http://eric-diehl.com/blog/index.php Copyright 2009, Eric DIEHL Eric DIEHL en-US SPHPBLOG 0.5.1 http://eric-diehl.com/blog/index.php?entry=entry090105-173211
Will 2009 bring new initiatives in content protection? How will evolve music? Totally DRM free at the end of the year? As long as we will not see new business models appear there will be a problem.

The battle will continue between User Generated Content sites (YouTube, WAT, DailyMotion, Tudou, ...) and content owners. Everybody has the feeling that the solution is to share the advertising revenues. But who has an idea on how to make a positive business with UGC? Are we sure that advertising revenues will be sufficient? And the fight with be on the ratio between UGC and content owners. Meanwhile, UGC sites will need to filter out copyrighted contents.

It will be interesting to see at which speed some candidates for the succession of SHA will be dismissed.

And you, what do you foresee?]]> General http://eric-diehl.com/blog/index.php?entry=entry090105-173211 Eric DIEHL Mon, 05 Jan 2009 16:32:11 GMT http://eric-diehl.com/blog/comments.php?y=09&m=01&entry=entry090105-173211 http://eric-diehl.com/blog/index.php?entry=entry081223-103409
Second, MySpace has removed all the playlists of its members. RIAA is already suing the PlayList Project (see RIAA attacks project PlayList) Facing legal actions, MySpace stepped back. They removed the PlayList widget without prior notice to their users. FaceBook resists and refuses to remove PlayList. The battle continues.

2009 will be an interesting year. Will it be the year where UGC and studios will find some commercial agreements?]]> Copyright issues http://eric-diehl.com/blog/index.php?entry=entry081223-103409 Eric DIEHL Tue, 23 Dec 2008 09:34:09 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081223-103409 http://eric-diehl.com/blog/index.php?entry=entry081222-101211 - It uses off the shelf standard EPC chips (i.e., low cost tags as used for inventory tracking)
- The reading distance is 50 meters!
Being a standard EPC, the card just delivers a unique ID. This unique ID can be eavesdropped and reprogrammed in a blank EPC. Of course, the security relies on the guard who should check that the corresponding record points to the right owner. But we all know that vigilance decreases with time.
The long range of reading is an obvious privacy issue. With such a distance, it is easy to trace somebody. The solution proposed by the Administration is a privacy sleeve! This would never work with me. I would sooner or later forget it or loose it.
But the nicest is the "Kill" command. For privacy issue, EPC have a kill command that mutes definitively the chip. EPC are used for inventory tracking. Once the item sold, it must be possible to desactivate the chip. This command is legitimate for its initial use but not for this one. In a March post, I described a Denial Of Service attack to pass a border. With this type of card, it is extremely easy to mount it.
As usually, Administration downgrades the risks. According to them, the risks are improbable! When security design is driven by money, the result is often a catastrophe.]]> Hack http://eric-diehl.com/blog/index.php?entry=entry081222-101211 Eric DIEHL Mon, 22 Dec 2008 09:12:11 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081222-101211 http://eric-diehl.com/blog/index.php?entry=entry081211-073108 Center for Content Protection was hold with Asia TV at Singapore. Thus, the audience was rather large (140 people) and encompassed broadcasters, producers, and press.
The best presentations were:
- Brad HUNT (former CTO of MPAA, and now consultant at Digital Media Directions) presented his four major trends in content protection
o Use of fingerprinting to monetize content
o Digital copy and managed copy for optical media
o Domain based DRM
o DECE with some emphasis on Marlin
- Fabrice Moscheni (Fastcom) presented an impressive demonstration of DVB-CPCM. The demonstration raised a lot of interest.
- Yangbin Wang (Vobile) explained how Vobile protected Olympic Games for CCTV

Conax, BayTSP, Verimatrix, Microsoft and Viaccess presented their products. Intertrust made a dull presentation of Marlin. I made two presentations:
- A global approach of security explaining that using only fingerprint or watermark is insufficient, at least for tightly controlled distribution. The distinction between tightly controlled distribution and loosely controlled distribution was appreciated.
- An introduction to DVB-CPCM before Fastcom’s demonstration.

Two main messages were conveyed during this symposium. Content Identification Techniques may allow monetization of content. Domain is the next paradigm in DRM.
]]> General http://eric-diehl.com/blog/index.php?entry=entry081211-073108 Eric DIEHL Thu, 11 Dec 2008 06:31:08 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081211-073108 http://eric-diehl.com/blog/index.php?entry=entry081208-230409 post where they claimed to have broken WPA2). Their new target is Adobe 9.

Adobe 9 uses AES-256 to protect pdf files. Unfortunately, calculating SHA256 is faster using Graphical Processor Units (GPU) than calculating MD5 as in previous versions of Adobe. Thus, ElcomSoft claims that is less secure because they can brute force 8 characters passwords with Adobe 9 at the same speed than 6 characters with previous versions of Adobe.

The answer from Adobe is clear and technical (see Security matters: Acrobat 9 and passwords encryption). With the new version, they have allowed passphrases of up to 127 characters!

My comments are:
- Was is it useful to used AES256? Is it not simply a stupid commercial argument? To use the full benefit of AES256, the passwords should exceed 37 characters (I used 127 bits per character to calculate it). It represents passphrase as long as "Law #1: Attackers will always find th". Who will 1- dial such long passphrase? 2- remember it? especially if not used daily.
- Would it not be also better for Adobe to come with a more human understandable answer?
- Once more, Elcomsoft is twisting the information. The only thing they are really demonstrating is that they are able to crack a 8 character password. Wow! :-( But, they succeed to create the buzz in a field that most people do not understand. They are good at that.
- Password sucks if there is no limitations in the number of trials.]]> Hack http://eric-diehl.com/blog/index.php?entry=entry081208-230409 Eric DIEHL Mon, 08 Dec 2008 22:04:09 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081208-230409 http://eric-diehl.com/blog/index.php?entry=entry081206-163402 - A very good introduction to contactless cards (smart card and RFID tags) with a nice list of threats and some countermeasures. The presentation was not highly technical but nevertheless complete. In the future of countermeasures, I loved the idea to embed micro batteries for having some margins for security measures. This will help in solving atomicity problems (a nightmare when designing a secure implementation of communication protocols).
- LANET (University of Limoges) presented a detailed attack on JavaCard bypassing the sandboxing to dump instructions. Nice work, although not applicable to modern cards
-DCSSI presented their preferred solution for electronic vote. The speaker clearly stated that he would rather not use electronic vote because it will never be 100% secure. Political pressures require such solutions.

I always thought that security people would be paranoid. It seems I am wrong. As usual in conferences, people use their laptops even to do sometimes mail. I was surprised of the number of people who do not use a confidentiality filter. My direct neighbors were from DGA (Direction Générale de l'Armement). They openly shoulder surfed the mails of person before them. He was not from the DGA. Companies should be default equip the computers from their travelers with such filters. I must confess that THOMSON does not. You have to ask for one.
]]> Book/Paper review http://eric-diehl.com/blog/index.php?entry=entry081206-163402 Eric DIEHL Sat, 06 Dec 2008 15:34:02 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081206-163402 http://eric-diehl.com/blog/index.php?entry=entry081203-175550 november, I announced that Nintendo DSi was running with linkers/flash cards or whatever name. Yves prophetized that it would not take long.

Yesterday, AceKard announced that it cracked DSi and will soon release a new product Acekard 2i. Acekard posted a 7 minute video on YouTube to demonstrate that it works. And it seems to work. Two weeks ago, Acekard already posted a video with its first advances. Nevertheless, they announced "This is a lab work, it works ONLY in LAB. Even though we can go this far, it is almost impossible to make a commercial product.
There is a major problem that can't be resolved, at least for now." It seems they solved the problems.

DSi is alredy a commercial success for Nintendo. They already sold more than 500,000 consoles! Being the first, if proven that it works, will also be a commercial success for Acekard. NOw we will see would will the next ones. In any case, Acekard seems to have proven that it was feasible.

Once more, law 1 was true.]]> Games http://eric-diehl.com/blog/index.php?entry=entry081203-175550 Eric DIEHL Wed, 03 Dec 2008 16:55:50 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081203-175550 http://eric-diehl.com/blog/index.php?entry=entry081202-184015 - For many years, games were protected by anti copy systems. No body was seriously complaining. You found hacked versions of the games. Some ripping software (for instance Alcohol 120) were even providing tools to by pass the protections (physically, or in virtual drives).
- SecuRom, LaserLock, ... were not called DRMs. They were called game protection systems.

And nobody complained! Gamers were happy. In my editorial of security newsletter #3, I was even highlighting this difference between game protection and DRM.

And suddenly, the world changes. Game protection becomes DRM (although using the same tricks and limitations). Game protections become unacceptable for users. The first fury was Spore. GTA IV will be the next one. Nevertheless, I am sure that GTA IV will be a blockbuster even with "DRM".

What has changed? Media focus? Has somebody a good explanation to propose?]]> Games http://eric-diehl.com/blog/index.php?entry=entry081202-184015 Eric DIEHL Tue, 02 Dec 2008 17:40:15 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081202-184015 http://eric-diehl.com/blog/index.php?entry=entry081201-180009
Of course, Laguiole manufacturers wanted to stop this bleeding. they have registered the trademark "LAGUIOLE ORIGINE GARANTIE" (Laguiole guaranteed origin). The knives manufactured at Laguiole will display on their blade "LAGUIOLE ORIGINE GARANTIE" with a dedicated.
Will it change something? I am not sure. Many people will still trust the bee. Furthermore, I am not always sure that people are so naive to believe that they are able to purchase an authentic quality knive at 10% of its original price. As long as it will not be broad general knowledge that the authentic knives have to display the mark and the punch, it will change nothing, except for the initiates.

It is the same with the holograms on software package. How many people do test its presence? its actual "content"? Price is an awfully attractive selling argument.]]> Copyright issues http://eric-diehl.com/blog/index.php?entry=entry081201-180009 Eric DIEHL Mon, 01 Dec 2008 17:00:09 GMT http://eric-diehl.com/blog/comments.php?y=08&m=12&entry=entry081201-180009 http://eric-diehl.com/blog/index.php?entry=entry081128-175247
Ars Technica made an excellent coverage of the attack. In addition, they provide a short history of the Wifi encryption story.

Are we safe? I am sure that you are all using WPA2 or at least WPA with AES. In that case, you are perfectly safe. The attack works on TKIP without AES and only for short packets. That means it is not possible to decrypt a complete normal stream WPA protected. Nevertheless, the attack is a first hit to WPA. The attack was extremely clever and required a deep knowledge of the different 802.11 flavors.

Some people may question the interest of attacking a protocol that is quasi obsolete in the field (hopefully, most Wifi networks should be WPA2 and AES). Any exploit is a new lesson on how a protocol is attacked. Next generation of protocols should be resistant to this type ofg exploits. Thus, it is always useful to increase the knowledge in security, and widen the database of attacks.

Probably a topic for next newsletter.

]]> Hack http://eric-diehl.com/blog/index.php?entry=entry081128-175247 Eric DIEHL Fri, 28 Nov 2008 16:52:47 GMT http://eric-diehl.com/blog/comments.php?y=08&m=11&entry=entry081128-175247