Free Dmitry Sklyarov!
If you're still not convinced that the DMCA is a bad law, recall The Leader and Junior Brother's nail factory. He couldn't figure out how to make nuts and bolts, so The Leader simply made it illegal to "import, offer to the public, provide, or otherwise traffic" in nuts and bolts. Of course, without nuts and bolts, things fall apart. It doesn't take a genius to figure out that The Leader is making a self-serving law, and, what's more, it's bad for the public at large. The first problem is simply that there aren't any nuts and bolts available. But it's illegal to talk about nuts and bolts, too. As a result, the knowledge of how to use nuts and bolts gradually disappears from The Nation--and its lunch is eaten by foreign competition.
The DMCA is in the same league: It facilitates corporate attacks on the free and open exchange of information that's needed to ensure continued US prominence in the technological arena. The Sklyarov case is a perfect example. Sklyarov didn't come to DEFCON to talk about how to crack Adobe's eBook protection; he came to talk about the fact that Adobe's copy protection measures aren't up to the challenges of protecting data in the Internet environment. It's an unbelievably weak scheme, argued Sklyarov in his presentation. As recounted in the Federal indictment, a public document released by a US District Court, here's what ElcomSoft has to say about the scheme:
Now it's time for the brutal truth on Adobe eBook protection. We claim that ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of this format and encryption system developed by Adobe. The general rule is: if one can open a particular PDF file or eBook on his computer (does not matter with what kind of permissions/restrictions), he can remove that protection by converting that file into a plain, unprotected PDF. Not very much experience is needed. In brief: ANY security plugin (actually, eBooks are protected with a security plugin as well, EBX) does nothing but return a decryption key to the Adobe Acrobat Reader or Adobe Acrobat eBook Reader. The plugin can make various hardware verifications, use parallel port dongles, connect to the publisher's web site and use asymmetric encryption, etc., but it all ends up with a decryption key, because the Reader needs it to open the files. And when the key is there, we can use it to decrypt the document removing all permissions (US v Sklyarov, Criminal Complaint, July 7, 2001).
If ElcomSoft is correct, Adobe starts looking like the Wizard of Oz: a charlatan, using pumped-up trickery and the power of the US Federal government to disguise the deficiencies of its technology. Sklyarov's message is simply this: Adobe's eBook protection scheme will work only if we're all so stupid and ignorant that we can't help being taken in, and so cowed by Draconian laws that we're afraid to peek under the curtain. Instead of throwing him in jail, we should give him a Congressional medal.
Please join the fight to free Dimitry Sklyarov:
<il> * Join and support the Electronic Frontier Foundation (EFF), which is coordinating the very expensive legal campaign in Sklyarov's defense. Go right now and sign up.
<il> * Join the free-sklyarov mailing list.
Bryan Pfaffenberger is Associate Professor of Technology, Culture and Communication at the University of Virginia, in Charlottesville, VA. You can visit his web page, and you can browse previous Currents articles under the Currents heading here. Bryan cautions that his schedule rarely permits him to reply to all the e-mail he receives concerning his Linux Journal articles, but they're appreciated nonetheless.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide