lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1065641255.30355.19.camel@tantor.nuclearelephant.com>
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski)
Subject: Is the record industry turning to Trojan
	horse  programs to copy-protect CDs?

> The LaunchCD.exe program also presents an end user license agreement (EULA).
> If the user ever clicks Accept to agree to the terms of the license, the
> MediaMax driver is set to remains active even after the computer is
> rebooted.

My 2 cents...

If permanent installation of this driver was included in the EULA, then
this is not a trojan horse.  Since I don't have a copy of the license
agreement handy, I couldn't say whether it's in there or not...but IMHO,
too many people ignore the fact that they are allowing themselves to be
legally bound to such agreements without even reading them, and many
newer EULAs even include an auditing clause giving the manufacturer to
visit your facility and audit your systems.  One of these days the RIAA
might try and install monitoring software under such an agreement, and
people who blindly agree to EULAs will be the ones nabbed by the RIAA.

Also, if the EULA states that the user agrees not to make multiple
copies of the media (which it probably does) then that user has agreed
not to make multiple copies of the media...and shouldn't be bothered by
the installation of such driver.

I guess my point is, if you want to rip CD's, don't agree [via EULA] not
to do it in the first place.  If you truly believe that ripping CDs and
putting them on a P2P network is ethical (as many do), then you violate
your own ethics by agreeing not to and then doing it...so just do it,
without agreeing to a contract.

This copy protection ought to last about a month before word gets out to
all the mp3 kiddiez to turn off autorun.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ