
Breaking the Chain - zerognowl
https://googleprojectzero.blogspot.com/2016/11/breaking-chain.html
======
amaks
"The Win32k filter is already used in Edge, however at the moment only
Microsoft can use it as the executable signature is checked before allowing
the filter to be enabled."

I find this disturbing and anti-competitive. Microsoft is clearly giving Edge
an edge here (pun intended).

~~~
divbit
Is the "edge" the same advantage chrome has on a chromebook? semi-serious
question.

------
mmastrac
Is it just me, or does it seem trivial to MitM this HDCP API by just faking
out the certificate chain, then faking out the method return values?

> Fortunately this doesn’t compromise the security guarantees of the original
> API because of the way Microsoft designed it. To prevent a MitM attack
> against the API calls (i.e. you hook the API and return the answer the
> caller expects, such as HDCP is enabled) the call is secured between the
> caller and graphics driver using a X.509 certificate chain returned during
> initialization.

~~~
mschuster91
You know what I'm waiting for? When game manufacturers start to require HDCP.
The outrage of the youtube gamer kiddies (I personally dislike them all, but
hey, they got enough influence) when they can't stream their stuff any more is
going to be priceless and maybe enough to finally burn down the HDCP/DRM
towers.

Or when someone develops a malware that exploits vulnerabilities in the x.509
code. I mean, if it's proper x.509, it's a hellhole of vulnerabilities -
because either the crypto developers had to use common, often-flawed code like
OpenSSL or develop their own.

~~~
21
Windows has it's own crypto api, I'm pretty sure the drivers would use that.

And why would game companies want to kill streaming? It's free advertising,
not to mention that they all probably dream of making the next dota.

~~~
mschuster91
> And why would game companies want to kill streaming?

Never underestimate the power of human greed. Apple (with iTunes) has proved
that the availability of unprotected content doesn't hurt the bottom line, and
when I go into a store today and buy a physical CD-ROM it more often than not
lacks any copy protection. And this has been the situation for years.

Meanwhile, the movie industry is soundly asleep at the wheel and its execs
don't recognize that the consumer demands (near-instant access, no copy
protection, no unskippable FBI warnings, no unskippable teasers, and no
freaking region lock) have greatly diverged from their offerings. Or they do
recognize, but cannot change their existing contracts or whatever - in this
case the entire industry deserves a burn-to-the-ground event, because the
situation ain't going to be fixed otherwise.

And for the game companies: there are already companies taking down "let's
play" videos. Need for "absolute control", I guess. And they still haven't
stopped putting retarded DRM (including what basically amounts to rootkits, in
the form of anti-cheat stuff) into their games.

~~~
motoboi
> Meanwhile, the movie industry is soundly asleep at the wheel and its execs
> don't recognize that the consumer demands (near-instant access, no copy
> protection, no unskippable FBI warnings, no unskippable teasers, and no
> freaking region lock) have greatly diverged from their offerings.

Are you implying that people still use DVDs or Blu-rays?

If you are, I got genuinely curious, because in Brazil at least, I'm quite
certain they got nearly extinct. Here, is Netflix, cable (or satellite),
online "channels" as HBO-Go or torrent.

Based on that, it appears to me that consumer demands already won.

~~~
nickpsecurity
Walmart has a huge selection. People buy them. Even the local grocery chain
has all the new releases. People stay renting at the Redbox, too. I don't know
what the absolute numbers are on the industry but plenty of people like them.

------
mschuster91
That must have been a hell of a workload. Thanks for this.

There are three pieces that left me shivering:

> After discussion with my original contact at Adobe they didn’t have access
> to the DRM code for Flash.

WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users?
Security by obscurity or what? This is totally irresponsible of Adobe.

> though I’ll admit something about sending binary blobs to a graphics driver
> gives me the chills.

What a joke that DRM crap is. Hasn't been sending crap to graphics drivers
been a cause of a boatload of exploits, and they're still doing so?

> The stability issues are likely down to interactions with third party code
> (such as AV) which inject their own code into Chrome processes.

LOLOLOLOL. For what is this even needed, given that AV software usually has
kernel-level code anyway? Also, why on earth do AV vendors think they can mess
around with third-party software?

The only ones who get clogged up with the inevitable bug reports are software
devs who don't test their own software across all possible AV solutions - I
doubt any company except Apple, Microsoft, Google's Android and Chrome
divisions and Adobe actually have the install base for doing such tests "in
the wild" like Chrome did.

~~~
ajdlinux
> WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users?
> Security by obscurity or what? This is totally irresponsible of Adobe.

I understood this to mean that _James ' Adobe contact_ doesn't have access to
their DRM code, not that Adobe as a company doesn't.

~~~
tiraniddo
That's exactly it. The contact had flash source but they get the DRM code
shipped as a binary library so never see the source of it. A lot of companies,
MS, Google, Adobe compartmentalise their drm team, effectively at the behest
of the media companies as its all smoke and mirrors anyway. trying to protect
things like encryption keys and the like. Typically therefore the binaries are
also obfuscated heavily.

------
revelation
So tomorrow Microsoft ships an update for Windows that causes a runtime
function to call an additional Win32k function and suddenly Chrome crashes?

This seems somewhat impossible to maintain.

~~~
gcp
They've had similar problems with Windows 10 updates and other security
measures. Yes, it's a headache.

