Microsoft Vista has, in the few days that it has been on general release, managed to avoid the embarrassment of anyone poking major holes in its security from the perspective of protection of consumer PC integrity at least. However, everything is not so sweet when it comes to those media companies looking for Vista, and in particular the Protected Media Path (PMP) it uses to ensure that protected content cannot be played back on hardware not certified so to do.

The problem being that security researcher Alex Ionescu, while on a workaround for the PatchGuard 64-bit driver signing in Vista, stumbled upon code that effectively bypasses PMP entirely and so means that anyone using it could play back protected HD-DVD content on uncertified computers. Sure, Microsoft can and probably will issue a patch to fix the error. But according to Ionescu it will be a very short term fix because he insists that the patch itself can then be bypassed using similar methods as he employed originally.

Fortunately for Microsoft, Ionescu has decided against releasing the code for now as he has no desire to violate the DMCA, which it would if seen as being an anti-DRM tool. The bad news is that he is apparently investigating if there are ways around this by crippling the binary and putting the emphasis on the security research side of things.

Or at least he might be if he still had a blog to publish his research to. At the time of writing his blog returns an error message stating that “Account for domain has been suspended” although the reasons for this remain unclear. I would like to think it is purely a coincidence, maybe a payment oversight, maybe a bandwidth problem caused by the amount of traffic flowing in that direction as a result of the Vista DRM crack story breaking. But a combination of the conspiracy theorist in me with a journalistic distrust of coincidence, means I suspect something more sinister is at play here.

My emails to Alex have gone unanswered for now, but then again it is the weekend and we don’t all live our lives online. Maybe someone who knows Alex can contact him and update us all in the course of the next day or two? In the meantime it may be worth keeping an eye on his old blog and the ReactOS Wiki.

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

if his domain is inactive emails to that domain won't be delivered, DOH!

If he published content that's in violation of the law (which cracks certainly would be, whichever excuse he uses to publish them) his hosting provider may well have pulled the plug, wouldn't be the first time.

The email address I sent to was not, obviously, at the domain that has been suspended but rather at his ReactOS mailbox. Double Doh! :)

As mentioned in the posting, Ionescu did not publish his code nor enough detail for anyone to be able to duplicate it. He published the fact that he had managed to stumble across a way to bypass the Vista DRM protection, and explained how this was possible. That is something that is not in violation of the law, and indeed he showed responsibility in not puclishing the code itself.

And now, you can see for yourself because the domain and blog is back up again...