DoubleTwist Cracks iTunes DRM

DoubleTwist announced today that, in divergence from Apple’s mostly proprietary model, you now can transfer files from iTunes to other media devices including Nokia, Microsoft and Sony:

“When you receive an email, you can read it on your Blackberry, web mail, or Outlook. E-mail just works. With digital media such as video from a friend’s cell phone or your own iTunes playlists, it’s a jungle out there. It can be an hour-long exercise in futility to convert files to the correct format and transfer them to your Sony PSP or your phone” said Monique Farantzos, co-founder and CEO of doubleTwist. “The digital media landscape has become a tower of Babel, alienating and frustrating consumers. Our goal is to provide a simple and well integrated solution that the average consumer can use to eliminate the headaches associated with their expanding digital universe.”

Quote from a PDF announcement.

Sometimes people refer to security as a headache. I’ll try to sidestep that point. Hmmm, who owns the email content? Who “owns” the digital media? Maybe that’s his point.

Personally, I think the Nokia N96 is a much better device than the iPhone but I’m not sure I have enough incentive from Apple to want to use iTunes with the Nokia. Then again, I still remember when open mp3 file servers were hosted in Sweden and shared through the supercomputer center in San Diego, so maybe I’m just behind the times and need to learn to use a “free” Apple GUI to access pay-per-use music.

US Toy and Food Safety Laws

I wrote about this issue a while ago, and now the questions I pondered are being answered. The BBC reports:

A mandatory certification programme is now being developed by the US Toy Industry Association and the CPSC as part of the House of Representatives bill on consumer safety.

The plan provides for stricter procedures for analysing safety during the design and manufacturing of toys and the testing of finished products, as well as factory audits.

Sounds good, although the fact that there are huge beef recalls in recent news does not inspire a lot of confidence in the controls system proposed. In particular, I was just reading how a massive California meat recall was started after undercover video was released by the Humane Society.

The recall by the Westland/Hallmark Meat Company, based in Chino, Calif., comes after a widening animal-abuse scandal that started after the Humane Society of the United States distributed an undercover video on Jan. 30 that showed workers kicking sick cows and using forklifts to force them to walk.

[…]

The video was embarrassing for the Department of Agriculture, as inspectors are supposed to be monitoring slaughterhouses for abuse. It surfaced after a year of increasing concerns about the safety of the meat supply amid a sharp increase in the number of recalls tied to a particularly deadly form of the E. coli pathogen.

And in another case auditors discovered that their inspectors audited the wrong Chinese facility. Controls are definitely non-trivial to design and manage properly.

“The recall is obviously the big news,” said Wayne Pacelle, president and chief executive of the Humane Society. “The longer-term problem is the inadequacies of the inspection system. How can so many downers [cows that can no longer walk] have been mistreated day after day within a U.S.D.A. oversight system that was present at the plant?

“We need more boots on the ground at the plants,” he said.

Yes, although the fact that the video on YouTube created a public outcry might suggest some technology solutions that could reduce this requirement for “boots”. Surveillance obviously has some advantages over moving bodies, especially in terms of remote locations. And the fact that surveillance, video and RFID, might also help ranchers manage their own stocks could make it a good thing for everyone. On the flip side, everyone knows that ranchers hate accuracy and measurements in the system as it shifts the balance of control away from them and into the regulators/auditors. That means higher tax and overhead implications. Like I said, controls are non-trivial to design properly.

Press Pass to RSA

Many years ago a friend who is well respected within the security community told me he was going to RSA on a press pass. “It’s free, easy and I don’t really like the conference” he explained as I asked why he did not just register to be a speaker as usual.

I suspected that he was getting some sort of weird satisfaction from getting free access through a legitimate channel, like a soft hack. Perhaps he could argue he was actually doing some press work by being so active in the security community, while at the same time no one really considered him a member of the press.

Since I will be presenting at RSA this year, or to be more accurate “leading” a peer-to-peer session, I get a full conference pass for free. But the thought did cross my mind to use the “FOR PRESS” method…

BTW, this is not just a phenomenon for RSA but any conference you might be interested in attending. The bar to prove press credentials is not terribly high:

Press credentials are restricted to press and industry research analysts who provide a business card with an editorial title, a current masthead that includes their name and a sample of a bylined article or industry-related report published within the past six months. Bloggers are subject to the same press registration process as all other media, and registration will be judged based the credibility of the blog. Information such as the focus of the blog, the longevity of the blog, frequency of updates, Technorati ratings and number of page views will be taken into consideration.

Or maybe it is just high enough?

South Africa Scorpions in Political Row

Managing security sure can be a tricky business. What happens when you have to investigate in places that are sensitive or politically tricky? There is no perfect answer. Consider the situation of a South African group called the Scorpions that was created in 1999 and charged with fighting organized crime and corruption:

Earlier this month, a court provisionally charged the former police chief with corruption, accepting bribes worth 1.2m rand ($160,000, £80,000) and defeating the course of justice, after investigations by the Scorpions.

Two problems jump out here:

  1. The group is relatively new, so their political support base will not be strong. People may not even know how much strength or legitimacy they have in their message
  2. They are old enough to be past their “honeymoon” period and on their own in terms of building credibility and independence

Combine those two and you end up with a tricky situation, especially when they are going after a former police chief.

South Africa’s security minister has tabled a proposal in parliament calling for the FBI-style Scorpions special investigations unit to be disbanded.

This row over the right level of independence needed for security investigations will be an interesting one to watch.