Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 92

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
DRM

Sega Saturn's DRM Cracked Almost 23 Years After Launch (gamasutra.com) 96

An anonymous reader writes from a report via Gamasutra: The Sega Saturn's DRM has finally been cracked after it hit store shelves nearly 23 years ago in November 1994. Engineer James Laird-Wah first set forth to break through the console's copy protection in an attempt to harness its chiptune capabilities. Laird-Wah has, however, developed a way to run games and other software from a USB stick in the process. Since disc drive failure is a common fault with the game console, his method circumvents the disc drive altogether, instead reworking the Video CD Slot so it can take games stored on a USB stick and run them directly through the Saturn's CD Block. "This is now at the point where, not only can it boot and run games, I've finished just recently putting in audio support, so it can play audio tracks," explained Laird-Wah, speaking to YouTuber debuglive. "For the time being, I possess the only Saturn in the world that's capable of writing files to a USB stick. There's actually, for developers of home-brew, the ability to read and write files on the USB stick that's attached to the device.
Crime

Aaron Swartz Ebook's DRM Has Been Cracked (hackaday.com) 63

Slashdot reader jenningsthecat writes: From Hackaday comes news that the collected writings of Aaron Swartz, released as a watermarked eBook by publishing company Verso Books, has had its watermarking scheme cracked by The Institute for Biblio-Immunology, who also published a guide for removing the BooXtream watermarks.

The writings of Aaron Swartz, with DRM applied? Oh, the irony. Still, at least the DRM employed doesn't restrict a user from reading the book on any and all capable devices, so it's not a very intrusive form of DRM. But I somehow doubt that Mr. Swartz would take any comfort from that...

Piracy

Judge Dismisses Movie Piracy Case, IP-Address Doesn't Prove Anything (torrentfreak.com) 164

An anonymous reader quotes a report from TorrentFreak: In what's believed to be a first of its kind ruling, a federal court in Oregon has dismissed a direct infringement complaint against an alleged movie pirate from the outset. According to the judge, linking an IP-address to a pirated download is not enough to prove direct copyright infringement. In the Oregon District Court, Magistrate Judge Stacie Beckerman recently recommended dismissal of a complaint filed by the makers of the Adam Sandler movie The Cobbler. According to the Judge both claims of direct and indirect infringement were not sufficient for the case to continue. What's unique in this case, is that the direct infringement claims were dismissed sua sponte, which hasn't happened before. To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer. This is traditionally done by pointing out that the IP-address is directly linked to the defendant's Internet connection, for example. However, according to Judge Beckerman this is not enough. In response to community backlash, Oculus has decided to change its DRM policy (again) to allow HTC Vive games to play on the Oculus Rift virtual-reality system.
DRM

Oculus Ditches DRM Hurdle, Allows HTC Vive Games On Rift Again (venturebeat.com) 37

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."
Iphone

'Headphone Jacks Are the New Floppy Drives' (daringfireball.net) 771

According to the Wall Street Journal, Apple's upcoming iPhone won't have a 3.5mm headphone jack. The news has already upset many people. The Verge's Nilay Patel wrote on Tuesday that the decision of getting rid of the legacy headphone port is "user hostile and stupid." Apple commentator John Gruber makes a case for why Apple's supposed move is not a bad idea at all. He writes:Patel misses the bigger problem. It's not enforcement of DRM on audio playback. It's enforcement of the MFi Program for certifying hardware that uses the Lightning port. Right now any headphone maker in the world can make any headphones they want for the standard jack. Not so with the Lightning port.He adds that the existing analog headphone jack "is more costly in terms of depth than thickness," and by getting rid of it, Apple could use the extra real estate to stuff in more battery juice. Addressing Patel's point that the move of ditching a deeply established standard will "disproportionately impact accessibility," Gruber adds that "enabling, open, and democratizing" have never been high on Apple's list of priorities for external ports. Gruber also addressed Patel's argument that introducing a Lightning Port-enabled headphone feature will make Android and iPhone headphones incompatible. He wrote: Why would Apple care about headphone compatibility with Android? If Apple gave two shits about port compatibility with Android, iPhones would have Micro-USB ports. In 1998 people used floppy drives extensively for sneaker-netting files between Macs and PCs. That didn't stop Apple from dropping it.As for "nobody is asking" Apple to remove headphone jack from the next iPhone, Gruber reminds: This is how it goes. If it weren't for Apple we'd probably still be using computers with VGA and serial ports. The essence of Apple is that they make design decisions "no one asked for".The 3.5mm headphone jack has been around for decades. We can either live with it forever, or try doing something better instead. History suggests that OEMs from across the world quickly replicate Apple's move. Just the idea of Apple removing the headphone jack -- the rumor of which first began last year -- arguably played an instrumental role in some smartphones shipping without the legacy port this year. If this is a change that we really need, Apple is perhaps the best company to set the tone for it. Though, whether we really need to get rid of the headphone jack remains debatable.
Android

Taking the Headphone Jack Off Phones Is User-Hostile and Stupid (theverge.com) 595

A WSJ report on Tuesday claimed that the next iPhone won't have the 3.5mm headphone port. A handful of smartphones such as LeEco's Le 2, Le 2 Pro, and Le Max 2 that have launched this year already don't have a headphone jack. The Verge's Nilay Patel has an opinion piece in which he argues that smartphone companies shouldn't ditch headphone ports as it helps no consumer. He lists six reasons:
1. Digital audio means DRM audio :Restricting audio output to a purely digital connection means that music publishers and streaming companies can start to insist on digital copyright enforcement mechanisms. We moved our video systems to HDMI and got HDCP, remember? Copyright enforcement technology never stops piracy and always hurts the people who most rely on legal fair use, but you can bet the music industry is going to start cracking down on "unauthorized" playback and recording devices anyway.2. Wireless headphones and speakers are fine, not great.
3. Dongles are stupid, especially when they require other dongles.
4. Ditching a deeply established standard will disproportionately impact accessibility.:The headphone jack might be less good on some metrics than Lightning or USB-C audio, but it is spectacularly better than anything else in the world at being accessible, enabling, open, and democratizing. A change that will cost every iPhone user at least $29 extra for a dongle (or more for new headphones) is not a change designed to benefit everyone.5. Making Android and iPhone headphones incompatible is incredibly arrogant and stupid.
6. No one is asking for this.
Desktops (Apple)

It Took 33 Years To Find the Easter Egg In This Apple II Game (vice.com) 97

Jason Koebler writes: Gumball, a game released in 1983 for the Apple II and other early PCs, was never all that popular. For 33 years, it held a secret that was discovered this week by anonymous crackers who not only hacked their way through advanced copyright protection, but also became the first people to discover an Easter Egg hidden by the game's creator, Robert A. Cook. Best of all? Cook congratulated them Friday for their work.
The article attributes the discovery to a game-cracker named 4am, who's spent years cracking the DRM on old Apple II games to upload them to the Internet Archive. "Because almost all of the games are completely out of print, all-but-impossible to find, and run only on old computers, 4am is looked at as more of a game preservation hero than a pirate."
DRM

Oculus No Longer Lets Customers Move Purchased Software To Non-Oculus Hardware (boingboing.net) 78

AmiMoJo quotes a report from Boing Boing: As recently as 5 months ago, Oculus founder Palmer Luckey was promising his customers that they could play the software they bought from the Oculus store on "whatever they want," guaranteeing that the company wouldn't shut down apps that let customers move their purchased software to non-Oculus hardware. But now, Oculus has changed its DRM to exclude Revive, a "proof-of-concept compatibility layer between the Oculus SDK [software development kit] and OpenVR," that let players buy software in the Oculus store and run it on competing hardware. The company billed the update as an anti-piracy measure, but Revive's developer, who call themselves "Libre VR," points out that the DRM only prevents piracy using non-Oculus hardware, and allows for unlimited piracy by Oculus owners.
Open Source

Linux Kernel 4.6 Officially Released (softpedia.com) 149

An anonymous coward writes: Just like clockwork, the Linux 4.6 kernel was officially released today. Details on the kernel changes for Linux 4.6 can be found via Phoronix and KernelNewbies.org. NVIDIA GeForce GTX 900 Maxwell support and Dell XPS 13 Skylake support are among the many hardware changes for 4.6. For Linux 4.7 there are already several new features to look forward to from new DRM display drivers to a new CPU scaling governor expected.
prisoninmate also writes: Linus Torvalds announced the final release of the anticipated Linux 4.6 kernel, which, after seven Release Candidate builds introduces features like "the OrangeFS distributed file system, support for the USB 3.1 SuperSpeed Plus (SSP) protocol, offering transfer speeds of up to 10Gbps, improvements to the reliability of the Out Of Memory task killer, as well as support for Intel Memory protection keys," [according to Softpedia].

"Moreover, Linux kernel 4.6 ships with Kernel Connection Multiplexor, a new component designed for accelerating application layer protocols, 802.1AE MAC-level encryption (MACsec) support, online inode checker for the OCFS2 file system, support for the BATMAN V protocol, and support for the pNFS SCSI layout."

Digital

DVDFab Has Ignored Court's Shut Down Order, AACS Says (torrentfreak.com) 167

An anonymous reader cites a report on TorrentFreak: DVDFab has failed to cease its operations in the U.S. and should be sanctioned, AACS says. The decryption licensing outfit founded by Warner Bros, Disney, Microsoft, Intel and others, informs a New York federal court that DVDFab's parent company has blatantly ignored a permanent injunction that was issued last year. In 2014 decryption licensing outfit AACS LA initiated a renewed crackdown on DRM-circumvention software. The company, founded by a group of movie studios and technology partners, sued the makers of popular DVD and Blu-Ray ripping software DVDFab in a New York federal court. After a brief legal battle the court ruled in favor of AACS, issuing an injunction based on the argument that the "DVDFab Group" violates the DMCA's anti-circumvention clause, since their software can bypass DVD and Bluray encryption. Among other things, the injunction barred DVDFab from distributing its software in public and allowed AACS to seize a wide range of domain names. The crippling injunction seemed to work, but not for long. In a new court filing, AACS notes that the software vendor briefly blocked U.S. purchases but went back to business as usual soon after (PDF).
Books

Kobo Customers Losing Books From Their Libraries After Software Upgrade (teleread.com) 81

Reader Robotech_Master writes: After a recent Kobo software upgrade, a number of Kobo customers have reported losing e-books from their libraries -- notably, e-books that had been transferred to Kobo from their Sony Reader libraries when Sony left the consumer e-book business. One customer reported missing 460 e-books, and the only way to get them back in her library would be to search and re-add them one at a time! Customers who downloaded their e-books and illegally broke the DRM don't have this problem, of course.From the report: A Kobo representative actually chimed in on the thread, telling MobileRead users that they were following the thread and trying to fix the glitches that had been caused by the recent software changes and restore customers' e-books. It's good that they're paying attention, and that's definitely better than my first go-round with Barnes and Noble support over my own missing e-book. Hopefully they'll get it sorted out soon. That being said, this drives home yet again the point that publisher-imposed DRM has made and is making continued maintenance of e-book libraries from commercial providers a big old mess. About the only way you can be sure you can retain the e-books you pay for is to outright break the law and crack the DRM in order to be able to back them up against your company going out of business and losing the purchases you paid for.
Electronic Frontier Foundation

Humble Bundle Announces 'Hacker' Pay-What-You-Want Sale (humblebundle.com) 52

An anonymous reader writes: Humble Bundle announced a special "pay what you want" sale for four ebooks from No Starch Press, with proceeds going to the Electronic Frontier Foundation (or to the charity of your choice). This "hacker edition" sale includes two relatively new titles from 2015 -- "Automate the Boring Stuff with Python" and Violet Blue's "Smart Girl's Guide to Privacy," as well as "Hacking the Xbox: An Introduction to Reverse Engineering" by Andrew "bunnie" Huang, and "The Linux Command Line".

Hackers who are willing to pay "more than the average" -- currently $14.87 -- can also unlock a set of five more books, which includes "The Maker's Guide to the Zombie Apocalypse: Defend Your Base with Simple Circuits, Arduino, and Raspberry Pi". (This level also includes "Bitcoin for the Befuddled" and "Designing BSD Rootkits: An Introduction to Kernel Hacking".) And at the $15 level -- just 13 cents more -- four additional books are unlocked. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is available at this level, as well as "Hacking: The Art of Exploitation" and "Black Hat Python."

Nice to see they've already sold 28,506 bundles, which are DRM-free and available in PDF, EPUB, and MOBI format. (I still remember Slashdot's 2012 interview with Make magazine's Andrew "bunnie" Huang, who Samzenpus described as "one of the most famous hardware and software hackers in the world.")
Hardware

Free Software Will Help Detect Faulty and Malicious USB-C Cables 113

Reader Mickeycaskill writes: The USB 3.0 Promoter Group, of which HP, Intel and Microsoft are members, has developed authentication protocols for USB-C and will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable. It has been suggested that hardware manufacturers could ship devices with an authentication system already installed. It is hoped that the specification will help end a number of recent incidents where sub-standard cables have either ripped off buyers or damaged devices. Most recently, Amazon said it would be adding USB-C cables and adapters that do not comply with standard regulations to its list of prohibited electronics items.
DRM

Researchers Help Shut Down Spam Botnet That Enslaved 4,000 Linux Machines (arstechnica.com) 47

An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."
Graphics

NVIDIA's Proprietary Linux Driver Adds Support For Wayland, Mir (phoronix.com) 83

An anonymous reader writes: After being desired by NVIDIA Linux users for years, the proprietary GeForce graphics driver natively supports Wayland and Mir as an alternative to an X.Org Server. It's been a long time coming for the proprietary GPU driver stacks to support Wayland/Mir, but with today's 364.12 beta driver there is now the necessary DRM KMS kernel support and EGL extensions for being able to handle these next-generation display solutions. The new NVIDIA Linux driver also provides integrated Vulkan support, PRIME rendering support, and other additions.
Security

Researchers Find iOS Malware That Infects Non-Jailbroken Devices (paloaltonetworks.com) 39

An anonymous reader writes: Researchers at Palo Alto Networks are reporting about a new iOS malware that could infect non-jailbroken devices without a user's consent. Dubbed "AceDeceiver," the iOS malware exploits a flaw in Apple's DRM software. The researchers claim that the iOS malware could technically infect any type of iOS device, provided a user downloads a third-party app. From the blog post on Palo Alto Networks' website, "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called "FairPlay Man-In-The-Middle (MITM)" and has been used since 2013 to spread pirated iOS apps, but this is the first time we've seen it used to spread malware." The aforementioned malware required users to download a compromised Windows application. Apple has removed three offending apps from the App Store, and it appears that only users in China were targetted.
Encryption

Next-Gen Ultra HD Blu-Ray Discs Probably Won't Be Cracked For A While (arstechnica.co.uk) 244

DVDFab, a software tool for ripping and decrypting DVDs and Blu-ray discs, will not be upgraded to support newer Ultra HD (4K) Blu-ray discs. Fengtao Software, which makes DVDFab, said in a statement that it "will not decrypt or circumvent AACS 2.0 in the days to come. This is in accordance with AACS-LA, (which has not made public the specifications for AACS 2.0), the Blu-ray Disc Association and the movie studios." AACS-LA is the body that develops and licenses the Blu-ray DRM system. AACS 2.0 has a 'basic' version that sounds quite similar to existing AACS, but also an 'enhanced' version of DRM that requires the playback device to download the decryption key from the internet. There might still be a hole in the AACS 2.0 crypto scheme that allows for UHD discs to be ripped, but presumably it'll be a lot tougher that its predecessors.
Books

E-book Museum At the Library of Congress? (teleread.com) 19

David Rothman writes: Back in 2003, Slashdot ran TeleRead's call for a brick-and-mortar international e-book museum at the Library of Congress. The proposed museum would focus on the devices and other technology rather than the content. It still isn't too late for such a project, and TeleRead is again advocating the idea. Content, too, actually would benefit -- considering that proprietary formats and DRM can imperil the future readability of e-books. Meanwhile, a small-scale e-book museum is about to open in Paris and is looking for donations. A worthy cause!
Security

Vulnerability In Font Processing Library Affects Linux, OpenOffice, Firefox (softpedia.com) 95

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Slashdot Top Deals