From: jasonc at science.org (Jason Coombs)
Subject: FW: FEEDBACK: Testing Microsoft and the DMCA

-----Original Message-----
From: Jason Coombs [mailto:jasonc@...ence.org]
Sent: Friday, April 18, 2003 4:58 PM
To: david.becker@...t.com
Subject: FEEDBACK: Testing Microsoft and the DMCA


I'm an author and computer forensics/infosec expert who recently authored a
book about information security and Microsoft Internet Information Services
(IIS) that Microsoft Press was planning to publish... They opted not to
publish my book after they got a chance to read it; perhaps fearing that
acknowledging flaws and pointing out weaknesses in their own products would
undermine their position with respect to prosecuting DMCA violators.

After reading your article concerning "Hacking the XBox" I thought you might
be interested in my story as well. My literary agent pitched my book to Wiley
and it was rejected rather abruptly and with no discussion (odd, considering
that I've been published by both Wiley and Hungry Minds/IDG Books in the
past).

My plan, if I can't find a publisher willing to take the 'risk' of exposing
details of vulnerabilities in IIS, is to give away my book as an open source
manuscript/electronic book in order to educate people who use Windows Server
operating systems and IIS on critical security countermeasures. There's no
reason for Microsoft customers to be kept in the dark about necessary security
precautions simply because publishing the forensic details threatens to result
in prosecution of those responsible, or in the case of Microsoft Press,
threatens to take Microsoft's DMCA teeth out of their big fat head.

Sincerely,

Jason Coombs
jasonc@...ence.org

--

Testing Microsoft and the DMCA
By David Becker
Staff Writer, CNET News.com
April 15, 2003, 4:00 AM PT


newsmakers Taking a break from working on his doctoral thesis, Massachusetts
Institute of Technology (MIT) graduate student Andrew "Bunnie" Huang decided
that it might be fun to poke around the security systems protecting
Microsoft's Xbox game console.

With a little creative tinkering and a measure of precision soldering, Huang
quickly isolated the main public security keys. Although legally prevented
from sharing the keys with the world, he described his methods in detail in a
widely distributed research paper, helping spur a wave of Xbox-hacking that
has led to the development of Xbox versions of Linux and other homemade
software.

After graduating from MIT last year, Huang set up his own consulting business,
specializing in reverse engineering. But he still has some more Xbox insights
that he'd like to share with the world--that is, if only he can find a way.

Click Here.

Huang's recently completed book, "Hacking the Xbox" was recently dropped by
Wiley subsidiary Hungry Minds, citing possible legal issues under the
controversial Digital Millennium Copyright Act (DMCA). The Department of
Justice recently used the DMCA to shut down ISOnews.com, a Web site partly
used to distribute Xbox-hacking tools, and to imprison the site's owner.

Plans to self-publish the book hit another snag a couple of weeks ago when
Americart, a provider of online shopping cart services, declined to sell the
book because it feared getting sued. But Huang remains determined to press
this project through to completion.

"The thing I have to emphasize is that the book itself is not criminal," Huang
said. "It'd be like saying that breaking and entering is illegal, so you can't
write a book on how locks work."

Huang spoke with CNET News.com about the book, the importance of hardware
hacking and his willingness to serve as a DMCA guinea pig, if necessary.

Q: What have you learned to do with the Xbox since your research paper was
published?
A: I did a lot of work but if I talked about it I'd get in a lot of trouble. I
did some work with a few people who were trying to figure out alternate
methods to get to the Xbox hardware without necessarily involving the
copyrighted code Microsoft has--basically finding backdoors in the
initialization and boot sequence.

I helped out one guy in particular who was critical in figuring out the method
 that's used by everyone today. It is basically a flaw in the system
initializer that lets you put code anywhere in the system that you want it.

>From there, I backed off and got kind of quiet. Things were starting to heat
up, and a lot of people were starting to move into piracy and other very
controversial issues. I sort of became a fly on the wall and gave people
advice in some key areas.

And then Wiley approached you about writing a book?
Yeah--Wiley has the "Dummies" series, and wanted to create a similar line of
introductory hacking guides: hacking TiVo, hacking the Xbox, hacking your DVD
player. The book overall is an education book. I try to teach people as much
as possible how to do hacks on their own and try to avoid as much as possible
the really cookie-cutter, boring stuff.

So it's not just, "Here's how you install this mod chip?"
There are a few pictures of mod chips installed...but it's more like here's
how a mod chip works, and here's how people used reverse engineering to figure
out how Xbox security works. It's trying to give a novice hacker or someone
who has very little experience the confidence he or she needs to open up the
box and start playing around with the stuff on the inside. And there's sort of
a running dialogue about the experiences that I had getting into the Xbox,
including the legal issues.

It ends with a brief section on where things are today. That's where I mention
mod chips. But the book is really encouraging people to learn their own way.

Was there much discussion of legal concerns with the publisher?
When I first started working with them, they realized that it was a touchy
subject. They had me develop an outline, and when I went over it with their
lawyers, they said, "Yeah, this should be OK."

Then I got a call (a few months later) during which they basically said they'd
had some turnover in the legal department and weren't feeling so good about
the book now. I don't know if this had anything to do with it, but right
around the time that they gave me they call, the Department of Justice shut
down ISOnews.com and they were sort of beating on the doors of a lot of mod
chip guys.

Has the ISOnews.com case had a chilling effect beyond your work?
I think that it's had a major chilling effect. Maybe the reason that companies
started (backing out of such publishing deals) this is that the DMCA has
become such a hot topic. A lot of companies aren't willing to really push
their content directly through a public trial. The whole idea of taking a
person and making an example of him seems to have backfired. They tried that
with a few guys and it didn't work.

I think a lot of companies are starting to take more indirect attacks. To use
a really bad analogy, instead of going for the mafia boss, you take out the
guys in the street, the little mod chip vendors.
I want to put a stake in the ground and say, "Hey, I strongly believe what I'm
doing is legal.
They're trying other techniques within the word of the law to put a damper on
this activity without getting bad press.

If they were to go ahead and take any Xbox-Linux guys and crucify them for
running Linux on the Xbox, they'd have the whole open-source crowd really up
in arms. There'd be a really big negative mark on the Xbox.

So even though Microsoft has said, "You guys can't run Linux on the Xbox,"
they're not going to really do anything about it in the short term. It's not
hurting their revenue enough to have them fight a battle on principle.

Are you afraid personally of the possible consequences of publishing the book?
Oh yeah. Lately it's been really day-to-day. I get a lot of e-mail from a lot
of people, and sometimes you see the subject line and freeze for a moment,
thinking, "This is it, they're coming to get me." And then it just turns out
to be an innocent question. But the fact that Americart felt it had to reject
my book shows how jittery people are.

So how are you going to sell the book now?
There's always PayPal, I guess...Although someone pointed out to me that
PayPal has an explicit clause that says you can't use the service to sell mod
chips. Even though this isn't a mod chip per se, it might be construed as a
technology or a tool under the wording of the DMCA.

The big question that I had when I published my paper at MIT was whether this
would be considered a copyright circumvention tool under the DMCA. I think
it's wildly unrealistic to think that a court would agree with such an
expansive interpretation of a tool. But to a limited degree, they might go
along with it.

Beyond the question of what's a tool, there are still a lot of questions about
whether mod chips are copyright circumvention devices at all, since they do
other, legitimate things. Would it be useful to have a court opinion on that?
It would be. I think that part of the reason I decided to go ahead with the
book is that I'm really tired of hearing, "Well, there's three cases that
never went to court, but here's the direction in which they kind of leaned."
There's no real stakes in the ground about this.

There's a lot of fear, uncertainty and doubt. And the longer the people who
want to enforce these laws can cast the shadow of fear without ever having to
bring something to court, the more effective they are. This type of publishing
is kept underground and under control.

I want to put a stake in the ground and say, "Hey, I strongly believe what I'm
doing is legal and it's beneficial for people to know about this stuff." If we
don't know about it, then the bad guys are going to figure it out and they're
going to take our lunch. Maybe I'm being a fool by saying this, but if someone
wants to challenge me on this, I think it's something we need to talk about in
a court of law. I don't know where I'd find the resources to defend myself. If
I am taken to court, then I'll figure it out.

The big game companies seem to paint all hacking as enabling software piracy.
What's your rationale for why it's useful to hack the hardware?
There's this thing called fair use that pretty much had been protected until
the DMCA came out. It says that if I take my hard-earned money and buy a piece
of hardware--whether it's a hammer or a razor or a computer--I can take it
home and do what I want.
The real critical issue is if it turns out that Microsoft can put a ban on
people running their own code on a piece of hardware.
I don't have to just use a hammer to pound nails. Same goes for a computer or
a video game machine.

The real critical issue is if it turns out that Microsoft can put a ban on
people running their own code on a piece of hardware. That'd enable people to
develop monopolies over hardware by simply securing the hardware to something
cryptographic in the software base. Microsoft could start offering incentives
to hardware makers to install a Palladium chip that only runs Windows on it,
and people who remove it are guilty under the law. Eventually, you just lock
up the whole world.

That's the whole crux. We're going to investigate this hardware and run Linux
on it and push things a little. We need to figure out really soon what this is
going to do to the industry and whether this is something of which we need to
be afraid.

Right after I did the paper, I worked with a guy to find the avenues to
completely bypass the Xbox security systems. And what we ended up with was
amazing. It was a concatenation of four bugs from various vendors that allowed
it to happen.

It's a real-life example of why I think Palladium isn't going to work--every
vendor is going to have some small bug that individually doesn't mean much,
but when you stack 'em together, it becomes a big security hole. And once you
commit it to silicon, it becomes a billion-dollar bug.

So it sounds like a big part of your motivation is educational?
Oh yeah, a very large part of it is educational. When I first started doing
this, I asked my professor if he thought there was academic merit to it. He
was really positive. The security community has been debating for a long time
about how we secure chip buses--do we just make it really fast and take it out
of the realm of hackability? This sets a data point for what it takes to
extract data out of a high-speed bus. It's a real meat-and-potatoes example of
security--what can go wrong and what can be done about it.

Do you expect your work to be reflected in the design of Xbox 2?
I think it will be. Nvidia had to scrap a bunch of chips because Microsoft
rotated the (security) code, and I think that was at least, in part,
specifically because of what I'd done.

With the Xbox 2, there's a couple of different directions they could take.
They could say, "Fair use is fair use. Go ahead and run Linux on it, but if I
catch you copying games, I'm going to nail you good." Or they'll try to tie it
down even more cryptographically.

There are things that they can try. But there's a dozen attacks that I've kept
in my back pocket and that other hackers have kept in their back pockets that
nobody's even talked about. Those will come out if Microsoft tries to secure
the hardware again.

What do you think of the James Bond hack for running unsigned software on the
Xbox?
That looks really promising for freeing Linux to the mainstream. It either
spells the beginning for a new age in Xbox hacking, or it's the demise. Either
it's such a potent weapon against the Xbox that Microsoft will have no choice
but to start enforcing stronger policies on hacking, or they may have to
change the hardware. Or they could decide to back off and let Linux flourish.
But I think it's going to tip the scale somehow.

And this is just one exploit. There are probably a lot of others. The thing
that I'm looking for a is network attack, where you just plug it into the
network, run a script on the PC and send a specially formed packet to the
Xbox, and voila, you've got your code in the Xbox. That's the kind of thing
I'd look out for being an incredibly huge problem for Microsoft.

Has the rationale for running Linux on an Xbox been diluted, now that you can
buy a $200 Linux PC from Wal-Mart?
People talk and joke about that a lot. But there are a couple of things to
realize. One is that those $200 PCs don't have anything close to the graphics
power that the Xbox has. And most of the Linux applications for the Xbox have
not been geared toward turning it into a Web server or a word processor. They
want to turn it into a media center and have the box under their stereo system
that stores videos, digital audio and other stuff. The Xbox is really pretty
handy for that. And they use Linux because it has all these great tools for
working with media.

What the appeal for you to doing reverse engineering work?
I think it's an important area and it's fun. I really like security more than
anything else, so I've been working on TEMPEST-style surveillance equipment,
looking for security holes that should be fairly obvious, trying to raise
awareness for the public that information isn't as safe as it is thought to
be.

Something like a public service job?
I guess you could say it's public service. What it boils down to is either
someone's going to write a paper and say there's this vulnerability, or you're
going to find out the hard way. One of my goals as I do this exploration, more
for my own fun than anything else, is to be able to say it was this easy or
this hard to break your hardware, and here's what you can do to remedy it.

Powered by blists - more mailing lists