[Seth-Trips] Bunnie on Xbox at CHES, Redwood City, August 13

Seth David Schoen schoen at loyalty.org
Thu Aug 8 15:59:11 PDT 2002

I'm going to go hear Bunnie explain how he was able to hack the Xbox
(although I've already read his paper half a dozen times or so).
Attending CHES looks pretty expensive, though.

----- Forwarded message from Will Doherty <wild at eff.org> -----

To: presslist at eff.org
From: Will Doherty <wild at eff.org>
Date: Thu, 08 Aug 2002 12:07:35 -0700
Subject:  EFF: Paper Explains Flaw in Videogame Security System,

Electronic Frontier Foundation Media Advisory

For Immediate Release: Thursday, August 8, 2002


Lee Tien
  Senior Staff Attorney
  Electronic Frontier Foundation
  tien at eff.org
  +1 415 436-9333 x102 (office), +1 510 501-8755 (cell)

Paper Explains Flaw in Videogame Security System

Researcher Escapes Chilling Effect of Digital Copyright Law

San Francisco - The Electronic Frontier Foundation (EFF) is
pleased to announce that former MIT doctoral student Andrew
"Bunnie" Huang will present a paper explaining a security
flaw in the Microsoft Xbox (TM) videogame system.

Huang will present his paper, "Keeping Secrets in Hardware:
the Microsoft X-BOX Case Study," at 5:25 p.m. PDT on
August 13, 2002, at the 2002 Workshop on Cryptographic
Hardware and Embedded Systems (CHES 2002) in Redwood
City, California (Aug. 13-15, 2002).

The Xbox security system is intended to allow people to
play only videogames authorized by Microsoft.  Huang's
paper "shows how a person could defeat that system with
a small hardware investment," said MIT Professor Hal
Abelson, one of Huang's advisors.  "More importantly, the
paper relates the security vulnerability to a general
design flaw shared by other high-profile security systems
such as the government's Clipper Chip and the movie
industry's Contents Scrambling System (CSS) for DVD

Huang contacted EFF in March after his advisors told him
that his preliminary findings raised potentially significant
legal questions.  With the help of Boston College law
professor Joe Liu, EFF worked with Huang, Abelson, and MIT
administrators to analyze the legal issues and draft
letters notifying Microsoft of Huang's research findings
and intended publication, one of the steps encouraged by
Digital Millennium Copyright Act (DMCA).

Microsoft told Huang and Abelson that while it might prefer
that the paper not be published, it would be inappropriate
to ask MIT to withhold the paper.

"Microsoft deserves praise for making no attempt to control
publication," said Abelson. "Their response shows that
they value academic freedom, and that they appreciate the
critical role of unfettered research and publication in
advancing technology."

Other companies have reacted otherwise, using the DMCA
to threaten researchers. The Recording Industry Association
of America last year warned Princeton Professor Edward
Felten after his research team exposed weaknesses in
digital music security technologies. Last month, Hewlett
Packard (HP) threatened research collective SnoSoft over
exposing a security vulnerability in HP's Tru64 Unix
operating system.  Soon after, HP clarified that it would
not use the DMCA to stifle research or impede the flow of
information that would improve computer security.

Huang said that while he is glad he can openly present his
paper, "The DMCA clearly had a chilling effect on my work.
I was afraid to submit my research for peer review until
after the EFF's efforts to clear potential legal

"Researchers should be analyzing security, not worrying
about getting sued," said EFF Senior Staff Attorney Lee

For this release:

For Huang's paper:

For the CHES program:

EFF "Unintended Consequences: Three Years Under the DMCA"

RIAA sues Professor Edward Felten over SDMI:

An article about Hewlett-Packard's threatening SnoSoft:

About EFF:

The Electronic Frontier Foundation is the leading civil
liberties organization working to protect rights in the
digital world. Founded in 1990, EFF actively encourages and
challenges industry and government to support free
expression and privacy online. EFF is a member-supported
organization and maintains one of the most-linked-to
websites in the world at


----- End forwarded message -----

Seth David Schoen <schoen at loyalty.org> | Reading is a right, not a feature!
     http://www.loyalty.org/~schoen/   |                 -- Kathryn Myronuk
     http://vitanuova.loyalty.org/     |

More information about the Seth-Trips mailing list