Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] SealedMedia secured content?
From: Russ Spooner <labrat () INTERROREM COM>
Date: Fri, 3 Nov 2000 18:02:30 -0000

I know I am probably stating the obvious and a bit OT, but almost all DRM is
flawed.

No matter the encryption methodology an end user eventually puts something
to screen or soundcard, this is the vulnerability.

I know for a fact that there are macros around that will exploit this with
"Secure" text formats like Microsoft Reader E-books, or PDF files.

Basically the macro will take screen shots of each page once it is viewed in
the reader in a format suitable for most OCR packages. In a couple of hours
one can recontruct the originally encrypted material as an "in clear" form.

With "secure" music you can use dummy audio drivers that will just dump the
audio output stream to a file.

With jpegs and gifs, a good old fashioned screen capture will do the trick.

Admittedly there is usually a degradation in the quality of the replicated
material, however this is usually of little concern, as an example: the
extraordinarily poor quality of pirated analogue video has not stopped
millions of people watching pirate videos.

As for java class files and the like, one wonders at what point it hands
over to the JVM, or if the end user will have to use a "custom/secure"
version.

In the end it think DRM for the internet is going to be as successful as
DIVX.

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Christian Jensen
Sent: 03 November 2000 16:19
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] SealedMedia secured content?

Has anyone here evaluated the claims of SealedMedia.  They claim they can
secure your online content, whether it be html, jpg, mp3, pdf, etc., from
copying, printing, viewing the source, and downloading.  I know some
folks, such as Bruce Schneier, may scoff at anybody who thinks they can
maintain complete control of digital content once it leaves the server.  I
wonder if anyone here has had practical experience with this particular
company and the ability of its software to deliver as promised.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault