Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Could InfoSec be Worse than Death?

from [Pavel Kankovsky] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Could InfoSec be Worse than Death?
Date: Sat, 30 Sep 2006 11:12:29 +0200 (CEST) 
On Mon, 25 Sep 2006, Kenneth F. Belva wrote:


iTunes, Unbox, Speedpass/Easypass/Paypass. Do these not create cash flows?
Could they create cash flows (or even exist) if the security mechanisms
(DRM/authentication) were not present?


When you mention it...

How does clandestine installation of "DRM-enabling" software (e.g. the 
infamous Sony rootkit) fit into your virtual trust model?

They wanted to establish one trust relation (copyright holders can believe
end users won't make illegal copies (*)) and subverted another trust
relation (end users can't trust their computers anymore (**)).

To be honest, I am afraid this is an intrinsic problem of so-called DRM.  
You cannot enforce DRM (by technical means) unless you take control over
the device from its owner's hands and put it into the hands of some Big 
Brother.

(*) Oh yes, they won't be able to make legal copies covered by fair use 
either but who cares about fair use?

(**) Whether they could trust their computers before they inserted an
infected CD into them is an interesting but different question.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] IM Sniffer release, Jeb Osama
Next by Date:  [Full-disclosure] [SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff
Previous by Thread:  Re: [Full-disclosure] Could InfoSec be Worse than Death?, Paul Schmehl
Next by Thread:  [Full-disclosure] iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]