Steinbring Inc.

I guess not all of GoDaddy’s problems recently had to do with daylight savings time.

Domain registrar and hosting company The Go Daddy Group Inc. was hit with “significant and sustained” distributed denial-of-service attacks Sunday, the company said.

The attacks caused four to five hours of intermittent disruptions to services, including hosting and e-mail, said Neil Warner, GoDaddy.com’s chief information security officer, in an e-mail forwarded by the company’s public relations department. The services were back by later in the day.

The problems were not caused by GoDaddy’s response to the U.S. early switch to daylight-saving time (DST), Warner said. On Friday, one customer expressed concerns that GoDaddy would not be ready for the switch Sunday after the company’s technical support team told him it didn’t need to install DST patches because its servers are in Arizona, which does not observe DST.

Link [ Via UNEASYsilence ]

This pisses me off.  The government awarded this company billions of dollars worth of no-bid contracts (thank you Vice President Dick Cheney!) and they’re now moving to Dubai!?!?  The money’s not even staying in the US now!

U.S. oil services firm Halliburton Co. is moving its headquarters and chief executive to Dubai in a move that immediately sparked criticism from some U.S. politicians.

…

“This is an insult to the U.S. soldiers and taxpayers who paid the tab for their no-bid contracts and endured their overcharges for all these years,” said judiciary committee chairman Sen. Patrick Leahy, a Vermont Democrat.

Link

Slashdot and PC World are both reporting that GoDaddy was unprepared for the change in day light savings time.  All of my sites are hosted by GoDaddy and steinbring.net was unreachable for a while earlier today.  GoDaddy has always been great about everything since I switched to them.  I’m kinda surprised that they weren’t more prepared.

The UK firm was promoting its Dr Pepper drink in the US by organising gold coin treasure hunts for big cash prizes.
Contestants flocked to the 347-year-old Granary Burying Ground to find the hidden coin, but the site was shut amid fears that graves may be desecrated.
…
Cadbury Schweppes communications director Andrea Dawson-Shepherd said: “It was not an appropriate place to bury a coin. It was poor judgment and we have apologised to the authorities. No damage was done to any of the graves.”

I fully expected that a software next-gen DVD player’s device key would be discovered, allowing any movie playable by the software to be decrypted.  The movie industry expected the same thing.  That’s why they engineered both HDDVD and BluRay to allow for the revocation of device keys.  So what’s next?  Do they revoke the newly discovered device key for WinDVD 8 and effectively kill all existing, legally purchased and legally used, copies of WinDVD 8 in an attempt to eliminate the value of this key or do they do nothing.

A few nights ago, something that Arnezami had written about slowing WinDVD 8 down though intensive memory dumps had started me thinking. So, I brought up my favorite Java IDE and begun writing code. Using a combination of VUK Finder (by Jokin), pmdump, psuspened (Sys Internals) and WinHex I was able to get enough data to find the VID, Media Key, and Processing Key by using the “bottom up” approach that Arnezami spoke about.

As soon as I had the processing key in a memory dump I knew that I was close to a Device Key. I then quickly implemented a version of AES-128G(k, d), where k = key and d = the data to be decrypted, however in this case I seeded d with the constant 0×7B103C5DCB08C4E51A27B01799053BD9 + 1, or 0×7B103C5DCB08C4E51A27B01799053BDA (per page 13 of the AACS Common Crypto doc), and ran the entire contents of my memory dump through decryption at 1 byte incremental offsets.

About 35,000 bytes into the file I extracted a 16 byte value that was able, using the constant as the d value, to create the processing key. If my interpretation of the AACS specification is correct, I have found a device key. Here is the device key, along with the memory offset where it can be re-discovered assuming that you dump memory in WinDVD 8 early enough in the runtime process. By the way, psuspened helps tremendously with slowing processes down so that pmdump can accurately dump memory!

[WinDVD 8]

Device Key: AA856A1BA814AB99FFDEBA6AEFBE1C04
Found at memory location: 0×000089EC

Device Key: AA856A1BA814AB99FFDEBA6AEFBE1C04
Found at memory location: 0×00008A20

An interesting thing to note is that the device key is found only a few bytes before the location where Arnezami found the processing key, and in contiguous memory! It is also interesting to note that WinDVD8 keeps the device key in 2 difference memory locations, very close by each other. My guess is that this would be the result of some sort of deep copy, maybe even the result of a function call.

Link [ Via Slashdot ]