DRM stands for Digital Rights Management. It has also become known as Digital Restrictions Management as a backlash from all the problems and issues DRM has caused hardware manufacturers, software development companies, media distributors and consumers over the years. Consumers want on demand music, video, movies anywhere at anytime and they are willing to pay for it. I've done enough research and field tests to make this claim. This is also true for media distributors and retailers who have been yearning for the ability to manufacture media on demand to consumers. However, many current DRM policies and technologies do not facilitate this kind of media access and distribution. Until we foster and promote better DRM strategies, money will continue to be lost to the pirates...
I meet with industry executives all the time and content protection and the secure distribution of content is a very big deal. DRM is important to the Entertainment, Music and Media industries, i.e. the content producers, in that these industries want to safe guard their intellectual property and copyright protected material from piracy so their financial interests can be protected. Make sense to me.
With respect to piracy, the music industry has been hit the hardest with significant drops in sales year over year. It's still very common to see people share music files over peer-to-peer networks and not think twice about having to pay a single cent. Also, boot leg copies of the latest movies are readily available on the net or DVD just about anywhere you go. Bottom line, piracy continues to run rampant and it's an issue that needs to be better addressed moving forward.
The goal behind DRM is to ensure that copyright protected media is accessible to only the consumers that pay for it. Many of the negative connotations associated with DRM are derived from the poor designs employed by many content protection schemes as well as from the notorious Digital Millennium Copyright Act passed in the U.S. in 1998. I'll talk more about DRM technologies later, but DMCA is the entertainment and media industries strategy to make it illegal for anyone to develop and use products that circumvent DRM related technologies. This is huge and has both good and bad implications. The spirit behind the DMCA law makes sense, but the law itself as written, interpreted and legally practiced has short comings. DMCA allows content producers to license and dictate how hardware manufacturers and software development companies enforce DRM technologies in their media related products. In short, media hardware manufacturers and software companies have to support and integrate licensed DRM technologies to comply with the mandates of DMCA.
As a result, there have been a slew of licensed DRM technologies integrated and deployed by various hardware manufacturers over the years from analog protection systems, Marcovision and Dwight Cavendish, to content protection systems like CSS, DTCP, HDCP, TIVOGUARD, etc. DCMA also influence software companies to embed DRM technologies into their products, e.g. Microsoft's Windows Media DRM and Real Network's Helix DRM. There has been extensive criticism that DMCA forces all companies that make media related equipment or software to support DRM technologies that financially benefit specific organizations only and no one else which potentially inhibit innovation and good old fashion competition. DMCA also makes litigation by media companies very easy regardless of whether a direct copy right violation has occurred. This has caused many respected scientific research and security related web portals to just shut down and has provoked many heated arguments about justice and the right to compete.
As technological advancements are made with High Definition TV, IPTV, Broadband, WiFi, and Mobile technologies, new emerging DRM systems are being developed to keep up - Advance Access Content System, Broadcast Flag, MagicGate, Open Mobile Alliance, SmartRight, Video Content Protection System are emerging DRM technologies that will be licensed in many products to come.
The big question I want you to think about is whether or not we are headed down the right path. Does DRM practices have to be so nasty? A well known example is Sony's decision to integrate a rootkit to copy protect their music CD's. This turned into a huge PR nightmare and caused Sony to recall the music cd's and rethink it's whole DRM strategy and left many consumers in a outrage! There are many cases where web sites were shutdown due to DMCA violations, it’s a good thing the safe harbor provisions were put into DCMA or many ISP would be out of business and half the internet would be gone.
I offer that there is a better solution. I believe the right DRM strategy is to make things simple and easily accessible to the consumers and media distributors. I believe consumers in general are good people and will pay for copy protected media if it’s readily available, globally reachable, and fast. This is not to say we throw security technologies out the door (God knows that would impact me financially), but rather make it clear to the industry that DRM strategies needs to evolve and focus less on restricting the rights of consumers and more to promote the availability and access channels that allow consumers to pay for copy protected material.
I'm a big fan of global media distribution networks and the download-and-burn concept. The sooner we go to market with IPTV, HDTV, High Speed Broadband & Mobile Communications, easily accessible and feature rich set top boxes and media devices, and employ the use of multiple broadcast and distribution channels and just flood consumers and media distributors with every imaginable means to buy licensed content - guess what?
THEY WILL!!!
Sunday, May 18, 2008
Wednesday, February 6, 2008
Performance Anomalies Can Be A Sign of Bigger Problems...
I have a great story to tell you...I get a call from one of my clients,
they are a big real estate management and development company
with many large Oracle databases and various Unix and Microsoft
systems, a large SAN, and they run the network on the high-end
Cisco stuff. Typical architecture for a large enterprise.
These guys have a lot of vendor consultants on site helping them out
with new Oracle Apps, Unix systems, etc. The problem, I'm told by one
of their Senior Vice Presidents, is intermittent performance problems that affect the network and the Oracle Apps.
Hmmm...probing him further for more details did not give me much. He did explain to me that none of their Oracle or Unix consultants saw any problems with anything, the system administrators didn't see any problems on the systems, but the network guys were seeing intermittent network utilization problems coming from the application servers - basically they're monitoring the network with SNMP and every now and then they get alarms stating high utilization of the network. They give this info to the consultants yet they find no problems.
Their VP asks me to do my own performance assessment and I did. I arrive on site and begin speaking with the network team. They basically tell me that two particular application servers intermittently consume a large amount of bandwidth. This has been going on and off now for many months and no one knows why.
So, I take a look at these two application servers. They happen to be Solaris Unix systems. I ran some netstat commands and saw that there were some input/output errors on these systems. I then proceeded to run some process status commands, I use both the ATT and UCB versions of ps when I want to get various process info. The weird thing here is that the UCB version of ps listed some additional processes that the ATT version didn't show - this is not normal. The process tree should be the same. So I download lsof (a powerful Unix utility that didn't ship on many earlier Solaris distributions), and I found some hidden processes that the running ps commands didn't show. Hmmm. This is looking bad. I trace the processes to some hidden files and found that the system was hacked. Not only was the system hacked, it was hacked by two different groups and over a year ago!
The first hackers installed what is known as a root kit. The root kit basically installs hacked versions of many system utility programs to keep system administrators in the dark about the running hacker programs. Basically my clients systems were used as bots to run denial of service attacks against other nodes on the internet. During these attacks, the bandwidth would be consumed and the performance problems would occur. When the system administrators and consultants looked at the problem using the system utilities, they did not see the actual running programs as the root kit hid it from them.
Looking at the security of the system, they were originally breached through an Apache vulnerability. When I suggested they upgrade to a more secure version of Apache, their development team stated that would violate their Oracle support agreement! OMG!!!
Anyway, another group of hackers were also using the systems based on the time stamps I saw on their programs. These guys used a cool tool called stunnel (it was renamed and hidden in this case) which allowed them remote access into there system via IRC servers. I found the embedded irc servers and cryptic login information being used by stunnel. I was curious and logged into the irc server with the login details I uncovered and low and behold, the hacker was online and boy did I catch him off guard. I had enough info on the hacker and gave a lot of forensic data to my FBI contacts and the hacker ended up being prosecuted and convicted and had to pay restitution to my client. Nice ending to a twisted scene.
So the next time you hear you may be having a recurring performance problem, take a deeper look into the situation, you may be surprised what you find out... ;)
-boni bruno
they are a big real estate management and development company
with many large Oracle databases and various Unix and Microsoft
systems, a large SAN, and they run the network on the high-end
Cisco stuff. Typical architecture for a large enterprise.
These guys have a lot of vendor consultants on site helping them out
with new Oracle Apps, Unix systems, etc. The problem, I'm told by one
of their Senior Vice Presidents, is intermittent performance problems that affect the network and the Oracle Apps.
Hmmm...probing him further for more details did not give me much. He did explain to me that none of their Oracle or Unix consultants saw any problems with anything, the system administrators didn't see any problems on the systems, but the network guys were seeing intermittent network utilization problems coming from the application servers - basically they're monitoring the network with SNMP and every now and then they get alarms stating high utilization of the network. They give this info to the consultants yet they find no problems.
Their VP asks me to do my own performance assessment and I did. I arrive on site and begin speaking with the network team. They basically tell me that two particular application servers intermittently consume a large amount of bandwidth. This has been going on and off now for many months and no one knows why.
So, I take a look at these two application servers. They happen to be Solaris Unix systems. I ran some netstat commands and saw that there were some input/output errors on these systems. I then proceeded to run some process status commands, I use both the ATT and UCB versions of ps when I want to get various process info. The weird thing here is that the UCB version of ps listed some additional processes that the ATT version didn't show - this is not normal. The process tree should be the same. So I download lsof (a powerful Unix utility that didn't ship on many earlier Solaris distributions), and I found some hidden processes that the running ps commands didn't show. Hmmm. This is looking bad. I trace the processes to some hidden files and found that the system was hacked. Not only was the system hacked, it was hacked by two different groups and over a year ago!
The first hackers installed what is known as a root kit. The root kit basically installs hacked versions of many system utility programs to keep system administrators in the dark about the running hacker programs. Basically my clients systems were used as bots to run denial of service attacks against other nodes on the internet. During these attacks, the bandwidth would be consumed and the performance problems would occur. When the system administrators and consultants looked at the problem using the system utilities, they did not see the actual running programs as the root kit hid it from them.
Looking at the security of the system, they were originally breached through an Apache vulnerability. When I suggested they upgrade to a more secure version of Apache, their development team stated that would violate their Oracle support agreement! OMG!!!
Anyway, another group of hackers were also using the systems based on the time stamps I saw on their programs. These guys used a cool tool called stunnel (it was renamed and hidden in this case) which allowed them remote access into there system via IRC servers. I found the embedded irc servers and cryptic login information being used by stunnel. I was curious and logged into the irc server with the login details I uncovered and low and behold, the hacker was online and boy did I catch him off guard. I had enough info on the hacker and gave a lot of forensic data to my FBI contacts and the hacker ended up being prosecuted and convicted and had to pay restitution to my client. Nice ending to a twisted scene.
So the next time you hear you may be having a recurring performance problem, take a deeper look into the situation, you may be surprised what you find out... ;)
-boni bruno
Subscribe to:
Posts (Atom)
