DRM that could get you pwned
Friday, December 14, 2007
Unlike the recent Sony Rootkit fiasco the latest flaw in Macrovision’s SafeDisc technology was not an intentional backdoor. Despite this the fact remains that the latest Microsoft Security update includes a patch which, if not applied, could allow an attacker to leverage Macrovision DRM to exploit your system. The driver at issue here “validates the authenticity of games that are protected with SafeDisc and prohibits unauthorized copies of such games to play on Windows.” This is a fact often overlooked by the DRM industry. While the technology creates a slight barrier to copying of games it increases the attack surface area of every consumer who possesses the driver. In this case the driver comes with every copy of Microsoft Windows.
Exploiting the driver “allows unprivileged users to gain SYSTEM privileges”. This could be exploited very easily in a DriveByDownload situation and the exploit has already been spotted in the wild. It is a very heavy price for consumers to pay and they receive almost nothing in return. DRM is another layer of complexity which will always be under attack and a possible vector for vulnerability.
For more information:
WinXP and 2003 k-plugin demonstration
Report of exploit in the wild
technical details of exploit
Macromedia SafeDisc Site
Disclosure Timeline:
Reported @ reversemode (Wednesday, 17 October 2007) Written by Rubén
Security Advisory Published: November 5, 2007
Patch Published: December 11, 2007
Join the FSF
Thursday, December 13, 2007
The FSF is conducting a end of year campaign to increase membership. If you read this blog you are likely a person who appreciates the work that FSF does. Show some support and donate ($120 annual) and become a member. You get some rad gear + stickers.
Beansec! December 2007 (location change!)
Thursday, December 13, 2007
BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month.
For December’s Beansec we are going to change up the venue. While we love the ER someone has booked a private party on this month’s third Wednesday so we will instead meet at Middlesex Lounge. Directions to our new meeting space here
Middlesex Lounge is literally a few blocks down the street (Mass Ave) towards MIT. There is food available there plus, and I know this is something people have asked for in the past, beer on tap! Yes draft beer will be available as well as a full bar.
I say again, BeanSec! is hosted the third Wednesday of every month. Add it to your calendar.
Come get your grub on. Lots of good people show up. Really.
Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.
“Taser Death” blog posts drawing legal fire
Wednesday, December 5, 2007
TASER International, Inc. (Nasdaq:TASR) has sent a take down notice to Daily Kos for a blog post about the Vancouver killing of an immigrant man using a Taser. Clearly TASER International is upset that people are linking their offerings to deaths however the facts are hard to ignore. Many of the apologists seem to take the line that other medical reasons are the main factors such as drugs in the system however unless police officers are instructed to only use the taser on perfectly healthy suspects I don’t see how this logic can stand. Even then it is improbable Law Enforcement Officers (LEO) can make snap medical assessments before using tasers.
The ability to have these discussions online is extremely important and should not be undermined by corporate spin control. If you have received one of these letters please visit, Chilling Effects for information on how to proceed.