News

Wednesday, July 25, 2007

Microsoft's DRM Cracked Again

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Filtering the Spectrum of Internet Threats

http://list.windowsitpro.com/t?ctl=5F7AC:4160B336D0B60CB11FA6DBCD582FDBA4

Automated GLBA Security Compliance: Free Report

http://list.windowsitpro.com/t?ctl=5F7BB:4160B336D0B60CB11FA6DBCD582FDBA4

ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - White Paper

http://list.windowsitpro.com/t?ctl=5F7B1:4160B336D0B60CB11FA6DBCD582FDBA4


=== CONTENTS ===================================================

IN FOCUS: Microsoft's DRM Cracked Again

NEWS AND FEATURES
- Symantec Releases AntiBot to Fight Bot Infection
- Mozilla Releases Firefox 2.0.0.5
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: How Does Your Company Stack Up with ISO
27001?
- FAQ: Viewing the Owner of a File from PowerShell
- Share Your Security Tips

PRODUCTS
- Manage Your Passwords for Hard Drive Encryption
- Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: St. Bernard Software ==============================

Filtering the Spectrum of Internet Threats
Examine the threats of allowing unwanted or offensive content into
your network and learn about the technologies and methodologies to
defend against inappropriate content, spyware, IM, and P2P. Download
this free white paper now!

http://list.windowsitpro.com/t?ctl=5F7AC:4160B336D0B60CB11FA6DBCD582FDBA4


=== IN FOCUS: Microsoft's DRM Cracked Again =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

It's happened before, it happened last week, and it will happen again
in the future. Digital Rights Management (DRM) is destined to
perpetually remain a vulnerable target because no one writes flawless
code and hackers are incredibly persistent in tracking down flaws.

Last week, a person using the nickname Divine Tao posted a message
about a new DRM crack to the Doom9 forum--a place where media
enthusiasts share information about digital media conversion
techniques. The Doom9 site bills itself as "the definitive DVD backup
resource."

In the message (at the URL below), Divine Tao "introduces a new tool
for uncovering the individual keys from Microsoft's DRM blackbox
components (IBX), up to version 11.0.6000.6324. Lacking the source code
to the extant programs, I can only offer this output of my own
efforts." Divine Tao then includes several links to download the tool
at various mirror sites. Other participants in the forum confirm that
the tool works to get around Microsoft's DRM on both Vista and Windows
XP.

http://list.windowsitpro.com/t?ctl=5F7BE:4160B336D0B60CB11FA6DBCD582FDBA4

You might recall that previous efforts to crack Microsoft's DRM
resulted in a tool called FairUse4WM that was published in August 2006.
Soon after the release of the tool, Microsoft released software updates
that prevented it from working. This latest crack provides an update to
FairUse4WM that makes it work again. Of course, Microsoft will probably
release another update to patch whatever flaws are being exploited now.

Microsoft filed suit last year after the release of FairUse4WM seeking
to discover who the developer of the tool is. However, the company
apparently dropped that suit. Incidentally, the person who originally
published FairUse4WM used the nickname "viodentia," and as observers
have pointed out, "Divine Tao" happens to be an anagram of that name.
So someone might be playing mind games with Microsoft, or maybe the
same person released both tools.

Some companies, such as Apple and EMI, have started releasing
unprotected copyrighted media content at a slightly higher price that
many people seem willing to pay. Selling unprotected content for an
extra cost seems like a reasonable approach to a problem nagging a lot
of video and music fans.

Fair use arguments aside, most readers of this newsletter probably
don't have to worry about their content being potentially put at risk
by this latest FairUse4WM tool release. However, you probably don't
want a tool such as FairUse4WM on your network for liability reasons.
Therefore, you should try to ensure that the tool doesn't become stored
on your computers and used for illegal purposes. So head over to Doom9,
get a copy of the tool, build MD5 checksums or other file
identification information, and scan your systems for signs that the
tool might be present. Or use your existing security tools and policy
compliance solutions to accomplish the same thing.


=== SPONSOR: Qualys ============================================

Automated GLBA Security Compliance: Free Report
Compliance and knowledge of every aspect of the GLBA is
mandatory. Through web services, on demand security is automated
and immediate compliance to the GLBA safeguard guidelines is
achieved. Learn how comprehensive GLBA compliance is managed
through internal and external audits.

http://list.windowsitpro.com/t?ctl=5F7BB:4160B336D0B60CB11FA6DBCD582FDBA4


=== SECURITY NEWS AND FEATURES =================================

Symantec Releases AntiBot to Fight Bot Infection
Symantec's latest tool, AntiBot, monitors system behavior to detect
telltale signs of bot activity.

http://list.windowsitpro.com/t?ctl=5F7BA:4160B336D0B60CB11FA6DBCD582FDBA4

Mozilla Releases Firefox 2.0.0.5
The latest release fixes eight security problems, and Mozilla
strongly recommends that everyone install it as soon as possible.

http://list.windowsitpro.com/t?ctl=5F7B7:4160B336D0B60CB11FA6DBCD582FDBA4

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=5F7B2:4160B336D0B60CB11FA6DBCD582FDBA4


=== SPONSOR: SPI Dynamics ======================================

ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - White Paper
Web 2.0 Apps provide hackers with a wealth of information they can
use to formulate attacks. XSS, Web App Worms and Feed Injection attacks
have become even more dangerous now. Download this SPI Dynamics white
paper.

http://list.windowsitpro.com/t?ctl=5F7B1:4160B336D0B60CB11FA6DBCD582FDBA4


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: How Does Your Company Stack Up with ISO 27001?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5F7C0:4160B336D0B60CB11FA6DBCD582FDBA4

ISO 27001 is a standard for security techniques and information
security management systems. Wondering how your company compares to the
standards and to other companies? Take a survey and find out.

http://list.windowsitpro.com/t?ctl=5F7B9:4160B336D0B60CB11FA6DBCD582FDBA4

FAQ: Viewing the Owner of a File from PowerShell
by John Savill, http://list.windowsitpro.com/t?ctl=5F7BD:4160B336D0B60CB11FA6DBCD582FDBA4


Q: How can I view the owner for a file from PowerShell?

Find the answer at

http://list.windowsitpro.com/t?ctl=5F7B8:4160B336D0B60CB11FA6DBCD582FDBA4

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Manage Your Passwords for Hard Drive Encryption
Access Smart announced an alliance with PC Dynamics to integrate
Access Smart's Power LogOn Password Manager and Password Administrator
with PC Dynamics' SafeHouse data privacy software. With the SafeHouse
software, users can encrypt a portion of their hard drive to use for
confidential data. Power LogOn stores the password for the hard drive
encryption, and other passwords, encrypted on a smart card. SafeHouse
retails for $39.99. Power LogOn Password Manager and a smart card start
at $53 with volume discounts available. For more information about
Access Smart, go to the first URL below. For more information about PC
Dynamics, go to the second URL below.

http://list.windowsitpro.com/t?ctl=5F7C3:4160B336D0B60CB11FA6DBCD582FDBA4

http://list.windowsitpro.com/t?ctl=5F7C4:4160B336D0B60CB11FA6DBCD582FDBA4

WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=5F7BC:4160B336D0B60CB11FA6DBCD582FDBA4

Learn how to effectively achieve ROI with your log management system in
a matter of months without costly or daunting investments. This Web
seminar addresses how to ensure that your organization gets the most
out of its log management investment, key requirements and
architectural differences to consider when you're looking at solutions,
and caveats and risks to be on watch for as you spec out your
requirements and design.

http://list.windowsitpro.com/t?ctl=5F7AD:4160B336D0B60CB11FA6DBCD582FDBA4

IT departments tend to spend a lot of time and energy on creating and
managing firewall rules and router tables while overlooking a direct
channel between the Internet and computers on the corporate network.
When no filtering solution is in place, this connection is managed
entirely by the user. But can you really trust your users to make the
right decisions? Here are five steps to building a world-class end-to-
end Web filtering solution.

http://list.windowsitpro.com/t?ctl=5F7B0:4160B336D0B60CB11FA6DBCD582FDBA4

Learn how Symantec and IBM deliver a comprehensive archiving solution
for email, files, instant messages, databases, and VoIP, as well as
many other document formats, while helping you reduce storage costs and
simplifying management. Understand the challenges surrounding an
Exchange environment and the Symantec and IBM capabilities to solve
them.

http://list.windowsitpro.com/t?ctl=5F7AF:4160B336D0B60CB11FA6DBCD582FDBA4


=== FEATURED WHITE PAPER =======================================

Increase customer confidence with the latest breakthrough in online
security: Extended Validation SSL. Extended Validation triggers a green
address bar in Microsoft Internet Explorer 7.0 that proves site
identity. Learn how to get the green bar and higher sales by reading
the technical white paper "Maximizing Site Visitor Trust Using Extended
Validation SSL."

http://list.windowsitpro.com/t?ctl=5F7AE:4160B336D0B60CB11FA6DBCD582FDBA4


=== ANNOUNCEMENTS ==============================================

Windows IT Pro: Buy 1, Get 1
With Windows IT Pro's real-life solutions, news, tips, tricks, AND
access to over 10,000 articles online, subscribing is like hiring your
very own team of Windows consultants. Subscribe now, and get 2 years
for the price of 1!

http://list.windowsitpro.com/t?ctl=5F7B3:4160B336D0B60CB11FA6DBCD582FDBA4

Got a Tough Exchange or Outlook Question?
Rely on Exchange & Outlook Pro VIP, the new online resource with in-
depth articles on administration, migration, security, and performance.
Subscribers get direct access to our top-flight editors, so subscribe
and receive personalized solutions to your toughest technical
questions. It beats a support call to Microsoft!

http://list.windowsitpro.com/t?ctl=5F7B4:4160B336D0B60CB11FA6DBCD582FDBA4


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=5F7BF:4160B336D0B60CB11FA6DBCD582FDBA4

http://list.windowsitpro.com/t?ctl=5F7C2:4160B336D0B60CB11FA6DBCD582FDBA4

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=5F7B6:4160B336D0B60CB11FA6DBCD582FDBA4

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB11FA6DBCD582FDBA4

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5F7C1:4160B336D0B60CB11FA6DBCD582FDBA4

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=5F7B5:4160B336D0B60CB11FA6DBCD582FDBA4

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive