Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 24th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2018 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

Owch, that's gotta hurt!

26 January 2018

Anything that is done by man can be undone by man.

Well I think we all know that this saying is a bunch of baloney (just try unshooting someone in the head) but there are cases where it does apply -- such as encryption.

Hands up everyone who remembers how new-fangled (at the time) DVDs were supposed to protect the movies and TV shows that were on them by using a fancy encryption system?

That encryption system was supposed to be virtually uncrackable -- yet it didn't take too long before there was all manner of decryption software available that let you rip those disks to your hard-drive or transcode them into whatever format you wanted.

How can that be?

Wasn't this supposed to be "strong" encryption?

Well it doesn't matter how strong your encryption is, if you don't keep the keys safe, then it becomes next to useless -- as the creators of the DVD scheme soon found out to their cost.

Although the encryption system used for DVDs (CSS) was basically okay, human error meant that the much-sought-after decryption keys were able to be lifted from a DVD player in which they were very poorly concealed in firmware.

Game over!

Since then, those who rely on such key-based security and control systems to protect themselves against hacking have been pretty vigilant -- but even the most well-funded, successful companies are not immune and an interesting story appeared in The Register today.

It seems that, some time ago, DJI (you know, the drone people) accidentally flagged a code repository as "public" on GitHub, thus exposing their keys to the world.

Some clever developer(s) decided to create a fork of the official software (keys and all) so as to create their own version, thus giving them the power to bypass the geofencing and other restrictions that are normally imposed by the DJI code.

Of course flagging the repository as "public" was a bit of a mistake on DJI's part so they issued a DMCA takedown request in an attempt to have the new fork (and the keys) removed.

Bad luck DJI. As clearly outlined in The Register article, by making their repository public (even if it had only been for a short while), they effectively agreed to allow others to fork their code and continue to publish it (keys and all).

So sad (LOL).

Now I suspect that DJI will take further legal action by way of civil or criminal suit, alleging that although they did make the repository public, it was not their intention to do so and that GitHub's refusal to remove the forked code and keys represents significant damage to DJI.

This will be lots of fun!

I guess the moral to the story is that you should *always* read the fine print when using any service and that even the best DRM or encryption can fall victim to human error so should never be considered "foolproof".

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

Gidday big brother (cobber)
Australia has taken on real "big brother" overtones of late...

Whatever happened to commonsense?
In the USA over the past week, two aircraft were purposely flown in a reckless manner that resulted in the deaths of their pilots and a significant risk to those on the ground...

Google: we know where you have been
People around the world are shocked and horrified that Google has been tracking their every move, even without their permission...

The USA's Space Force
Ronald Regan started it all with his "Star Wars" initiative...

Buy your tech stuff now?
The Kiwi dollar has taken a bit of a tumble on news that the Reserve Bank will keep interest rates low for at least the next 18 months...

ArsTechnica, the Daily Mirror of tech news?
When we think of "fake news" we almost always refer to the mainstream news outlets which have increasingly focused on sensationalising stories in search of extra clicks and ad revenue...

Climate change, things just got hotter
Reports began appearing in the media this week which indicate that AGW is now growing at such a rate that the "tipping point" may be upon us in less than a decade or two...

Core blimey!
The price of the new Ryzen Threadripper 2990W processor has been leaked...

Tax, plastic, assassinations
Yes, it's another pot pouri of topics rather than a common theme today...

Drone... groan!
Okay, it's time for my regular moan about drones so don't groan...

More power!
I'd already the story which prompted today's column when a reader dropped me an email with a link to it...