Security
DRM Cracking Now Legal in Selected Cases
Because tech developments in the last few years have shown just how fucked up copyright laws are, the Library of Congress declares six exemptions to the prohibition on DRM cracking:
1. Audiovisual works included in the educational library of a college or university’s film or media studies department, when circumvention is accomplished for the purpose of making compilations of portions of those works for educational use in the classroom by media studies or film professors.
Score one more for academic fair use. Score one less for DVD copy protection.
2. Computer programs and video games distributed in formats that have become obsolete and that require the original media or hardware as a condition of access, when circumvention is accomplished for the purpose of preservation or archival reproduction of published digital works by a library or archive. A format shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace.
Making console emulator ROMs to preserve the glorious history of classic gaming is now perfectly legal.
3. Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace.
Software companies buy each other out so often, it can be impossible to trace and replace dongles for legacy apps. Best to just crack the software.
4. Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book’s read-aloud function or of screen readers that render the text into a specialized format.
If you don’t make your ebook readable by the visually impaired, it’s fair game for cracking.
5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.
Yes, you can unlock your phone for use on other cellular networks. Phone repair shops in the Philippines have been doing this for years; after all, a phone artificially restricted to a specific network is essentially broken.
6. Sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.
I love this one. If a DRM scheme compromises your system’s security, it’s legally open for cracking. Thank Sony’s rootkit fiasco for this one.
I’ve said it before, I’ll say it again, and I’ll teach it to my godson with a children’s book: DRM is evil. Good to see the Library of Congress working to nerf laws that protect such evil things.
It’s a pity some idiot named a DRM scheme after Filipina gamer-blogger-cosplayer idol Alodia Gosiengfiao. She doesn’t need her name associated with such evil things.
(Via Patrick Norton.)
Anti-Keylogger Trick
Most Filipinos access the Internet through Internet cafes of wildly varying quality — from posh luxury gaming centers to dingy little holes-in-the-wall (mostly the latter). The wide low end of that spectrum is a fertile password-hunting ground for keyloggers. Right now, Filipino script kiddies steal passwords to play infantile pranks on newbies’ social network and game accounts. As a fourth of the population moves online next year with social media advertising and RMT on the rise, things could get serious. That’s why hotseating Filipino netizens should use this anti-keylogger trick.
For example the segment
www.hotmail.comsarahj7@hotmail.comsnoopy2
tells the logger that sarahj7@hotmail.com has password “snoopy2� at hotmail. By parsing the string for common domains such as hotmail, paypal, amazon, fidelity, the task is made even easier.
Between successive keys of the password we will enter random keys. In the spirit of chaffing and winnowing, the string that the keylogger receives will contain the password, but embedded in so much random junk that discovering it is infeasible. Observe that we are not exploiting a particular feature of any particular browser: this trick works with all versions of Internet Explorer, Netscape Navigator and Mozilla Firefox. We are exploiting the difficulty from the OS layer of determining how the GUI of an an application handles events. Here, then is the method:
Navigate to the login page desired;
Type in the userid;for (each pwd character){
Give focus to anywhere but the pwd field;
Type some random characters;
Give focus to the pwd field;
Type the next character of the pwd}
Submit;It involves typing random characters between successive characters of the password, and changing focus to and from the password field using the mouse. Instead of the password snoopy2 the keylogger now gets:
hotmail.comspqmlainsdgsosdgfsodgfdpuouuyhdg2
If you’re ever forced to enter a password at an unsecured public terminal (as millions of Filipinos are every day), limber up that mouse wrist and get ready to type lots of gibberish.
(Via Dan Cameron.)
