Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Security

Document-Destroying Copy Protection System 152

Jeff Scarpace writes: "Defense and intelligence alums, including former Defense Secretary Frank Carlucci, are marketing a copy-protection system that works by taking control of your computer. Try to hack InTether, the creators say, and it destroys the document. Check out the article article here." Strangely, this system works only with Windows. Hmmm. Interesting too is the mention of SPOCK, or Security Proof-of-Concept Keystone.
This discussion has been archived. No new comments can be posted.

Document-Destroying Copy Protection System

Comments Filter:
  • Think about it, by allowing the user full control over his computer it is virtually impossible to apply digital rights management mechanisms (as you lined out) even InTether (which obviously only works, because every application can tweak the Windows OS to it's hearts content) can not stop me from booting into Linux and start dissecting it, copying any files, restore my HD to any state i like, you name it.

    Now let's look what happened to DeCSS: it allows you to convert CSS-protected content to a form you can watch on your linux box. What you then do with it, view it, copy it, send it to /dev/null ... is yours to decide. But now the Media Industry wants to protect "files", simple chunks of data, from copying. This is obviously only possible by working with a crippled OS, since copying (from the network card to ram, ram to hd, hd to ram, ram to processor ...) is what a computer does all the time, even more than computing (typical operation: Load OP a, Load OP b, Mul a*b -> a, Stor OP a; 3 copies, 1 compute) but now the OS has to trace all that copying, has to ensure it doesn't happen unauthorized, suddenly buffering becomes a major headache.
    Now microsoft tells the would be Mediacontrollers: "Look here, we bend over your customers nicely, so you can screw them, all we want is a little share in the profit", and Linux, allowing all that free copying, suddenly becomes a copyright circumvention device.
  • by superid ( 46543 ) on Monday March 12, 2001 @07:37AM (#369102) Homepage
    WOM - Write Only Memory!
  • You're not getting it, man. I used to be one of the programmers on InTether. It works on any kind of file, you will not be able to mount it under linux and copy anything out. And you can fit quite a bit in 300k. Its not normal application code, man....

    I hate to break the news to you, but 300k of code screams 'challenge' at me, as ZX Spectrum R-register decoders, and Rob Northen's Amiga copylocks did. They spent their entire time being 'difficult' to trace through (one-ahead instruction decryption based on the status register, hardware timings, etc), and they were cracked in days. Vast step my arse - your product may be 80x larger than an RNC copylock, that just means it'll take longer to crack. I doubt your code will require 100% accurate emulation as copylocks did. Provided the 'prize' (encoded content) is good enough, someone will endure the brainfuck of cracking it. There might even be an internet-based team to do it. It's just x86 code, the are no real secrets involved like true cryptography. DRM is the new guise of game disk copy protection, nothing more.

    Not all Slashdot readers are fresh-faced web scripters. Some people are actually 0ldsk00l.
  • This is exactly the sort of thing we need (assuming it actually works). Like Harlan Ellison said, "Information wants to be free" is bullshit when we're talking about people's livelihoods depending on selling that information. A good program like this would allow legitimate, beneficial "fair uses" and prevent outright theft and piracy.

    You see, contrary to what the typical, self-centered pseudo-anarchist pirate-citizen believes, it is NOT beneficial for music and other forms of art to be freely stolen.
  • If I understand how VMWare works, that would be a problem because VMWare uses special Windows video and sound drivers that interface to the VMware virtual machine. But that can be solved as well, by emulating the video and sound hardware and running signed drivers on it.

    Use Virtual PC on a Macintosh.

    It emulates hardware, including the x86 processor. It's not fast, but it's great for certian uses. It spells out exactly what it emulates. A Dec 21041 ethernet card on IRQ 11. A Trio S3 64 video card. etc., etc. Just read the manual.

    I love the Virtual PC approach because I can install any OS on it. The OS doesn't "know". Pity it only runs on Mac. Too bad we don't have source so we can put hooks into it to save the video / audio. Of course you can still do screen capture on the Mac itself, thus capturing Virtual PC. I suppose one could develop Mac software to capture the sound at the MacOS level, thus defeating all signed and secure pathways in Windows and the Virtual PC emulated hardware.
  • Yeah, it does... and the part, nearly halfway in, where he talks a bunch of sh1t about some other company and thier pitiful excuse for a document securing system.


    Brant
  • How much longer until corporate sponsored "war squads" will descend upon copyright violators, circumventing whatever "legalities" are in their way?

    I can certainly imagine a scenario where a corporation -- RIAA or Microsoft, for example -- frustrated with the slow legal process of finding and then prosecuting copyright violators decides to covertly sponsor a Delta Force-like "tactical copyright squad" to go in and eliminate the copyright violations.

    ...

    It's craziness. Mark my words. Ten years from now. We'll be hearing stories about "corporate BlackOps". Copyright squads. This is what all those black helicopters are. They're corporate-sponsored "Information Fighters."


    Hmm...sounds kind of like Shadowrun...

  • You see, contrary to what the typical, self-centered pseudo-anarchist pirate-citizen believes, it is NOT beneficial for music and other forms of art to be freely stolen.

    That's all fine. Just keep your battle out of my living room. I'm not making illegal pirate CDs, and no way in hell will I be treated as if I am.

    Want to go after criminal piracy? Use the legal system. That's what it's for. And, I might add, it's a whole lot more effective than any technological measures to date (or on the horizon).

    Reverse engineering is NOT piracy. It's just maneuvering things back to a usable state after they've been flummed up by snake-oil "digital rights management" hucksters.

  • ... running it in VMWare, then suspending the virtual machine and looking in the RAM file...? Bet they didn't think of that! Muahahahaha.....

    Once again the universal turing therom [all turing complete machines are equivlent] and the makes it possible to break copy protection.

    Could this be a violation of the DMCA? :)

  • by Tackhead ( 54550 ) on Monday March 12, 2001 @08:16AM (#369110)
    There's a reason he's going to Disney and AOL, and it ain't just because they pay better.

    Note the only "military" application: Preventing casual users of turnkey systems ("Here, Sargeant. Use this machine.") from inadvertently emailing sensitive documents home.

    Note what isn't in his DOD application: Preventing highly-trained adversaries (spies) from gaining access to the data.

    Finally - the FUD factor: Multiple "snake-oil crypto" signs are here... "11 different layers", as though that makes it more secure than, say, 10 different layers? More layers mean more security, right? I mean, there are more of them! Or phrases like "white screen of death", as opposed to "if the software detects tampering, it deletes itself".

    It's a cute hack to wrap DRM in an executable and bundle it with a file for 'doze, but it's hardly worthy of the "military grade document-destroying copy protection system" kind of hype it got in the puff piece at inside.com.

    Go, Schneier, go.

  • granted I am but a lowly programming student, not a real programmer, but one wise thing one of my profs keeps telling us is that "your program might do exactly what you designed it to do, but if th users can't use it, then it dosn't work !"
    >br> not that i believe everything i hears in school, it just seems like good advice
  • And, how do you destroy that information? When the software is running under VMware with virtual disks that you can just roll back? Or under wine emulation where you disable any writes? Or any other environment, that can trick the bejeezus out of any silly application like this? How are you going to ensure your application can really write? How does the application know it can trust the system clock?

    It Will Not Work. Either you have hard encrypted material with no ability for anyone but _you_ to decrypt, or you have total control over the physical system, and those are the _only_ ways you can control what anyone does with the data.

    As soon as the customer can use it, they will be able to use it any way they want, given sufficient skill (actually, in this case you wont even need much skill to crack that kind of security).
  • Well, as to audio, I just plug a tape deck into my machine's speaker out when I want to record audio that is "protected" digitally...

    -m

  • The BSA is doing this to businesses. They get a warrant from a judge and show up without warning with federal marshalls.
  • If it works in Windows it must be a bug in Windows. How can I trust an OS that can be taken over by a document?

    If this technique works for the "good" guys, it will work for "bad" guys as well.

    I believe that it's in the interests of Microsoft to plug this hole unless they are paid for leaving it open.

  • by Stephen ( 20676 ) on Monday March 12, 2001 @07:40AM (#369116) Homepage
    One relatively mild step, Friedman explains, is to force you to reboot your computer. Since the fastest reboot is about six minutes [...] Forcing a six-minute pause between each attack "shifts the advantage from the offense to the defense," Friedman maintains.
    Presumably requiring a six minute reboot cycle precludes developing a Linux or Mac version.
  • Make a false version of it for documents to trust,
    and have it happily decrypt and not restrict?
    Probably wouldn't be too hard..
  • So, you're saying that InTether cannot be traced using a PC emulator? That a piece of software (in this case, "driver-type code", which isn't really any different from normal application programs apart from running on a different ring) can decrypt something pseudo-automatically and not have the decryption key (or algorithm state, which is pretty much the same thing) somewhere in RAM where an interested party can trivially snarf it out?

    Listen, "dude", there have been countless attempts at binary program security (disassembly thwarting), of which exactly 0 have worked. Remember, code == data, software == hardware.

    Oh yeah, your semantic trickery (that "it's not security, it's content control" bit there) is a fucking smokescreen. Get real.

  • .. i could have swoorn thata this Tech has been available for a long time.. Now granted most of them work off af a series of "Panick Keys" that usually have to be typed in locally, im SURE if you look hard enough you can find somthing that does the exact same thing, probably for cheaper, and usually toy can SPECIFY what will be DEL'd... of course its reaslly a moot point, cause even if you Torch the disks the data is on, with enough time, money, and expertiese, it can be recconstructed.... well short of a format, but who would take the obvius route. Heck, to all the coders out there, MAKE A PROG THAT DOES THIS!!! Open source, just outa spite
  • easy holes...
    F8 at startup
    bootdisk
    read bits directly from the HD
    need I go on?
    =\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\ =\
  • They've put some fancy bells and whistles in here, but this is really no different than css. As soon as you "tether" a document and distribute it, you're handing the content to someone else. The various defenses they have put in (white screen, document destruction, system reboots) are trivial to work around- just hack the content on a non-windows box, or run it under an NT account that doesn't have the right to shutdown the system.
  • But what you're describing sounds suspiciously much like symmetric encryption, with some trickery to make sure that a certain program (who knows the token, aka key) can only access the data once before it's overwritten.

    This means that at some point the computer that decrypts the file (i.e. the user's computer) knows what the required decryption key is. Which in turn means that if the main program of the content control system (whereever it may be) is analyzed to find out where the "last tokens" are stored and how (which gives us a decryption key to the token database at the very least), the system will become breakable.

    The main problem of this type of systems is, of course, that you really really can't expect to keep a file secret when you give both the decryption key (i.e. the first token) and the data to the user.

  • by Bonker ( 243350 ) on Monday March 12, 2001 @07:41AM (#369123)
    The more and more content providors, be they government, entertainment or computer industry want to control information, the more and more Microsoft complies, probably more than anything to get on the government's good side. This is a disturbing trend, but sadly, not a surprising one.

    Since this system and others like it are by definition incompatible with open-source software like Linux, Linux has become the defacto standard if you want to be sure that you control your own computer and the information on it. The benifits are plain to see. You can 'hack' any document you choose and know the format for, be it a PDF (as mentioned in previous story) or something that is marked as secret, or something like the format listed here.

    Linux gives users the ability to control their information.

    Turn that around and you can see that Microsoft is building all sorts of hooks into newer versions of Windows that allow companies to try to enforce copy control and try to preserve their 'intellectual property rights'.

    Windows gives companies the ability to control their information.

    If it were this simple, it's obvious what operating system that the masses would prefer if given this choice. Unfortuneately, Linux developers have shown again and again that they have no people skills, and therefore no ability to make their software usuably by Granny and Uncle Jimbo. The vast majority of Linux software has had no usability testing whatsoever. Compare this to Microsoft Windows and MacOS, for whom usuability testing with non-technical people is a major, albeit understated part of software development.

    The onus here is on Linux developers and distributors. The software you work with and produce provides the ability to fight for freedom of information. Unfortuneately, these abilities go underused because the vast majority of computer users will never understand anything other than a simple point-and-click interface. Because Linux is a OS for hackers by hackers, the gains in information freedom it engenders will never be shared by the non-technically inclined.

    Making Linux *easier* to use may dumb down the interface, but it means more freedom for all concerned, and therefore, a sweeter victory in the information wars.
  • What I want to know, is why did they include that last paragraph at the end about the 'dark side' of every silver lining? They proceed to explain that hackers could use this technology to similarly equip their own correspondence with InTether making that unbreakable. Oh yeah! I forgot, the all-knowing US government developed this thing called Carnivore which can troll all correspondence on the Net. Well gee, this guy worked for the government. I'll bet they just built some Carnivore backdoors right into this InTether crap and are just trying to entice hackers to use it to make it even easier to justify monitoring *everyone's* email and file transmissions. Sounds good to me, Joe Schmoe numb-nuts consumer!

    Echelon has now added me to their database of political dissidents for using the words: Carnivore, Net, hacker and US in this posting. Resistance is futile!

  • The prime reason this will fail utterly is that Windows was not designed as a multiuser system.

    That may be true for windows 95 and 98, but not for NT or 2000, it's a true multiuser system, but almost every home user uses the 'root' account.

    I still don't think it would be posible to make this totaly secure, though.

    Rate me on Picture-rate.com [picture-rate.com]
  • Same idea. It`ll get cracked too. How wouldnt it? What will this lot do that all the other software writers of the last 20 odd years overlooked?
    Unless its a hardware/software solution. Or i guess, seeing as its a client-server thing, you could only display little bits of info at a time, which were securely removed before downloading the next bit. If you cant cut and paste bits, or do screen grabs, or copy the incoming data via the modem slots, then i guess you`re screwed!

    Loved the `post-napster` quote though! Is that anything like `post-beck` or `intelligent dance` then?
  • If you feel so strongly that a certain program is un-userfriendly, then WRITE THEM ABOUT IT!

    How is somebody supposed to know that other people don't like their design if those magical 'other people' don't tell them about it?

    --
  • MS is already a religion. Ever talk to an ms employee?
  • This is a little bit more serious than my previous post...

    This cannot be right (+5 Insightful), for what is complete B*** S****.

    I can think of, at least, two or three workarounds for this:

    Just because you can think of something, does not mean it will work, if you'd really cracked Zero Knowledge protocols. Well; you'd better prepare to be world famous and prossibly dead, because you've got the combined might of the KGB, MI5 and CIA, Mossad, indeed every intelligence agency in the world chasing you around the globe.

    In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the .EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.

    Game Over:

    The original data is now useless, essentially 'corrupt', all because you throught you knew what you where doing, and did not. You've just copied some useless encrypted data. Well done. Using WinICE under Windows, while executing the .EXE to "read" a file would certainly yield interesting results...

    Interesting perhaps, but useless, because the whole data set and token (key) would vary every time. So all you've got is more encrypted data. Well done.

    Cracking the encryption scheme is, of course, left as an exercise for the reader. But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?

    Left to the reader because you've got absolutely no idea what you're writing about. This is about zero knowledge protocols, something you clearly know the about the same about. All you've done, is copy encrypted data multiple times, and got different data each time.

    Estimated time to crack: anywhere from 24 hours to 1 month.

    Guessing again. Because this would depend on the underlying hashing algorithm. Not the Zero knowlege protocol used to access it. Repeat after me: security through obscurity does not work.

    True, but this not. I suggest you do some background reading before you jump off in the deep end again.

    Repeat after me: security through ego does not work either. Just because you think something is secure, or insecure does not make it so.

    End of transmission.

    I hope so.

  • My guess: Piece 1) They have an installable filesystem that uses a data file stored within the normal windows filesystem. This installable filesystem will only open files when piece number 2 says it's OK. Piece 2) A series of hooks into the GUI that intercepts Window Messages by hooking the systems event queue. If a clipboard message, print message, etc come through destined for the window queue corresponding to a "protected document" they're discarded. Piece 3) The "integrity checker" which is probably pinging the other modules to make sure they're still alive. (Hey, that's got to be good for system performance!)
  • Every Day we get closer and closer to the inspector Gadget cartoon. The Chief better watch out.
  • sorta funny, i think the point is for most users the restart time is 6 minutes. My restart time is no where near that, funny too, that i hardly ever have to restart my windows machine. also, I dont think i have ever seen a machine with that kind of restart time. I think that rumors of how *much* windows sucks have been greatly exaggerated.
  • "Deltree /y C:\Music" would be more effective I think, since most people probably have some subdirectories to organize their music.
  • Imagine the combination of this technology with the "electronic text books" profiled on slashdot a while back. Those medical, dental, and other professional schools -- and the companies that supply them -- who have decided to sell textbooks to students on digital media would be able to ensure that students had to regularly "refresh" their books through contact with the providers' servers.

    Equally, digital media with a "stale date/stale - {defined condition}" feature would ensure against people selling their old books once they graduated.

    I can see why the publishing/mpaa/riaa/(fill in your favorite intellectual property monopolist) communities would love this!

    I am glad that the model referenced here is so obviously vulnerable to userland/client-side hacking. Otherwise this is would be an information-freedom nightmare.

    D
  • why, oh why, didn't i preview :-(
  • The cat will also stop banging random keys within a few years.

    Worry about your parrot on your keyboard.

  • if you think about it, this is (one of?) the only way to keep information secure -- don't allow it to be copied, and if somebody starts screwing around with it, destroy it...also, destroying after a set time period is another way to keep the information from getting around to too many places..

  • I'm more concerned with this becoming part of a virus/DOS attack.

    Write up a VBScript email attachment that trips the InTether mechanism for all the protected files on the recipient's computer. Instantly all of the protected movies, songs, eBooks, legitimate or not, get deleted.

    Or, better yet, fake it into thinking that an InTether document is open, and (according to the article) the recipient won't be able to cut/copy/paste/print anything else on the computer. We had to destroy the village to save it.

  • Roastbeef. Yep, that's me :) I still read the IO board every week or so... just not too many threads where I can contribute useful info anymore.
  • I've already got my computers and whole apartment to blow up at a moments notice already, goddamit. These people are amateurs. People call me "Bril".
  • Well... it can't be encrypted without some kind of key exchange system. Either just telling someone a password that they need to type in, or a PKI system (which I doubt they have).

    Otherwise, they would have to use the same key (or one of a finite number - that would have to be quite small if they want to be able to open the file in any reasonable amount of time) for every file. And that's a cipher, which is infinitely weaker than real encryption.
  • People never learn,

    Yes, it's probably difficult to hack, yes you can force updates to the software, no it won't retroactively work.

    If the current software version is 3.5, 3.4 has been sucessfully hacked then all files created with a versions = 3.4 will all be hackable on a machine that has not had 3.5 installed yet.

    Anyone know if VMware will let you round this - Presumably the document could be read straight out of memory of the virtual machine.

    Would the following attack work? Load up word + document on a low memory machine, minimize, load a huge application. Power off machine without shutdown, read data from swapfile off disk.

    A trojaned copy of the application that duplicates the data to disk?

    However, I suspect version incompatibilies will kill this, I suspect each service pack you download will automagically render you unable to read protected documents until the protected software is upgraded to match. Expect an upgrade an hour.

  • Comment removed based on user account deletion
  • This document will self destruct in 5 seconds.

    4.

    3.

    2.

    Have a nice day!

    1.

    boooooom!

  • by Noryungi ( 70322 ) on Monday March 12, 2001 @07:44AM (#369145) Homepage Journal
    This is a little bit more serious than my previous post...

    I can think of, at least, two or three workarounds for this:

    In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the .EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.

    Using WinICE under Windows, while executing the .EXE to "read" a file would certainly yield interesting results...

    Under Linux, mount the Windows disk with appropriate rights and use Linux equivalents.

    Cracking the encryption scheme is, of course, left as an exercise for the reader. But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?

    Additionnal brownie points will be given to the reader who determines which compiler and programming language has been used to create this little thing. (Hint: look at the end of the EXE file for informative compiler strings).

    Estimated time to crack: anywhere from 24 hours to 1 month.

    Repeat after me: security through obscurity does not work. End of transmission.
  • altavista.box.sk will remove that protection
  • by wunderhorn1 ( 114559 ) on Monday March 12, 2001 @07:45AM (#369147)
    But is it scary enough that the general public could be convinced not to buy content that has been encrypted using this software?

    I'll assume it to be self-evident that this kind of copy-protection is Bad and Wrong. Other people can start that debate.

    We need to get some bad publicity going about this kind of technology:
    *What if the RIAA could destroy your entire CD collection by sending the correct message to your computer?
    *What if Windows crashing could destroy every book own?
    *What if the MPAA could render your home-video collection useless?

    If we're talking about digital copies of the above media with this kind of copy protection, *it could happen*
    But what if no one bought the songs or movies or books encoded with this technology? Hmm?
    Let's not let them take away our rights as we sleep!

  • " Cry me a fucking river, you pansy"

    A pansy is a idiot luser who can ot be bothered to learn how to use a program.
    A pansy is a whiner who complains that the software someone worked his ass off to produce and then gave away sucks.
    A pansy is someone who would rather bitch on slashdot then get off his butt and write documentation or test the freaking thing in the first place.

    Why are you wating for someone else to do the testing? Is it too much to ask for for your pansy ass?

    Screw mom and pop, they are idiots, they will eat whatever junk some corporation spoonfeeds them. They have zero awareness of the world around them, they don't give a flying donut about anything except their favorite TV show. The corps love them because they are so easily duped into paying money for useless junk wheather that's nose hair clippers or buggy software.

    Let them lose their freedom they will enjoy having less choices, they will revel in knowledge that big brother is watching out for them. They will listen to talk radio and nod their heads mindlessly while consuming whatever junk is being peddled there.

    The world needs stupid people and thank god there is an endless supply.
  • I think that this was User Friendly [userfriendly.org] from last month!
  • But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?

    You're obviously quite young. Otherwise you'd remember the 'Home Computers' of the 1980's. Typically an 8k or 16k ROM would hold an entire OS and programming language.

    Of course that was when an OS was an OS and not an OS, a GUI, various applications, sandwich toaster, cuddly toy...

  • That's because it's NT based. and NT takes 6 to 8 minutes for reboot.
    (and that's on a P-III 800 with 256 meg)
  • Finally - the FUD factor: Multiple "snake-oil crypto" signs are here... "11 different layers", as though that makes it more secure than, say, 10 different layers?

    Kinda like, "The Colonel's eleven herbs and spices."

    It's a cute hack to wrap DRM in an executable and bundle it with a file for 'doze, but it's hardly worthy of the "military grade document-destroying copy protection system" kind of hype it got in the puff piece at inside.com.

    Yeah. I talked to a guy who worked for a while at the Navy. He said their machines had the capability to melt the hard drives with a special key combo + password. Now *that* is a document-destroying system!

  • Hey, you've got it!

    Here's the plan.

    First, we redefine Bill Gates to be God. I'm sure he'll like that, if only to keep Larry Ellison from taking the title.

    If Bill Gates is God, than Microsoft is his faith, his personality cult. From there, we can use the First Amendment freedom of religion to keep M$ and U$A from getting into cahoots!

    Yow! Am I CONSING yet?!?

  • They could beat this workaround by taking an MD5 or SHA hash of all the executables and storing them in a seperate cryptographically signed file, kinda like the way Tripwire works. If the hashes don't check, the program refuses to run.

    Since the checksum file is signed at the factory, the private key would not need to be distributed - only the public key is needed to verify the signature. Any attempt to modify the executables, dll, or checksum file (including an attempt to NOOP out the checksum validation routine) would render the viewer inoperative. It would be very difficult to beat this sort of system.

    The best attack against this system is to run it on a virtual machine like VMWare. The client operating system has no way of knowing that it's NOT in full control of the underlying hardware. Everything done in the virtual machine can be trapped and manipulated by the host OS.

    Of course the best solution is to vote with your wallet and refuse to buy anything protected via this mechanism. Write a short letter to the offending companay saying "I'd love to buy X from you, but I will not do so as long as you use this copy-protection scheme." If they get enough letters like that they will get the clue.

  • As far as I know, there are virtual disks that restore to a certain state after restart....

    The system starts at the same state again and again...

    Speaking of vmware: I could grab those satellite photos from vmware, just grabbing the X window, couldn't I?

    Short: As usual, security by obscurity is crap and only hinders an average user
  • Probably easier would be to just ignore the encryption and work at the bigger weak point, which is the interface between this software and the generic user applications. Something in this software, at some level, has to send the information in plain text to outlook so that the user can view it. (Or very worst case, it draws it as a bitmap to a window.) In either case, it is theoretically possible to slip something in their that grabs the data. The obvious way is to figure out what their dll is named, create one with an identical interface, copy theirs to another name and slip yours in its place, chaining to their original one. Then, just look at the data as it streams by.

    How much they are checking for this (and exactly how) are the interesting questions.
  • Any Windows-heads

    Cipherpunk actually:)

    out there have an idea how this might be implemented?

    There are several possibilities, based around what are called zero knowledge protocols in cryptography.

    Essentially the chipertext become stateful, it's transformed each time it's accessed, the transformation process produces a new token each time the system is used/accessed and the new token must be used to access the data, the next time.

    The correct token is must be passed into the system with the change request and the new token is returned. Any data that is accessed is actually removed from the data set, modified then resubmitted with the last token. The last token, must be used the next time, the use of the wrong token, corrupts the data, because it results in an incorrect transformation, because a one way hashing function is used, reversal is unfeasible, and tampering with the system changes it's state, therefore it also 'corrupts' the data.

    neat eh :) it even amazes me.

    This type of system is actually used when licencing databases, and only a very small sub-set of the data is ever used, like PAF's. It can also be used when an unchangeable audit trail is required.

    A side effect is the document cannot even be 'official' copied either, it's actually removed from the system instead (where it could be copied and re-inserted). However the system would show this as a new document not the original.

    I'm not sure if I see how this couldn't be circumvented by dropping in a new DLL on top of InTether that decrypts the file, but *doesn't* enforce the copy-protection scheme?

    Doesn;t work like that, if the copy protection scheme is not used the 'data' become garbage rather than information.

    Plus, how does it control this in the first place? Where in the Win API is this level of control possible? Sounds almost like it must replace Windows kernel calls, which would mean it's hard for it to keep pace with Windows releases...

    Implemented on Windows, it would almost certainly leak information via the VM, & therefore to the disk. Unless the implementing software engineer, actually got in below windows.

  • 300k sounds like the min size for all vbasic .exe programs.

    Its big enough to have musscel, but in this day and age 300k is nothing.
  • You see, contrary to what the typical, self-centered pseudo-anarchist pirate-citizen believes, it is NOT beneficial for music and other forms of art to be freely stolen.
    Neither is it beneficial for it to be inacessible once the technology needed to access it is obsolete. Would be be better off if the works of Shakespeare (or Bacon), Bach, Dickens and Whistler were lost because the means of accessing it were no longer manufactured? That's the world that copy protection systems will create, because once it's no longer commercially profitable to re-release a work in the latest format, it will become lost as the equipment needed to access the earlier formats breaks down and cannot be repaired or replaced. At the rate we're going, there will be no enduring classics from the 21st century, not because deserving works will not be created, but because future generations won't be able to access them.
  • This sounds sorta like a comperable version for your files.

    -----------
  • This is security based on a trusted client, the file viewer. If there's any way at all to tamper with the client, the security model breaks down.
  • Copy the file onto a CDROM and then try to hack it? How will it destroy it then?
    Anything like this that ignores the fact that Windows is not the only OS is dead before it started.
  • Plus, what's to keep me from (1) uninstalling the software; (2) backing the file up to CDROM; (3) hacking on the read-only copy? Especially if I combine it with some of the other features, like removing the right to reboot the machine?


    ...phil
  • It's nice to know they're trying, but it's impossible to secure against someone with physical access to the hardware. Two attacks come to mind immediately:
    • Run Windows inside of VMware
    • Run a program such as GoBack
    Either way you capture the data, and can go from there. You could also pull out the good old sector editors, etc.

    I don't know why people insist that some things computer related should be ephemeral, and undocumentable, but they're racking up some massively bad karma along the way. It'll bite back.

    --Mike--

  • Why could not someone just try opening the document under another operating system like Linux? The bits within the document must exist somewhere and one must be able to to read them and then attempt decrypt them at that time...
  • Oh dear. Another company producing another "copy prevention system"... There's only one guarantee here, people: IT WON'T WORK. Why? The Church-Turing Thesis, if I remember the name correctly: a principle that any computer can emulate any other.

    More to the point, if I put enough effort in, I can set up a perfect emulation of a Windows PC here on my Linux box. (Think in terms of running the real Windows under VMWare.) I can then hack that emulation so everything sent to the "screen" really goes to disk. Whatever method you use to detect your software is running under emulation, I can work around - run a benchmark? I just tweak the emulation's system timer so you think you're running realtime.

    They might be able to get somewhere by using Net access, and sending cryptographic challenges across the wire with very tight deadlines; eventually, though, the software will decrypt the content and try to display it. At that point, it hits a debugger breakpoint, and I dump the whole of the process's memory to disk. Whoops - that's your "protected" content, sitting on disk unencrypted. And now I've killed your program off - how are you going to delete it now? You can't.

    Nice try, guys, but you're never going to win: what you're trying to do is impossible. I suspect these guys know that perfectly well, though, and they're just planning to make a quick buck out of their "magic bullet" software from those who don't realise the flaws.

    Schneier points out something along these lines towards the end, but doesn't seem to be given as much attention as it deserved: listen to him, he's right!


  • I can just see it now:

    C:\> CD C:\MUSIC
    C:\MUSIC> COPY
    **** WARNING ****

    Leet Hackering Detected!

    Piracy Counter-measures Activated!

    "DEL C:\MUSIC" Completed.

    Incident Report Filed with the DMCA Task Force... the Patty Wagon is on it's way.

    Hey, it could happen...

  • Pretty soon instead of fretting over the "separation of church and state" we'll be worrying -- and debating amendments -- that talk about the separation of "Microsoft and state."

    How much longer until corporate sponsored "war squads" will descend upon copyright violators, circumventing whatever "legalities" are in their way?

    I can certainly imagine a scenario where a corporation -- RIAA or Microsoft, for example -- frustrated with the slow legal process of finding and then prosecuting copyright violators decides to covertly sponsor a Delta Force-like "tactical copyright squad" to go in and eliminate the copyright violations.

    I started to think about this a few stories back when folks were talking about the possibility of placing OpenNap servers on SeaLand. You *know* that this would piss off the RIAA to no end -- just as the lengthy legal process with Napster is probably causing the RIAA execs considerable pain and suffering -- and I can certainly imagine a scenario where the RIAA (covertly) would sponsor, say, a tactical copyright squad to go in and destroy the OpenNap servers on SeaLand.

    It seems to me that this isn't that far fetched or "conspiratorial" -- I mean, these tactical copyright squads would have training and equipment backed with the millions and millions of dollars of the corporations. Sort of the BlackOps of today's global corporations. And -- it wouldn't surprise me one bit -- if governments (America, British, Candadian, Australian, etc. etc.) would assist with sponsoring the ops.

    They would do in 15 minutes what would take 8-12 months in an American courtroom.

    I mean, come on, that's what all this is leading to. For chrissake, self-destructing MP3 files? Give me a fucking break. I would never purchase a file that contained the implied threat of "self destructing" if it falls in the wrong hands.

    I got 2000+ books at home. Books I can Xerox, read on a train, read on an airplane. I can carry it around in a gym bag and not have to worry about it "blowing up" if it's viewed on the wrong computer or "tampered with." What, I decide to scribble in the margin of volume 2 of Proust's "Remembrance of Things Past" and then have to contend with the reality that because I "tampered with the text" I must then relinquish ownership and watch it self-destruct?

    It's craziness. Mark my words. Ten years from now. We'll be hearing stories about "corporate BlackOps". Copyright squads. This is what all those black helicopters are. They're corporate-sponsored "Information Fighters."

    The danger isn't that the Taleban is blowing up the Buddhas. The danger isn't the guns in our schools or the rage on our roadways.

    The danger is the corporations. They've got this fucked up notion that what they produce is more important than anything else -- more important than even the people who consume their productions.

  • Martin S. sneered
    In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the .EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.

    Game Over:

    The original data is now useless, essentially 'corrupt', all because you throught you knew what you where doing, and did not. You've just copied some useless encrypted data. Well done.

    That's some pretty impressive code, that can operate to corrupt the filesystem even when it's just being passively read from another operating system. How does Zero Knowledge gain such power over flux transitions on write-protected media?

    In general, I'm pretty impressed by any scheme that ships the key with the message and expects the data to remain safe from prying eyes. Other issues, such as this requiring that your documents all reside in a common file with write and execute priveledges, and that document recipients be able to take over low-level system functions, are obvious.
  • I moved to Linux primarily to avoid reboots. In fact, rebooting requires root and/or console privilages.

    Why should I extend those same privilages to an idiot content manager?
  • How can I trust an OS that can be taken over by a document?


    The same way you should trust an OS that can be taken over by an email.


    - A.P.

    --
    * CmdrTaco is an idiot.

  • "Information wants to be free" properly refers to "freedom," not "free beer."
  • by zyqqh ( 137965 ) on Monday March 12, 2001 @08:00AM (#369186)
    Back in the days of yore before I saw The Light of real OSen, my MS Word 95 would spontaneously do the same thing to random documents after some random actions. Microsoft -- half a decade ahead of the game, yet again!

  • by b0z ( 191086 ) on Monday March 12, 2001 @08:01AM (#369187) Homepage Journal
    I can see this coming in handy at work as well. Any time a user sends me requirements for a project, I simply type in the wrong password...I can continue reading slashdot and kuro5hin idefinitely now. :o)
  • I believe that usability testing is performed not by developers.

    This is a copout on the part of lazy eletist programmers. "We're the only developers there are. Everyone else is marketing..." Cry me a fucking river, you pansy.

    If you add to a given piece of software, be it in the form of code, graphics, bug-testing, or usability-testing, you're helping to develop that software. You can make the distinction that a programmer is not responisble for testing if you work in a large programming department that has a testing or 'quality assurance' section working along side it.

    How many Linux devleopers have 'quality assurance' departments backing them up? How many have usuability testing labs backing them up? Being that +90% of Linux development is done on a volunteer basis, not very damn many, I would imagine.

    If you release a program, you are responsible for making sure that the testing gets done, usability or otherwise.

    If you don't make your program usuable by Granny and Uncle Jimbo, you're just contributing to Microsoft and Corporate Content's stranglehold on the computer industry and intellecutal property.
  • No, but I have a lot of ideas of how to beat it.

    The prime reason this will fail utterly is that Windows was not designed as a multiuser system. Because of this, most Windows boxes give the user full control over what is on their machines. Someone with enough coding skills can use this to pull all kinds of interesting information out of other processes. Using the debug functions and appropriate care, I suspect a hacker could create a toothless version fairly easily.

  • Sorry, guys, but this simply won't work. Let's say that Cracker Joe wants to get hold of the Top Secret recipe for Burned Cookies, at Food Lion.

    First thing he does is divert INT 13 and have it copy everything going to/from disk into some safe storage place.

    Then, he waits for the regularly-scheduled backup. Voila! He gets a mirror of everything on the drive, WITHOUT having to plough through some software package that could blow everything up.

    Now, this approach CERTAINLY works for diplomatic briefcases, where there is one (and only one) access point, and where the contents are physical and therefore cannot be cloned without removal.

    In the digital world, this approach is naive. You can mass-copy data, without ever "visibly" touching the original. Suicide switches become useless, in such cases, as there's no guarantee that an intruder will ever trigger the switch.

  • This is going to require enforced wide spread adoption, but I can see the RIAA, etc drooling over this. But I can also see the consumers for this avoiding it as the word gets out.

    Depending on the media, the work around may be as easy as a patch cord. or knowing how to boot to safe mode.

    Some info from the article:

    InTether's most intriguing features are those intended to rebuff hackers. To begin with, Friedman says, the system incorporates 11 layers of security defenses. ''All have to be successfully navigated'' in order to hack the system. ''But one piece does nothing but check continually the integrity of the other pieces,'' he says. ''If you could disable a certain piece, within milliseconds our system would know.''

    At that point -- probably before, he says -- InTether begins taking counter measures. One relatively mild step is to force you to reboot your computer. But if the hacker persists, and continues making ''aggressive'' attempts to disable InTether's defenses or pierce its vault, he'll get what Friedman calls ''the white screen of death.'' His InTether receiver, together with all the InTethered files stored inside it, will be destroyed. Attacks ''would have to be pretty aggressive and multiple'' in order to trigger the white screen of death, Friedman says, not so reassuringly.

    As a side Note: It turns out that when an InTethered file is open -- say, a Word document -- the user cannot copy, cut, paste, or print any other Word document on his computer, including those that have not been InTethered. That's because, Friedman later explained, InTether imposes restrictions at the application level. But once the InTethered file was closed, the spell was lifted, and all normal operations resumed.

  • by the_crowbar ( 149535 ) on Monday March 12, 2001 @07:27AM (#369204)
    Don't worry, your documents will never fall into the wrong hands....no one will have them. Hope your backups are good.
  • by BigMeanBear ( 102490 ) on Monday March 12, 2001 @11:37AM (#369205)
    You're not getting it, man. I used to be one of the programmers on InTether. It works on any kind of file, you will not be able to mount it under linux and copy anything out. And you can fit quite a bit in 300k. Its not normal application code, man.... didnt' you even read the article? It's all driver-type code. and one more thing, you say that security through obscurity does not work--InTether isn't a security application, its a content/document control application. At this point, there is no perfect solution for content control, but InTether is a vast step beyond anything else that exists today. none of those methods you described would even phase InTether. I should know, I was there cracking and fixing it on a regular basis.
  • by rellort ( 146793 ) on Monday March 12, 2001 @07:27AM (#369206)
    The security system destroys a document if it thinks someone is trying to access it illegally?

    So what your saying is... my kid can blow up my dissertation by sitting at the keyboard and banging random keys?

    That's kind of why I password-locked my computer in the first place, fellas. :)
  • by Azog ( 20907 ) on Monday March 12, 2001 @11:38AM (#369207) Homepage
    Exactly... look out, or the Turing theory of machine equivalences will become restricted information under the DMCA! (Any Turing-complete computer can emulate any other Turing-complete computer.) Heh. Teaching theoretical computer science will become illegal! Really, that's the logical end result of the DMCA.

    That would be the obvious way to break this thing... Use Wine, or VMWare, or whatever to emulate a regular Windows machine so completely that the software running on it can't tell it isn't talking to the hardware.

    Then your "virtual video card" can make copies of anything, and your "virtual sound card" can save everything to disk, and the pathetic copy management software running in the emulator doesn't know and can't stop it.

    Of course, it might be difficult to write a good enough emulator. One obvious challenge would be for the copy management software to only allow playback/display on devices with digitally signed drivers. If I understand how VMWare works, that would be a problem because VMWare uses special Windows video and sound drivers that interface to the VMware virtual machine. But that can be solved as well, by emulating the video and sound hardware and running signed drivers on it.

    The only way this stuff could ever be somewhat secure is if the software runs on sealed-box, tamper-proof, non-upgradable, un-documented hardware. That would make writing an emulator so difficult that most people wouldn't bother.

    These companies should stop wasting everyone's time and just change their business models. I, for one, would be happy to pay for a music downloading service that reliably supplied me with top-quality, high bitrate MP3s, or even better, Vorbis Ogg files. Of course, the price should be fair (i.e. low), I should be able to get just one or two songs without having to buy the whole album, and most of the money should go to the artist. One dollar per song would be acceptable to me, and the artists could make more money that way.

    But that destroys the business model of the big record labels, so they will fight it to the death... their business death or the death of our freedom, whichever is the weakest.

    Torrey Hoffman (Azog)
  • No different from those ink cartridge theft-protection tags on clothing at department stores, is it?

    Bingo Foo

    ---

  • "We had to destroy the copy to protect it."

    This would actually be really easy to implement on Windows. Just make it editable by Word. The user tries to "hack it" (i.e. open the file)--immediately AutoCorrect jumps in and "corrects" the spelling of everything so that it is largely illegible, meanwhile AutoGrammarNazi underlines anything not found in a Dr Seuss book. Then 30 seconds later AutoSave activates and saves the document, destroying it utterly.
    --
  • Yes, I know, they disable the Windows OS screen capture. But you run a VMware session where the entire guest OS appears in a single window. Microsoft Windows can't stop Linux from capturing that screen.

    In addition to VMware, I'd like to see how it handles a VNC server. Would a VNC client fail to display a protected document? If not, you can screen dump the VNC session.

    Screen captures, of course, won't help you with audio files. I assume VMware virtualizes the sound card as well though, so Windows won't stop audio captures there either.
  • Or going back further, RT/11 for the PDP/11 series fit the entire operating system, including drivers, multitasking, memory management, etc, in 4K.

    300K of tight assembler can contain an enormous amount of functionality.
  • I'm really curious to know if they thought to do something to the screen-print.

    Not curious enough to install, though...
  • by sulli ( 195030 ) on Monday March 12, 2001 @08:08AM (#369223) Journal
    Presumably requiring a six minute reboot cycle precludes developing a Linux or Mac version.

    Correct. A Mac version would require a twelve minute reboot.

  • Any Windows-heads out there have an idea how this might be implemented? I'm not sure if I see how this couldn't be circumvented by dropping in a new DLL on top of InTether that decrypts the file, but *doesn't* enforce the copy-protection scheme?
    Plus, how does it control this in the first place? Where in the Win API is this level of control possible? Sounds almost like it must replace Windows kernel calls, which would mean it's hard for it to keep pace with Windows releases...
  • Let alone VMware, what about windows hibernation support... you don't need fancy software to get a memory dump!

    :)
  • Much worse trust me. These guys get some serious brainwashing on the campus. They never leave the place for chrissake. At least the open source people are scattered across the globe and are living in the world.
  • by _Marvin_ ( 114749 ) on Monday March 12, 2001 @07:35AM (#369234)
    ... running it in VMWare, then suspending the
    virtual machine and looking in the RAM file...?
    Bet they didn't think of that!
    Muahahahaha.....
  • Interesting post. I'm sorry I don't have moderator points to bump it up!

    Is there a conversation between the Packager and the Receiver whenever a file is transferred, or does the Packager just send an ordinary email and that's it?

    If there is no fancy protocol, I think I'd just want to extract a piece of Receiver code sufficient to decrypt a newly-received file and put it in my own wrapper. I'd throw out all other Infraworks code and never let it screw with my filesystem. What would stop this attack?

    I'm reasonably up on cryptography, but I don't know about "ball-token encryption". Could you point me to a reference?

  • From the artice, Intether works on windows and using OS to check if its code or documents are being hacked. But if you boot into linux (or any other OS on the system), and access the Intether software from their there can't fight back.
    Obviously any such system can always be hacked because software can never prove that the environment it is running in is working is as it expected. Such software could be running on a emulator, or with a modified OS, or faked hardware abstraction level, that subverts its action, and the content protection system would never be able to detect it.
  • Making Linux *easier* to use may dumb down the interface, but it means more freedom for all concerned, and therefore, a sweeter victory in the information wars.

    That's one beauty of *nix as a platform - the interface can be controlled. Want a console-less desktop with access only to Netscape (web, email, newsgroups), an ICQ/AIM client (jabber, gaim, licq, etc...) and an mp3 player (xmms, etc...), all in large type for your grandma to use? You can do that.

    Then, you sit down at the same computer, log in, and get your Enlightenment/Gnome/KDE/whatever desktop, complete with YOUR preferences, and full access to the system.

    Your little brother wants to chat online with his pals from school? No problem - he logs in with his account, and there's his own desktop, with access only to the programs YOU want him to access. No fear of him trashing the system with a few mouseclicks. He only has access to his own stuff

    Sure, there's stuff for Windows/Mac to do much the same thing, but *nix has it from the ground up. =)

  • by jimhill ( 7277 ) on Monday March 12, 2001 @08:11AM (#369240) Homepage
    Ah, but you are missing the point that anti-DMCA people like me are trying to hammer home: this software will NOT allow legitimate, beneficial fair uses. The entire driving force behind the content industry's search for the perfect digital-rights management scheme is that digital control over digital content finally delivers the holy grail of pay-per-use into their hands. All they need is one or two more laws and maybe an object lesson or two wherein Norwegian teens or magazine publishers are slapped down by the bought guns of government to make their long-deferred dream a reality.

    If I pay for a book or recording, I have an absolute and irrevocable right to do what I want to with it within my home. If I want to print a million copies and use the paper to insulate the house in winter, I have that right. Technology allows the publisher -- generally not the author, I might add -- to abridge my right. You'll pardon me if I don't get excited at that prospect.

    Caught between a rock and a hard place: between distaste for those who would trade in copyrighted material without paying the creator his due and my utter loathing for the corporate swine whose millions have subverted the very government that allegedly exists to serve the people who feed the corporate machine.
  • Since the fastest reboot is about six minutes, he says, this defense alone creates a serious obstacle for most automated, so-called brute-force hacking tools, which ordinarily bombard a digital-rights management technology with 50,000 trial-and-error attacks per second.

    SIX MINUTES? My computer can boot Win98 in under a minute. Christ, if this thing fucks up Windows even more to the point where it's taking me six minutes to boot up, there's no chance I'm touching it with a ten foot pole...

  • Strangely the article makes this technology out to be groundbreaking and original. This is just a docbroker a-la Documentum Workspace that features encryption and the ability to delete files that haven't been checked out of the docbase properly (or legally). There's nothing too original about this.

    I think the implication to most users is no different than most proprietary software and file formats. This is a proprietary system that you need to volutarily subscribe to that imposes restrictions on you as a user using an obscured client and protocol. If you opt to use the system, you agree to its restrictions. There are free alternatives (Ogg Vorbis?) -- if you really want to make a difference you'll cast your vote in favour of these.


    ---
  • Don't you think it might provoke a response on the same level? Some "Freedom Terrorists" or the like who simply go and shoot some RIAA executives in response to such an attack. And before you declare the forming of such a group absurd: note that there already exist terrorist groupings with idealistic aims (whatever underlying agendas there may be) and that they apparently manage to recruit people. Also note, that the RIAA (for an example) is highly vulnerable to Hacker attacks (hacktivism). There is no need to shoot their executives, when a skilled hacker can hit at them from the other side of the planet.

    No, i don't think it would be wise of corporations to escalate the conflict to that level. Also those squads just *might* get caught (remember Rainbow Warrior and how it was smeared all over the French Government?) and even if not the public will make the connection (if someone sent a squad to destroy napsterservers everyone in the world would know who had an interest there).
  • Personally, I think that it is kinda cool that in the midst of all the RIAA lawsuit fiasco, someone is actually working on a technical solution. I have nothing agianst Napster, warez, serialz, cardz, etc...but I do acknowledge that they are mainly used for theft.

    Instead of fighting hackers with the law, these people are fighting hackers with hackers. At least the game will get a lot more interesting than the "My government can beat up your server" game that we are playing now.

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Working...