Canon "Original Data Security Kit" proved useless

Canon Original Data Security System Vulnerability

Modern DSLR cameras produced by Canon feature Original Data Security system which is meant to securely validate the authenticity of image data and prove image genuineness. Accordingly, one can use OSK-E3 (Canon Original Data Security Kit) which comprises smart card and special software to verify a digitally signed image.

ElcomSoft discovered the vulnerability which allows producing images that will be positively validated by Canon’s own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine.

I first mocked this snake-oil in 2005: I'm glad someone finally got around to cracking it.

Tags: , ,

Law and the Multiverse: Is Batman a State Actor?

Is Batman a State Actor?

As a result, evidence that a superhero obtains by breaking into a villain’s headquarters is admissible even though it was obtained illegally. See, Burdeau v. McDowell, 256 U.S. 465 (1921). And since it doesn’t invoke the fruit of the poisonous tree doctrine, any additional evidence obtained via the original evidence would also be admissible. [...]

In the real world, this would cause significant problems for Batman and Gotham. Batman’s rough and tumble style would lead to a rash of Section 1983 claims for damages and probably also for an injunction against Batman’s future cooperation in police investigations. As discussed earlier, most evidence that Batman collects would be inadmissible, and police use of that evidence might bar the use of additional evidence collected during a subsequent police investigation.

Tags: ,