Wednesday, May 21, 2008

Apple's Stumbles with Bombs and DRM

Besides all the hype and "unconfirmed sources" cited in the run-up to the release of the 3G iPhone - Apple is finding itself in another round of bitch-slapping regarding it's Safari browser and it's DRM-protected content in iTunes.

First off - the "carpet bombing" hole in Safari. This little baby raised its ugly head over the last couple of days. Turns out Nitesh Dhanjani originally discovered that it is possible for a booby-trapped Web site to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX) with executables that look like "real" application icons.

“This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed),” Dhanjani said, warning that it could be used as a drive-by badware distribution mechanism.

Even Google-backed got in on the act - questioning whether Apple should take a look at this bug (or feature, depending on your perspective) and determine whether it qualifies as a security risk or not.

DUH! Hmmm... some baddie can just create cute icons in the default download location that are shortcuts to a website or app that can cause damage? I'd call that a security hole. I mean, the least they should do is put in a preference for it - so the user has a choice.

The other area where Apple is wearing a "kick me" sign has to do with it's retarded instance on crippling its iTunes downloads (most of them, anyway) with their FairPlay Digital Rights Management (DRM) encoding. Of course, anyone can get around it by burning stuff to a CD and then re-ripping the thing - but really, who has the time to do that?

Now that everyone and their dog from Amazon, to Napster, to Netflix has DRM-free MP3s - how long does Apple think it will take for folks like Yahoo, Zune, and RealNetworks to ink their own deals?

Not long. Really.

Hey Steve, now that you're you're striking royalty-free iPhone distribution deals (in other countries) - what about making FairPlay = DRM-free? And for goodness sake - add a damn preference to Safari while you're at it.

Remember Newton? Remember OS 7? Cool - but eventually both technologies got their asses kicked by the competition. Don't let it happen again!

No comments:

Web Analytics