Feeds

Hacker research team disputes ‘hack SDMI’ results

Not going quietly back into box

  • alert
  • submit to reddit

SANS - Survey on application security programs

The SDMI (Secure Digital Music Initiative) group has announced, despite earlier claims to the contrary, that practically all of the 447 entries to the 'Hack SDMI' challenge bounced off. This would mean all in the garden was lovely, if it weren't for the pesky Princeton University researchers led by Edward Felten, who stoutly maintains that SDMI is toast, and says the Princeton team will be publishing its results by the end of the week.

The Princeton team entered the first stage of the challenge, but declined to move onto phase two. The aim of the challenge had been to test candidate watermarking and non-watermarking protection technologies to be used in the distribution of digital music, so a complete whitewash - as claimed by Salon, a couple of Register sources and the Princeton team, would have been highly embarrassing, and would have visibly set back the music industry's protection plans some considerable distance.

Stage two of the challenge, as Princeton points out, was secretive. Anybody who submitted a likely looking crack at stage one could move on to two (and had to do so in order to stand a chance of winning the money), but by doing so would be NDAed into total obscurity, unable to say a thing about the hack or the processes. By not playing, Princeton left itself free to publish results and blow whistles as necessary.

The final SDMI hack testing seems to have placed considerable emphasis on "golden ears" - real humans judging whether or not the hack degraded audio quality. This is obviously very much a subjective judgement, and potentially allows the goalposts to be moved around to wherever best suits SDMI. Not that we're suggesting anything of the kind, of course.

SDMI's line is that two of its five technologies were successfully attacked, but that only one attack was repeatable. Princeton says its attacks weren't counted because it didn't enter phase two.

The Princeton team also seems to feel it's been on the receiving end of some kind of smear campaign though. It insists that "contrary to the statements of the SDMI, their oracles [the automated systems that checked stage one] did check the audio quality of the submitted music," and accuses the RIAA of falsely claiming it admitted some of its entries had poor audio quality. "We obtained a number successful results on all watermark technologies, using various techniques," says the team.

SDMI will no doubt be awaiting the team's technical report with some interest. ®

Related Stories

Uni team claims SDMI cracked, and 'inherently vulnerable'
How the hack SDMI challenge was run

Related Links

Princeton team's preliminary report

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.