Admin Insider Threat - Not Only a Network Access Problem

Computer world article discusses the recent data and software sabotage caused by a former network engineer at Council of Community Clinics (CCC) in San Diego. In this scenario back-up data and software were deleted, but imagine the threat of a former employee with privileged access replacing key software with software containing injected malware. This type of attack may never be noticed because IPS and end point security systems would see it as a legitimate process.

Vic

Microsoft WGA Issues and On-line Activation

The recent failure with its Genuine Advantage (WGA) validation system (see Gregg Keizer's Computer World story) illustrates the downsides of using on-line activation for licensing and software protection. Although activation holds promise for helping to deter software piracy, it introduces a dependency and point of failure that is not be acceptable for all applications. However, it’s a difficult problem to resolve without greater software protection, because as soon as you allow an offline licensing scenario to exist it will be exploited by the piracy crack groups.

Vic

Content Piracy or Software IP - where should we focus

Rob Preston’s blog “Where Do You Stand On Intellectual Property Rights?” discusses the recent  SIIA case where Knowledge Networks had settled an IP infringement claim based on evidence presented by a whistle blower that executives had distributed unlicensed content. Although the content is considered IP, the industry in general needs to focus these types of programs on the rampant software IP infringements that are occurring in the emerging markets.

- Vic

Organized Crime Adopts Software Piracy

A anti-piracy raid uncovers organized crime links. Further evidence of how piracy has evolved from a hobby to a an illegal business. Crime syndicates would not be interested in piracy unless it was easy and profitable. There have been other studies that reiforced this. The below chart from UK National Criminal Intelligence Service data in 2004 showed the mark up associated with piracy goods when compared to Heroin and Cocaine was higher and had far lower risk of getting caught.

License enforcement gone wrong

Interesting post that describes how to subvert an anti-virus vendors'  weak license enforcement to shut down the AV functions.  Clearly mission critical applications like AV have consider better approach that does not introduce new vulnerabilities.

-Vic

Legitimate face of piracy

I constantly receive spam with "too good to be true" prices on high end software. Most likely a by-product of my piracy Web research. However when I visit some of these sites I am impressed with the legitimate look and feel of their on-line stores (see screen shot of an example). I can certainly see an a novice software buyer purchasing from this site and unknowingly pirating software. When I did a whois on this specific example Web site it of course pointed back to China.

Vic

Protecting Backdoors in Applications

Russian firm suspects Intuit added backdoors in Quicken application for US law enforcement (read ComputerWorld article). Although we can argue the ethics of a software vendor doing this, it is a good example where software protection technology should be provided to protect these features.

Vic

New Data from BSA/IDC Indicate Piracy Growth

BSA/IDC's latest annual report is out and stills shows large losses attributed piracy. I think they nailed it in terms of true root cause for this ,

"a rapid influx of new PC users in the consumer and small-business sectors, the increased availability of pirated software over the Internet, and difficult enforcement and education over sometimes sprawling geographies."

However, the steps they suggest for reducing piracy (i.e., education/awareness, WIPO treated) do not go far enough and do not limit the availability of software piracy. This will require a combination of software protection and licensing.

Vic

Rockwell Automation Software Pirated on eBay

Another example of piracy aimed at high value software, in this case Rockwell Automation's software products which are worth as much as $11,325 retail. Link to the DOJ's release here (http://www.cybercrime.gov/barberConvict.htm).

Vic

Secure Offshore Development

Diana Kelley from Burton Group recently published a great article on what you should consider when outsourcing. She mentions application outsourcing. Normally organizations use NDA and threat of sudits to secure their code when outsourcing. From a security perspective there are ways to enhance protection of your organization’s IP resident within software when using off shore development resources. Rather then just providing source code, you could distribute the really sensitive components in complied form and still allow development around these. Of course if the risk of piracy or competitor access to code is high then software protection technology can be utilized to reduce these risks.

Vic