To set the scene, last week saw two major DRM protocols hacked; the Apple iTunes and the PlaysForSure DRM. Not sure if the Apple DRM is still open but fairly sure that it is however, the Windows version is all wrapped up again.
Ironic? Yes ironic. I saw in the RSS feeds the news that the Windows DRM was hacked, almost straight away I found another post that said it was patched and secure again. So what happened? What happened was that Windows rushed out an update patch labelled as critical in order to close the loop-hole down. That is ironic because usually patches released once a month “Patch Tuesday“. So that means that if a vulnerability is found the day after Patch Tuesday then we have to wait a month to get it fixed! Unless there is something so critical that an exception is made…
“If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond’s DRM.”
So in this instance Microsoft was quick off the mark to protect it’s own interests rather than those of their users. This is also evident in the fact that they pushed the patch out as a “critical”. See what I mean?
Just wait for the patch that is coming labeled as a “high Priority security update” ; that will be Internet Explorer 7. They certainly have loose definitions there at Microsoft. All this when trying to make up for all the badness they have caused and consumer trust.
September 12, 2006 at 1:53 pm
Microsoft motto: “We love our customers, they make us rich….but we love ourselves even more!” Don’t worry, this little rush to patch their DRM code didn’t go unnoticed by the security community either. Makes you wonder about when they will ever patch the myriad of holes still in their products ( http://secunia.com/product/11/ and http://secunia.com/product/16/ give you an idea).
September 12, 2006 at 1:56 pm
Forgot this one too (MS Office 2003) http://secunia.com/product/2275/