[nycbug-talk] Protecting a CD

Bob Ippolito bob
Fri Jun 25 10:20:28 EDT 2004


On Jun 25, 2004, at 10:00 AM, Hans Zaunere wrote:

> Let's say there is a CD that contains a knowledge base of information 
> on
> it, and it needs to be distributed.  The knowledge base needs to be
> protected from copying or dumping all the data, and should only be
> accessible through an Apache/Web application that is distributed on the
> CD.
>
> My main question is would OpenBSD (or some other flavor) offer an
> encrypted filesystem that would help in this case?  There are a couple
> variables I've been thinking about that makes the answer unclear to me
> (read-only filesystem, Apache will need to read the data anyway, etc).
>
> Any thoughts would be appreciated,

Well anything that the computer can see, a person can see too.  Imagine 
running this under Bochs.  Why not host it remotely and allow access 
only through VPN+HTTPS w/ client certs or something?  What about just 
duplicating the CD?  Distributing an image of Bochs+CD to all your 
friends?  Screen scraping the hell out of it until all the data is 
sapped?

Your problem is that the private key for whatever you're trying to 
protect must ALSO be at that computer.. so any encryption or whatever 
that you do is really just a nuisance, not a roadblock.  Look at what 
happened to CSS, or any given DRM scheme, for example.

Maybe your best option is to just give up and allow less restricted 
access to your data.  It's probably better for your business to sue the 
hell out of them if they break the law than to make it difficult for 
them to use the software.  One way to make it easier to sue the hell 
out of them may be to watermark the data with the customer's 
information in such a way that it's not easily detected (and thus, not 
likely to be removed)...

-bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2357 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040625/e9e18fa3/attachment.bin 



More information about the talk mailing list