DVD Security Group Says It Has Fixed AACS Flaws 388
SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."
i'm not so sure... (Score:5, Insightful)
Do they not understand, that if you can view it, you can copy it?
On the other hand, maybe they do understand, and HD-DVD/Blu-Ray 2.0 will offer only un-viewable content. Step 3, profit!
Give it time... (Score:4, Insightful)
Corporate Spin (Score:2, Insightful)
"Fixed Flaws"? (Score:5, Insightful)
The flaws aren't fixed. They're just papered over slightly more aggressively. Don't worry, there'll be more flaws.
Respin (Score:5, Insightful)
No no no. Let's just tidy that baby up a bit:
"Makers of software for playing the discs on computers are requiring consumers to download patches that will re-apply the product defects that computing professionals had removed in the weeks prior. Despite the fact that nothing is technically wrong with the older versions of the software, it is being intentionally rendered obsolete to force the update -- no new movies will be viewable on the old software."
Schwab
AACS == Barn - Horse (Score:2, Insightful)
They didn't fix anything (Score:5, Insightful)
What they have done is analogous to re-keying a lock that is susceptible to being picked -- it's only a matter of time before it is picked again. Lather, rinse, repeat. And how long before a hardware player is cracked? If I had one I'd bust into it to see what kind of flash it has. It probably has an on-board JTAG or other programming port to dump the memory like most consumer devices which are mass produced and then flashed assembly style, making obtaining the key quite easy. When the players come down in price I fully expect them to be cracked on a daily basis.
The game continues (Score:4, Insightful)
It amazes me that so many people believe that they can do the DRM game and make huge money. Recent news tells me that if the US government is trying to influence other countries to do more about copyright infringement, well then, DRM must not work worth a damn, otherwise there would be no need for US Governmental intervention. With that bit of proof that it won't work, doesn't work, and can't work, it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.
Media and content providers simply have to get on the right bandwagon... DRM isn't it. No matter what fantastically great work they do for any particular DRM scheme it will always end up broken. There is no method that can reasonably ensure secure keys when the unencrypted content has to be present to view it. Sigh, old dogs, new tricks, bad circus experiences....
The right to pirate (Score:3, Insightful)
Because we can. Forget about laws in books, even forget that Bill Of Rights that some of you have, they get ignored all the time. Rights are yours if you have the means to enforce your ability to exercise your right.
No, no, no. (Score:5, Insightful)
The benefit of all these cracks isn't to allow people to copy the movies. That ability was never in doubt -- people will always be able to do that. They'll be able to do that regardless of what the content monopolies do, short of just deciding that they won't release movies anymore (which is fine; there's enough of a demand for entertainment that other people will do it -- there's nothing special about making movies that a lot of people can't do, it just takes a lot of money).
Holding onto a crack until AACS is ubiquitous wouldn't do anything. The ultimate failure of AACS isn't, and never was, in doubt -- all DRM is flawed, and it will eventually be broken.
The question is whether it's possible to convince both the studios/content-creators, and consumers, of the utter futility of DRM in the first place, so they'll stop trying to do it, and stop wasting everyone's time. DRM is nothing but a broken window: it's millions of man-hours and probably billions of dollars of resources diverted from other, more productive, tasks, both to create it and break it. That's the real cost of DRM.
So if by releasing cracks for AACS every time they update it, as quickly as possible, it demonstrates to the studios that they're engaging in a war against a guerrilla enemy that they can't possibly defeat, regardless of how much money they spend, perhaps they'll throw in the towel sooner rather than later. It may be a slim chance, but given that Apple has started to see the light, there's some hope.
That's the real benefit of these cracks. Compared to the economic and social cost of the wasted effort, the ability of people to pirate a few movies pales in comparison.
Re:"Fixed Flaws"? (Score:4, Insightful)
You learn something old every day. Well, I do anyway.
Re:What about the lazy customer? (Score:2, Insightful)
Christ, It's not entirely difficult for someone that isn't phased by technology, but I know if I've kicked on my couch on a friday night with a beer, the last bloody thing I want to be doing is getting up, searching for my model of "insert new format player here" downloading the firmware, burning it to a disc, updating it, just to watch a movie I bought/rented.
I'm just gunna stick to DVD for the time being, My mythbox has no trouble playing those!!
Re:Even more reason to have nothing to do with it (Score:5, Insightful)
Yeah see this is what always gets me about the DRM thing. Either you make it playable or you make it secure. Pick one.
The Sony rootkit fiasco really brought home, for me, the need of consumers to assert their rights over their devices. This computer on which I'm writing this is mine. If I had the choice of hardware that would do what I told it or hardware that would obey the whims of the MPAA/RIAA, I'd choose the open hardware. Given the choice of software that does what I tell it to or software that doesn't, the choice is obvious. If there is no choice, I write my own software.
The most insulting thing about the rootkit incident, as well as many such events since, is the notion that just because I'm using my computer to play content owned by someone else they somehow they own my hardware. That's simply not the case.
Here's what I want to know. They're sending a patch to the software that plays the discs, right? It's already too late to change what's on the actual discs because too many are already in the wild, so to speak. What if I just don't update my software/firmware? Or better yet, what if I write my own?
Re:Even more reason to have nothing to do with it (Score:5, Insightful)
And as the price of Pro HDTV cameras and computers + digital editing S/W drop, you will be able to do a pretty decent all digital-straight to video for a lot less. Sure, you'll still have substantial costs for lighting equipment, audio equipment, makeup, getting filming permits, and so on. But you won't necessarily need to spend money on film and film processing. That's going to open the door to a lot more student and amateur film-making efforts. And yeah, it will still meet Sturgeon's Law, but there *will* be a lot more good stuff mixed in the avalanche of garbage that will fill sites like YouTube.
CDs aren't a new format! (Score:4, Insightful)
True Audio CDs have no DRM. New "CDs" that have no DVDs hidden on them should have no DRM, since no one is making pure "CD" DRM anymore. If you buy CDs from non-RIAA labels, you should never run into DRM at all.
Now, DVDs do have DRM. So the question is, how do we get manufacturers to make Laserdiscs again?
Re:Give it time... (Score:5, Insightful)
I hope you are proud of yourself; You're what's known as a "tightmod".
Re:i'm not so sure... (Score:5, Insightful)
Re:Even more reason to have nothing to do with it (Score:5, Insightful)
Indeed.
Look at Infernal Affairs - the original from which "The Departed" was remade - done in Hong Kong it had a budget of roughly 5M USD at the time. The Departed had a budget of roughly $90M and that does not take into account advertising. That's almost a 20:1 ratio and many people argue that "Infernal Affairs" is still the better movie.
Look at "Il Mare (Siworae)" - the original from which the recent Keanu Reeves/Sandra Bullock "The Lake House" was remade - a budget of under 2M USD versus roughly $40M for the remake and if IMDB's ratings are anything to go by, the original was better. Again a 20:1 ratio.
Furthermore, South Korea regularly turns out top caliber movies and yet the most expensive film they've produced, The Host, [wikipedia.org] had a budget of $10M. Most South Korean productions are well under half of that, often closer to $2M, and their quality easily surpasses most of what Hollywood does.
South Korea is one of the few markets in the world where local productions regularly beat out Hollywood for ticket sales (in part because of screen quotas, but that changed recently due to the US State Department doing the MAFIAA's biding and it still didn't put a dent in local cinema). These movies focus on story rather than flash, so there are less special effects. But otherwise the movies look just as good as anything from Hollywood - professionally lit, professional wardrobe, make-up, cinematography, and of course the most important part -- great story telling.
While production costs are cheaper in South Korea and Hong Kong than they are in Hollywood, they are not necessarily less than for a lot of "run aways" where Hollywood outsources various parts of the production to cheaper parts of the world.
So, yes it is easily possible to outdo Hollywood and even produce 'blockbuster quality' (if quality is the right term) movies for far far less than Hollywood does right now.
Re:i'm not so sure... (Score:5, Insightful)
Besides we've been here before with DVD region encoding. Everyone got fed up and bought cheap region free DVD players as soon as the Chinese figured out there was a market for them.
Re:i'm not so sure... (Score:2, Insightful)
Re:Even more reason to have nothing to do with it (Score:3, Insightful)
Re:i'm not so sure... (Score:5, Insightful)
DRM is not about stopping serious copying groups... The warez scene will still rip this media and distribute it online, and dodgy street corner vendors will always have copies for sale. These people simply wouldn't watch these movies if they couldnt get free copies.
DRM is about preventing legitimate users (who are willing to pay) from doing things like format shifting. The media companies want those people who buy movies anyway, to buy additional copies to play on their ipods, portable players etc, rather than converting their existing media.
If I buy a CD, I can produce a copy for the car, i can rip it to my ipod, i can rip it onto my laptop. This is all covered by fair use in some countries. The RIAA/MPAA wants to take away our fair use rights so wring more money out of people...
If they openly admitted the purpose of DRM was to remove people's fair use rights and get more money out of legitimate buyers, there would be public outcry and they'd be taken to court. So instead, they try to claim it's to prevent organised piracy.
The constant cracking of their protection schemes just proves that it doesn't stop piracy _AT ALL_.. If preventing piracy was the true reason for DRM, they would have abandoned DRM years ago, as it's costing them a lot of money to develop while doing nothing to stop piracy.
Re:i'm not so sure... (Score:3, Insightful)
They were already there. So why do they keep working on it? The answer is simple: That's not the goal.
Seriously. You think my neighbor (or any of my family for that matter) could extract a volume key? I would need detailed instructions to do it. No, this already offers the minimal piracy protection that you think is the goal. And nothing short of 100% fool-proof protection could stop the eventual existance of a HDDVD-ripping program. If someone can extract the key and rip a movie, they can (and probably will) write a program to do it automatically. That's what programmers do, you see... We take things that are long and boring and automate them.
Re:i'm not so sure... (Score:4, Insightful)
Used to be, industry considered the ridicolous size of CDs protection enough -- 700MB or thereabout would take forever to download, and be completely cost-prohibitive to store on a hard-disc anyway.
Then lossy compression came, and gave results that are acceptable to 99% of the listeners for 1/8th the size or thereabouts, which means we're at less than 100MB for a CD.
Then bandwith grew -- 28.8 gave way to 56.6 gave way to 128kbps and then on to broadband -- initially 700kbps or thereabouts, today typically 2-4Mbps in the USA, 5 - 25 mbps in Norway.
Even at the lowest speed offered by my ISP (6 Mbps symetrical), downloading a 100MB album takes less than a minute and a half, which is trivial.
Then movies. DVDs -- it was argued, hold 5-10GB of data, so are completely impractical to pirate. The same story repeated. Compression came. You can download a 1-2GB version of a 10GB DVD with a quality good enough for 99% of the viewers -- there's much better codecs out there than the ones used on DVD.
1GB of data is like 15 minutes at full throttle even today (still with the LOWEST speed available from Lyse), even the full uncompressed DVD at 10GB or so would be downloaded in about 2 hours, which is still practical.
Now it's argued that whatever NextGen disc at 50GB or thereabouts will not be pirated because the size makes it impractical.
Give me a break. 99% of the people who listen to music find well-encoded 192kbps mp3 to be "good enough", the same people will very likely find a 1-5GB recompressed version of a blueray original "good enough" too. And they'll be able to download and store the original trivially a few years in the future anyway.
Re:i'm not so sure... (Score:2, Insightful)
Re:What about the other holes? (Score:3, Insightful)
Re:i'm not so sure... (Score:2, Insightful)
Reading between the lines of this press release: (Score:3, Insightful)
No, seriously, we did... Really.
So, unless some miscreant goes out and breaks something, yes, it is fixed.
Hackers of the world: It ain't broke, so please don't be taking it apart to find out why. Please! The fact that you can't watch movies you paid for on the equipment you own is a design feature. Please don't meddle with it, it will only make more work for us.
{We have just raised the bar and thrown down the gauntlet, so: On your mark, get set, GO!}
Re:What about the other holes? (Score:5, Insightful)
I instead of pirating and cracking, took the other road. I voted. Anything that required a hardware dongle is and always had been rejected. The new tack is using your hardware as a dongle with online activation. This is also rejected.
It is the primary reason for my move to Ubuntu instead of Vista.
It is the reason I did not accept the free upgrade to Light Factory. The upgrade removes the dependance on MS SQL server (hurrah), but also changed from a registration key (encoded with user name) to a single hardware online auth (boo hiss). I wrote the company and let them know why I moved to Freestyler instead. I am now moving to Q-Light a Linux console as part of my move from Windows.
Anybody want Lightfactory starter edition?
Vote against dongleware with your wallet. Don't pirate, use an alternative.
What do you think is more upsetting to Microsoft? Pirating MS Office or switching to Open Office? On one they can take legal action. On the other which is more offensive to them, they can do nothing.
Re:i'm not so sure... (Score:5, Insightful)
Control of the distribution channel is far more important to the industry than any measly piracy. Why? Because they're middle men, and technology that removes the middle man means that they don't have a job anymore. DRM is about job protection, not piracy prevention.
You misunderstand the market (Score:3, Insightful)
Now we're talking High Def DVD and people still want that content. They have just forced a bunch of folks to patch their software. Meanwhile the guys on the Doom9 forums have hacked the HD DVD firmware for the XBOX 360 such that it ignores half the scheme and coughs up the Volume keys. http://forum.doom9.org/showthread.php?t=124294 [doom9.org] Whoops. People will soon be flashing their drives to decrypt the media all over again. What are they going to do, revoke drives in mass? Do they think this SAME thing won't be done to Blu Ray and other hardware? The last time around they even shared keys between Blu Ray and HD DVD pressings, talk about one key to rule them all! Slysoft even released a commercial product to rip the new media...
So what do they think will happen with HD content that's ANY different than with standard DVDs? If someone can hack existing firmware to avoid these keys then what stops an offshore manufacturer from simply producing such a drive? You might have to hit a few buttons on the remote to activate it but you can bet it will happen. the biggest thing slowing it down right now i shear size of the content - 20Gigs and an hour's worth of time to rip it is going to put off a few folks I'll bet. Where are those 1TB drives being released again?
The consumers will speak - this sucker is toast. It won't be long before simply buying a fake on a streetcorner or downloading from a torrent is FAR less trouble than buying the real thing.
Re:ps3 cell folding pirates (Score:5, Insightful)
It's really important that everyone understand that AACS copy protection cannot be brute forced. They're using AES for the actual encryption - if someone wrote a program that could crack that directly the news would be a lot more significant than "DVD copy protection hacked".
Given that AES won't be cracked, any attack on AACS copy protection must be a key recovery attack. Luckily, key recovery attacks aren't that hard when you get a key with every player you buy. But... the fact that cracking AES is hard means that reading HD-DVD/BluRay disks may become completely impossible when players are no longer available.
Hacking something together to read a Beta tape is possible. Annoying. It might cost tens of thousands of dollars to build. But it's possible - it's just analog magnetic patterns on a tape. Reading an HD-DVD without a HD-DVD player won't be possible. That'll be a serious issue for historians in the future, if people don't leave enough pirated DVD-R's around with the unencrypted content on them.