Re: [Fsfe-uk] BBC's DRM Iplayer windows only

[Sam Liddicott]

Andy wrote:
> Could you not just tamper with the driver that the software outputs to?
>   
yes
> Same affect, works on closed software too so opening your code would
> have caused no loss of security would it now?
>
>   
quite so
> If proprietary software is running on a system controlled by the
> attacker they can see precisely how it operates. 
theoretically, but most DRM fanatics still seem to prefer proprietary
software
> The fact there are
> people in high positions who believe that running a piece of source
> code through a compiler makes the contents so secure as to make it
> impossible for an attacker to see how the program operates is
> extremely worrying.
>
>   
indeed
> Compiling code does NOT encrypt it. It translates it into another,
> publically known, language. This is the equivalent to saying if I have
> a private document written in English I can translate it into French
> and give it to the attacker and it will be secure. (it clearly is not
> secure as: 1. the attacker may understand French. 2. The attacker can
> employ someone who understands French. 3. The attacker may buy an
> English-French dictionary).
>
> What makes matters even worse is that the DRM program does not need to
> be understood to be broken. Software itself does not know the time for
> instance, it must ask someone. If that someone is the OS then what
> stops the OS lying and telling DRM.exe that it's always before the
> file expires?  Or even better you can modify the binary to not perform
> the checks. Giving the binary to the user is the security threat in
> itself. So if you give them the binary you have an insecure system so
> how can you use "security" as an excuse any more?
>   
I never did use security as an excuse or maintain the position you are
advocating against.

I merely pointed out that the unbreakability (!) of SSL style encryption
isn't relevant to the DRM question, and for precisely the reasons you
give above.

Sam