Re: [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA

From: Hotmail (se_cur_ity@hotmail.com)
Date: 04/19/03

  • Next message: yossarian: "Re: [Full-Disclosure] RE: [ISN] DARPA pulls OpenBSD funding"
    From: "Hotmail" <se_cur_ity@hotmail.com>
    To: <jasonc@science.org>, <full-disclosure@lists.netsys.com>
    Date: Fri, 18 Apr 2003 21:32:33 -0700
    

    so i understand this...

     ITS ILLEGAL TO TAKE ANYTHING APART AND STUDY IT AND TALK ABOUT IT ???? I
    belive I can do whatever it is I choose to do with a product that I
    purchase. Next it will be illegal to throw away your xbox because someone
    might get it out of the rubbish and use it.. or heaven forbid.. LOOK INSIDE.

    MY2BITS

    ----- Original Message -----
    From: "Jason Coombs" <jasonc@science.org>
    To: <full-disclosure@lists.netsys.com>
    Sent: Friday, April 18, 2003 8:01 PM
    Subject: [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA

    > -----Original Message-----
    > From: Jason Coombs [mailto:jasonc@science.org]
    > Sent: Friday, April 18, 2003 4:58 PM
    > To: david.becker@cnet.com
    > Subject: FEEDBACK: Testing Microsoft and the DMCA
    >
    >
    > I'm an author and computer forensics/infosec expert who recently authored
    a
    > book about information security and Microsoft Internet Information
    Services
    > (IIS) that Microsoft Press was planning to publish... They opted not to
    > publish my book after they got a chance to read it; perhaps fearing that
    > acknowledging flaws and pointing out weaknesses in their own products
    would
    > undermine their position with respect to prosecuting DMCA violators.
    >
    > After reading your article concerning "Hacking the XBox" I thought you
    might
    > be interested in my story as well. My literary agent pitched my book to
    Wiley
    > and it was rejected rather abruptly and with no discussion (odd,
    considering
    > that I've been published by both Wiley and Hungry Minds/IDG Books in the
    > past).
    >
    > My plan, if I can't find a publisher willing to take the 'risk' of
    exposing
    > details of vulnerabilities in IIS, is to give away my book as an open
    source
    > manuscript/electronic book in order to educate people who use Windows
    Server
    > operating systems and IIS on critical security countermeasures. There's no
    > reason for Microsoft customers to be kept in the dark about necessary
    security
    > precautions simply because publishing the forensic details threatens to
    result
    > in prosecution of those responsible, or in the case of Microsoft Press,
    > threatens to take Microsoft's DMCA teeth out of their big fat head.
    >
    > Sincerely,
    >
    > Jason Coombs
    > jasonc@science.org
    >
    > --
    >
    > Testing Microsoft and the DMCA
    > By David Becker
    > Staff Writer, CNET News.com
    > April 15, 2003, 4:00 AM PT
    >
    >
    > newsmakers Taking a break from working on his doctoral thesis,
    Massachusetts
    > Institute of Technology (MIT) graduate student Andrew "Bunnie" Huang
    decided
    > that it might be fun to poke around the security systems protecting
    > Microsoft's Xbox game console.
    >
    > With a little creative tinkering and a measure of precision soldering,
    Huang
    > quickly isolated the main public security keys. Although legally prevented
    > from sharing the keys with the world, he described his methods in detail
    in a
    > widely distributed research paper, helping spur a wave of Xbox-hacking
    that
    > has led to the development of Xbox versions of Linux and other homemade
    > software.
    >
    > After graduating from MIT last year, Huang set up his own consulting
    business,
    > specializing in reverse engineering. But he still has some more Xbox
    insights
    > that he'd like to share with the world--that is, if only he can find a
    way.
    >
    > Click Here.
    >
    > Huang's recently completed book, "Hacking the Xbox" was recently dropped
    by
    > Wiley subsidiary Hungry Minds, citing possible legal issues under the
    > controversial Digital Millennium Copyright Act (DMCA). The Department of
    > Justice recently used the DMCA to shut down ISOnews.com, a Web site partly
    > used to distribute Xbox-hacking tools, and to imprison the site's owner.
    >
    > Plans to self-publish the book hit another snag a couple of weeks ago when
    > Americart, a provider of online shopping cart services, declined to sell
    the
    > book because it feared getting sued. But Huang remains determined to press
    > this project through to completion.
    >
    > "The thing I have to emphasize is that the book itself is not criminal,"
    Huang
    > said. "It'd be like saying that breaking and entering is illegal, so you
    can't
    > write a book on how locks work."
    >
    > Huang spoke with CNET News.com about the book, the importance of hardware
    > hacking and his willingness to serve as a DMCA guinea pig, if necessary.
    >
    > Q: What have you learned to do with the Xbox since your research paper was
    > published?
    > A: I did a lot of work but if I talked about it I'd get in a lot of
    trouble. I
    > did some work with a few people who were trying to figure out alternate
    > methods to get to the Xbox hardware without necessarily involving the
    > copyrighted code Microsoft has--basically finding backdoors in the
    > initialization and boot sequence.
    >
    > I helped out one guy in particular who was critical in figuring out the
    method
    > that's used by everyone today. It is basically a flaw in the system
    > initializer that lets you put code anywhere in the system that you want
    it.
    >
    > From there, I backed off and got kind of quiet. Things were starting to
    heat
    > up, and a lot of people were starting to move into piracy and other very
    > controversial issues. I sort of became a fly on the wall and gave people
    > advice in some key areas.
    >
    > And then Wiley approached you about writing a book?
    > Yeah--Wiley has the "Dummies" series, and wanted to create a similar line
    of
    > introductory hacking guides: hacking TiVo, hacking the Xbox, hacking your
    DVD
    > player. The book overall is an education book. I try to teach people as
    much
    > as possible how to do hacks on their own and try to avoid as much as
    possible
    > the really cookie-cutter, boring stuff.
    >
    > So it's not just, "Here's how you install this mod chip?"
    > There are a few pictures of mod chips installed...but it's more like
    here's
    > how a mod chip works, and here's how people used reverse engineering to
    figure
    > out how Xbox security works. It's trying to give a novice hacker or
    someone
    > who has very little experience the confidence he or she needs to open up
    the
    > box and start playing around with the stuff on the inside. And there's
    sort of
    > a running dialogue about the experiences that I had getting into the Xbox,
    > including the legal issues.
    >
    > It ends with a brief section on where things are today. That's where I
    mention
    > mod chips. But the book is really encouraging people to learn their own
    way.
    >
    > Was there much discussion of legal concerns with the publisher?
    > When I first started working with them, they realized that it was a touchy
    > subject. They had me develop an outline, and when I went over it with
    their
    > lawyers, they said, "Yeah, this should be OK."
    >
    > Then I got a call (a few months later) during which they basically said
    they'd
    > had some turnover in the legal department and weren't feeling so good
    about
    > the book now. I don't know if this had anything to do with it, but right
    > around the time that they gave me they call, the Department of Justice
    shut
    > down ISOnews.com and they were sort of beating on the doors of a lot of
    mod
    > chip guys.
    >
    > Has the ISOnews.com case had a chilling effect beyond your work?
    > I think that it's had a major chilling effect. Maybe the reason that
    companies
    > started (backing out of such publishing deals) this is that the DMCA has
    > become such a hot topic. A lot of companies aren't willing to really push
    > their content directly through a public trial. The whole idea of taking a
    > person and making an example of him seems to have backfired. They tried
    that
    > with a few guys and it didn't work.
    >
    > I think a lot of companies are starting to take more indirect attacks. To
    use
    > a really bad analogy, instead of going for the mafia boss, you take out
    the
    > guys in the street, the little mod chip vendors.
    > I want to put a stake in the ground and say, "Hey, I strongly believe what
    I'm
    > doing is legal.
    > They're trying other techniques within the word of the law to put a damper
    on
    > this activity without getting bad press.
    >
    > If they were to go ahead and take any Xbox-Linux guys and crucify them for
    > running Linux on the Xbox, they'd have the whole open-source crowd really
    up
    > in arms. There'd be a really big negative mark on the Xbox.
    >
    > So even though Microsoft has said, "You guys can't run Linux on the Xbox,"
    > they're not going to really do anything about it in the short term. It's
    not
    > hurting their revenue enough to have them fight a battle on principle.
    >
    > Are you afraid personally of the possible consequences of publishing the
    book?
    > Oh yeah. Lately it's been really day-to-day. I get a lot of e-mail from a
    lot
    > of people, and sometimes you see the subject line and freeze for a moment,
    > thinking, "This is it, they're coming to get me." And then it just turns
    out
    > to be an innocent question. But the fact that Americart felt it had to
    reject
    > my book shows how jittery people are.
    >
    > So how are you going to sell the book now?
    > There's always PayPal, I guess...Although someone pointed out to me that
    > PayPal has an explicit clause that says you can't use the service to sell
    mod
    > chips. Even though this isn't a mod chip per se, it might be construed as
    a
    > technology or a tool under the wording of the DMCA.
    >
    > The big question that I had when I published my paper at MIT was whether
    this
    > would be considered a copyright circumvention tool under the DMCA. I think
    > it's wildly unrealistic to think that a court would agree with such an
    > expansive interpretation of a tool. But to a limited degree, they might go
    > along with it.
    >
    > Beyond the question of what's a tool, there are still a lot of questions
    about
    > whether mod chips are copyright circumvention devices at all, since they
    do
    > other, legitimate things. Would it be useful to have a court opinion on
    that?
    > It would be. I think that part of the reason I decided to go ahead with
    the
    > book is that I'm really tired of hearing, "Well, there's three cases that
    > never went to court, but here's the direction in which they kind of
    leaned."
    > There's no real stakes in the ground about this.
    >
    > There's a lot of fear, uncertainty and doubt. And the longer the people
    who
    > want to enforce these laws can cast the shadow of fear without ever having
    to
    > bring something to court, the more effective they are. This type of
    publishing
    > is kept underground and under control.
    >
    > I want to put a stake in the ground and say, "Hey, I strongly believe what
    I'm
    > doing is legal and it's beneficial for people to know about this stuff."
    If we
    > don't know about it, then the bad guys are going to figure it out and
    they're
    > going to take our lunch. Maybe I'm being a fool by saying this, but if
    someone
    > wants to challenge me on this, I think it's something we need to talk
    about in
    > a court of law. I don't know where I'd find the resources to defend
    myself. If
    > I am taken to court, then I'll figure it out.
    >
    > The big game companies seem to paint all hacking as enabling software
    piracy.
    > What's your rationale for why it's useful to hack the hardware?
    > There's this thing called fair use that pretty much had been protected
    until
    > the DMCA came out. It says that if I take my hard-earned money and buy a
    piece
    > of hardware--whether it's a hammer or a razor or a computer--I can take it
    > home and do what I want.
    > The real critical issue is if it turns out that Microsoft can put a ban on
    > people running their own code on a piece of hardware.
    > I don't have to just use a hammer to pound nails. Same goes for a computer
    or
    > a video game machine.
    >
    > The real critical issue is if it turns out that Microsoft can put a ban on
    > people running their own code on a piece of hardware. That'd enable people
    to
    > develop monopolies over hardware by simply securing the hardware to
    something
    > cryptographic in the software base. Microsoft could start offering
    incentives
    > to hardware makers to install a Palladium chip that only runs Windows on
    it,
    > and people who remove it are guilty under the law. Eventually, you just
    lock
    > up the whole world.
    >
    > That's the whole crux. We're going to investigate this hardware and run
    Linux
    > on it and push things a little. We need to figure out really soon what
    this is
    > going to do to the industry and whether this is something of which we need
    to
    > be afraid.
    >
    > Right after I did the paper, I worked with a guy to find the avenues to
    > completely bypass the Xbox security systems. And what we ended up with was
    > amazing. It was a concatenation of four bugs from various vendors that
    allowed
    > it to happen.
    >
    > It's a real-life example of why I think Palladium isn't going to
    work--every
    > vendor is going to have some small bug that individually doesn't mean
    much,
    > but when you stack 'em together, it becomes a big security hole. And once
    you
    > commit it to silicon, it becomes a billion-dollar bug.
    >
    > So it sounds like a big part of your motivation is educational?
    > Oh yeah, a very large part of it is educational. When I first started
    doing
    > this, I asked my professor if he thought there was academic merit to it.
    He
    > was really positive. The security community has been debating for a long
    time
    > about how we secure chip buses--do we just make it really fast and take it
    out
    > of the realm of hackability? This sets a data point for what it takes to
    > extract data out of a high-speed bus. It's a real meat-and-potatoes
    example of
    > security--what can go wrong and what can be done about it.
    >
    > Do you expect your work to be reflected in the design of Xbox 2?
    > I think it will be. Nvidia had to scrap a bunch of chips because Microsoft
    > rotated the (security) code, and I think that was at least, in part,
    > specifically because of what I'd done.
    >
    > With the Xbox 2, there's a couple of different directions they could take.
    > They could say, "Fair use is fair use. Go ahead and run Linux on it, but
    if I
    > catch you copying games, I'm going to nail you good." Or they'll try to
    tie it
    > down even more cryptographically.
    >
    > There are things that they can try. But there's a dozen attacks that I've
    kept
    > in my back pocket and that other hackers have kept in their back pockets
    that
    > nobody's even talked about. Those will come out if Microsoft tries to
    secure
    > the hardware again.
    >
    > What do you think of the James Bond hack for running unsigned software on
    the
    > Xbox?
    > That looks really promising for freeing Linux to the mainstream. It either
    > spells the beginning for a new age in Xbox hacking, or it's the demise.
    Either
    > it's such a potent weapon against the Xbox that Microsoft will have no
    choice
    > but to start enforcing stronger policies on hacking, or they may have to
    > change the hardware. Or they could decide to back off and let Linux
    flourish.
    > But I think it's going to tip the scale somehow.
    >
    > And this is just one exploit. There are probably a lot of others. The
    thing
    > that I'm looking for a is network attack, where you just plug it into the
    > network, run a script on the PC and send a specially formed packet to the
    > Xbox, and voila, you've got your code in the Xbox. That's the kind of
    thing
    > I'd look out for being an incredibly huge problem for Microsoft.
    >
    > Has the rationale for running Linux on an Xbox been diluted, now that you
    can
    > buy a $200 Linux PC from Wal-Mart?
    > People talk and joke about that a lot. But there are a couple of things to
    > realize. One is that those $200 PCs don't have anything close to the
    graphics
    > power that the Xbox has. And most of the Linux applications for the Xbox
    have
    > not been geared toward turning it into a Web server or a word processor.
    They
    > want to turn it into a media center and have the box under their stereo
    system
    > that stores videos, digital audio and other stuff. The Xbox is really
    pretty
    > handy for that. And they use Linux because it has all these great tools
    for
    > working with media.
    >
    > What the appeal for you to doing reverse engineering work?
    > I think it's an important area and it's fun. I really like security more
    than
    > anything else, so I've been working on TEMPEST-style surveillance
    equipment,
    > looking for security holes that should be fairly obvious, trying to raise
    > awareness for the public that information isn't as safe as it is thought
    to
    > be.
    >
    > Something like a public service job?
    > I guess you could say it's public service. What it boils down to is either
    > someone's going to write a paper and say there's this vulnerability, or
    you're
    > going to find out the hard way. One of my goals as I do this exploration,
    more
    > for my own fun than anything else, is to be able to say it was this easy
    or
    > this hard to break your hardware, and here's what you can do to remedy it.
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: yossarian: "Re: [Full-Disclosure] RE: [ISN] DARPA pulls OpenBSD funding"