| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Supposed SaS "encryption" weak - Coments and Infor about wrong claims Valdis.Kletnieks@...edu wrote: > No person shall circumvent a technological measure that effectively controls > access to a work protected under this title. The prohibition contained in the > preceding sentence shall take effect at the end of the 2-year period beginning > on the date of the enactment of this chapter. > > Note the word "effectively". Also note that Adobe managed to make the case > that rot-13 was effective...... This raises two interesting (at least to me) points: 1. How pathetic were the "expert witnesses" for the defense that they could not show that suitably trained chimpanzees could break ROT13 simply by eyeballing -- a "technology" so "weak" is clealry no technology... 2. Recalling the recent case of the "Shift-key subverts audio CD copy protection" (or whatever) thread, could similarly miserable lack of technology (aka the "solution" developed by the shysters who sold that rubbish to BMG, etc) _ever_ be successfully defended under the claims of the DMCA? It strikes me that a "technology" so miserable as to be "defeated" by a normal, well-known, albeit non-default, but available through MS-provided tools (TweakUI...), mechanism as disabling autorun for CD drives could never have stood up in any "sensible" court. Perhaps the makers of this bogus "technology" recognized this very early in the piece and that is why they withdrew the DMCA-inspired action they (reputedly) planned against the discoverer/publisher opf this information. OK -- there's a thiurd point; more a question... 3. On this latter issue (the bogus copy-protection system), imagine a US citizen who just happened to have two systems which were "normally" (by their definition of the typical uses of the machines) configured with CD autorun off and on respectively. On noting that the reputed "copy-protection" of said discs did not work on the "autorun off" machine and did work on the "autorun on" machine, would their actions to that point, or their subsequent publicizing of their observation, count as "circumventing a technological measure..." under the act?? Regards, Nick FitzGerald
Powered by blists - more mailing lists