[infowarrior] - Windows Vista device drivers to require digital signatures
Digital Signatures for Kernel Modules on x64-based Systems Running Windows Vista Updated: January 19, 2006 ** http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx ** For Windows Vista and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature to load on x64-based computer systems. This paper describes how to manage the signing process for kernel-mode code for Windows Vista, including how to obtain a Publisher Identity Certificate (PIC), guidelines for protecting keys, and how to sign a driver package by using tools that are provided in the Windows Driver Kit (WDK). Why digital signatures? For both consumer and enterprise users of Windows around the world, protecting personal and corporate data remains a top concern. Microsoft is committed to implementing new ways to help restrict the spread of malicious software. Digital signatures for kernel-mode software are an important way to ensure security on computer systems. Digital signatures allow the administrator or end user who is installing Windows-based software to know whether a legitimate publisher has provided the software package. When users choose to send Windows Error Reporting data to Microsoft after a fault or other error occurs, Microsoft can analyze the data to know which publishers' software was running on the system at the time of the error. Software publishers can then use the information provided by Microsoft to find and fix problems in their software. What this means for Windows Vista. To increase the safety and stability of the Microsoft Windows platform, beginning with Windows Vista: Users who are not administrators cannot install unsigned device drivers. Drivers must be signed for devices that stream protected content. This includes audio drivers that use Protected User Mode Audio (PUMA) and Protected Audio Path (PAP), and video device drivers that handle protected video path-output protection management (PVP-OPM) commands. Unsigned kernel-mode software will not load and will not run on x64-based systems. Note: Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems. This applies for any software module that loads in kernel mode, including device drivers, filter drivers, and kernel services. To optimize the performance of driver verification at boot time, boot-driver binaries must have an embedded Publisher Identity Certificate (PIC) in addition to the signed .cat file for the package. What this means for software publishers. For vendors who publish kernel-mode software, this policy has the following effects: For any kernel-mode component that is not already signed, publishers must obtain and use a PIC to sign all 64-bit kernel-mode software that will run on x64-based systems running Windows Vista. This includes kernel-mode services software. Publishers who provide 64-bit device driver or other kernel-mode software that is already signed through the Windows Logo Program or that has a Driver Reliability Signature do not need to take additional steps except for the special case of boot-start drivers. Drivers for boot-start devices must include an embedded PIC. This requirement applies for these devices: CD-ROM, disk drivers, ATA/ATAPI controllers, mouse and other pointing devices, SCSI and RAID controllers, and system devices. This information applies for the following operating systems: Microsoft Windows Vista (for x64-based systems) Microsoft Windows Server code name "Longhorn" You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - Intel Core Duo problems, so quickly after release?
http://geek.com/news/geeknews/2006Jan/bch20060123034350.htm Today is January 23, 2006, making it less than 20 days since the Core Duo was officially released, and T-minus ?? days until Core Solo is officially released. Yet, if we turn to Intel's Errata documentation for the Core Duo and Core Solo lines, we already find 34 known problems. That averages out to an error-and-a-half found every day since the chips were released. < snip > Still, the Core Duo and Core Solo processors are just out of the gates, and this high number of immediate errata should leave one a little chilled, I'd say. Releasing a brand new processor with 34 known errors seems almost criminal to me, especially with some of the more obnoxious ones highlighted above. If you're thinking about buying a Core Duo-based machine, you might want to stop by Intel's documentation department and pick up the latest errata updates, which are promised to be released on the following dates: February 15, March 15, April 19, May 17, June 14, July 19, August 16, September 13, October 18, November 15, December 13. http://geek.com/news/geeknews/2006Jan/bch20060123034350.htm You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - The Recording Industry's Confusion
http://biz.yahoo.com/ap/060123/france_music_downloads.html?.v=1 " But for record companies, the growth of legitimate downloads and the partial victory against piracy have come at a price. Many in the industry are concerned that the scramble to license out catalog for digital sales has done lasting damage to profitability." Piracy is bad for us. Legitimate sales of music online is bad for us, too. Anyone else thing the recording industry has gone completely nuts?? -rf You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - Text of GEN Hayden remarks on NSA spying
23 January 2006 Source: http://www.dni.gov/release_letter_012306.html REMARKS BY GENERAL MICHAEL V. HAYDEN PRINCIPAL DEPUTY DIRECTOR OF NATIONAL INTELLIGENCE AND FORMER DIRECTOR OF THE NATIONAL SECURITY AGENCY ADDRESS TO THE NATIONAL PRESS CLUB WHAT AMERICAN INTELLIGENCE & ESPECIALLY THE NSA HAVE BEEN DOING TO DEFEND THE NATION NATIONAL PRESS CLUB WASHINGTON, D.C. 10:00 A.M. EST MONDAY, JANUARY 23, 2006 MR. HILL: Good morning. My name is Keith Hill. I'm an editor/writer with the Bureau of National Affairs, Press Club governor and vice chair of the club's Newsmaker Committee, and I'll be today's moderator. Today, we have General Michael Hayden, principal deputy director of National Intelligence with the Office of National Intelligence, who will talk about the recent controversy surrounding the National Security Agency's warrantless monitoring of communications of suspected al Qaeda terrorists. General Hayden, who's been in this position since last April, is currently the highest ranking military intelligence officer in the armed services, and he also knows a little something about this controversy because in his previous life he was NSA director when the NSA monitoring program began in 2000 -- 2001, sorry. So with that, I will turn the podium over to General Hayden. GEN. HAYDEN: Keith, thanks. Good morning. I'm happy to be here to talk a bit about what American intelligence has been doing and especially what NSA has been doing to defend the nation. Now, as Keith points out, I'm here today not only as Ambassador John Negroponte's deputy in the Office of the Director of National Intelligence, I'm also here as the former director of the National Security Agency, a post I took in March of 1999 and left only last spring. Serious issues have been raised in recent weeks, and discussion of serious issues should be based on facts. There's a lot of information out there right now. Some of it is, frankly, inaccurate. Much of it is just simply misunderstood. I'm here to tell the American people what NSA has been doing and why. And perhaps more importantly, what NSA has not been doing. Now, admittedly, this is a little hard to do while protecting our country's intelligence sources and methods. And, frankly, people in my line of work generally don't like to talk about what they've done until it becomes a subject on the History Channel. But let me make one thing very clear. As challenging as this morning might be, this is the speech I want to give. I much prefer being here with you today telling you about the things we have done when there hasn't been an attack on the homeland. This is a far easier presentation to make than the ones I had to give four years ago telling audiences like you what we hadn't done in the days and months leading up to the tragic events of September 11th. Today's story isn't an easy one to tell in this kind of unclassified environment, but it is by far the brief I prefer to present. Now, I know we all have searing memories of the morning of September 11th. I know I do. Making the decision to evacuate non- essential workers at NSA while the situation was unclear; seeing the NSA counterterrorism shop in tears while we were tacking up blackout curtains around their windows; like many of you, making that phone call, asking my wife to find our kids, and then hanging up the phone on her. Another memory for me comes two days later -- that's the 13th of September -- when I addressed the NSA workforce to lay out our mission in a new environment. It was a short video talk; we beamed it throughout our headquarters at Fort Meade and globally throughout our global enterprise. Now, most of what I said was what anyone would expect. I tried to inspire: our work was important; the nation was depending on us. I tried to comfort: Look on the bright side, I said to them, right now a quarter billion Americans wish they had your job, being able to go after the enemy. I ended the talk by trying to give a little perspective. I noted that all free peoples have had to balance the demands of liberty with the demands of security, and historically, historically we Americans have been able to plant our flag well down the spectrum toward liberty. Here was our challenge, I said, and I'm quoting from that presentation: "We are going to keep America free by making Americans feel safe again." But to start the story with that Thursday, December 13th, is a bit misleading. It's a little bit like coming in near the end of the first reel of a movie. To understand that moment and that statement, you would have to know a little bit about what had happened to the National Security Agency in the preceding years. Look, NSA intercepts communications, and it does so for only one purpose -- to protect the lives, the liberties and the well-being of the citizens of the United States from those who would do us harm. By the late 1990s, that job was becoming increasingly more difficult. The explosion of modern communicatio
[infowarrior] - Yahoo, MS: No personal data surrendered
(I wonder if Google's resistance hadn't made frontpage news, if these companies would even be saying anything right now...rf) Yahoo, MS: No personal data surrendered http://upi.com/NewsTrack/view.php?StoryID=20060123-031414-2463r WASHINGTON, Jan. 23 (UPI) -- Yahoo and Microsoft say they did not turn over any private information to the government when they complied with a subpoena. Google has refused to comply with the demand to supply six months of search data. The Justice Department is seeking the information in an effort to revive the Child Online Protection Act, which was overturned two years ago by the Supreme Court, by determining whether filtering software does the job of keeping children away from hardcore porn sites. Both Microsoft and Yahoo say that they provided data that contained nothing that would allow the government to identify specific users of their search engines, the San Jose Mercury News reported. While Google's refusal to comply with the subpoena is based on claims of shielding proprietary information, privacy is clearly an issue. "Google's acceding to the request would suggest it is willing to reveal information about those who use its services," Ashok Ramani, a lawyer representing Google, said in a letter to the Justice Department. "This is not a perception that Google can accept." © Copyright 2006 United Press International, Inc. All Rights Reserved You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - TCSM-L group reborn after Yahoo fiasco
This group was caused by the great migration from Yahoo to Google of the TSCM-L Newsgroup/news feed. http://groups.google.com/group/TSCM-L2006 You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - Supreme Court Rejects BlackBerry Appeal
Supreme Court Rejects BlackBerry Appeal http://www.washingtonpost.com/wp-dyn/content/article/2006/01/23/AR2006012300 512_pf.html By Yuki Noguchi Washington Post Staff Writer Monday, January 23, 2006; 1:00 PM The Supreme Court today rejected a petition from BlackBerry maker Research in Motion Ltd. for a rehearing of its patent-infringement case. The Canadian maker of the popular wireless e-mail device has been locked in litigation against NTP Inc., a McLean-based patent-holding company that holds the licenses for the technology. RIM may face a court-ordered shut down of most of its 4 million BlackBerrys in the United States if it cannot settle its case with NTP. The company has said, however, that is developing a technological work-around that skirts the patent infringement. RIM has also asked the U.S. Patent and Trademark Office to review NTP's patents with the hopes that they would be declared invalid. In 2002, a jury found RIM violated several key NTP patents and ordered it to pay royalties, which as of November had accrued to more than $250 million. "The Supreme Court's denial closed the final path for RIM to avoid liability," NTP said in a statement today. NTP is an investor in RIM competitor Good Technology Inc., and has licensing agreements with other wireless e-mail companies, such as Nokia Corp. and Visto Inc. A spokesman for RIM played down the significance of today's ruling. "RIM has consistently acknowledged that Supreme Court review is granted in only a small percentage of cases and we were not banking on Supreme Court review," marketing vice president Mark Guibert said in a statement. "The Patent Office continues its reexaminations with special dispatch, RIM's legal arguments for the District Court remain strong and our software work-around designs remain a solid contingency." © 2006 The Washington Post Company You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - White House on PR path over domestic surveillance
White House on PR path over domestic surveillance By James Gerstenzang, Tribune Newspapers: Los Angeles Times; Times staff writers Peter Wallsten and Greg Miller contributed to this report Published January 22, 2006 http://www.chicagotribune.com/news/nationworld/chi-0601220429jan22,1,1331353 .story?coll=chi-newsnationworld-hed WASHINGTON -- The Bush administration is launching an aggressive effort to convince Americans that a National Security Agency program of domestic eavesdropping is legal and justified. With public opinion polls indicating that Americans are evenly divided over the program, President Bush's top political lieutenants on Friday used the surveillance program in speeches to Republican activists as a weapon against Democrats. The president and other senior administration officials had shied away from talking extensively about the NSA's program of monitoring certain phone calls and other communication between Americans and persons overseas. The program immediately became controversial when it was revealed last month, because the monitoring occurred without court approval. Bush had secretly approved it after the Sept. 11 terrorist attacks. The president and other senior officials will be making a series of speeches and visits this week in Washington and beyond. They are trying to build new support for the program two weeks before the Senate begins hearings on it, while also taking advantage of underlying public support for aggressive actions intended to head off terrorist strikes. Bush is expected to deal with the issue during a planned speech Monday in Kansas. At the same time, Lt. Gen. Michael Hayden, the deputy director of national intelligence who headed the NSA when the eavesdropping program was developed, is scheduled to speak at the National Press Club. On Tuesday, Atty. Gen. Alberto Gonzales is to deliver a speech about the spying, and on Wednesday Bush will visit the NSA headquarters outside Washington. "We are stepping up our efforts to educate the American people about this vital tool in the war on terrorism ahead of the congressional hearing scheduled for early February," White House press secretary Scott McClellan said. Many Democrats say that Bush, by authorizing the NSA to intercept some phone calls without approval from a special national security court, violated the 1978 law regulating intelligence-gathering in the United States. "Congress spent seven years considering and enacting the Foreign Intelligence Surveillance Act," Sen. Edward Kennedy (D-Mass.) said Friday in a written statement. "It was not a hastily conceived idea. Now, the administration has made a unilateral decision that congressional and judicial oversight can be discarded, in spite of what the law obviously requires. We need a thorough investigation of these activities." Beyond making its legal arguments, the administration is reaching out to the court of public opinion. Republican political operatives have discerned what they believe is the program's political potential. Asked which is their greater concern, that the government's anti-terrorism policies had not gone far enough to protect the country or had gone too far in restricting civil liberties, 46 percent of those surveyed in a recent poll said the government had not done enough. Some 33 percent said it had gone too far. The poll, conducted Jan. 4-8 by the Pew Research Center for the People and the Press, also found that 48 percent of respondents thought that "monitoring Americans suspected of terrorist ties without court permission" was "generally right," and 47 percent thought it was "generally wrong." In short, said Andrew Kohut, the center's director, a surveillance program that had drawn sharp criticism when it was first disclosed "has been transformed from an accusation to a debatable issue." Support for the administration's eavesdropping program, Kohut said, "hinges on people seeing this as going after the bad guys" rather than as an infringement on civil liberties. Republicans believe the spying debate works in their favor, allowing them to paint Democrats as weak on terrorism. Ken Mehlman, the Republican National Committee chairman, told reporters on the sidelines of the GOP's winter meeting in Washington on Friday that the program would be a crucial element of the party's strategy in this year's congressional campaign. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - Can video iPod lead to DMCA reform?
Can video iPod lead to DMCA reform? By Declan McCullagh http://news.com.com/Can+video+iPod+lead+to+DMCA+reform/2010-1028_3-6029611.h tml Story last modified Mon Jan 23 05:30:00 PST 2006 Apple Computer's video iPod may not be the first portable movie player, but it is by far the best. The one serious flaw in this svelte little device is how difficult it is to load with video. Apple's otherwise handy iTunes application flatly refuses to transfer a legally purchased DVD to the iPod. Don't blame Apple for this glaring oversight. You can thank our esteemed public servants in Congress. In 1998, politicians bowed to pressure from the entertainment industry and voted overwhelmingly for the Digital Millennium Copyright Act. Part of that law made it a federal offense to sell or distribute software that can rip DVDs. In other words, believe it or not, Apple CEO Steve Jobs would be guilty of a federal felony if iTunes transferred DVDs to an iPod as easily as it can music from a CD. While these Draconian penalties have angered digital-rights types for years, the prohibition really hasn't affected a broader audience. But the recently released video iPod changes this and--if we're lucky--will prove to be a flashpoint that sparks actual reforms. "Our best hope for getting amendments to the DMCA is for more regular consumers to feel the pinch of the DMCA," says Fred von Lohmann, an attorney at the Electronic Frontier Foundation. Earlier legal tussles over the DMCA were more arcane and didn't cripple gadgets prized by the masses. Take the court rulings against the now-defunct 321 Studios, which used to sell DVD-copying program. A federal judge in February 2004 ruled that the DMCA outlawed it. That decision was widely ignored outside of geekdom. So were legal threats against security researchers, DVD burning software, toner cartridge refills, computer science graduate students, Russian hackers and Princeton researchers. There are some proposals in Congress that start to fix the video iPod problem, but the outlook is hardly sunny. One bill is the Digital Media Consumers' Rights Act, introduced by Rep. Rick Boucher, a Virginia Democrat. Another is the so-called "Balance" bill introduced by Rep. Zoe Lofgren, a California Democrat. But there are some problems. The latest version of the Boucher bill seems to be watered down from an earlier one. (The new language is ambiguous but not as consumer-friendly as it was in the earlier version). And even if it were enacted, you could legally transfer a DVD to an iPod, but it would continue to be unlawful to distribute the software that permits the transfer to take place. The Lofgren bill comes closer to the mark. It says that in some cases, it is legal to distribute software that can "circumvent a technological measure" such as DVD encryption. Unfortunately, her proposal has virtually no support. And because it's a bill introduced by a Democrat, it's hardly likely to receive a warm welcome from congressional Republicans. More to the point, perhaps, a good portion of the U.S. technology industry is lined up against DMCA reform. There's no shortage of enthusiasm for the 1998 law among the political class--various lobbyists and politicos actually toasted it with champagne a few years ago, and many software companies love it. The Business Software Alliance (that is, Microsoft) says the law is necessary "to curb piracy and its economic consequences." The entertainment industry is just as emphatic, and so are video game makers. Still, some glimmers of hope exist for DMCA reform. At a hearing in November, Rep. Joe Barton, the Texas Republican who chairs the House Energy and Commerce Committee, seemed to take a common-sense approach. "It boils down to this: I believe that when I buy a music album or movie DVD, it should be mine once I leave the store," Barton said. Hardware makers and Internet providers have also expressed their support for reform. (The list includes Intel, Sun Microsystems, Verizon, Gateway and Red Hat.) Will that be enough? We'll see. It may depend on how rebellious--or cranky--video iPod owners turn out to be. Copyright ©1995-2006 CNET Networks, Inc. All rights reserved. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
