Murdoch's Hacker Speaks Out 86
This article from a Swiss newspaper recounts the appearance of Christopher Tarnovsky at the European Black Hat conference (link is to a Google translation of the French original). Next month Tarnovsky will testify in a lawsuit brought by a maker of satellite TV encryption systems (Kudeslki) against an Israeli company (NDS), for whom Tarnovsky worked until recently. (NDS is owned by Rupert Murdoch's News Corp.) While with NDS, Tarnovsky cracked Kudeslki's crypto, but claims he didn't post the result on the open Net. His responses to audience questions are amusing, in particular when someone from Microsoft asks him about breaking the Xbox 360 console. Tarnovsky replies (in the translation): "I have been offered 100,000 dollars for the break, but I replied that it was not enough."
Re:Sky TV uses Linux (Score:5, Insightful)
The formula is not important and a good encryption algorithm should be free.
The key used is the protected part and should not be a part of the source code.
Re:Sky TV uses Linux (Score:5, Insightful)
Or, we have thought of it, it's just not as easy as you think. The problem is that the decoder has to have the key, otherwise the paying client can't watch TV. A pirate reverse engineers the decoder to find the key. The defence against this type of attack is to try and hide the key - one solution is to hide the key in hardware - the smartcard option. Another is to hide the code in software, using code obfuscators, virtual machines, whiteboxes. The final option is to obtain the key from a server, using two-way comms.
None of these solutions is fullproof, the first two choices are just security through obscurity - they can, and will, be hacked given enough time/incentive. The third option is problematic because what happens if the key server goes down? Plus, you need to have a whole head-end server infrastructure to support the solution, which the operators don't like. I know, I implemented the client half of such a system for a major content protection company a couple of years back.