Dear EMI: Please Let Security Researchers Protect You From A Rootkit Fiasco

from the an-open-letter dept

Following the huge mess involving both of the copy protection systems Sony BMG uses on CDs having serious security vulnerabilities, it's about time that people started paying attention to the other record labels as well. For some reason, Universal Music has gotten away unscathed, despite having a deal in place with First4Internet, the makers of the terribly flawed XCP rootkit copy protection that kicked off this whole story. Now, some are starting to look at EMI, but have realized that the DMCA does create something of a "chilling effect" as security researchers can be accused of breaking the law for investigating the copy protection. This situation is made worse by the fact that malicious hackers now know that copy protection schemes are a fertile area to mine for possible vulnerabilities. So, the EFF has put together an open letter to EMI, asking them to publicly state that they won't go after security researchers who discover security holes in the Macrovision copy protection EMI has been using. While we wait for their answer (which we get the feeling may take a while) can someone please explain why the EFF insist on putting content like that in PDF format, rather than making an HTML version as well?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dmub, 4 Jan 2006 @ 3:31pm

    Maybe

    they fear someone changing what they write? PDF can not be changed, whereas the hmtl could be hacked?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jan 2006 @ 4:01pm

      Re: Maybe

      PDF can't be hacked? Puhleeez.

      reply to this | link to this | view in chronology ]

    • identicon
      Rikko, 4 Jan 2006 @ 4:41pm

      Re: Maybe

      I guess clicking "Export PDF" in OpenOffice Writer is that much easier than making a freaking web page that annoys 95% less people.

      reply to this | link to this | view in chronology ]

      • identicon
        ZOMG CENSORED, 4 Jan 2006 @ 5:16pm

        Re: Maybe (The Remix) ft. Notorious ZO-M-G

        I think it's because, for some odd reason, corporate people have it in their head that pdf is the cat's whiskers. When most sane people realize that is only the case when it's a huge freaking chunk of data.

        I was talking to my boss' boss earlier today (small talk) and he brought up how he wished we could all work in nothing but pdf's. I explained to him the cons of that and why pdf isn't good for everything. I'm still working here so that's a good sign :D Just goes to show that some people think pdf is the new html.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jan 2006 @ 7:34pm

      Re: Maybe

      Maybe they ripped a DRM unprotected version from an Adobe CD.

      reply to this | link to this | view in chronology ]

  • identicon
    Don Gray, 4 Jan 2006 @ 5:49pm

    PDF = Control (Perceived)

    To most people PDF = Control. Oh yeah and it's easier.

    So to recap: Lazy control freaks like PDF

    That's why lots of managers like it!

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 4 Jan 2006 @ 5:57pm

      Re: PDF = Control (Perceived)

      To most people PDF = Control.

      Yeah, but you would think, of anyone, the EFF would recognize how silly that idea is.

      reply to this | link to this | view in chronology ]

    • identicon
      A person, 4 Jan 2006 @ 8:20pm

      Re: PDF = Control (Perceived)

      My father is the manager of an architech buisness, and he insists that all the documents are in pdf. now that we are on a vacation at Lake Tahoe and he is doing work from his laptop via emailed documents and files from his employies, with incredibly slow (48 kbs) internet access with no printer, he realizes how dumb of an idea it was to require pdf files. It takes him about half an hour to load one, and he can't even work on it! He had to send an email out to all his staff telling them no more pdf's. I guess one of his staff had explained all this to him beforehand, and my father cut his pay and almost fired him for "Opposing company policy".

      reply to this | link to this | view in chronology ]

  • identicon
    anonymous, 4 Jan 2006 @ 8:02pm

    pdf

    It's cause PDF loads up so much better and faster and looks So much better....

    Hang on while I stop gagging myself.

    On a side note, does anyone know why Adobe is hell bent on making the reader slower and slooower to load with every new version?

    reply to this | link to this | view in chronology ]

  • identicon
    Michael "TheZorch" Haney, 5 Jan 2006 @ 4:22am

    I have a good question...

    Why the heck hasn't the British Government started a serious criminal investigation of First4Internet? Why haven't any states here taken them to court? It is possible to take foreign companies to court, but it takes a lot of paperwork and diplomatic hoop-jumping to do it. I hear all this stuff about boycotting Sony and rebelling against companies using DRM but what about going after the jerks who developed XCP in the first place. I haven't heard a thing about going after them at all despite the fact that its been confirmed that they stole Open Source code to make it.

    reply to this | link to this | view in chronology ]

    • identicon
      Mousky, 5 Jan 2006 @ 4:37am

      Re: I have a good question...

      Because First4Internet merely developed the software. It was Sony BMG that implemented the software. It's like suing gun manufacturers for murder or automotive manufacturers for vehicular homicide.

      reply to this | link to this | view in chronology ]

      • identicon
        dan, 5 Jan 2006 @ 6:45am

        Re: I have a good question...

        I disagree with the analogy. Guns can be used for many other things aside from killing people. First4Internet developed this software with a rootkit built in ON PURPOSE. The purpose of a gun is not neccessarily illegal (the end user makes that choice), while the rootkit is illegal (and the end user has no choice).

        Sony still deserves some blame for not investigating First4Internet before they decided to distribute their software, but First4Internet should still be liable.

        reply to this | link to this | view in chronology ]

        • identicon
          Seer, 5 Jan 2006 @ 5:29pm

          Re: I have a good question...

          Yes, the real people who we need to go after are the makers of this crappy software. Do you think the Sony execs who decided to go to XCP (I think that's the company's name) had any clue what a rootkit was? Or that XCP even told ANYONE at Sony how their software worked? No, they probably just released some "fact" sheet that advertised only the good things.

          I guess you can blame Sony for not acting sooner and not really trying very hard in the beginning of this thing.

          reply to this | link to this | view in chronology ]

  • identicon
    MikeVx, 5 Jan 2006 @ 6:36am

    PDF vs HTML

    With the PDF, we can see exactly what EMI sees in the letter, formatting, letterhead and all, within the limits of our monitors. There is no reliable way to do this in HTML other than embedding a graphic in the page, with the usual problems with lower-resolution screens. Every PDF reader I've ever used starts up with the document scaled to fit the screen/window.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.