More disturbing is the list of other companies that may have been using this " crap code " ..was going to write nasty technology ..and having loaded some of it onto a spare box ..nope it's crap code ..

Nevertheless the damage to bystanders may be huge enough to break Sony via class action

Sony are dumb and their execs ought to be sanctioned heavily ( against TOS here to say what I really think they ought to be ..)

This won't "break" Sony. It will be an expensive lesson. It's curious to see the 'out for blood', bankrupt them, and send me to a lifetime of isolation reactions from people vs. those who want sony to make it right and nothing more. People make mistakes or even whole divisions within a company may make utterly stupid decisions. Don't hope for the dimise of an entire corporation based on initial findings over a stupid decision. After all what is the current total of mayhem their CD's have caused to date?

Make it right Sony, nothing more.

>>Make it right Sony, nothing more.

"smart money" means something different to lawyers than it does to financial advisors. :)

See definition 3 HERE [encarta.msn.com]

As of late yesterday there were 6 lawsuits in some stage of preparation, SONY was backpedaling, US Homeland Security issued an oppsy warning in effect, and several virus detection companys have classified it as spyware, at least one group is warning that it could result in shortening the life of a users computer system.

Seems that there is plenty to watch and more will take place.

LightningUk is revenged ;)..GFO..

and they are part of the trusted consortium "looking after linux"

I must not larf ..I must not larf ..

'scuse me ..I just DeCSS'd myself! ;)

Bill bites back ..

"We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool [and] it will also be included in the signature set for the online scanner on Windows Live Safety Center," Garms announced in an blog entry.

Garms said an analysis of the XCP software that ships on about 20 Sony BMG Music CDs led to the determination that zapping rootkit would protect Windows users.

story ..[eweek.com ]

<snip blog link>

[eweek.com ]

[edited by: lawman at 3:12 am (utc) on Nov. 13, 2005]

For years Windows users have been getting security advise like 'do not click on attachments' and 'install a virus scanner' and 'use a firewall' - all emphasizing the responsibility of the PC user. And now we read that simply putting an audio CD into the CDROM drive can install all sorts of invisible trouble. How come my OS allows this to happen? I'd say Sony is not alone in being unethical.

For years windows users have been told that it wasn't safe to run.

Automatic anything is a problem.

BTW at some point in the current saga sits Symantec.

dont they always :)

According to the MS Anti-Malware Engineering Team [blogs.technet.com] they will be removing the Sony Rootkit via the Malicious Software Removal Tool which will be updated in the December round of updates to Windows AntiSpyware.

And some companies are clamping down on using music cds:

<snip>

Mods feel free to make the link active as you see fit.

[edited by: lawman at 1:42 am (utc) on Nov. 20, 2005]
[edit reason] Unlinked URLs Not Allowed - Repost With Link [/edit]

USA Today reports:

Sony BMG Music Entertainment said Monday it will pull some of its most popular CDs from stores in response to backlash over copy-protection software on the discs.

They still didn't say if they are gonna fix all the machines that got hit /will be hit by stray CD's out there ...

Nor if they are gonna advertise all over the media about them hacking peoples machines and apologising ..

How long do virii /trojan / kit writers ususlly get in jail when caught?

Sony's and First 4's CEO etc should be treated just like any student from Manilla ..

Sony's "fix" apparently just makes things worse [businessweek.com]:

But the uninstaller has created a new set of problems.

To get the uninstall program, users have to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.

According to the Princeton analysis, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.

"The consequences of the flaw are severe," Felten and Halderman wrote in a blog posting Tuesday. "It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get."

I wonder how many people are infected by this?

There is a whole bunch of people who are not going to buy any of Sonys other excellent products. What were they thinking?

I wonder how many people are infected by this?

millions and it will grow ..also Sony may not have been the only ones to have used this "technology" from first 4 internet ..

This DRM package or in general there are over 68,000 protected content items in Amazon's catalog, and more than just the Sony labels are using it from some newer information poping up.

Sorry no links, most folks here know how to query Google and Amazon.

Article in not too techie language here [tgdaily.com] about the two latest trojans from the hackworlds that use this so kindly provided Item from Sony to do other things with your machine

And here [sophos.com] to the Sophos page for the tool to remove the cloaking element ( although not the entire DRAM rootkit )..so at least you can look for existing infections on your machines ..there are two versions of the sophos app ..one "domestic" and one command line ..if you aren't used to command line work ..use the gui version and follow instructions ..

The Sony rootkits progression is faster than most old time virii ..article [tgdaily.com]..

Maps of Sony root kit infection as reported by DNS servers that have been "phoned" by the Sony critter trying to phone home and report ..as the article says ..each point is one dns server their may be from one to many thousands of machines behind each dns server ..so infection may be at 3 million machines or more and climbing ..
USA [doxpara.com.nyud.net]
ASIA [doxpara.com.nyud.net]
EUROPE [doxpara.com.nyud.net]

Well Sony is doing a recall.

Sony recall story [foxnews.com]

The sad thing about Digital Rights Management and Digital Mechanisms for securing audio content is that, apart from the fact that they can nearly always be, or are hacked, is that whenever the big companies sit around the table all they can do is squabble about whose Protection System is going to be the Industry Standard.

If the ego's of these companies weren't so big we'd of had at least have had something across the board that manufacturers and developers could use as a standard. I horror to think how much money has been poured into DRM that could instead have gone into Artist Development!

But no as it stands we just have "mine is better than yours" and the artists/publishers musical works ultimately gets copied across the board loosing out on Royalties and more good music from them in the future.
Rantover.

You have to remeber that the folks doing all of the squabling are clueless arrogant PHB types all of whom think they are all there is or will be.

This time around they not only did something stupid, but every action they have taken since then has been even more stupid.

I do not think their recall even covers all of the items it should.

You wait there is more to come out of this mess.

In addition to the LGPL code from LAME, there is also some GPL code buried in there that handles DVDs.

Some folks might want to start checking Sony DVDs as well.

Also those about boy wizards that want to install their own "player" ;)

It appears to also have a DRM circumvention routine for Apple products. Opps.

Circumvention story here [hack.fi]

Sony's MediaMax Uninstaller Also Opens Security Hole [freedom-to-tinker.com]
I have good news and bad news about Sony’s other CD DRM technology, the SunnComm MediaMax system. Here’s the good news: As several readers have pointed out, SunnComm will provide a tool to uninstall their software if users pester them enough. Typically this requires at least two rounds of emails with the company’s support staff.

Now the bad news: It turns out that the web-based uninstaller SunnComm provides opens up a major security hole very similar to the one created by the web-based uninstaller for Sony’s other DRM, XCP, that we announced a few days ago. I have verified that it is possible for a malicious web site to use the SunnComm hole to take control of PCs where the uninstaller has been used. In fact, the the SunnComm problem is easier to exploit than the XCP uninstaller flaw. - Freedom to Tinker

DVD Jon's Blog - Yes, He Knows [nanocrew.net]
Jon Johansen's blog, So Sue Me, shows the following entry, followed by many impassioned pleas from readers to please, please, please sue Sony: "The Sony DRM rootkit saga just keeps getting better. Sony is infringing the copyright of several open source projects. Matti Nikki who has been doing research into this mailed me to let me know that some of the code Sony has ripped off is the FairPlay code that I wrote for VLC." - So Sue Me

A little levity, anyone?

New Sony Digital Camera Installs Rootkit to Stop Photo Sharing [bbspot.com]

"I tried to send a picture of my daughter to her Uncle Tim, but this window popped up saying it was blocked. I decided to print it out and mail it to him. There was a 14-page license agreement that printed out first that I had to fill out and fax to Sony so they could send me an authorization code to print out the picture."

Thanks for the link balam :)

<levity>

Good one.

</levity>

If you wanna have a good laugh read this:

"Sony's CD rootkit infringes DVD Jon's copyright

Sony's rootkit-style DRM software, XCP, designed to prevent copyright infringement, looks like it's breaching the terms of a copyright agreement itself."

[theregister.co.uk...]

A little piece of tape [theregister.co.uk] will defeat Sony's DRM. I'm guessing that a permanent marker [cdrinfo.com] would have the same effect.

Sadly, masking tape and permanent markers are now illegal to possess under the DMCA.