Comments on: DRM and Rogue Employees http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/ Linux, politics, and other interesting things Thu, 09 Feb 2012 01:09:24 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: etbe http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20677 etbe Thu, 10 Sep 2009 21:16:10 +0000 http://etbe.coker.com.au/?p=1253#comment-20677 http://www.crn.com/retail/216500680;jsessionid=1EWQR02BVWTZFQE1GHOSKHWATMY32JVN Here's an article about Amazon canceling someone's Kindle account which made all their previously purchased books unreadable. Apparently they returned three books to Amazon which made them a bad customer... Eventually Amazon uncanceled the account, but it's a nasty thing to do. http://www.crn.com/retail/216500680;jsessionid=1EWQR02BVWTZFQE1GHOSKHWATMY32JVN

Here’s an article about Amazon canceling someone’s Kindle account which made all their previously purchased books unreadable. Apparently they returned three books to Amazon which made them a bad customer…

Eventually Amazon uncanceled the account, but it’s a nasty thing to do.

]]> By: Michael Schurter http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20175 Michael Schurter Wed, 29 Jul 2009 05:15:24 +0000 http://etbe.coker.com.au/?p=1253#comment-20175 etbe: True, but that's a lot of ifs. Seems a more likely attack vector would be a disgruntled Debian developer slipping a backdoor into a package. Think about how long the huge OpenSSL flaw went unnoticed and that wasn't even intentionally malicious. Hell, Chinese open source contributors may be covertly working for their government waiting for the right time to inject a vulnerability. I don't think its likely, but I do think its at least as likely as a malicious Amazon employee erasing all e-books on all Kindles. Yet you won't see me discouraging Chinese involvement in open source because of paranoia. I think we need to be level headed about such things. DRM is bad, but it doesn't warrant us becoming needlessly paranoid. etbe: True, but that’s a lot of ifs. Seems a more likely attack vector would be a disgruntled Debian developer slipping a backdoor into a package. Think about how long the huge OpenSSL flaw went unnoticed and that wasn’t even intentionally malicious. Hell, Chinese open source contributors may be covertly working for their government waiting for the right time to inject a vulnerability.

I don’t think its likely, but I do think its at least as likely as a malicious Amazon employee erasing all e-books on all Kindles. Yet you won’t see me discouraging Chinese involvement in open source because of paranoia. I think we need to be level headed about such things. DRM is bad, but it doesn’t warrant us becoming needlessly paranoid.

]]> By: Jerome http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20118 Jerome Thu, 23 Jul 2009 15:26:27 +0000 http://etbe.coker.com.au/?p=1253#comment-20118 I'm not the only one thinking about it: http://www.slate.com/id/2223214/pagenum/all/ "Why 2024 Will Be Like Nineteen Eighty-Four — How Amazon’s remote deletion of e-books from the Kindle paves the way for book-banning’s digital future." I’m not the only one thinking about it:

http://www.slate.com/id/2223214/pagenum/all/

“Why 2024 Will Be Like Nineteen Eighty-Four — How Amazon’s remote deletion of e-books from the Kindle paves the way for book-banning’s digital future.”

]]> By: Jerome http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20083 Jerome Mon, 20 Jul 2009 19:43:12 +0000 http://etbe.coker.com.au/?p=1253#comment-20083 One further point to consider is censorship. The control that Amazon has over products the person has paid for is amazing. I can't understand why would anyone would want this or why any government or society would allow this. Again, with DRM you're are not buying anything you're simply renting and anything else is completely out of your control. And the the "damaged" produced to the "owners" of those books. One further point to consider is censorship. The control that Amazon has over products the person has paid for is amazing. I can’t understand why would anyone would want this or why any government or society would allow this.

Again, with DRM you’re are not buying anything you’re simply renting and anything else is completely out of your control.

And the the “damaged” produced to the “owners” of those books.

]]> By: etbe http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20074 etbe Sun, 19 Jul 2009 11:27:39 +0000 http://etbe.coker.com.au/?p=1253#comment-20074 Michael: In the past I've worked with companies of equivalent size to Amazon who had no good backups. However I believe that Amazon is better than them. A smart attacker wouldn't merely wipe out data. Options include corrupting the data slowly over the course of months (which wouldn't work if database changes caused an immediate change to kindle state). If the same person had access to the backup system and the database they could corrupt backups until the tapes had been cycled and then wipe the database. Even if the Amazon server unsold all books and a couple of days later they appeared on the Kindles again the damage would be significant. It's not just an inconvenience of being unable to read the book for a couple of days, it's an invasion of the sovereignty of the user's computer. In Internet terms it's an act of war! Michael: In the past I’ve worked with companies of equivalent size to Amazon who had no good backups. However I believe that Amazon is better than them.

A smart attacker wouldn’t merely wipe out data. Options include corrupting the data slowly over the course of months (which wouldn’t work if database changes caused an immediate change to kindle state). If the same person had access to the backup system and the database they could corrupt backups until the tapes had been cycled and then wipe the database.

Even if the Amazon server unsold all books and a couple of days later they appeared on the Kindles again the damage would be significant. It’s not just an inconvenience of being unable to read the book for a couple of days, it’s an invasion of the sovereignty of the user’s computer. In Internet terms it’s an act of war!

]]> By: Michael Schurter http://etbe.coker.com.au/2009/07/19/drm-and-rogue-employees/comment-page-1/#comment-20071 Michael Schurter Sun, 19 Jul 2009 07:20:13 +0000 http://etbe.coker.com.au/?p=1253#comment-20071 It would take pretty lax security and backup procedures for a single user to be able to wipe out all sales records and their backups. The one case you mention of a rogue employee wiping out a business was due more to lax backup procedures than to an errant employee. If all it takes to wipe out all of your data is a simple "DROP DATABASE FOO;" query, I'd say chances are better hardware failure or a simple programming error is 100x more likely to take you down than an angry employee. Still, Amazon being able to unsell books is pretty creepy. :-) It would take pretty lax security and backup procedures for a single user to be able to wipe out all sales records and their backups. The one case you mention of a rogue employee wiping out a business was due more to lax backup procedures than to an errant employee.

If all it takes to wipe out all of your data is a simple “DROP DATABASE FOO;” query, I’d say chances are better hardware failure or a simple programming error is 100x more likely to take you down than an angry employee.

Still, Amazon being able to unsell books is pretty creepy. :-)

]]>