FC: Thomas Shaddack on why Hatch's "destroy PCs" plan won't work

From: Declan McCullagh (declanat_private)
Date: Thu Jun 19 2003 - 21:24:02 PDT

  • Next message: Declan McCullagh: "FC: Supreme Court still wrestling with library filtering decision"

    Previous Politech message:
    http://www.politechbot.com/p-04859.html
    
    ---
    
    Date: Thu, 19 Jun 2003 01:23:53 +0200 (CEST)
    From: Thomas Shaddack <shaddackat_private>
    X-X-Sender: <shad@Zeta>
    To: Declan McCullagh <declanat_private>
    cc: <politechat_private>
    Subject: Re: FC: Orrin Hatch: It's OK to destroy P2P pirates' computers
    
    On Wed, 18 Jun 2003, Declan McCullagh wrote:
     > He endorsed technology that would twice warn a computer user about
     > illegal online behavior, "then destroy their computer."
    
    First, the technology has to get inside the computer somehow. Standard
    precautions against hostile code apply. However, we have to consider the
    possibility that such code would run within the operating system itself,
    sneaked there as part of DRM or in a "must-have" player or as an "update"
    of oh-so-trusted Microsoft.
    
    Even if the code would run there, the number of warnings has to be stored
    somewhere. Catch this (there are tools for monitoring both filesystem and
    registry access at eg. sysinternals.com), you are indestructible, just
    will be annoyed with warnings, which can be clicked away automatically
    with a small program like eg. PTFB.
    
    Once the first warning appears, it is a clear evidence the machine is
    compromised and that the trip to Google or the newsgroups or to a local
    hacker, who is likely to know the remedy, is advised.
    
    An easy way to get a sample of such hypothetical infector system, or at
    least its key part, is to set up a honeypot that will be very likely to
    attract the attention (shouldn't be difficult if the adversary wants to
    hit 100,000s machines), with logging all its communication on its gateway.
    Then, once the warning appears, go through the logs and find the cause.
    
    Besides, if we rule out reflashing BIOS, which is usually preventable with
    a jumper, it's rather difficult to physically damage a machine by purely
    software means. The ancient ways like overclocking the monitor's synchro
    and frying deflection coil transistors, or getting the disk heads to
    resonance, can't be applied anymore, as the newer electronics either
    doesn't allow access to its lowest-level functions (like head seeking of
    HDDs), or safely shuts down when outside of the allowed parameters
    (multisync monitors). Otherwise we'd already see cases of
    hardware-damaging worms. This turns the risk of "destroyed machine" to the
    nuisance of wiped disks, which is easy to mitigate with regular backups,
    and the remedy is a routine reinstall.
    
     > "If we can find some way to do this without destroying their machines, we'd
     > be interested in hearing about that," Hatch said. "If that's the only way,
     > then I'm all for destroying their machines. If you have a few hundred
     > thousand of those, I think people would realize" the seriousness of their
     > actions, he said. "There's no excuse for anyone violating copyright laws,"
     > Hatch said. [...]
    
    After the first few hundreds victims (the news on the Net spread at the
    speed of light in a fiber), the technology will get into hands of
    "rogues", who will devise solutions and workarounds - from cloaking,
    filtering packets from listed sources or with damaging content, to
    (finally) provably secure P2P software. Which can be eg. a properly
    sandboxed Java applet that interacts with the other ones in the Outside
    (or maybe even a program complete with its own mini-OS running on its own
    virtual machine, completelly isolated from the rest of the machine, a
    lightweight version of VMware), and another program running with higher
    level of privileges that watches for finished downloads and moves the
    files outside of the applet's write access (optionally sanitizing it
    during that), so even if the applet itself gets under hostile control, all
    that can get corrupted are the unfinished downloads and the applet's
    process itself. Attempts to corrupt the computer by a buffer-overflow
    vulnerability in the downloaded files (the ID3 tag problems can serve as
    an example) can be mitigated by a filter that checks every MP3 frame, ID3
    tag, and other parts of the files for syntactical validity, clipping
    eventual too long strings, sanitizing dangerous content, throwing away or
    interpolating frames with overflows.
    
    Orrin's scheme won't turn people away of P2P. Instead, demand for secure
    P2P systems will be created and shortly later satiated.
    
    Another day, another politician proved his technological inaptness...
    
    ---- 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    -------------------------------------------------------------------------
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 22:48:23 PDT