"Basically, we've destroyed Medeco's key control, because we can make (plastic keys) for any of their M3 locks and a lot of their Biaxial locks, which is their last generation of locks," says Tobias, who authored the book Open in Thirty Seconds, with Bluzmanis.

The researchers demonstrated the technique using a Medeco mortise cylinder that Threat Level purchased in California before leaving for Las Vegas. After buying the lock, Threat Level scanned the key and e-mailed the image to the researchers, who then created several plastic keys. When Threat Level arrived in Las Vegas with the lock, it took about six seconds to open the lock using a plastic key.

"It's keys by e-mail," says Tobias. "It's key-mail."...

The Medeco M3 key does have an extra feature to secure the lock -- a step protrusion on the side of the key that's designed to move a slider inside the lock. But last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer. Once that is done, they're then able to insert the plastic key in this new attack, to lift and rotate the pins.

Researchers Crack Medeco High-Security Locks With Plastic Keys

(Image: Dave Bullock (eecue)/Wired.com)

10:48:19 AM    comment []

Potential customers who were aware of the existence and dangers posed by Sony BMG[base ']Äôs protection measures steered clear of XCP discs. The sales history of Get Right with the Man, an XCP-infected album by Van Zant that was released some six months prior to the rootkit announcement, is emblematic of the online retail impact of the rootkit incident. On November 2, just two days after the initial public announcement of the rootkit, Get Right with the Man ranked at number 887 on the music charts at Amazon.com.61 The next day, after Amazon user reviews alerted shoppers to the dangers posed by XCP, the album dropped to number 1,392.62 By the Thanksgiving holiday weekend, the XCP recall was underway and the album plummeted to number 25,802.63 In contrast, in retail environments in which customers had less immediate access to information about the dangers of XCP, sales of Get Right with the Man were relatively undisturbed.64 Since brick and mortar retailers like Wal-Mart, the nation[base ']Äôs leading seller of CDs,65 do not facilitate the sort of customer feedback common to online retailers, this outcome is hardly surprising...

SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services.114 After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers,115 the company purchased a 3.5[base ']Äù floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.116 After two em- ployees announced their intention to leave the fledgling company to de- velop copy protection software, SunnComm convinced the pair to lead a new division, leaving both Elvis and floppy discs behind in order to de- velop what would become MediaMax.117

PDF Link

12:17:50 PM    comment []

We've known that our printers are spying on us, ever since the Electronic Frontier Foundation cracked the secret codes in the output of color laser printers. These hidden codes -- apparently placed at the behest of the Secret Service -- identify the serial number, make and model of the printer that printed them, as well as a date and timestamp.

What we didn't know is that if you ask the manufacturer of your printer to stop spying on you, they respond by ratting you out to the Secret Service as a dangerous subversive, and a few days later, the SS will show up and ask you why you care about your privacy.

Seeing Yellow -- a project from the MIT Media Lab -- wants to put a stop to this by overwhelming the manufacturers with complaints from their customers, so many that they can't turn us all into the SS.

When you print on a color laser printer, it's likely that you are also printing a pattern of invisible yellow dots. These marks exist to allow the printer companies and governments to track and identify you -- presumably as a way to combat money counterfeiting. When one person asked his printer manufacturer about turning off the tracking dots, Secret Service agents showed up at his door several days later.

Upset? You should be!

Let's stand up to silent tracking and government bullying and send a strong message to printer manufacturers. Our privacy and our control over our own technology is far too important to give up over trumped up fears of photocopied money.

Link

See also:
EFF cracks hidden snitch codes in color laser prints
Do forensic printer marks slow down printers?
Is Your Printer Spying On You?

8:16:49 AM    comment []

Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the "volume keys" for each disc, a cumbersome process. This break builds on Muslix64's work but extends it -- now you can break all AACS-locked discs.

AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.

For DRM to work, it has to be airtight. There can't be a single mistake. It's like a balloon that pops with the first prick. That means that every single product from every single vendor has to perfectly hide their keys, perfectly implement their code. There can't be a single way to get into the guts of the code to retrieve the cleartext or the keys while it's playing back. All attackers need is a single mistake that they can use to compromise the system.

There is no future in which bits will get harder to copy. Instead of spending billions on technologies that attack paying customers, the studios should be confronting that reality and figuring out how to make a living in a world where copying will get easier and easier. They're like blacksmiths meeting to figure out how to protect the horseshoe racket by sabotaging railroads.

The railroad is coming. The tracks have been laid right through the studio gates. It's time to get out of the horseshoe business.

But then I realized why I first didn't find the Media Key: it was removed from memory after the Volume ID was retrieved and the VUK calculated. I also saw that in my "corrupt" memdump the VUK, Vol ID, Media Key and the Title Key MAC were all closely clustered in memory: in the first 50kb (of the entire multi megabyte file!) but there were large empty parts around it. Almost as if it was cleaned up.

This gave me an idea: what I wanted to do is "record" all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. In the end I did something a little more effiecient: I used the hd dvd vuk extractor (thanks ape!) and adapted it to slow down the software player (while scanning its memory continously) and at the very moment the Media Key (which I now knew: my bottom-up approach really paid off here) was detected it halted the player. I then made a memdump with WinHex. I now had the feeling I had something.

And I did. Not suprisingly the very first C-value was a hit. I then checked if everyting was correct, asked for confirmation and here we are.

Link

(via Engadget)

See also:
HD-DVD/Blu-Ray cracker muslix64 interviewed
Report: HD-DVD copy protection defeated
Felten and Halderman on high-def DRM crack

9:39:53 PM    comment []

Hacker Unlocks HD DVD/Blu-Ray DRM. Opening the "processing key" that protects high-def DVDs is surprisingly simple. Happy Valentine's Day, AACS. In Gadget Lab. [Wired News: Top Stories]
9:35:14 PM    comment []