Sony DRM using Rootkits!

Last week when I was testing the latest version of RootkitRevealer
(RKR) I ran a scan on one of my systems and was shocked to see evidence
of a rootkit. Rootkits are cloaking technologies that hide files,
Registry keys, and other system objects from diagnostic and security
software, and they are usually employed by malware attempting to keep
their implementation hidden (see my “Unearthing Rootkits”
article from the June issue of Windows IT Pro Magazine for more
information on rootkits). The RKR results window reported a hidden
directory, several hidden device drivers, and a hidden application…

Mark Russinovich goes into great detail on his on discovering this horrible truth.  It looks like a company called First 4 Internet
sells a technology called XCP.  It's a DRM technology and they
sold it to Sony.  Let me be more specific: It's a rootkit whose
purpose is DRM and Sony has already implemented it in CDs that are in stores now.  This is a very bad
approach and should be publicly shunned.  Sony is probably unaware
of the technical details of this software, but should be made
aware.  Put
your person opinion aside about DRM for a second and look at the plain
truth:  Buy a CD with this technology and your system is modified
on a kernel level without your permission.  This extremely
unethical software needs to be exposed for it really is.  My hats
off to Mark for taking the time to find out the real truth.  Found
on Boing Boing.

Advertisements

Funny Guy… Funny Blog

For
those of you who love Dilbert, but has yet to notice the big banner
they have had on their site for the last week, Scott Adams has created The Dilbert Blog.  So far he has had some rather amusing annidotes, but today's post had me laughing out loud.  I just love this guy's humor.  And I travel all the time, so I can feel his pain.

…The airline’s automated message called me an hour later
and said my flight was cancelled for no particular reason. But I was
automatically rebooked to a new and better flight with excellent seats
and vegetarian meals. There was a good chance I could get backrubs from
attractive flight attendants too.


Well,
technically, they booked me on an overnight flight that would guarantee
that when I gave my keynote speech to a crowd of 1,000 industry leaders
soon upon landing I would look like a heroin-addicted badger that had
stowed away in a jar of mayonnaise…

I am sooo jealous!

WOW!! I just played games on an XBOX 360

HO-LY CRR-AP!!

Okay, so… When Microsoft says the XBOX 360 is a whole new level of gaming machine, they're serious.

I just played a couple shooters on a XBOX 360 game console and
that's it, I'm sold. The graphics are GREAT. The visuals make the
gameplay amazing, and it's clear the processing and video power is
extreme. Add to that the Media Center connections and, well… Wow.

It looks like some Best Buys are starting to setup some demos. 
I will be heading to my Best Buy tonight to see if they have one
yet.  Go tell Greg Hughes that you're jealous.

What better to do on a slow Sunday? Brew Beer in a Coffee Pot

Brewery tours are a golden opportunity for brewers to educate visitors
about the art of brewing. But any brewery employee who has been
assigned tour guide duty has seen the confusion on people's faces when
you describe the brewing process. To the visitor, brewing can sound
like a return to high school chemistry-with some alchemy thrown in.

The process of brewing coffee, I discovered, was a good way to relate
the brewing process to people who do not understand zymurgy, the
technical term for making beer. This became more than a useful analogy:
with familiar kitchen equipment, you can repeat the steps of the
process that goes on in breweries large and small-and make a very small
batch of beer.

Have fun on All About Beer.com.

Voice your Opinions NOW!

The Copyright Office of the U.S. Library of Congress is conducting its required regular review of the anti-circumvention provisions of the Digital Millenium Copyright Act. Comments can be submitted over the Internet, and are due December 1st.

Good information on the DMCA can be found here, here, and here.

Now is the time to make your voice heard.  This isn't about
downloading free music and movies, but a flawed law that has
complicated new technology from emerging and jailed researchers.  The government needs to hear from you TODAY.

Found on Bruce Schneier's Blog.

An Assessment of the Oracle Password Hashing Algorithm

In this paper the authors examine the mechanism used in Oracle databases for protecting
users' passwords. We review the algorithm used for generating password hashes, and show
that the current mechanism presents a number of weaknesses, making it straightforward for
an attacker with limited resources to recover a user's plaintext password from the hashed
value. We also describe how to implement a password recovery tool using off-the-shelf
software. We conclude by discussing some possible attack vectors and recommendations to
mitigate this risk.

Good paper posted in the SANS Reading Room (PDF).  Here are the mitigatation recommendations:

• Use non-privileged users for web applications
• Restrict access to password hashes
• Audit SELECT statements on the DBA_USERS view
• Encrypt TNS traffic
• Enforce a minimum password length

Win for Privacy: No Cell Phone Location Tracking Without Probable Cause

Agreeing with a brief submitted by EFF, a federal judge
forcefully rejected the government's request to track the location of a
mobile phone user without a warrant.

Strongly reaffirming an earlier decision, Federal Magistrate James
Orenstein in New York comprehensively smacked down every argument made
by the government in an extensive, fifty-seven page opinion issued this
week. Judge Orenstein decided, as EFF has urged, that tracking cell
phone users in real time required a showing of probable cause that a
crime was being committed. Judge Orenstein's opinion was decisive, and
referred to government arguments variously as “unsupported,”
“misleading,” “contrived,” and a “Hail Mary.”

“This is a true victory for privacy in the digital age, where nearly
any mobile communications device you use might be converted into a
tracking device,” said EFF Staff Attorney Kevin Bankston. “Combined
with a similar decision this month from a federal court in Texas, I
think we're seeing a trend—judges are starting to realize that when it
comes to surveillance issues, the DOJ has been pulling the wool over
their eyes for far too long.”

EFF: Court Issues Surveillance Smack-Down to Justice Department.  Engadget has coverage as well, reminding us that:

Your boss is still free to track you via that new Sprint phone he just gave you (and
you’re free to track your kids as
well).