December 25, 2024

Archives for 2002

ABC News Hires "Hackers" to Disrupt Police

ABC News reports on their own hiring of “hackers” to disrupt the Huntington Beach, CA police department. (Start reading at the “Testing the system” heading.)

They tried to trick an officer into leaving his post to investigate a false “emergency.” They tried to infect the Chief’s computer with a virus. (Fortunately, neither of these attacks ended up working; but it wasn’t for lack of trying.)

What was ABC News thinking? Trying to disrupt a working police department, which the citizens were relying upon to cope with any real emergencies that developed, was an amazingly irresponsible thing to do.

The article implies, but does not directly say, that the police department consented to this test, but was kept in the dark about which day it would occur. If so, then the police department needs their heads examined just as badly as ABC News does.

I’m all in favor of testing critical systems, but not by mounting surprise attacks on the systems that ordinary citizens’ lives depend upon.

[Link credit: disLEXia]

Ernest Miller on Lessig/DRM

Great new entry in the Lessig/DRM debate, from Ernest Miller at Lawmeme.

This is starting to turn from a narrow debate about Lessig’s piece into a wider discussion of how to think about DRM and Palladium. I’m eager to see this wider discussion start.

Low-Tech DRM

Today’s New York Times reports that Epic Records has taken a decidedly low-tech approach to DRM in pre-releasing two new albums to critics:

… the CD’s [are] already inside Sony Walkman players that have been glued shut. Headphones are also glued into the players, to prevent connecting the Walkman to a recording device.

Needless to say, this was defeated by at least one writer, who was able to get the CD by taking the Walkman apart. Why? Says the writer, “if I want to give it a proper review, I’m going to listen to it how I want to listen to it

Serious Linux Worm

New.com reports on a new worm infecting Linux/Apache servers. (A “worm” is a malicious standalone program that propagates on its own, without requiring any human action.)

A new worm that attacks Linux Web servers has compromised more than 3,500 machines, creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data, security experts said Saturday.

It was only a matter of time before this happened. Linux in particular, and open-source software in general, are not immune to malware such as worms and viruses. Linux has gotten a free pass for a while, because malware developers, like all software developers, tend to target their code for the most popular platforms. Now that Linux is so popular on servers, it becomes a more natural target for malware.

Of course, whoever did this is a criminal and deserves to be punished.

If there is a silver lining here, it is that this serves as a wake-up call for those who view the poor state of computer security as a “Microsoft problem” or a “closed-source problem.” All software is riddled with bugs, and all security-critical software is riddled with security-critical bugs. We just don’t know how to build large, complex programs without them. Rather than pointing the finger at others, who might or might not have a few more bugs than we do, we all need to figure out how to do radically better than any of us are doing today.

Network Centric DRM

Remember when I promised not to post anymore on Lessig’s DRM piece? I lied. I just have to respond to a comment from Lessig himself.

He writes:

… Felten is skeptical that copyprotection would be placed in the network. “From an engineer standpoint, that assumption looks wrong to me,” he says. But what if we looked at Fritz “not an engineer” Holling’s perspective? The point of my article is that Congress is pushing copyprotection in the network, whatever engineers would argue is ideal….

Let me go farther, then. I don’t think anybody, including Sen. Hollings, is proposing building copy protection into the network itself. The Hollings CBDTPA would regulate “digital media devices,” i.e. endpoints. The proposed BPDG “broadcast flag” rules would also restrict endpoint products. The so-called “consensus watermark” proposals operate at the endpopints too. Normally when people talk about “regulating the Internet,” they’re really talking about regulating the endpoints.

Having said that, let’s not lose sight of the fact that I agree with Lessig about the main points in his article: that kneejerk anti-Microsoftism blinds some people to the real significance of Palladium, and that what Lessig calls “token based” DRM is a lesser evil than what he calls “copy protection”.