[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[Keith Dawson <dawson@world.std.com>] TBTF Log, week of 2000-03-12



-- Listar MIME Decryption --------------
-- Content: Included message

Date: Mon, 20 Mar 2000 10:20:51 -0500
To: tbtf-log@xxxxxxxx
From: Keith Dawson <dawson@xxxxxxxxxxxxx>
Subject: TBTF Log, week of 2000-03-12

TBTF Log, week of 2000-03-12

   This week's log entries: < http://tbtf.com/blog/2000-03-12.html >
__________________________________________________________________________

On Saturday someone posted a link to the article "Distributing DeCSS
via DNS" to an IETF mailing list; from there it made its way to Dave
Farber's Interesting People list. For the record, I first heard about
this most inventive hack from Keith Bostic, who forwarded a note from
David C Lawrence, who got it from James Brister. You can look up the
ARIN / DNS records for 138.195.138.195 and goret.org as well as I;
they don't help much in pinpointing the hack's inventor.
__________________________________________________________________________

[...]
   ____________

++Distributing DeCSS via DNS
  11:21:12 am

   Unwrap the following and utter it on one line to a Unix shell on a
   machine that is live to the Net:

    dig @138.195.138.195 goret.org. axfr | 
      grep '^c..\..*A' |
      sort |
      cut -b5-36 |
      perl -e 'while(<>){print pack("H32",$_)}' |
      gzip -d

   What you'll get, streaming to STDOUT, is the source code for the DVD
   CSS decryptor that the motion-picture industry is so keen to
   suppress. Thanks to the Domain Name System, that code is now
   available on hundreds of thousands of routers around the world.

   Lenny Foner <foner@xxxxxxxxxxxxx> suggests a modest extension to
   protect the valuable intellectual property locked up in this code. 

     > The right thing to do here is to have the person who owns the
     > domain claim that the code above is a "decryption algorithm" (after
     > all, it must be -- the info isn't human-readable at first glance,
     > so it must be encrypted, right?), and that the algorithm is a
     > trade secret. Only those who are authorized to know the trade
     > secret may run the algorithm. Only entities which agree to hold
     > harmless and never sue the domain owner for any reason are
     > authorized to know the trade secret. Even better, make this entire
     > agreement part of a shrinkwrap license available via perusal of the
     > DNS records -- or perhaps, as UCITA is trying to do, available only
     > _after_ you've decrypted everything! 

     > Therefore, if the RIAA, the DVDCCA, or the MPAA attempt to sue the
     > owner, he countersues for exactly the same reason, saying that
     > they weren't even authorized to know what he was posting. If their
     > suit is valid, then so it his, and contrariwise. 
   ____________


---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.