Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes: There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."

"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."

An anonymous reader writes from a report via BleepingComputer: Downloading and trying to open Windows DRM-protected multimedia files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned. On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details. For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

An anonymous reader shares a Ghacks report: Google made a change in Chrome 57 that removes options from the browser to manage plugins such as Google Widevine, Adobe Flash, or the Chrome PDF Viewer. If you load chrome://plugins in Chrome 56 or earlier, a list of installed plugins is displayed to you. You can use it, among other things, to disable plugins that you don't require. While you can do the same for some plugins, Flash and PDF Viewer, using Chrome's Settings, the same is not possible for the DRM plugin Widevine, and any other plugin Google may add to Chrome in the future. Starting with Chrome 57, that option is no longer available. This means essentially that Chrome users won't be able to disable -- some -- plugins anymore, or even list the plugins that are installed in the web browser. Please note that this affects Google Chrome and Chromium.Further report on BetaNews.

Reader joshtops writes: Ars Technica has reviewed the much-anticipated Intel Core i7-7700K Kaby Lake, the recently launched desktop processor from the giant chipmaker. And it's anything but a good sign for enthusiasts who were hoping to see significant improvements in performance. From the review, "The Intel Core i7-7700K is what happens when a chip company stops trying. The i7-7700K is the first desktop Intel chip in brave new post-"tick-tock" world -- which means that instead of major improvements to architecture, process, and instructions per clock (IPC), we get slightly higher clock speeds and a way to decode DRM-laden 4K streaming video. [...] If you're still rocking an older Ivy Bridge or Haswell processor and weren't convinced to upgrade to Skylake, there's little reason to upgrade to Kaby Lake. Even Sandy Bridge users may want to consider other upgrades first, such as a new SSD or graphics card. The first Sandy Bridge parts were released six years ago, in January 2011. [...] As it stands, what we have with Kaby Lake desktop is effectively Sandy Bridge polished to within an inch of its life, a once-groundbreaking CPU architecture hacked, and tweaked, and mangled into ever smaller manufacturing processes and power envelopes. Where the next major leap in desktop computing power comes from is still up for debate -- but if Kaby Lake is any indication, it won't be coming from Intel. While Ars Technica has complained about the minimal upgrades, AnandTech looks at the positive side: The Core i7-7700K sits at the top of the stack, and performs like it. A number of enthusiasts complained when they launched the Skylake Core i7-6700K with a 4.0/4.2 GHz rating, as this was below the 4.0/4.4 GHz rating of the older Core i7-4790K. At this level, 200-400 MHz has been roughly the difference of a generational IPC upgrade, so users ended up with similar performing chips and the difference was more in the overclocking. However, given the Core i7-7700K comes out of the box with a 4.2/4.5 GHz arrangement, and support for Speed Shift v2, it handily mops the floor with the Devil's Canyon part, resigning it to history.

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.

dryriver writes: I got together with old computer nerd friends the other day. All of us have been at it since the 8-bit/1980s days of Amstrad, Atari, Commodore 64-type home computers. Everybody at the meeting agreed on one thing -- computing is just not as cool and as much fun as it once was. One person lamented that computer games nowadays are tied to internet DRM like Steam, that some crucial DCC software is available to rent only now (e.g. Photoshop) and that many "basic freedoms" of the old-school computer nerd are increasingly disappearing. Another said that Windows 10's spyware aspects made him give up on his beloved PC platform and that he will use Linux and Android devices only from now on, using consoles to game on instead of a PC because of this. A third complained about zero privacy online, internet advertising, viruses, ransomware, hacking, crapware. I lamented that the hardware industry still hasn't given us anything resembling photorealistic realtime 3D graphics, and that the current VR trend arrived a full decade later than it should have. A point of general agreement was that big tech companies in particular don't treat computer users with enough respect anymore. What do Slashdotters think? Is computing still as cool and fun as it once was, or has something "become irreversibly lost" as computing evolved into a multi-billion dollar global business?

The Deseret News reports that Hollywood studios "aren't happy with VidAngel, saying in a statement Wednesday that the Utah-based streaming service 'continues to illegally stream our content without a license and is expanding its infringement by adding new titles' despite a judge's recent injunction." Or, as VidAngel explains on their blog, "We say we're legal. Disney says we're pirates." Long-time Slashdot reader goombah99 writes: VidAngel...will edit any major movie of objectionable content exactly as you request (and no more than you request), then stream it to you for $1. Such bowdlerizing and DVD streaming services are expressly written into section 110 of Title 17, the copyright act (paragraph 11 added in the 2005 Family Viewing act). Therefore both aspects that the studios are suing over, the streaming of a DVD and the editing of it by a third party, is plainly legal... There's a petition to save this act from encroachment [signed by more than 30,000 families].
In just five days in October, VidAngel raised $10.1 million in a "mini-IPO" -- reportedly the fastest one ever -- to fund their ongoing fight against the movie studios. VidAngel CEO Neal Harmon says "We'll take this all the way to the Supreme Court if necessary. We're happy to pay more. We're happy to rent more. We're happy to pay the prices the studios want us to pay. Just give us filtering."

msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

It appears many major stakeholders in the movie industry want to bring new titles to you within days, if not hours, as they hit cinemas. Earlier this year, we learned that Sean Parker is working on a service called "Screening Room", an idea that was reportedly backed by Peter Jackson, Steven Spielberg and JJ Abrams, to bring movies on the same day as they show up in theaters. Apple seems interested as well. It is reportedly in talks with Hollywood studios to get iTunes rentals of movies that are still playing on the big screen. Earlier this month, Bloomberg reported that several studios are exploring the idea of renting new movies for $25 to $50 just two weeks after they have hit cinemas.

None of such deals have materialized yet, of course, and also it needs to be pointed out that several movie companies have discarded these ideas before because they know that by offering you new titles so early they are going to lose on all the overpriced cold drinks, and snacks they sell you at the theatre. There's also piracy concerns. If a movie is available early, regardless of the DRM tech these companies deploy, good-enough footage of the movies will crop up on file-sharing websites almost immediately.

But leaving all those aspects aside, would you be interested in getting new titles just hours or a week or two after they hit the cinemas? Would you want to end the decades-long practice of going to a theater?

On Friday, O'Reilly Media announced "Our Cyber Monday sale starts now." An anonymous reader writes: They're offering a 50% discount on every ebook they publish -- over 14,000 titles from O'Reilly, No Starch Press, Pearson, A Book Apart, Make, Packt, and 25 other book publishers. (And they're offering a 60 percent discount on orders over $100.) Just use the code CYBER16 when checking out to claim the discount. The sale continues through Tuesday morning at 5 a.m. PST.

These are all DRM-free ebooks (in multiple formats), and there's even some "early release" editions -- advance copies distributed before their official publication. The discount also applies to new titles like "Head First Python" as well as old-school classics like "Learning Perl". Right now their best-sellers are "Wicked Cool Shell Scripts", "Modern Linux Administration", and "You Don't Know JS: Up and Going" -- but again, the discount applies to any ebook that they sell, and they also still have their selection of free programming texts.
Tim O'Reilly was one of the first people interviewed by Slashdot -- more than 17 years ago.

An anonymous reader quotes a report from The Verge: Netflix 4K streaming is finally heading to Windows PCs this week. While a number of TVs and set-top-boxes already support 4K Netflix streams, the PC has largely been left out of the high-quality streams due to piracy fears. Netflix is now supporting 4K streaming through Microsoft's Edge browser, but you'll need a new PC to actually make use of it. Netflix is only supporting 7th generation (Kaby Lake) Intel Core processors, and there aren't many laptops that actually support both the 4K display required and the new Intel processors. As a result, Microsoft is using the 4K Netflix support as a marketing effort for its Edge browser and to encourage people to upgrade their hardware to watch new episodes of the Gilmore Girls. It all might seem like a bit of a con, but it's largely the fault of DRM requirements from Hollywood studios and TV networks. Content providers have strict controls for 4K playback, so that streams can't be captured and redistributed illegally. The latest hardware decryption features simply aren't available on older Intel processors, and the new Kaby Lake chips now support 10-bit HEVC, a popular 4K video codec.

An anonymous reader quotes The Guardian: White House officials conceded on Friday that the president's hard-fought-for Trans-Pacific Partnership trade deal would not pass Congress, as lawmakers there prepared for the anti-global trade policies of President-elect Donald Trump. Earlier this week, congressional leaders in both parties said they would not bring the trade deal forward during a lame-duck session of Congress, before the formal transition of power on January 20.
One Canadian law professor had argued the case against the TPP included its unbalanced intellectual property rules and risks to privacy, while the EFF believed it locked in the worst parts of U.S. copyright law and also exported them to other countries.

In a scathing critique, the Free Software Foundation is urging the U.S. Government to drop the DMCA's anti-circumvention provisions which protect DRM. From a report on TorrentFreak:Late last year the U.S. Copyright office launched a series of public consultations to review critical aspects of the DMCA law. FSF sees no future for DRM and urges the Copyright Office to repeal the DMCA's anti-circumvention provisions. "Technological protection measures and Digital Restrictions Management (DRM) play no legitimate role in protecting copyrighted works. Instead, they are a means of controlling users and creating 'lock in'," FSF's Donald Robertson writes. According to FSF, copyright is just an excuse, the true purpose is to lock down and control users. "Companies use this control illegitimately with an eye toward extracting maximum revenue from users in ways that have little connection to actual copyright law. In fact, these restrictions are technological impediments to the rights users have under copyright law, such as fair use." Even if copyright was the main concern, DRM would be an overbroad tool to achieve the goal, the foundation notes. FSF highlights that DRM is not just used to control people but also to spy on them, by sending all kinds of personal data to technology providers. This is done to generate extra income at the expense of users' rights, they claim. "DRM enables companies to spy on their users, and use that data for profit," Robertson adds. "DRM is frequently used to spy on users by requiring that they maintain a connection to the Internet so that the program can send information back to the DRM provider about the user's actions," he adds.

An anonymous reader writes: "In compliance with US embargoes and sanctions laws, Origin is not available in Cuba, Iran, Myanmar, North Korea, Sudan, Syria, and Ukraine (Crimea region)," a community manager from EA posted in September. Engadget calls it "a reminder of the risks you take when buying copy-protected game downloads... Even if you started your account elsewhere, you aren't allowed to either visit the Origin store or use any of your purchased games."

Sunday an employee at EA's Origin game store commented "This isn't an EA-specific issue -- it's an issue that impacts all companies offering services that are covered by trade embargoes." But since the U.S. lifted sanctions on Myanmar in September, EA "is internally reviewing the situation... It's unclear to me whether we can do anything for residents of other countries that are still similarly embargoed, but I'll bring the topic up for discussion internally."

zarmanto writes: Ars Technica reports that one particular game studio might finally get it, when it comes to DRM'ed game content. They're publishing their latest game, Shadow Warrior 2, with no DRM protection at all. From the article: "We don't support piracy, but currently there isn't a good way to stop it without hurting our customers," Flying Wild Hog developer Krzysztof "KriS" Narkowicz wrote on the game's Steam forum (in response to a question about trying to force potential pirates to purchase the game instead). "Denuvo means we would have to spend money for making a worse version for our legit customers. It's like the FBI warning screen on legit movies." Expanding on those thoughts in a recent intervew with Kotaku, Narkowicz explained why he felt the DRM value proposition wasn't worth it. "Any DRM we would have needs to be implemented and tested," he told Kotaku. "We prefer to spend resources on making our game the best possible in terms of quality, rather than spending time and money on putting some protection that will not work anyway." "The trade-off is clear," Flying Wild Hog colleagues Artur Maksara and Tadeusz Zielinksi added. "We might sell a little less, but hey, that's the way the cookie crumbles! We hope that our fans, who were always very supportive, will support us this time as well," Zielinski told Kotaku. "...In our imperfect world, the best anti-pirate protection is when the games are good, highly polished, easily accessible and inexpensive," Maksara added.

An anonymous reader quotes a report from Neowin: Four years ago, Adobe made a decision to stop updating the Flash Player package (NPAPI) on Linux, aside from delivering security patches. It has made an about turn on this decision in the last week and has said that it will keep it in sync with the modern release branch going forward. In its announcement, Adobe wrote: "In the past, we communicated that NPAPI Linux releases would stop in 2017. This is no longer the case and once we have performed sufficient testing and received community feedback, we will release both NPAPI and PPAPi Linux builds with their major version numbers in sync and on a regular basis." Although this is great news for Linux users who don't want to struggle to watch Flash content online, there also a few drawbacks. Adobe writes: "Because this change is primarily a security initiative, some features (like GPU 3D acceleration and premium video DRM) will not be fully implemented. If you require this functionality we recommend that you use the PPAPI version of Flash Player." You can download the new NPAPI binaries from the Adobe Labs download page.

prisoninmate quotes a report from Softpedia: By following a rolling release model, TrueOS promises to be a cutting-edge and modern FreeBSD-based operating system for your personal computer, designed with security and simplicity in mind -- all while being stable enough to be deployed on servers. TrueOS will also make use of the security technologies from the OpenBSD project, and you can get your hands on the first Beta ISO images right now. The development team promises to offer you weekly ISO images of TrueOS, but you won't have to download anything anymore due to constant updates thanks to the rolling release model. TrueOS will use LibreSSL instead of OpenSSL, offer Linux DRM 4.7 compatibility for supporting for Intel Skylake, Haswell, and Broadwell graphics, and uses the pkg package manage system by default. "TrueOS combines the convenience of a rolling release distribution with the failsafe technology of boot environments, resulting in a system that is both current and reliable. TrueOS now tracks FreeBSD's 'Current' brand and merges features from select FreeBSD developer branches to enhance support for newer hardware and technologies," reads today's announcement.

Long-time Slashdot reader SonicSpike quotes an article from Fortune: The controversial entrepreneur Kim Dotcom said last month that he was preparing to relaunch Megaupload, the file-sharing site that U.S. and New Zealand authorities dramatically shut down in 2012, with bitcoins being involved in some way... This system will be called Bitcache, and Dotcom claimed its launch would send the bitcoin price soaring way above its current $575 value.

The launch of Megaupload 2.0 will take place on January 20, 2017, he said, urging people to "buy bitcoin while cheap, like right now, trust me..." Crucially, Dotcom said the Bitcache system would overcome bitcoin's scaling problems. "It eliminates all blockchain limitations," he claimed.
Every file transfer taking place over Megaupload "will be linked to a tiny Bitcoin micro transaction," Dotcom posted on Twitter. His extradition trial begins Monday, and he's asking the court to allow live-streaming of the trial "because of global interest in my case." Meanwhile, the FBI apparently let the registration lapse on the Megaupload domain, which they seized in 2012, and Ars Technica reports that the site is now full of porn ads.

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.