Small Inventors Complain About Patent Reform... >>
<< Wisconsin Bill Says Paper Trails And Source...
 tdicon 


Say That Again

by Mike Masnick

Wed, Jan 4th 2006 3:22pm





Dear EMI: Please Let Security Researchers Protect You From A Rootkit Fiasco

from the an-open-letter dept

Following the huge mess involving both of the copy protection systems Sony BMG uses on CDs having serious security vulnerabilities, it's about time that people started paying attention to the other record labels as well. For some reason, Universal Music has gotten away unscathed, despite having a deal in place with First4Internet, the makers of the terribly flawed XCP rootkit copy protection that kicked off this whole story. Now, some are starting to look at EMI, but have realized that the DMCA does create something of a "chilling effect" as security researchers can be accused of breaking the law for investigating the copy protection. This situation is made worse by the fact that malicious hackers now know that copy protection schemes are a fertile area to mine for possible vulnerabilities. So, the EFF has put together an open letter to EMI, asking them to publicly state that they won't go after security researchers who discover security holes in the Macrovision copy protection EMI has been using. While we wait for their answer (which we get the feeling may take a while) can someone please explain why the EFF insist on putting content like that in PDF format, rather than making an HTML version as well?

14 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    Maybe

    identicon
    dmub, Jan 4th, 2006 @ 3:31pm

    they fear someone changing what they write? PDF can not be changed, whereas the hmtl could be hacked?

    reply to this | link to this | view in thread ]

  2.  

    Re: Maybe

    identicon
    Anonymous Coward, Jan 4th, 2006 @ 4:01pm

    PDF can't be hacked? Puhleeez.

    reply to this | link to this | view in thread ]

  3.  

    Re: Maybe

    identicon
    Rikko, Jan 4th, 2006 @ 4:41pm

    I guess clicking "Export PDF" in OpenOffice Writer is that much easier than making a freaking web page that annoys 95% less people.

    reply to this | link to this | view in thread ]

  4.  

    Re: Maybe (The Remix) ft. Notorious ZO-M-G

    identicon
    ZOMG CENSORED, Jan 4th, 2006 @ 5:16pm

    I think it's because, for some odd reason, corporate people have it in their head that pdf is the cat's whiskers. When most sane people realize that is only the case when it's a huge freaking chunk of data.

    I was talking to my boss' boss earlier today (small talk) and he brought up how he wished we could all work in nothing but pdf's. I explained to him the cons of that and why pdf isn't good for everything. I'm still working here so that's a good sign :D Just goes to show that some people think pdf is the new html.

    reply to this | link to this | view in thread ]

  5.  

    PDF = Control (Perceived)

    identicon
    Don Gray, Jan 4th, 2006 @ 5:49pm

    To most people PDF = Control. Oh yeah and it's easier.

    So to recap: Lazy control freaks like PDF

    That's why lots of managers like it!

    reply to this | link to this | view in thread ]

  6.  

    Re: PDF = Control (Perceived)

    icon
    Mike (profile), Jan 4th, 2006 @ 5:57pm

    To most people PDF = Control.

    Yeah, but you would think, of anyone, the EFF would recognize how silly that idea is.

    reply to this | link to this | view in thread ]

  7.  

    Re: Maybe

    identicon
    Anonymous Coward, Jan 4th, 2006 @ 7:34pm

    Maybe they ripped a DRM unprotected version from an Adobe CD.

    reply to this | link to this | view in thread ]

  8.  

    pdf

    identicon
    anonymous, Jan 4th, 2006 @ 8:02pm

    It's cause PDF loads up so much better and faster and looks So much better....

    Hang on while I stop gagging myself.

    On a side note, does anyone know why Adobe is hell bent on making the reader slower and slooower to load with every new version?

    reply to this | link to this | view in thread ]

  9.  

    Re: PDF = Control (Perceived)

    identicon
    A person, Jan 4th, 2006 @ 8:20pm

    My father is the manager of an architech buisness, and he insists that all the documents are in pdf. now that we are on a vacation at Lake Tahoe and he is doing work from his laptop via emailed documents and files from his employies, with incredibly slow (48 kbs) internet access with no printer, he realizes how dumb of an idea it was to require pdf files. It takes him about half an hour to load one, and he can't even work on it! He had to send an email out to all his staff telling them no more pdf's. I guess one of his staff had explained all this to him beforehand, and my father cut his pay and almost fired him for "Opposing company policy".

    reply to this | link to this | view in thread ]

  10.  

    I have a good question...

    identicon
    Michael "TheZorch" Haney, Jan 5th, 2006 @ 4:22am

    Why the heck hasn't the British Government started a serious criminal investigation of First4Internet? Why haven't any states here taken them to court? It is possible to take foreign companies to court, but it takes a lot of paperwork and diplomatic hoop-jumping to do it. I hear all this stuff about boycotting Sony and rebelling against companies using DRM but what about going after the jerks who developed XCP in the first place. I haven't heard a thing about going after them at all despite the fact that its been confirmed that they stole Open Source code to make it.

    reply to this | link to this | view in thread ]

  11.  

    Re: I have a good question...

    identicon
    Mousky, Jan 5th, 2006 @ 4:37am

    Because First4Internet merely developed the software. It was Sony BMG that implemented the software. It's like suing gun manufacturers for murder or automotive manufacturers for vehicular homicide.

    reply to this | link to this | view in thread ]

  12.  

    PDF vs HTML

    identicon
    MikeVx, Jan 5th, 2006 @ 6:36am

    With the PDF, we can see exactly what EMI sees in the letter, formatting, letterhead and all, within the limits of our monitors. There is no reliable way to do this in HTML other than embedding a graphic in the page, with the usual problems with lower-resolution screens. Every PDF reader I've ever used starts up with the document scaled to fit the screen/window.

    reply to this | link to this | view in thread ]

  13.  

    Re: I have a good question...

    identicon
    dan, Jan 5th, 2006 @ 6:45am

    I disagree with the analogy. Guns can be used for many other things aside from killing people. First4Internet developed this software with a rootkit built in ON PURPOSE. The purpose of a gun is not neccessarily illegal (the end user makes that choice), while the rootkit is illegal (and the end user has no choice).

    Sony still deserves some blame for not investigating First4Internet before they decided to distribute their software, but First4Internet should still be liable.

    reply to this | link to this | view in thread ]

  14.  

    Re: I have a good question...

    identicon
    Seer, Jan 5th, 2006 @ 5:29pm

    Yes, the real people who we need to go after are the makers of this crappy software. Do you think the Sony execs who decided to go to XCP (I think that's the company's name) had any clue what a rootkit was? Or that XCP even told ANYONE at Sony how their software worked? No, they probably just released some "fact" sheet that advertised only the good things.

    I guess you can blame Sony for not acting sooner and not really trying very hard in the beginning of this thing.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Small Inventors Complain About Patent Reform... >>
<< Wisconsin Bill Says Paper Trails And Source...
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This