It's happened before, it happened last week, and it'll happen again in the future. Digital Rights Management (DRM) is destined to perpetually remain a vulnerable target because no one writes flawless code and hackers are incredibly persistent in tracking down flaws.
Last week a person using the nickname Divine Tao posted a message about a new DRM crack to the Doom9 forum--a place where media enthusiasts share information about digital media conversion techniques. The Doom9 site bills itself as "the definitive DVD backup resource."
In the message (at the URL below), Divine Tao "introduces a new tool for uncovering the individual keys from Microsoft's DRM blackbox components (IBX), up to version 11.0.6000.6324. Lacking the source code to the extant programs, I can only offer this output of my own efforts." Divine Tao then includes several links to download the tool at various mirror sites. Other participants in the forum confirm that the tool works to get around Microsoft's DRM on both Vista and Windows XP.
http://forum.doom9.org/showthread.php?t=127943
You might recall that previous efforts to crack Microsoft's DRM resulted in a tool called FairUse4WM that was published in August 2006. Soon after the release of the tool, Microsoft released software updates that prevented it from working. This latest crack provides an update for FairUse4WM to make it work again. Of course, Microsoft will probably release another update to patch whatever flaws are being exploited now.
Microsoft filed suit last year after the release of FairUse4WM seeking to discover who the developer of the tool is. However, the company apparently dropped that suit. Incidentally, the person who originally published FairUse4WM used the nickname "viodentia," and as observers have pointed out, "Divine Tao" happens to be an anagram of that name. So someone might be playing mind games with Microsoft, or maybe the same person released both tools.
Some companies, such as Apple and EMI, have started releasing unprotected copyrighted media content at a slightly higher price that many people seem willing to pay. Selling unprotected content for an extra cost seems like a reasonable approach to a problem nagging a lot of video and music fans.
Fair use arguments aside, most readers of this newsletter probably don't have to worry about their content being potentially put at risk by this latest FairUse4WM tool release. However, you probably don't want a tool such as FairUse4WM on your network for liability reasons. Therefore, you should try to ensure that the tool doesn't become stored on your computers and used for illegal purposes. So head over to Doom9, get a copy of the tool, build MD5 checksums or other file identification information, and scan your systems for signs that the tool might be present. Or use your existing security tools and policy compliance solutions to accomplish the same thing.
