Re: [Fsfe-uk] BBC's DRM Iplayer windows only

[Andy]

On 30/12/2007, Alex Hudson <address@hidden> wrote:
> Building on top of IE
> - technically - is much easier than Mozilla.

It's not the actual application being "built" on IE it's the site
requiring I.E. that's the problem.

And technically it's easier to write <a href="iplayer://some_path"> in
the HTML than it is to write an entire ActiveX script just to invoke
an application locally.

I would imagine it's a lot more secure as well. Particularly given the
large number of security flaws in ActiveX.

You would need to set the URI handler somewhere, but that's not
difficult. On Windows (the only supported platform) all you do is add
a registry key. No doubt the installer adds many registry keys all
ready so how is adding another significantly harder than writing an
ActiveX script and getting it signed and installing it?

So multiple browser support was actually easier than Microsoft only
browser support and yet they chose Microsoft Only.

> Similarly, I think the DRM is much more about preventing non-UK-resident
> users than free software users.

If it's about preventing non-UK users then can't that be done using IP
filtering?

So a Free Software compatible method of limiting to a country was
easier than the Microsoft only method, and yet they chose the more
difficult Microsoft only approach. (I am beginning to see a pattern
forming.)

Sam Liddicott wrote:
> Cos if you can see the code then you can re-compile the code to divert
> the decrypted stream to disk (and it must be decrypted to play) and then
> you can watch it without asking the DRM system.

Could you not just tamper with the driver that the software outputs to?
Same affect, works on closed software too so opening your code would
have caused no loss of security would it now?

If proprietary software is running on a system controlled by the
attacker they can see precisely how it operates. The fact there are
people in high positions who believe that running a piece of source
code through a compiler makes the contents so secure as to make it
impossible for an attacker to see how the program operates is
extremely worrying.

Compiling code does NOT encrypt it. It translates it into another,
publically known, language. This is the equivalent to saying if I have
a private document written in English I can translate it into French
and give it to the attacker and it will be secure. (it clearly is not
secure as: 1. the attacker may understand French. 2. The attacker can
employ someone who understands French. 3. The attacker may buy an
English-French dictionary).

What makes matters even worse is that the DRM program does not need to
be understood to be broken. Software itself does not know the time for
instance, it must ask someone. If that someone is the OS then what
stops the OS lying and telling DRM.exe that it's always before the
file expires?  Or even better you can modify the binary to not perform
the checks. Giving the binary to the user is the security threat in
itself. So if you give them the binary you have an insecure system so
how can you use "security" as an excuse any more?


Andy

-- 
Computers are like air conditioners.  Both stop working, if you open windows.
                -- Adam Heath