Saturday, November 10, 2007

Digital Restriction Managment

Some of you may have seen it discussed as "Technology Protection Measures"(TPM). The CD format has survived for more than 20 years as a straightforward way of distributing contents in digital form. To the chagrin of the industry, consumers can easily use their computers to “rip” files from CDs, encode the files compactly, and then redistribute them over the Internet.

For years,industries has sought technologies that could somehow hinder ripping or redistribution. "Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and copyright holders to limit usage of digital media or devices. It may also refer to restrictions associated with specific instances of digital works or devices. To some extent, DRM overlaps with copy protection, but DRM is usually applied to creative media (music, films, etc.) whereas copy protection typically refers to software." - Wikipedia

Why should we as a security professional care? We all are aware of the famous Sony-BMG Case,2005, USA. In October 2005, Sysinternals’ Mark Russinovich discovered a rootkit on his computer, which he later determined stemmed from a Sony-BMG compact disc. The DRM software also acted as a spyware apart from copy protecting CD's. Months after Sony got into trouble for using rootkit functionality in the DRM protection of audio media, the word ‘rootkit’ again hitting the headlines. This time the trouble comes in the form of DVD movies containing DRM software from Settec.

At the end of January 2006, German computer users started to post complaints to a public newsgroup about the DVD of the movie of Mr. & Mrs. Smith. Users had noticed the presence of a new protection system on the DVD, which was essentially based on two levels of security. The first was a physical protection on the disc surface (probably some kind of bad sectors), and the second was software protection installed on the machines by the autorun player. The messages posted on the public forum reported strange errors relating to popular DVD ripping programs in the presence of the aforementioned software. It didn’t take long for experienced computer users to understand what was going on.

One week later, the popular German news Web site Heise Online published the first technical analysis of the protection software found on the Mr. & Mrs. Smith DVD, which is named ‘Alpha-DVD’ and produced by the Korean company Settec. According to the first analysis, Alpha-DVD was using rootkit-like abilities to hide itself.

The music,video, software etc industries have their own reasons for Digital Rights Management. Being a security professional its our conscientiousness to take care of the both sides of the fence. Its our responsibility to protect our pc's and networks form being compromised.At the same time we should also understand the reasons behind the digital industry lobbying for DRM. "
Post a Comment