General discussion

Locked

The Security Game & Game Security

By secureplay ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

354 total posts (Page 1 of 36)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Design Discussion of the Sony DRM Rootkit

by secureplay In reply to The Security Game & Game ...

The Sony XCP DRM rootkit should serve as a cautionary tale for anyone implementing security technology. <br /><br />The first and most obvious observation was that no one at Sony considered what could happen if the rootkit was ever identified. This is obvious in retrospect, but certainly should have been considered by Sony's security, legal, PR, and executive leaders. <br /><br />How many pirated copies would this stop? As is the case with DRM solutions everywhere - once it is circumvented once, it can be copied anywhere.  <br /><br />Basically, this tool only stops PC using, casual pirates... or legitimate fair use.<br /><br />Also, I have not seen any data that suggests that these songs have actually been protected from piracy... has anyone else?<br /><br />So, one pirate listener with a Mac or Linux box should be able to get around this security system and distribute the songs anywhere.<br /><br />The following comments are based on the external descriptions of the Sony rootkit to date. I have not had any access to the actual design or implementation.<br /><br />From a technical perspective, the XCP security system was not designed very ... securely. The hiding mechanism used that allowed an arbitary set of processes to be conceal without any authentication has made the application a channel for other applications (malicious or not, installed by Sony, or not). The security application should have either hardwired the list of hidden applications or somehow  authenticated any application that attempted to be hidden by the service. Also, the security application should have separated the ability to be hidden from the ability to communicate. <br /><br />As it stands, the XCP security tool was never tailored ot the Sony application. It allows such open capabilities that it can easily be reused for other applications and also to download new, hidden applications by Sony or anyone else.<br /><br />Basically, this system is very, very limited - it only protects against Windows PC users (it has a security mechanism for Macintosh, but this is much more detectable, there has been no mention of a Linux component). It protects the disk, not the song (so a song from any other source will not have the protection). Once circumvented, the security sytem has no further utility. Once discovered, the system can be used as a malicous channel for attack.<br />

Collapse -

Ghost Server Attack Against Lineage II (September 2005)

by secureplay In reply to The Security Game & Game ...

<p><div class="blogdisclaim"><a href="http://playnoevil.com/serendipity/index.php?/archives/12-Ghost-Server-Attack-Against-Lineage-II-September-2005.html">This post originally appeared on an external website</a></div>

Collapse -

Hackers up pressure on P2P networks - up 19% from September (November 2005)

by secureplay In reply to The Security Game & Game ...
Collapse -

One third of large enterprises admit being hacked (November 2005)

by secureplay In reply to The Security Game & Game ...
Collapse -

World of Warcraft hackers using Sony BMG rootkit (November 2005)

by secureplay In reply to The Security Game & Game ...

<p><div class="blogdisclaim"><a href="http://playnoevil.com/serendipity/index.php?/archives/9-World-of-Warcraft-hackers-using-Sony-BMG-rootkit-November-2005.html">This post originally appeared on an external website</a></div>

Collapse -

Korean Fair Trade Commission Investigates MMO Developers for Policy on Real Money Transactions (November 2005)

by secureplay In reply to The Security Game & Game ...
Collapse -

Game Security Presentation at Korea Game Conference

by secureplay In reply to The Security Game & Game ...

<p><div class="blogdisclaim"><a href="http://playnoevil.com/serendipity/index.php?/archives/15-Game-Security-Presentation-at-Korea-Game-Conference.html">This post originally appeared on an external website</a></div>

Collapse -

New Report: Games On Demand Market to Reach $104m in Europe & N. America by 2010

by secureplay In reply to The Security Game & Game ...
Collapse -

Sony Pulls Rootkit, Businesses See Threat

by secureplay In reply to The Security Game & Game ...

<p><div class="blogdisclaim"><a href="http://playnoevil.com/serendipity/index.php?/archives/22-Sony-Pulls-Rootkit,-Businesses-See-Threat.html">This post originally appeared on an external website</a></div>

Collapse -

$2.8 Billion in E-Commerce Fraud in 2005

by secureplay In reply to The Security Game & Game ...

<p><div class="blogdisclaim"><a href="http://playnoevil.com/serendipity/index.php?/archives/18-2.8-Billion-in-E-Commerce-Fraud-in-2005.html">This post originally appeared on an external website</a></div>

Back to After Hours Forum
354 total posts (Page 1 of 36)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums