| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rms at computerbytesman.com (Richard M. Smith) Subject: Is the record industry turning to Trojan horse programs to copy-protect CDs? Analysis of the MediaMax CD3 Copy-Prevention System http://www.cs.princeton.edu/~jhalderm/cd3/ Abstract. MediaMax CD3 is a new copy-prevention technique from SunnComm Technologies that is designed to prevent unauthorized copying of audio CDs using personal computers. SunnComm claims its product facilitates "a verifiable and commendable level of security," but in tests on a newly-released album, I find that the protections may have no effect on a large fraction of deployed PCs, and that most users who would be affected can bypass the system entirely by holding the shift key every time they insert the CD. I explain that MediaMax interferes with audio copying by installing a device driver the first time software from the CD is executed, but I show that this provides only minimal protection because the driver can easily be disabled. I also examine the digital rights management system used to control access to a set of encrypted, compressed audio files distributed on the CD. Although restrictions on these files are more relaxed than in prior copy protected discs, they still prohibit many uses permitted by the law. I conclude that MediaMax and similar copy-prevention systems are irreparably flawed but predict that record companies will find success with more customer-friendly alternatives for reducing infringement. Windows has a feature called "autorun" that automatically starts programs from CDs when they are inserted into the computer. If a MediaMax-protected CD is placed in a PC that has autorun enabled, Windows runs a file called LaunchCD.exe located on the disc. This program provides access to the DRM-controlled encrypted content, but it also loads a special device driver into the system's memory. On Windows 2000/XP, this driver is called SbcpHid. The LaunchCD.exe program also presents an end user license agreement (EULA). If the user ever clicks Accept to agree to the terms of the license, the MediaMax driver is set to remains active even after the computer is rebooted. The driver examines each CD placed in the machine, and when it recognizes the protected title, it actively interferes with read operations on the audio content. Similar methods are used to protect the tracks on Windows 98/ME and Mac OSX systems.
Powered by blists - more mailing lists