods both give unearned achievements and are easily detected and such detections are unlikely to be mistaken.
It's actually not at all clear that jailbreaking a console is a DMCA violation. So far, this issue has not yet been settled by any court of law. The violation crime in the DMCA is: "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." The problem is that a PS3 is not a copyrighted work and hence not a work protected under that title. What the key provides access to (and this key, especially) is the hardware, not software. As such, it's not impossible that a court could rule this a DMCA violation, but it would not be a sensible ruling. The mechanisms which they are bypassing prevent unsigned code from being run on the machine, not copying and circumventing them does not, in any way, allow access to a copyrighted work.
You consider n! slow? Really? Try the original bogosort algorithm as proposed by Jon Doyle when he was a researcher at CMU. 1) Given a list of integers to sort, replace each integer in the list with the integer which represents the Ackerman function of that integer 2) Sort the list using any other sorting algorithm you would care to use 3) Take the inverse Ackerman function of each number of the list.
Where v is the list of input values, this algorithm runs in time O(n*A(max(v)-1) (which is a worst case running time of O(A((2**n)-1)) ).
You really think that factorial is slow? Ackerman. Ackerman is fucking slow.
I had the same thought as the grand-parent poster, but the parent post is definitely correct. It's quite common for a lot of smaller web sites to run on VPS's. If you can hack or rent one VPS and use this to execute code which compromises the physical machine, that means that you can take over everyone else's VPS that is ever executed on that same machine. If you're trying to get malicious code onto a lot of web sites (which they are), that would be a very good way to do it. Plus, who knows what else might be living on the same machine in a different VM.
Microcode is what instructions from the architectural instruction set are translated into before being executed on a processor. Essentially, it's a set of specific signals to the muxes, demuxes, and various components (ALUs, register bank, L1 cache, branching unit, etc.). Microcode, unto itself, is not a patch to a hardware flaw, it's just a means of making a processor work.
What you're talking about is "writable microcode" or a "writable control store" which is when the code to microcode translation process is controlled using a rewritable store of some sort rather than hard-wired, thus allowing limited patching of the translation process which can sometimes work around hardware flaws in a manner which is transparent to the applications running on the computer.
I love how conservatives pretend that they're the only ones who comprehend economics but somehow never mention the existence of externalities. Just because you don't want to believe in externalities doesn't mean they don't exist. Go back to Econ 101.
That would ring more true if it weren't for a number of other broken arrow incidents where bombs with fissible material almost exploded, including the one outside of Goldsboro, NC where two bombs fell out of a plane and one of them deployed its parachute (something which is only supposed to happen if it is going to detonate). We've had several similar situations where fail-safes didn't work properly and we were very close to disaster.
Yup. When you read all of the details of that one, it's pretty scary. Several of the fail-safes in at least one of the bombs failed to operate. For instance, it deployed its parachute, something that it was not supposed to do unless it was going to detonate at altitude. So at least some of its systems operated incorrectly. Fortunately, not all of the fail-safes failed, but by some estimates, it might have been four out of five. It's tough to know for sure due to it still being classified, but it was pretty close to something pretty bad happening. Much more frightening than a bomb without any fissible material.
It predates onmouse events in Javascript, but it's doesn't predate onMouseOver events in Hypercard. I'm willing to bet that there's already prior art from that sphere that was overlooked.
It's still protecting the signal. It's protecting it from being copied by you. Whether or not you feel that you ought to be able to copy it (as I do, for example), this is still an attack in the security model of HDCP. In the security world, whether or not something is an attack isn't a judgment about whether or not it's a good thing to do, it's just an indication that it's a violation of the security policies of someone. So, for example, malware sites use systems which are similar to intrusion-detection systems in order to try to figure out which customers or users on their forums might be law-enforcement. The use of words like "protect" and "attack" isn't a moral judgment, it's just a description of what's happening.
They could try replacing all the keys for all devices as a stopgap, but that's pretty problematic and could well just lead to the same leak happening again.
It wouldn't help much in any case, since HDCP is fundamentally flawed. Extracting 40 particular public-private keypairs (perhaps by electron microscopy or what have you) is sufficient to make a synthetic master key.
That's why I described it as a stopgap. It's not clear how this leak happened. There are three main means through which someone who isn't part of DCP, LLC can get their hands on device keypairs. 1) Work for a device manufacturer and be in a position where you're trusted to see them. 2) use a logic probe or similar to extract them from the chips (as you suggest above). 3) an electronic probing birthday-paradox style attack (see paper Four Simple Cryptographic Attacks on HDCP for details).
It's not clear which of these has been used, but if they were to change all the keys, if it were 1, we could possibly see a new master key the next day. If it were 2, we could see one within a couple of days. And if it were 3, it would take about six weeks. So I suspect that they're smart enough to not bother.
As a side note, the Crosby paper has several flaws. Its methodology for finding a solution actually loses some bits in the process due to having to divide by two (which is unavoidable, but which they don't acknowledge will happen in the paper). They got so caught up in the methodology of the matrix that they forgot about what would happen with the keys when their solution is actually applied to get the real key. Fortunately, this isn't a serious issue. Their results also disagreed with mine on the question of how many vectors you would need to have an invertible matrix. They came up with overwhelming odds once you have 45 or so. I came up with 50/50 odds by the time you get to about the mid-fifties and not overwhelming odds until you get up into the seventies. So that's a pretty strong disagreement. One of us definitely made a mistake. My suspicion is that it's them because I know what methodology I used and can't see any mistakes in it. But I really need to check more thoroughly.
But for the time being I recommend my paper, Four Simple Cryptographic Attacks on HDCP, (which was released before theirs) instead. Although I am biased in my opinion of the two.
DHCP is used to protect the digital signal which flows over HDMI between the Blu-Ray player and the TV or other monitor. The Blu-Ray disc is encrypted with AACS and optionally BD+. Blu-Ray players decrypt the AACS and BD+ and then decompress the video and, if necessary, scale it to match the display resolution of the TV. Then that unencrypted, decompressed, scaled signal is reencrypted using DHCP and sent to the TV. The TV then decrypts it and displays it.
This is done for two purposes. The first is so that a pirate can't record the stream between the Blu-Ray player and the TV. This signal would be uncompressed, and therefore huge, but pirates could recompress it before sharing it over the internet, so it would still be valuable to them. The second is so that you can't build a TiVo like device to pretend to be the television and just record everything rather than display it. All device manufacturers have to guarantee that they won't do that before they are given the keys needed to authenticate themselves to the players and decrypt the signal. This break means that the second point is now entirely null and void. You can now build any device you want and using the provided information make it so that your device will authenticate to the Blu-Ray player as being a valid, approved device.
Because the specification allows for repeaters and splitters which have their own keys and actually do a decryption/reencryption step, it also means that the first point is pretty well null and void because you can build a device which looks like and authenticates as a repeater and then records the signal as a side effect while also displaying to the television.
Now, this crack doesn't mean that tomorrow you'll be able to buy that sort of device. There's still a lot of engineering which would be needed to make such a device practical, especially if it's going to compress things on the fly at HD-level resolutions. However, it means that there is now no information barrier to building such a device. Intel isn't worried because they don't think that pirates will be able to build chips to do this. But if they don't think that pirates can build the chips, why have the encryption to begin with?
In the long run, they'll probably wind up replacing the whole HDCP encryption with some new scheme which will be added to the HDMI standard and making players no longer accept HDCP as a valid output encryption scheme. But they'll have to do it really, really slowly, otherwise there will be a massive consumer backlash. I should note, of course, that the encryption schemes used will need to be implemented in hardware, not software, so a firmware update isn't going to cut it. So, realistically, it's most likely that they'll try to make the change if and when the next consumer video format with studio support comes out, which will likely be a decade, at least. They could try replacing all the keys for all devices as a stopgap, but that's pretty problematic and could well just lead to the same leak happening again.
Slashdot Mirror
The first time someone visits your website, you redirect them to a consent form and then if they opt out of being tracked, you just set a cookie showing that they've opted out so that you won't have to ask them again. See, problem solved.
(I say that tongue-in-cheek, but it would actually probably work if you set a "don't track" cookie which wasn't personal to them. Most grocery stores also offer non-tracking versions of their loyalty cards. My dad has one for Harris Teeter and his card number is all zeroes. That's the number they give out to everyone who asks not to be tracked. Similarly you could set a cookie which only includes an "opt-out" code which is the same for everyone opting out so that you can't track them individually.)
I'd love to testify about how I used his Nuit Du Hack talk as part of the Hardware and Media Security class this semester and why I think it's perfectly legitimate and worthwhile security research.
Sony is contending in their court filings that their private key and a text description of elliptic curve DSA together make up a "circumvention device". They're not going after him for physical devices or even source code, but for simply relaying information which, when combined with other public information can be used to sign code which will run on the PS3. They're trying to stretch the meaning of the DMCA so that even information about how to break video game console lock-in schemes is considered a DMCA violation. This is pretty clearly trying to establish a new category of criminalized speech. So, how, exactly, is that not a free speech issue?
He didn't ever post their software. He only posted their private key. Private keys are not intellectual property since they are not protected by copyright, trademark, or patent. Beyond that, the metloader key is what's used to sign new bootloaders, so using it doesn't require using Sony's software at all. It's precisely the key you need to replace Sony's software with your own. So there's nothing he's done which has violated any copyright on Sony's software. Even Sony isn't accusing him of that. What they're saying in their legal filings is that the private keys are a "circumvention device" and, hence, by distributing them he's violating provisions of the DMCA. Now, that seems to me a pretty tremendous stretching of the word "device", but that's what Sony is going with.
Also, if you can get slashdot's user database by only hacking your own computer (and not hacking slashdot's server), then yeah, I tend to think that you are entitled to do so. That's pretty unlikely, though.
As for distributing hacked PS3 firmware updates, sure, Geohot has some responsibility for that (as does Sony given that they screwed the pooch so badly on the cryptographic front that they allowed their private signing keys to become public knowledge), but that's about like blaming Albert Einstein for the bombing of Hiroshima. Geohot didn't build or distribute any of those firmwares. He just found and shared the knowledge which could be used either to do that or to do other things which are better like reenabling OtherOS or creating cool custom software for the PS3. The ultimate responsibility for the acts rests with the people who do them, not with the people who supply them with information.
I think that the next logical thing for IBM to do is spent several more millions to build a new computer which can play an effective game of Win, Lose, or Draw.
Wait, no, that's been off the air for a very long time. How about charades?
I'm not sure it means that they've published the key per se, but it would definitely make it way harder to argue in court that it was a trade secret.
Reading the brief they've filed, it's pretty apparent that they're stretching quite a ways. The only evidence of HotFile encouraging users to upload pirated content to their servers is that HotFile encourages users to upload files which are a) heavily downloaded by others and b) large. The MPAA is asking the courts to assume that large, heavily-downloaded files must be illegal content. They make a big deal in their brief of being scandalized by the fact that HotFile is not a service for people to store their own files, as if that's the only legal thing that a website which allows people to upload files can be. That might somehow bolster their case if HotFile was claiming to be an on-line locker service, but there's no reason to believe that they will make any such claim. The MPAA also accuse HotFile of having, prepare to be shocked, an affiliate program.
It's not just that the brief they've filed doesn't contain a smoking gun: it doesn't even assert that one exists. They're accusing HotFile of being what it is: a site which facilitates the distribution of large files to a wide audience and asking the courts to declare any site which does that to automatically be illegal despite full compliance with the DMCA and no evidence that they induced users to engage in piracy. I certainly hope that the courts don't do that because it would set a terrible precedent and effectively rewrite the law to amend the safe harbor clause of the DMCA to say "except for big files which a lot of people download because those must be pirated".
Mostly, though, what all this shows is that the *AA groups are going to have to reach farther and farther. They pretty much got to write the DMCA, but now it turns out that even it doesn't go far enough for them. The problem is that they didn't foresee that sites like HotFile (ad/subscription-supported large-file distribution sites which are completely content-ignorant and have no search or index mechanism) could exist. Now that they do, they want them gone. The reason that these sites can exist and be profitable is that bandwidth and storage costs have fallen so low that a peer-to-peer model is no longer necessary. As bandwidth and storage gets cheaper and cheaper, newer types of sites will be used for piracy too. Next will probably be sites which allow you to host your own blog or other website. As storage becomes cheaper, their maximum allowed file size will reach a point where you can slap a movie up on your blog without violating the maximum file size. Once that happens, the MPAA is going to want those sites gone too. Any site or program which allows ordinary, anonymous users to host and distribute large files (for some definition of large), is going to be on their hit list.
I'm no particular fan of piracy, but you can't remove the sites which allow people to distribute pirated files for free without also removing the sites which allow artists to distribute their own albums and music videos for free because those are the same sites. The long-range eventuality of the plan the MPAA is following will be a total lock-down on any means of widely distributing large files. That's too high a price to pay for stamping out piracy.
Now look here. That video is 51 minutes long. If I spend 51 minutes watching the video before I comment, then my comment isn't going to be up at the top where the most special and important ones are. It's far more important that everyone read whatever I think about things than it is that I have something worthwhile to say. I don't have time for watching videos. Look at that first comment. Two minutes after posting. How can I compete with that if I have to watch a 51 minute video? It's not like I have the ability to stop time to watch the video. And even if I did, would the video even still work? Wouldn't the time stop probably affect the streaming video server? I don't know and just thinking about it makes my head hurt. Enough making me think, I've got commenting to do.
There are people who still have 8-track players in their cars and combine these with cassettte-adapters to people able to hook a portable CD player or mp3 player up. They're few, but they exist.
A scytale was a club carried by every Spartan (not Roman) officer. It was used as a bludgeon first and possibly a cryptographic tool second, but the historical records of its cryptographic use weren't written until a couple hundred years after the claimed use. None of the historical accounts which were contemporary to the time make any mention of them being used for any purpose other than hitting people (Sparta was known more for military might than for its intellect). So it's quite likely that their cryptographic use was invented after-the-fact by some historian and then repeated by others rather than an actual use.
I also disagree with the idea that either the hypothetical scytale or the cryptographic rotor have really gone out of use. People still, unfortunately, roll their own cryptographic schemes and one of the things that this implies is that they reinvent the wheel or sometimes randomly copy ideas from history. Hardware versions of the cryptographic rotor and the scytale are probably extinct, but the software implementations undoubtedly live on and are in use, even though they shouldn't be.
I agree with most everything in the parent post and would also like to add that it's pretty clear that the ECDSA signing keys do not, in fact, compromise a "circumvention device or technique". Suggesting that a set of secret numbers, unto itself, forms a device or technique is stretching the meaning of the words past the breaking point. Further, the part of the order which requires him to turn over to Sony all computers, hard drives, etc. which contain circumvention devices presupposes that he actually has software which would legally be considered a circumvention device. It is not at all clear from the publicly known facts that he possesses anything which would qualify. All of the stuff which he has released has been about gaining access to the hardware without gaining access to any of Sony's software, firmware, etc. The PS3 is not, itself, a copyrighted work. The best that they can argue is that the firmware and OS which run on the PS3 are. That is a silly, but potentially successful legal argument (as the courts have previously held the communicating with running copyrighted software or firmware is a form of "gaining access to a protected work" in several cases, including the Bnetd case despite that being an idiotic interpretation of the language of the DMCA). So that would work as an argument, unless, of course, the keys you've released are the keys used to sign boot loaders and bypass loading any of Sony's firmware or software at all, which, as it happens, are exactly those keys which Geohot released.
So the question is what happens if he complies with the last part of the order by giving them an empty box and saying "I don't have circumvention devices"? Presumably, more legal fun would ensue. I'm curious if that's the tack he'll take. I probably would in his case, since turning anything over to them is tantamount to an admission of violating the DMCA.
I think that this is most likely what he did, realistically speaking. Save game mods both give unearned achievements and are easily detected and such detections are unlikely to be mistaken.
It's actually not at all clear that jailbreaking a console is a DMCA violation. So far, this issue has not yet been settled by any court of law. The violation crime in the DMCA is: "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." The problem is that a PS3 is not a copyrighted work and hence not a work protected under that title. What the key provides access to (and this key, especially) is the hardware, not software. As such, it's not impossible that a court could rule this a DMCA violation, but it would not be a sensible ruling. The mechanisms which they are bypassing prevent unsigned code from being run on the machine, not copying and circumventing them does not, in any way, allow access to a copyrighted work.
Those are square kilometer numbers. The parent ones are square mile.
You consider n! slow? Really? Try the original bogosort algorithm as proposed by Jon Doyle when he was a researcher at CMU.
1) Given a list of integers to sort, replace each integer in the list with the integer which represents the Ackerman function of that integer
2) Sort the list using any other sorting algorithm you would care to use
3) Take the inverse Ackerman function of each number of the list.
Where v is the list of input values, this algorithm runs in time O(n*A(max(v)-1) (which is a worst case running time of O(A((2**n)-1)) ).
You really think that factorial is slow? Ackerman. Ackerman is fucking slow.
I had the same thought as the grand-parent poster, but the parent post is definitely correct. It's quite common for a lot of smaller web sites to run on VPS's. If you can hack or rent one VPS and use this to execute code which compromises the physical machine, that means that you can take over everyone else's VPS that is ever executed on that same machine. If you're trying to get malicious code onto a lot of web sites (which they are), that would be a very good way to do it. Plus, who knows what else might be living on the same machine in a different VM.
Microcode is what instructions from the architectural instruction set are translated into before being executed on a processor. Essentially, it's a set of specific signals to the muxes, demuxes, and various components (ALUs, register bank, L1 cache, branching unit, etc.). Microcode, unto itself, is not a patch to a hardware flaw, it's just a means of making a processor work.
What you're talking about is "writable microcode" or a "writable control store" which is when the code to microcode translation process is controlled using a rewritable store of some sort rather than hard-wired, thus allowing limited patching of the translation process which can sometimes work around hardware flaws in a manner which is transparent to the applications running on the computer.
I love how conservatives pretend that they're the only ones who comprehend economics but somehow never mention the existence of externalities. Just because you don't want to believe in externalities doesn't mean they don't exist. Go back to Econ 101.
That would ring more true if it weren't for a number of other broken arrow incidents where bombs with fissible material almost exploded, including the one outside of Goldsboro, NC where two bombs fell out of a plane and one of them deployed its parachute (something which is only supposed to happen if it is going to detonate). We've had several similar situations where fail-safes didn't work properly and we were very close to disaster.
Yup. When you read all of the details of that one, it's pretty scary. Several of the fail-safes in at least one of the bombs failed to operate. For instance, it deployed its parachute, something that it was not supposed to do unless it was going to detonate at altitude. So at least some of its systems operated incorrectly. Fortunately, not all of the fail-safes failed, but by some estimates, it might have been four out of five. It's tough to know for sure due to it still being classified, but it was pretty close to something pretty bad happening. Much more frightening than a bomb without any fissible material.
It predates onmouse events in Javascript, but it's doesn't predate onMouseOver events in Hypercard. I'm willing to bet that there's already prior art from that sphere that was overlooked.
It's still protecting the signal. It's protecting it from being copied by you. Whether or not you feel that you ought to be able to copy it (as I do, for example), this is still an attack in the security model of HDCP. In the security world, whether or not something is an attack isn't a judgment about whether or not it's a good thing to do, it's just an indication that it's a violation of the security policies of someone. So, for example, malware sites use systems which are similar to intrusion-detection systems in order to try to figure out which customers or users on their forums might be law-enforcement. The use of words like "protect" and "attack" isn't a moral judgment, it's just a description of what's happening.
They could try replacing all the keys for all devices as a stopgap, but that's pretty problematic and could well just lead to the same leak happening again.
It wouldn't help much in any case, since HDCP is fundamentally flawed. Extracting 40 particular public-private keypairs (perhaps by electron microscopy or what have you) is sufficient to make a synthetic master key.
That's why I described it as a stopgap. It's not clear how this leak happened. There are three main means through which someone who isn't part of DCP, LLC can get their hands on device keypairs. 1) Work for a device manufacturer and be in a position where you're trusted to see them. 2) use a logic probe or similar to extract them from the chips (as you suggest above). 3) an electronic probing birthday-paradox style attack (see paper Four Simple Cryptographic Attacks on HDCP for details).
It's not clear which of these has been used, but if they were to change all the keys, if it were 1, we could possibly see a new master key the next day. If it were 2, we could see one within a couple of days. And if it were 3, it would take about six weeks. So I suspect that they're smart enough to not bother.
As a side note, the Crosby paper has several flaws. Its methodology for finding a solution actually loses some bits in the process due to having to divide by two (which is unavoidable, but which they don't acknowledge will happen in the paper). They got so caught up in the methodology of the matrix that they forgot about what would happen with the keys when their solution is actually applied to get the real key. Fortunately, this isn't a serious issue. Their results also disagreed with mine on the question of how many vectors you would need to have an invertible matrix. They came up with overwhelming odds once you have 45 or so. I came up with 50/50 odds by the time you get to about the mid-fifties and not overwhelming odds until you get up into the seventies. So that's a pretty strong disagreement. One of us definitely made a mistake. My suspicion is that it's them because I know what methodology I used and can't see any mistakes in it. But I really need to check more thoroughly.
But for the time being I recommend my paper, Four Simple Cryptographic Attacks on HDCP, (which was released before theirs) instead. Although I am biased in my opinion of the two.
Keith
Yeah. Sorry about that. It was late and I was apparently more tired than I realized.
DHCP is used to protect the digital signal which flows over HDMI between the Blu-Ray player and the TV or other monitor. The Blu-Ray disc is encrypted with AACS and optionally BD+. Blu-Ray players decrypt the AACS and BD+ and then decompress the video and, if necessary, scale it to match the display resolution of the TV. Then that unencrypted, decompressed, scaled signal is reencrypted using DHCP and sent to the TV. The TV then decrypts it and displays it.
This is done for two purposes. The first is so that a pirate can't record the stream between the Blu-Ray player and the TV. This signal would be uncompressed, and therefore huge, but pirates could recompress it before sharing it over the internet, so it would still be valuable to them. The second is so that you can't build a TiVo like device to pretend to be the television and just record everything rather than display it. All device manufacturers have to guarantee that they won't do that before they are given the keys needed to authenticate themselves to the players and decrypt the signal. This break means that the second point is now entirely null and void. You can now build any device you want and using the provided information make it so that your device will authenticate to the Blu-Ray player as being a valid, approved device.
Because the specification allows for repeaters and splitters which have their own keys and actually do a decryption/reencryption step, it also means that the first point is pretty well null and void because you can build a device which looks like and authenticates as a repeater and then records the signal as a side effect while also displaying to the television.
Now, this crack doesn't mean that tomorrow you'll be able to buy that sort of device. There's still a lot of engineering which would be needed to make such a device practical, especially if it's going to compress things on the fly at HD-level resolutions. However, it means that there is now no information barrier to building such a device. Intel isn't worried because they don't think that pirates will be able to build chips to do this. But if they don't think that pirates can build the chips, why have the encryption to begin with?
In the long run, they'll probably wind up replacing the whole HDCP encryption with some new scheme which will be added to the HDMI standard and making players no longer accept HDCP as a valid output encryption scheme. But they'll have to do it really, really slowly, otherwise there will be a massive consumer backlash. I should note, of course, that the encryption schemes used will need to be implemented in hardware, not software, so a firmware update isn't going to cut it. So, realistically, it's most likely that they'll try to make the change if and when the next consumer video format with studio support comes out, which will likely be a decade, at least. They could try replacing all the keys for all devices as a stopgap, but that's pretty problematic and could well just lead to the same leak happening again.