lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: se_cur_ity at hotmail.com (Hotmail) Subject: FW: FEEDBACK: Testing Microsoft and the DMCA so i understand this... ITS ILLEGAL TO TAKE ANYTHING APART AND STUDY IT AND TALK ABOUT IT ???? I belive I can do whatever it is I choose to do with a product that I purchase. Next it will be illegal to throw away your xbox because someone might get it out of the rubbish and use it.. or heaven forbid.. LOOK INSIDE. MY2BITS ----- Original Message ----- From: "Jason Coombs" <jasonc@...ence.org> To: <full-disclosure@...ts.netsys.com> Sent: Friday, April 18, 2003 8:01 PM Subject: [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA > -----Original Message----- > From: Jason Coombs [mailto:jasonc@...ence.org] > Sent: Friday, April 18, 2003 4:58 PM > To: david.becker@...t.com > Subject: FEEDBACK: Testing Microsoft and the DMCA > > > I'm an author and computer forensics/infosec expert who recently authored a > book about information security and Microsoft Internet Information Services > (IIS) that Microsoft Press was planning to publish... They opted not to > publish my book after they got a chance to read it; perhaps fearing that > acknowledging flaws and pointing out weaknesses in their own products would > undermine their position with respect to prosecuting DMCA violators. > > After reading your article concerning "Hacking the XBox" I thought you might > be interested in my story as well. My literary agent pitched my book to Wiley > and it was rejected rather abruptly and with no discussion (odd, considering > that I've been published by both Wiley and Hungry Minds/IDG Books in the > past). > > My plan, if I can't find a publisher willing to take the 'risk' of exposing > details of vulnerabilities in IIS, is to give away my book as an open source > manuscript/electronic book in order to educate people who use Windows Server > operating systems and IIS on critical security countermeasures. There's no > reason for Microsoft customers to be kept in the dark about necessary security > precautions simply because publishing the forensic details threatens to result > in prosecution of those responsible, or in the case of Microsoft Press, > threatens to take Microsoft's DMCA teeth out of their big fat head. > > Sincerely, > > Jason Coombs > jasonc@...ence.org > > -- > > Testing Microsoft and the DMCA > By David Becker > Staff Writer, CNET News.com > April 15, 2003, 4:00 AM PT > > > newsmakers Taking a break from working on his doctoral thesis, Massachusetts > Institute of Technology (MIT) graduate student Andrew "Bunnie" Huang decided > that it might be fun to poke around the security systems protecting > Microsoft's Xbox game console. > > With a little creative tinkering and a measure of precision soldering, Huang > quickly isolated the main public security keys. Although legally prevented > from sharing the keys with the world, he described his methods in detail in a > widely distributed research paper, helping spur a wave of Xbox-hacking that > has led to the development of Xbox versions of Linux and other homemade > software. > > After graduating from MIT last year, Huang set up his own consulting business, > specializing in reverse engineering. But he still has some more Xbox insights > that he'd like to share with the world--that is, if only he can find a way. > > Click Here. > > Huang's recently completed book, "Hacking the Xbox" was recently dropped by > Wiley subsidiary Hungry Minds, citing possible legal issues under the > controversial Digital Millennium Copyright Act (DMCA). The Department of > Justice recently used the DMCA to shut down ISOnews.com, a Web site partly > used to distribute Xbox-hacking tools, and to imprison the site's owner. > > Plans to self-publish the book hit another snag a couple of weeks ago when > Americart, a provider of online shopping cart services, declined to sell the > book because it feared getting sued. But Huang remains determined to press > this project through to completion. > > "The thing I have to emphasize is that the book itself is not criminal," Huang > said. "It'd be like saying that breaking and entering is illegal, so you can't > write a book on how locks work." > > Huang spoke with CNET News.com about the book, the importance of hardware > hacking and his willingness to serve as a DMCA guinea pig, if necessary. > > Q: What have you learned to do with the Xbox since your research paper was > published? > A: I did a lot of work but if I talked about it I'd get in a lot of trouble. I > did some work with a few people who were trying to figure out alternate > methods to get to the Xbox hardware without necessarily involving the > copyrighted code Microsoft has--basically finding backdoors in the > initialization and boot sequence. > > I helped out one guy in particular who was critical in figuring out the method > that's used by everyone today. It is basically a flaw in the system > initializer that lets you put code anywhere in the system that you want it. > > From there, I backed off and got kind of quiet. Things were starting to heat > up, and a lot of people were starting to move into piracy and other very > controversial issues. I sort of became a fly on the wall and gave people > advice in some key areas. > > And then Wiley approached you about writing a book? > Yeah--Wiley has the "Dummies" series, and wanted to create a similar line of > introductory hacking guides: hacking TiVo, hacking the Xbox, hacking your DVD > player. The book overall is an education book. I try to teach people as much > as possible how to do hacks on their own and try to avoid as much as possible > the really cookie-cutter, boring stuff. > > So it's not just, "Here's how you install this mod chip?" > There are a few pictures of mod chips installed...but it's more like here's > how a mod chip works, and here's how people used reverse engineering to figure > out how Xbox security works. It's trying to give a novice hacker or someone > who has very little experience the confidence he or she needs to open up the > box and start playing around with the stuff on the inside. And there's sort of > a running dialogue about the experiences that I had getting into the Xbox, > including the legal issues. > > It ends with a brief section on where things are today. That's where I mention > mod chips. But the book is really encouraging people to learn their own way. > > Was there much discussion of legal concerns with the publisher? > When I first started working with them, they realized that it was a touchy > subject. They had me develop an outline, and when I went over it with their > lawyers, they said, "Yeah, this should be OK." > > Then I got a call (a few months later) during which they basically said they'd > had some turnover in the legal department and weren't feeling so good about > the book now. I don't know if this had anything to do with it, but right > around the time that they gave me they call, the Department of Justice shut > down ISOnews.com and they were sort of beating on the doors of a lot of mod > chip guys. > > Has the ISOnews.com case had a chilling effect beyond your work? > I think that it's had a major chilling effect. Maybe the reason that companies > started (backing out of such publishing deals) this is that the DMCA has > become such a hot topic. A lot of companies aren't willing to really push > their content directly through a public trial. The whole idea of taking a > person and making an example of him seems to have backfired. They tried that > with a few guys and it didn't work. > > I think a lot of companies are starting to take more indirect attacks. To use > a really bad analogy, instead of going for the mafia boss, you take out the > guys in the street, the little mod chip vendors. > I want to put a stake in the ground and say, "Hey, I strongly believe what I'm > doing is legal. > They're trying other techniques within the word of the law to put a damper on > this activity without getting bad press. > > If they were to go ahead and take any Xbox-Linux guys and crucify them for > running Linux on the Xbox, they'd have the whole open-source crowd really up > in arms. There'd be a really big negative mark on the Xbox. > > So even though Microsoft has said, "You guys can't run Linux on the Xbox," > they're not going to really do anything about it in the short term. It's not > hurting their revenue enough to have them fight a battle on principle. > > Are you afraid personally of the possible consequences of publishing the book? > Oh yeah. Lately it's been really day-to-day. I get a lot of e-mail from a lot > of people, and sometimes you see the subject line and freeze for a moment, > thinking, "This is it, they're coming to get me." And then it just turns out > to be an innocent question. But the fact that Americart felt it had to reject > my book shows how jittery people are. > > So how are you going to sell the book now? > There's always PayPal, I guess...Although someone pointed out to me that > PayPal has an explicit clause that says you can't use the service to sell mod > chips. Even though this isn't a mod chip per se, it might be construed as a > technology or a tool under the wording of the DMCA. > > The big question that I had when I published my paper at MIT was whether this > would be considered a copyright circumvention tool under the DMCA. I think > it's wildly unrealistic to think that a court would agree with such an > expansive interpretation of a tool. But to a limited degree, they might go > along with it. > > Beyond the question of what's a tool, there are still a lot of questions about > whether mod chips are copyright circumvention devices at all, since they do > other, legitimate things. Would it be useful to have a court opinion on that? > It would be. I think that part of the reason I decided to go ahead with the > book is that I'm really tired of hearing, "Well, there's three cases that > never went to court, but here's the direction in which they kind of leaned." > There's no real stakes in the ground about this. > > There's a lot of fear, uncertainty and doubt. And the longer the people who > want to enforce these laws can cast the shadow of fear without ever having to > bring something to court, the more effective they are. This type of publishing > is kept underground and under control. > > I want to put a stake in the ground and say, "Hey, I strongly believe what I'm > doing is legal and it's beneficial for people to know about this stuff." If we > don't know about it, then the bad guys are going to figure it out and they're > going to take our lunch. Maybe I'm being a fool by saying this, but if someone > wants to challenge me on this, I think it's something we need to talk about in > a court of law. I don't know where I'd find the resources to defend myself. If > I am taken to court, then I'll figure it out. > > The big game companies seem to paint all hacking as enabling software piracy. > What's your rationale for why it's useful to hack the hardware? > There's this thing called fair use that pretty much had been protected until > the DMCA came out. It says that if I take my hard-earned money and buy a piece > of hardware--whether it's a hammer or a razor or a computer--I can take it > home and do what I want. > The real critical issue is if it turns out that Microsoft can put a ban on > people running their own code on a piece of hardware. > I don't have to just use a hammer to pound nails. Same goes for a computer or > a video game machine. > > The real critical issue is if it turns out that Microsoft can put a ban on > people running their own code on a piece of hardware. That'd enable people to > develop monopolies over hardware by simply securing the hardware to something > cryptographic in the software base. Microsoft could start offering incentives > to hardware makers to install a Palladium chip that only runs Windows on it, > and people who remove it are guilty under the law. Eventually, you just lock > up the whole world. > > That's the whole crux. We're going to investigate this hardware and run Linux > on it and push things a little. We need to figure out really soon what this is > going to do to the industry and whether this is something of which we need to > be afraid. > > Right after I did the paper, I worked with a guy to find the avenues to > completely bypass the Xbox security systems. And what we ended up with was > amazing. It was a concatenation of four bugs from various vendors that allowed > it to happen. > > It's a real-life example of why I think Palladium isn't going to work--every > vendor is going to have some small bug that individually doesn't mean much, > but when you stack 'em together, it becomes a big security hole. And once you > commit it to silicon, it becomes a billion-dollar bug. > > So it sounds like a big part of your motivation is educational? > Oh yeah, a very large part of it is educational. When I first started doing > this, I asked my professor if he thought there was academic merit to it. He > was really positive. The security community has been debating for a long time > about how we secure chip buses--do we just make it really fast and take it out > of the realm of hackability? This sets a data point for what it takes to > extract data out of a high-speed bus. It's a real meat-and-potatoes example of > security--what can go wrong and what can be done about it. > > Do you expect your work to be reflected in the design of Xbox 2? > I think it will be. Nvidia had to scrap a bunch of chips because Microsoft > rotated the (security) code, and I think that was at least, in part, > specifically because of what I'd done. > > With the Xbox 2, there's a couple of different directions they could take. > They could say, "Fair use is fair use. Go ahead and run Linux on it, but if I > catch you copying games, I'm going to nail you good." Or they'll try to tie it > down even more cryptographically. > > There are things that they can try. But there's a dozen attacks that I've kept > in my back pocket and that other hackers have kept in their back pockets that > nobody's even talked about. Those will come out if Microsoft tries to secure > the hardware again. > > What do you think of the James Bond hack for running unsigned software on the > Xbox? > That looks really promising for freeing Linux to the mainstream. It either > spells the beginning for a new age in Xbox hacking, or it's the demise. Either > it's such a potent weapon against the Xbox that Microsoft will have no choice > but to start enforcing stronger policies on hacking, or they may have to > change the hardware. Or they could decide to back off and let Linux flourish. > But I think it's going to tip the scale somehow. > > And this is just one exploit. There are probably a lot of others. The thing > that I'm looking for a is network attack, where you just plug it into the > network, run a script on the PC and send a specially formed packet to the > Xbox, and voila, you've got your code in the Xbox. That's the kind of thing > I'd look out for being an incredibly huge problem for Microsoft. > > Has the rationale for running Linux on an Xbox been diluted, now that you can > buy a $200 Linux PC from Wal-Mart? > People talk and joke about that a lot. But there are a couple of things to > realize. One is that those $200 PCs don't have anything close to the graphics > power that the Xbox has. And most of the Linux applications for the Xbox have > not been geared toward turning it into a Web server or a word processor. They > want to turn it into a media center and have the box under their stereo system > that stores videos, digital audio and other stuff. The Xbox is really pretty > handy for that. And they use Linux because it has all these great tools for > working with media. > > What the appeal for you to doing reverse engineering work? > I think it's an important area and it's fun. I really like security more than > anything else, so I've been working on TEMPEST-style surveillance equipment, > looking for security holes that should be fairly obvious, trying to raise > awareness for the public that information isn't as safe as it is thought to > be. > > Something like a public service job? > I guess you could say it's public service. What it boils down to is either > someone's going to write a paper and say there's this vulnerability, or you're > going to find out the hard way. One of my goals as I do this exploration, more > for my own fun than anything else, is to be able to say it was this easy or > this hard to break your hardware, and here's what you can do to remedy it. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists