Forwarded from: "Jay D. Dyson" <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- Courtesy of Vuln-Dev. This royally sucks. It seems the only answer is that open source work start in parallel to the closed-source nonsense. Just as the open Altivore overcame the closed Carnivore, so more forward-thinking projects should do to those snake-oil products presently protected by the fascist DMCA. Grrr. Anyone who thinks full disclosure on these sorts of issues is "inappropriate" needs to get their bleedin' head examined. - ---------- Forwarded message ---------- Date: Wed, 15 Aug 2001 13:21:51 -0700 From: "Jon O ." <jonoat_private> To: vuln-devat_private Cc: bugtraqat_private Subject: Vulnerability found in HDCP -- Scientist cannot publish vulnerability Vuln-dev: There is currently a reported vulnerability in the High-bandwidth Digital Content Protection system used by different hardware vendors. The vulnerability was found by Niels Ferguson after analyizing the system. However, Niels is unable to release the vulnerability due to US and soon international laws. Due to DMCA restrictions in the US his paper describing these vulnerabilities cannot be published so there are no details at this time. Background information from Niels is available here: http://www.macfergus.com/niels/dmca/index.html Background on the DMCA and similar laws being passed around the world are available here: http://www.anti-dmca.org Hopefully these issues will be worked out so Niels can publish his findings and the weak protections can be improved. Forwarded message follows: - ----- Forwarded message ----- To: dmca_discussat_private Subject: [DMCA_discuss] Cryptography Paper suppressed from the DMCA Date: Wed, 15 Aug 2001 10:13:44 -0700 Niels Ferguson has found a weakness in the HDCP content protection system. However, he can not publish the results due to DMCA issues. He has written a paper regarding this issue here: Censorship in action: why I don't publish my HDCP results http://www.macfergus.com/niels/dmca/index.html <quote> HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any HDCP device, and even create new HDCP devices that will work with the 'official' ones. This is really, really bad news for a security system. If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in HDCP are not hard to find. As I like to say: "I was just reading it and it broke." </quote> _______________________________________________ - ------------------------ http://www.anti-dmca.org - ------------------------ - ----- End forwarded message ----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO3rguLlDRyqRQ2a9AQFZoQP9FhsDY/iGLWI3Jw9NML1Sz6H1+Q6eyWxV 6omd5JWeypBxzW+FZaKVOzFstQKv1gUXsmvT5KL8LQqYy4BM6dE/CsW+DSyaYSWu 51iSTU36UPQmsit42r2uvYOFuiXEcEHAnRoIxBh+NXQLNBgKeSViZm8BeZlF/hC6 13NYqr8xuyw= =eNWX -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 04:26:44 PDT