Microsoft Vista has, in the few days that it has been on general release, managed to avoid the embarrassment of anyone poking major holes in its security from the perspective of protection of consumer PC integrity at least. However, everything is not so sweet when it comes to those media companies looking for Vista, and in particular the Protected Media Path (PMP) it uses to ensure that protected content cannot be played back on hardware not certified so to do.
The problem being that security researcher Alex Ionescu, while on a workaround for the PatchGuard 64-bit driver signing in Vista, stumbled upon code that effectively bypasses PMP entirely and so means that anyone using it could play back protected HD-DVD content on uncertified computers. Sure, Microsoft can and probably will issue a patch to fix the error. But according to Ionescu it will be a very short term fix because he insists that the patch itself can then be bypassed using similar methods as he employed originally.
Fortunately for Microsoft, Ionescu has decided against releasing the code for now as he has no desire to violate the DMCA, which it would if seen as being an anti-DRM tool. The bad news is that he is apparently investigating if there are ways around this by crippling the binary and putting the emphasis on the security research side of things.
Or at least he might be if he still had a blog to publish his research to. At the time of writing his blog returns an error message stating that “Account for domain www.alex-ionescu.com has been suspended” although the reasons for this remain unclear. I would like to think it is purely a coincidence, maybe a payment oversight, maybe a bandwidth problem caused by the amount of traffic flowing in that direction as a result of the Vista DRM crack story breaking. But a combination of the conspiracy theorist in me with a journalistic distrust of coincidence, means I suspect something more sinister is at play here.
My emails to Alex have gone unanswered for now, but then again it is the weekend and we don’t all live our lives online. Maybe someone who knows Alex can contact him and update us all in the course of the next day or two? In the meantime it may be worth keeping an eye on his old blog and the ReactOS Wiki.