Feeds

SDMI cracks revealed

Banned in America

  • alert
  • submit to reddit

SANS - Survey on application security programs

The academic cracker crew led by Princeton University Computer Science Professor Edward Felten, which answered the HackSDMI public challenge of last September with 'unqualified' results, has received veiled threats of criminal prosecution under the Digital Millennium Copyright Act (DMCA) from the SDMI Foundation in hopes that the team will be cowed into withholding what it's learned from an upcoming computer science conference.

"Any disclosure of information gained from participating in the Public Challenge....could subject you and your research team to actions under the Digital Millennium Copyright Act," SDMI Foundation mouthpiece Matthew Oppenheim warns in a letter to the Felten team.

SDMI has cobbled up a few mediocre schemes to protect digital music by altering it so that SDMI-compliant music can only be played on SDMI-compliant systems. The group invited the world to crack its feeble technology with a proviso that those who succeeded would be forever sworn to secrecy.

Felten declined to go through with the SDMI challenge because the terms of the click-through agreement participants were forced to accept would have prevented his team from publishing their results. So he withdrew, but continued the research independently, much to SDMI's embarrassment.

Earlier this year, Felten was warned by his own lawyers that publishing the crew's findings could expose them to civil and possibly criminal action under the DMCA, and backed away from an opportunity to do so.

Since then, Felten and company have prepared a paper for the Fourth International Information Hiding Workshop to be held in Pittsburgh, Pennsylvania later this week, in which the team's exploits are well described. It's this limited circulation that the SDMI Foundation is so freaked about.

Thus the SDMI Association urges the Felten team to "assure that [their paper] is removed from the Workshop distribution materials and destroyed," and further to "avoid a public discussion of confidential information" related to SDMI's embarrassingly lame efforts to control music content distribution.

All right, you've waited long enough for the dirty little secret. We've got the Felten paper mirrored here. ®

Related Stories

Hacker research team disputes 'hack SDMI' results
Prof hushes SDMI crack on DMCA terror

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.