Recently, the AACS LA, the group in charge of the AACS copy protection, acknowledged that hackers had been very effective in cracking the protection and have since been trying to restore the integrity of the technology. That being said, the new movie titles shipped with Media Key Block (MKB) v3 were cracked by Slysoft a week before the titles hit retail shelves.
Although an official statement has not been made about the latest round of keys being crakced, Richard E. Doherty, director of technology strategy at Microsoft, and who is also very involved with the AACS LA, took time to talk about the protection and how he still has complete faith in it.
“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,” explained Doherty, “Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.
The original processing key was cracked in February, but the new MKB wasnt released until May, which left many wondering as to why it took so long. Doherty had this to say about the matter: “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”
That 90 day grace period is done in the interest of the consumer, who could find themselves with retail discs that are unplayable due to software updates.
“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”
Source:
Dailytech
“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,” explained Doherty, “Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.
The original processing key was cracked in February, but the new MKB wasnt released until May, which left many wondering as to why it took so long. Doherty had this to say about the matter: “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”
That 90 day grace period is done in the interest of the consumer, who could find themselves with retail discs that are unplayable due to software updates.
“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”
Source:
Dailytech
