Is Microsoft's DRM implementation criminally negligent?
WMPTalk.com Forum Index WMPTalk.com
Discuss Windows Media Player
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web wmptalk.com
Is Microsoft's DRM implementation criminally negligent?

 
Post new topic   Reply to topic    WMPTalk.com Forum Index -> DRM
Author Message
viodentia



Joined: 23 Aug 2006
Posts: 1
Posted: Wed Aug 23, 2006 1:39 am    Post subject: Is Microsoft's DRM implementation criminally negligent? Reply with quote
It's a common recommendation in security-related programming that secrets must not be left unencrypted in memory.
Yet, Microsoft's individualization implementation leaves vital secrets - the ECC public/private key pair unprotected in the stack frame when calling into system DLL.
Worse, it has no checks for the trivial interception of these DLL functions, which is widespread industry practice (including the Detours package, provided by Microsoft itself)

Discussion on a program which exploits this flaw on WM10 and WM11 TAP can be found on distinct forum
http://forum.doom9.org/showthread.php?t=114916

I'm sure that Microsoft will add a minimal level of modification to prevent this simple example exploit, but there are many other distinct weaknesses in the code.

Back to top
View user's profile Send private message
 
Post new topic   Reply to topic    WMPTalk.com Forum Index -> DRM All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Microsoft Office Forum New Topics
Powered by phpBB