Cynthetiq

link

CD-copy protection system said to have simple flaw
Tuesday October 7, 2:21 pm ET
By Ben Berkowitz


LOS ANGELES, Oct 7 (Reuters) - A Princeton graduate student said on Monday that he has figured out a way to defeat new software intended to keep music CDs from being copied on a computer -- simply by pressing the Shift-key.
In a paper posted on his Web site late Monday, John Halderman said the MediaMax CD3 software developed by SunnComm Technologies Inc. (OTC BB:STEH.OB - News) could be defeated on computers running the Windows operating system by holding down the Shift key, disabling a Windows feature that automatically launches the encryption software on the disc.

Halderman said the protection could also be disabled by stopping the driver the CD installs when it is first inserted into a computer's drive.

Computers running Linux and older versions of the Mac operating system are unable to run the software and are able to copy the disc freely, he said.

The CD in question, Anthony Hamilton's "Comin' From Where I'm From," was released by BMG's Arista label in late September. Music retailers praised the release, which BMG touted as a breakthrough in the industry's efforts to prevent music piracy.

"SunnComm's claims of robust protection collapse, when subjected to scrutiny, and their system's weaknesses are not only academic," Halderman said in the report.

A spokesman for SunnComm was not immediately available to comment on the report. A spokesman for BMG, a unit of Bertelsmann AG (BERT.UL), said the company viewed the software as a "speed bump" to prevent mass piracy of the disc.

"We were fully aware that if someone held down the Shift key the first and every subsequent time (they played the disc) that the technology could be circumvented," BMG spokesman Nathaniel Brown told Reuters, adding the company "erred on the side of playability and flexibility."

Halderman, who has previously done research on CD copy-protection techniques and their effects on consumer sentiment, called the latest protection attempts into question.

"CD copy-prevention schemes that (depend) solely on software, as SunnComm's does, will be trivial to disable, and alternative strategies that modify the CD data format will invariably cause public outcry over incompatibility with legitimate playback devices," Halderman said.

The music industry has blamed piracy and online file sharing services for a prolonged slump in CD sales. Software like that from SunnComm has been seen as a way to slow down the tide of CDs being ripped into digital format and uploaded to the file sharing platforms.
---------

I wonder if he will be cited for DCMA because he had to do something to "reverse engineer" or "defeat" the copy protection.... IMHO, they are just being stupid.

__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.

spectre

hahahaha

That's hysterical. Leave it to the record industry to come up with a copy protection system that can be stopped so easily. Another way to do it: go to My Computer, right click on your cd rom and disable autoplay.

*spec wonders if he violated the DMCA with that comment

__________________
"Fuck these chains
No goddamn slave
I will be different" ~ Machine Head

Kaos

Bwhahaha

And to think how much money was spent to create the CD-protection...

Nisses

Good Lord. That's like pointing out the trip wires, laser beams and motion detectors on your front-door and then putting a key under the mat... What flexibility???

Sounds to me like they spent alot of time and money and wasted all of it...

Linux: works without a hitch
older Mac versions: no problem whatsoever
Windows: hold down the Shift key

okaay, another milestone in the battle against music piracy indeed.

__________________
Moderation should be moderately moderated.

The_Dude

i remember something about writing in the middle with a felt tip pen and it disables the cd protection.

__________________
"Luck is what happens when preparation meets opportunity." - Darrel K Royal

punx1325

That was almost as good as when Sony launched their new piracy software which could be defeated by lining the edge of the CD with a permanent marker.

__________________
If something seems too good to be true, then it probably is....

laconic1

Just one more reason to run Linux.

i8one2

Now this post is a definitely a public service! Thankx

__________________
LEATHER, LATEX and LACE "SSC"
"Nothing That Gives Pleasure is Bad"

Quality is for those who know
what they want and are at peace with what they have.

"S/M is about emotion; the erotic tension between my impulse toward something and my resistance against it."-- Virginia Barker

ratbastid

You know what? I applaud them for that. The RIAA wants your music under lock and key, and here these guys have taken an approach that will significantly decrease the scale of theft among the "I wedge the CD in thyar and then I runs my ripper dealy" crowd, while not imposing any massive usability burden on the people who want to just PLAY THE DAMN MUSIC. I mean Christ, some of the proposed approaches to CD-based copy protection are impossible to play in many CD players, don't support various standard CD features, etc.

Okay, so it's easily circumvented by people who know the magic trick. Before I read this, I didn't know that holding down shift disabled auto-launch. Laugh if you like, but I'm a very computer-savvy guy, and they would have gotten me! How many of you, your mother wouldn't be able to rip this disc? Mine wouldn't. So their approach largely works, without unduly inconveniencing the rest of us.

For better or worse, Digital Rights Management is the way the world is going. I think these guys have hit the sweet spot of protection versus useability.

Flesh

yeah but your mom doesn't rip the cd either. people who WANT to rip it, WILL rip it, shift key or not

HeAtHeN

You KNOW someone has lost thier job over this

__________________

Cynthetiq

not really because they knew that it was defeatable because they opted for compatibility and usability over draconian measures.

guthmund

That's like watching the dog shit and then stepping in it.

Does anybody really know if they were fully aware before the kid figured it out? Sounds a little suspicious.....

"of course....we knew that the shift *cough ahem shift key...would circumvent...our multi-million dollar copy protection.....we did that on purpose.....yeah, that's the ticket...."

__________________
No signature. None. Seriously.

spived2

I completely agree with what you said ratbastid. There are a lot of people that steal songs because it's just so easy. Put a roadblock in the way and most people wont take that extra effort to try to find a way around it. People that really care about stealing music will always find a way around even if it's not as easy as holding the shift key.

__________________

"This visage, no mere veneer of vanity, is it vestige of the vox populi, now vacant, vanished, as the once vital voice of the verisimilitude now venerates what they once vilified. However, this valorous visitation of a by-gone vexation, stands vivified, and has vowed to vanquish these venal and virulent vermin vanguarding vice and vouchsafing the violently vicious and voracious violation of volition. The only verdict is vengeance; a vendetta, held as a votive, not in vain, for the value and veracity of such shall one day vindicate the vigilant and the virtuous. Verily, this vichyssoise of verbiage veers most verbose vis-à-vis an introduction, and so it is my very good honor to meet you and you may call me V." - V

Great Scott

This is all about the stupidity of greed. Here we have the record companies getting fat and greedy ripping us off on CDs for years. Well big news they did that before with tapes and then they came up with CD's. Great innovation worth the price. Instead of going for copy protection they should have invested in new technology´. Something better for us to spend our money on.

tekaweni

Now that is neat. I love it when a complicated thing comes undone so simply!

__________________
If you always do what you've always done, you'll always get what you've always gotten

legolas

lol, I'm sure it can be fixed though. It seems like a pretty simple problem.

__________________
"To alcohol! The cause of, and solution to, all of life's problems."

Moreland

Thats great, poor sod who loses his job though might be more particular next time.

tinfoil

Yes, that was the Cactus DataShield. It was on the outside of the CD though, if I am not mistaken.

__________________
Get off your fuckin cross. We need the fuckin space to nail the next fool martyr.

JBX

That is a riot.

__________________
"Youth and Strength is no match for Age and Treachery"

Esoteric

Haha, all that for nothing.

__________________
From a head full of pressure rests the senses that I clutch
Made a date with Divinity, but she wouldn't let me fuck
I got touched by a hazy shaded, God help me change
Caught a rush on the floor from the life in my veins

madsenj37

or a Mac, or anything non - microsoft.

__________________
"Only two things are certain: the universe and human stupidity; and I'm not certain about the universe."
-- Albert Einstein

fuzzix

Hahahahaha! Made my day.

__________________
I'm most definately not 'lovin' it'.

arcane

makes me wanna hug my non windows machines

__________________
<Arcane> so if you banged 2000 chicks then at least one had a pen0r?

JStrider

and they did sue him

thats unbelievably lame...

__________________
-=JStrider=-

~Clatto Verata Nicto

Moreland

Yeah I read about them suing him on bbc news this morning, very lame. I mean hes only highlighted a security issue!

Gortexfogg

Don't kill the messenger...these guys already said they knew about the shift key so I don't see what this lawsuit is all about. It's not like he wrote a program to stop the cd protection software. He used the cd protection software to stop the cd protection software...

brandon11983

Way to cover up getting caught with your pants down, guys.

__________________
Well behaved women rarely make history.

Arc101

Ha Ha May all companies carry on being this stupid. They can't win you know, they will spend tens of millions making programmes trying to prevent people copying music, and a 13 year old spotty kid in his bedroom will come up with something like if you press esc twice you can defeat the programme..

powder

Ha.

ubertuber

"SunnComm believes that by making erroneous assumptions in putting together his critical review of the MediaMax CD-3 technology, Halderman came to false conclusions concerning the robustness and efficacy of SunnComm's MediaMax technology," it said.

This part sounds like the shift key thing isn't true. If not and Sunncomm lost value over an untrue statement about the efficacy of their product, would the kid be liable? Still, I wonder how they think they are going to recoup a $10 million dollar market value loss through lawsuit. It's not like the guy could pay that much in damages even if they did win.

Does anyone know if his report is correct?

__________________
Cogito ergo spud -- I think, therefore I yam

Stare At The Sun

Aahhaa, OWNED.

ubertuber

Update - they dropped the suit.

Link to story

PETER JACOBS, the chief executive of SunnComm Technologies Inc., told Reuters on Friday the company disputed the conclusion by Princeton student Alex Halderman that its software was “irreparably flawed,” but would not pursue the matter because it did not want to chill academic research.
_ _ _ _Halderman, who is working on a doctorate in computer science, posted a paper on his Web site earlier this week detailing the ways SunnComm’s MediaMax software could be defeated. These included simply holding down the “Shift” key on a keyboard, while loading the disc in to a CD drive.
_ _ _ _SunnComm did not contest that finding, but earlier said the paper cost the company more than $10 million in market capitalization.
_ _ _ _“R&D is our life,” Jacobs said. “It wasn’t our intention to strike a blow against research. We sincerely thought that the research was not founded on the premise for which the technology was invented in the first place.”
_ _ _ _Earlier this year, Phoenix-based SunnComm and BMG, a unit of the German conglomerate Bertelsmann AG, signed a deal for BMG to license SunnComm’s MediaMax CD-3 copy protection software.
_ _ _ _The music industry, faced with slumping CD sales it blames on digital piracy, has actively sought new technologies to cut down on what it sees as rampant copying of compact discs and the sharing of those files online.
_ _ _ _In late September, BMG’s Arista label released “Comin’ From Where I’m From,” a CD from singer Anthony Hamilton. It was the first major release using the SunnComm software.
_ _ _ _In his Web posting, Halderman also explained how to stop the driver that the MediaMax software installs on a computer when the CD is first played, leaving the user free to copy the disc.
_ _ _ _SunnComm said on Thursday it would sue Halderman and urge felony charges against him for alleged violations of the Digital Millennium Copyright Act.
_ _ _ _
CHANGE OF HEART
_ _ _ _But Jacobs said he had a change of heart.
_ _ _ _“I’m looking at the big picture,” Jacobs said. “I’m feeling better already. (The research) doesn’t dilute our technology at all, nor does it nullify our technology.”
_ _ _ _Halderman’s graduate advisor at Princeton is Ed Felten, a well-known academic who once filed suit against the Recording Industry Association of America after the record industry trade group suggested it would use the DMCA to prosecute Felten for publishing a paper on flaws in an industry-devised digital security system.
_ _ _ _The Electronic Frontier Foundation, which has led the charge against the DMCA, also spoke out against SunnComm.
_ _ _ _“What more proof do you need that the DMCA is chilling legitimate research?” EFF senior attorney Fred von Lohmann said in a statement Thursday.
_ _ _ _“In America today, scientists shouldn’t have to fear legal action for publishing the truth. Based on the apparent weakness of its technology, perhaps SunnComm should be hiring more Princeton computer scientists, instead of threatening to sue them.”
_ _ _ _Jacobs, whose company counts the Chinese government as a minority investor, argued the dispute came down to a misunderstanding over the intent of his software.
_ _ _ _“The problem was that he declared this an unrepairable flaw and that was the part that really hurt us,” he said. “He was reviewing a drama when we were writing a comedy.”

Man - Jacobs, the president of Sunncomm sure comes off as an idiot. "He was reviewing a drama when we were writing a comedy." I bet with that quote their investors were reassured and they got half that lost market value back.

not.

I'm glad they realized that it was ridiculous to sue the kid for pointing out that they made a shoddy product.
_ _ _ _