It’s great that Apple is starting to sell DRM free music, right? Well, you might want to think again, because, apparently, the tracks contain data embedded data that contains the full name and account information, including e-mail address, of who bought them. That’s right, full name and account information of who bought them. This data has always been there, but before, no one could share the DRM tunes, now they can share the tunes with anyone, and that data could be tracked back to the person, or persons, who bought it, and, it could also be spoofed by someone on the internet. Your data could be embedded in a music file and dropped on a peer to peer network for the whole world to share, and for the suit happy music labels to see. Playlistmag.com referred to it as Watermarked iTunes files.
The big question, of course, is what might Apple do with this information? Because it can be spoofed, it’s not exactly the best way to determine who is sharing music, and in any case, tracing a link back such as this would leave a copyright holder in a gray area. Embedded data or not, the mere presence of the data in a file found on a share is not an unassailable indicator of copyright infringement.
While I don’t think iTunes users would buy music from the iTunes store to share on P2P networks, someone could, and that someone could change the data to anyone they wanted to. I bet there are files with Steve Jobs email address in them online right now. I also bet there will be cleaners created soon to clean the data, but, this does make you wonder what Apple will and could do with it.
In other Apple news, it was reported that iTunes version 7.2 had broken the ability to play Mp3′s that had been ripped from music purchased from the iTunes store. Most users had figured out that you could buy songs from the iTunes store, burn them to CD and then rip them to MP3 to get rid of the Fairplay DRM. The EFF had reported that the upgrade to version 7.2 of iTunes had broken this, but now, according to a post on Playlistmag.com, it appears it is merely a bug and you can bypass it by recreating your iTunes music library.
Yesterday, I noted that iTunes 7.2 had trouble syncing certain MP3 files to an iPod. It appears that this is a bug.
Specifically, if you burn a playlist of iTunes? protected music to a CD in iTunes 7.2 and then rip that CD in the MP3 format (a trick people often use to remove the tracks? copy protection), those MP3 tracks won?t copy to an [tag]iPod[/tag]. Try, and you?ll be told that the tracks are incompatible with the iPod.
The bug appears to take the form of some problem with the iTunes music library, causing these specific tracks to be deemed incompatible with the iPod. You can put things right by recreating your iTunes library. Source: More on iTunes 7.2 and MP3s
This knowledge base article from Apple will walk you through recreating your iTunes library, and this one, iTunes: How to backup and restore playlists, will show you how to backup and restore your playlists.
Here are some of the latest technology stories floating around the internet today.
Wal-Mart to begin selling Dell PCs Initial word was that the Dell PCs would go on sale this weekend. A representative for Wal-Mart on Thursday morning said that the PCs are slated to be in stores on June 10, with two models each offered in a bundle priced below $700. Details on the PCs were not provided. Sam’s Club and Wal-Mart Canada stores will carry different models.
Copying HD DVD and Blu-ray discs may become legal Under a licensing agreement in its final stages, consumers may get the right to make several legal copies of HD DVD and Blu-ray Disc movies they’ve purchased, a concession by the movie industry that may quell criticism that DRM (digital rights management) technologies are too restrictive.
This is crazy. I can’t believe I just posted a story that said users MAY get the right to copy their OWN property. The movie and music industries suck and they are killing it all by themselves.
Flexible, full-color OLED On May 24, Sony unveiled what it is calling the world?s first flexible, full-color organic electroluminescent display (OLED) built on organic thin-film transistor (TFT) technology. OLEDs typically use a glass substrate, but Sony researchers developed new technology for forming organic TFT on a plastic substrate, enabling them to create a thin, lightweight and flexible full-color display.
Dell Offers Three Consumer Systems With Ubuntu 7.04 Later today, Dell will offer U.S customers three different systems with Ubuntu 7.04 installed: the XPS 410n and Dimension E520n desktops and the Inspiron E1505n notebook. These systems will be available at www.dell.com/open by 4pm CST today. Starting price for the E520n desktop and the E1505n notebook is $599; the XPS 410n starts at $849.
Why Are CC Numbers Still So Easy To Find? Some “script kiddie” tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in “nnnn nnnn” form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a “treasure trove” of card numbers that were exposed through someone’s sloppily written Web app.
DOG (Distrust/Disdain of Google) moves in Me? Google is too secretive. Too unwilling to engage. Too aloof. Oh, and Eric Schmidt, Google?s CEO, has lost touch with how normal people think (if these quotes are correct, and that?s a big ?if?). If they are correct I think it?s evidence that he?s been hanging around too many advertising execs lately. Their goal is to put impulses into your mind so you take certain actions (like buy Diet Coke instead of Diet Pepsi). Believe it or not advertising execs talk like that. So, when Eric is reported to have said, during a visit to Britain this week: ?The goal is to enable Google users to be able to ask the question such as ?What shall I do tomorrow?? and ?What job shall I take??? we all get a little freaked out. We don?t want Google to know that much about us.
Windows XP SP3 in the Works – Microsoft Confirms They have confirmed service pack 3, but the date on that article is wrong, according to Microsoft the release date will be 1st half of 2008, whatever that means.
Cyber Crooks Hijack Activities of Large Web-Hosting Firm Brian Krebs talks about IPOWER Inc, on of the hosting companies that was recently featured by Stopbadware.org as one of the largest hosting companies that are currently silently installing malicious software, as detailed here, Exposing Hosting Companies with Malicious Websites. Brian says organized crime is responsible and IPOWER says it was one compromised server run by another company.
Google is failing the Microsoft litmus test If you want to evaluate the ?evil? quotient of any company?s strategy/behavior, consider how you?d feel about it if it were Microsoft in the driver seat.
Vista no panacea for PC sales Although Microsoft has characterized itself as happy with Vista adoption so far?and Bill Gates said last week at WinHEC that Microsoft had shipped 40 million copies?the release of the new operating system has not resulted in a significant bump in PC sales.
Skype Worm Variant Targets Other Instant Messaging Clients Yesterday, I discovered what appears to be a new collection of “Skype Worm” infection binaries in circulation – it uses the tried and tested methods employed by similar infections over the past few months, with the ultimate payload being the Stration Worm. Aside from that, there’s another little surprise waiting but we’ll get to that shortly…
Categories: Dell, Google, Malicious Websites, Microsoft News, Tech News Tags: Blu-ray, Dell, Disdain of Google, DOG, DRM, Google, Service Packs, Skype, Stopbadware.org, Walmart, Windows Vista, Windows XP
Looks like what we said was going to happen has already happened, someone has already figured out how to play any HD DVD on an Xbox 360 HD DVD drive. Hackers have exposed the Volume ID and even those that have been revoked are playable on the Xbox 360. So, wonder what they will come up with next to protect their AACS [tag]DRM[/tag]. More from Engadget.
The DRM “protecting” HD DVD and Blu-ray Disc films — AACS — continues to unravel at the seams. In parallel efforts, hackers in both the Xboxhacker and Doom9 forums have exposed the “Volume ID” for discs played on XBOX 360 HD DVD drives. Any inserted disc will play without first authenticating with AACS, even those with Volume IDs which have already been revoked by the AACS LA due to previous hacking efforts. Add the exposed processing keys and you can decrypt and backup your discs for playback on any device of your choosing. So yeah, it looks like last week’s WinDVD update has been quickly and definitively made useless just as we expected it would be. Well, for XBOX 360 HD DVD drive owners anyway but you can see where this is heading, right? Now go ahead AACS LA, revoke the Toshiba-built XBOX 360 HD DVD player… we double-dog dare ya. Source: AACS hacked to expose Volume ID: WinDVD patch irrelevant
Seriously, they have to be kidding. Corel has released an “important” update to InterVideo WinDVD because of the hacking of the AACS DRM recently using the license keys. You have to update the WinDVD software and patch your player or you will no longer be able to watch your HD DVD and BD discs! And their press release at the end actually says, “Your continued enjoyment of our software is Corel’s primary concern.” What a joke, if they want me to even buy their crap, they need to pull out all of the DRM bullshit and let me use them anyway that I want, I bought and paid for it, I should have full control of it, not them.
WinDVD customers who are currently using either HD DVD or BD playback will need to download the free security update from your PC or Drive manufacturer’s websites.
This update includes security enhancements as well as updated licensing keys that will be required to view both newly purchased HD DVD/BD titles and those in your existing HD DVD/BD collections. By downloading Corel’s free update, you will be able to continue to enjoy the latest HD DVD/BD content, while ensuring that copyrighted materials are properly protected.
Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled. Source: Corel Releases Important Update for InterVideo WinDVD
Engdaget has it correct when they say Mr. assumed criminal.
That means no more hi-def movies for you, Mr. assumed criminal. Thing is, this is no ordinary patch since WinDVD exposed the hardware specific device key to video pirates. So not only are you required to update their janky WinDVD software, you also have to track down and install the particular AACS patch for the HD DVD or BD player you own. Of course this only patches one flaw in the massively compromised DRM boondoggle. And just think, you can repeat the whole process again after hackers circumvent this latest attempt at “content protection.” Isn’t DRM nice? Source: AACS patch for WinDVD, HD DVD and BD players: update or never watch movies again
Message to Corel and all the other DRM lovers. I will not buy your products; will not “upgrade” all of my DVD’s to any of the HD versions, or anything else you “require” people to do. Take a hint from your CUSTOMERS and ditch all of the DRM, it doesn’t do anything but give people a target, something else to crack and thumb their noses at you. It will always be cracked, just as this patch will be, and where does that put your users? Do you think most of these people will even know what the problem with the player is, let alone know to patch the software and the player? No, they won’t, and I guarantee you anyone who finds out that you all disabled their ability to play the movies they paid for, they will be pissed.
Take a clue from EMI and ditch the DRM, I bet their sales are already increasing on iTunes and will increase more once Microsoft cuts the deal with them for their player.
The Zune release manager has just reported that the next firmware update for the Zune will be mid-March. The will take it to version 1.3. They are fixing at least three problems, the skipping, FM tuner power drain and are updating the synching.
We’re fixing the skipping problem that some users were experiencing, that is, content acquired from Zune Marketplace will no longer skip when played on the device.
Improved device and software reliability, when it comes to device detection, and improved sync’ing.
We?ve made some changes to the FM Tuner so it no longer drains the battery when in sleep mode. source: Zune Firmware Update 1.3 Coming Mid-March
One commenter stated he would like to see them get rid of the 3×3 rule, three days or three listens and then you can’t play an item that has been beamed to another Zune, because he can’t even keep podcasts given to him by their owner. An entirely reasonable request, by adding the DRM they are making it harder for people to pass around their own stuff to people, if someone wants to give away their songs, podcasts, etc, to someone for a review, etc, why should it go away after three days? Complete and utter crap, please keep your DRM off of MY digital media.
The popular gadget site Gizmodo has declared March Boycott the RIAA month, saying the very reasons people download music is because of things like the RIAA and DRM. These things keep people from being able to play the music they buy on whatever device they choose to, you have to have an iPod to play tunes from iTunes, a Zune to play music from the Zune Marketplace, etc, and they are right, this is a bunch of crap. Used to be, when you bought your music tapes you could record them on other devices, listen to them however you want but nowadays, that is not the case when you buy music online. If I buy a song from a musician, I should be able to play it wherever I like on whatever device I have, but DRM prevents that, and causes people to download unprotected music online.
Beyond the harassment, extortion, and privacy invasion that the RIAA commits under the guise of lawsuits, they also stifle innovation by treating any open Internet source as a potential way for people to violate their copyrights. Recently, they filed a “motion for reconsideration” in a suit claiming that anything downloaded via an Internet connection is the responsibility of the owner of said connection. While the RIAA is trying to make it easier for them to get money out of the parents of kids they sue, the precedent that it would set would make it difficult, if not impossible, for open WiFi hotspots to exist. That means that the RIAA would make it impossible for you to connect to the web for free while out in a city that provides Internet access merely because you might use it to download music.
In effect, the RIAA’s insistence on strict DRM takes value away from legally purchased music. People have a choice: they can either pirate unrestricted MP3 files that will let them use them however they’d like, or they can pay for files that won’t allow them the freedom to listen where and how they choose. It only makes sense that many tech-savvy people choose to download MP3s rather than pay for crippled files. The RIAA wants people to pay for restrictions and like it. Source: Gizmodo’s Anti-RIAA Manifesto
This is exactly true, Steve Jobs recently called for digital media companies to get rid of the DRM, but that is an easy thing to do when you have nothing to loose, what he should’ve done would be to demand that they drop DRM and let people play their music anywhere, they way it is supposed to be.
In other RIAA news, apparently they don’t like a new bill submitted by Rick Boucher, a Virginia Democrat, and John Doolittle, a California Republican, that would allow consumers to circumvent digital copy restrictions in six limited areas when the copyright owners’ business models are not threatened. This so-called fair use doctrine would allow customers of copyright works to make a limited number of copies, either for reviews, news reporting, teaching and research. The RIAA said this would legalize “hacking”, something else they don’t sound too bright on, look it up fellas.
“The fair use doctrine is threatened today as never before,” Boucher said in a statement. “Historically, the nation’s copyright laws have reflected a carefully calibrated balanced between the rights of copyright owners and the rights of the users of copyrighted material. The Digital Millennium Copyright Act dramatically tilted the copyright balance toward complete copyright protection at the expense of the public’s right to fair use.”
But the RIAA said the bill would effectively repeal the DMCA. The bill would “allow electronics companies to induce others to break the law for their own profit,” it said in a statement. Advances such digital music sales, online games, on-demand movies and e-books can be traced to DMCA protects, the RIAA said. Source: RIAA opposes new fair use bill
Screw the RIAA, these people are going away and they know it, it is easier and easier for artists to create and distribute their own music and other media, it’s just too bad most of it sucks, but, most of the music coming out of those music companies sucks as well. This bill would also limit the statutory damages against individuals and firms who may be found to have engaged in contributory infringement, inducement of infringement, or other indirect infringement.
Looks like someone has found the master key to unlock ALL HD DVD and Blueray titles, this will allow you to unlock, decrypt and backup every title that is out, and one assumes the ones coming out for a bit, at least until they change the key or come up with some other way to encrypt them using this or another DRM.
There were just two major problems left: how do you detect the Processing Key and if it?s not in memory how do you find it at all? Well since I now knew how things worked I knew the Processing Key had to be combined with a C-value to produce the Media Key. The problem was there are 513 C-values in the MKB! Searching the memory (several megabytes) for a Processing Key and assuming just one C-value would take minutes (if not hours depending on the size of the dump). So doing them all would take very long. And that while I didn’t even know for sure there was a Processing Key in memory to begin with. I made a proggy that did this but using my favorite “corrupt” memdump I didn’t find any Processing Key in the first megabyte (not for any C-value). It didn’t look good.
There was a trickle of titles hitting the torrents, now you can expect a huge flood, and cries of foul from the movie companies.
The MASTER of marketing, Steve Jobs of Apple has put out a call to the big four music companies to allow them to sell DRM free music in the iStore. I have not heard a truer statement in awhile than this one, “So if the music companies are selling over 90 percent of their music DRM-free, what benefits do they get from selling the remaining small percentage of their music encumbered with a DRM system? There appear to be none.” It is completely ridiculous that the music companies require all online music stores to “protect” the music with a DRM, these stores would be perfect without it, as you could buy one or two songs from a CD instead of buying the whole CD. This is how it should be and I bet the increase in the number of songs purchased to increase dramatically.
The third alternative is to abolish DRMs entirely. Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music.
Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy. Though the big four music companies require that all their music sold online be protected with DRMs, these same music companies continue to sell billions of CDs a year which contain completely unprotected music. That’s right! No DRM system was ever developed for the CD, so all the music distributed on CDs can be easily uploaded to the Internet, then (illegally) downloaded and played on any computer or player.
In 2006, under 2 billion DRM-protected songs were sold worldwide by online stores, while over 20 billion songs were sold completely DRM-free and unprotected on CDs by the music companies themselves. The music companies sell the vast majority of their music DRM-free, and show no signs of changing this behavior, since the overwhelming majority of their revenues depend on selling CDs which must play in CD players that support no DRM system. Source: Thoughts on Music
It will be interesting to see how the music companies, Universal, Sony BMG, Warner and EMI, respond to this call for action, if anyone can get people talking about something, it is Steve Jobs. Take a look at the picture below, it is a screenshot of Techmeme, an online news aggregator that tracks news stories. Usually when a post is featured on the site it only has a few sites talking about it, some big stories will have 20 or 30 sites talking about it. This post by Steve Jobs has probably three times that many sites discussing it.
It’s easy to go on record and make sure everyone remembers that the music companies are the bad guys, hehe, Bill Gates has already gone on record as hating DRM, and the music companies are probably going to do it anyway, and they have already made billions with DRM. Plus, he reinforces the view that he and Apple are the cool people, sticking it to the man. However you look at it, no DRM sounds really good to me.
No DRM! No DRM! No DRM!
Well, maybe not just yet, as the BackupBluray utility is just in Alpha stage, it will only decrypt Blu-ray discs whose CPS unit key known, but one user, at least, has confirmed he has successfully ripped an entire movie, or has posted that he has, I didn’t see any proof, but I haven’t finished reading the whole thread yet. Muslix64, the same guy who created BackupHDDVD to allow people to backup their HD DVD’s, has once again developed a program to copy the supposedly unbreakable DRM, this time on Blu-ray DVD’s, BackupBluray is it’s name, and while it can only copy discs whose key’s are known, he said full decryption will be added soon.
A new utility has just been released in a very early Alpha stage, aptly dubbed “BackupBluray”. This BackupBluray tool is designed to help backup Blu-ray (BD-ROM) movies. The early version of this utility only supports the decryption of Blu-ray discs whose CPS unit key is known. Support for decryption via a Volume Unique key will most likely be added in the near future as development continues. At this point, a stable version of the tool is not yet available for mass distribution. The initial tool has already proven successful though, as there has already been one confirmed report of a successful Blu-ray Disc backup. If the BackupHDDVD tool history is any indication as to where BackupBluray will end up, we can expect to see the source code released to the public along with a SourceForge.net project opened. Source: BackupBluray rip utility released
So, the supposedly unbreakable DRM’s used on both of the new standards have been bypassed by the same guy, they are not technically being cracked, what he is doing is grabbing the encryption keys from a disc and decrypting the movies. He has been using a “powerful crypto attack” to analyze a memory dump from a Blu-ray disc. The movie companies spent a lot of money on these DRM’s, well, I should probably say, consumers are going to spend a lot of money on these discs because of the money it cost them to develop these standards.
After spending a bunch of money on my current collection of DVD’s, I’ll be dammed if I will upgrade to either of these standards and replace my entire collection again. Devices are already available that will show your current DVD’s in high definition, and I am sure there will be more solutions available, I will buy one of those players and keep purchasing the regular DVD’s, if none of us buy these players and discs, then the movie companies will be stuck with them, and I can tell them where they can stick them.
Muslix has released his tool to allow you to copy HDDVD movies, it is called BackupHDDVD, he didn’t actually crack the DRM, like I said here, but, because the players are insecure, he can extract the keys to allow him to copy the movies using his program.
The attack I describe in “Affirmation 4″, is not here yet, but its coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.
To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don’t know about the manufacturing process of the disk. This solution may not be possible.
The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every “pressing” of a movie.
When they design AACS, they assume people will look for the device keys. I don’t care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.
There is 3 important things in cryptography:
1-Private key protection
2-Private key protection
3-Private key protection
Did I break AACS? I don’t know. What do you think? Source: BackupHDDVD, a tool to decrypt AACS protected movies
He posted download links here, with the hash to verify.