Welcome to WebmasterWorld Guest from 54.166.227.36

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Trojans Exploit Sony CD Copy-Protection On Music CDs

     
8:26 pm on Nov 2, 2005 (gmt 0)

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Sony, in their futile digital rights management efforts, has taken to playing dirty with the music CDs. Multiple security sources are confirming the existence of spyware in the form of rootkits on Sony's music CDs. This behavior is unethical in the eyes of many and the legality may be questionable as well.
emphasis mine

Full Story [securitypronews.com]

Hidden software no less, and difficult to remove. So you buy a CD from SOny BMG, pop it into your PC to play it, and bam, you have unwanted software installed on your PC and Sony made it difficult to get rid of.

Both F-Secure and SysInternals said conventional means won't get rid of the file. They said if you just delete it, it could "cripple" your computer.
1:18 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



to avoid such ...run reg mons , worm hooks , critical file checksum monitors ..and keep all your sys files in backup off machine in usb keys in constantly updated over written files ..

there are sites which run sell give away digital rights management kill apps ..but they cant be linked to from here ..

1:24 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Yeah, I popped in a Sony CD to test and my registry monitor tossed up a warning. What is Sony thinking?
1:26 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



An amazing story, and one that could cost Sony dear. As we are actually talking about a music CD, you should reasonably expect it not to contain any software at all, let alone a rootkit. Not withstanding the legal aspects of the case, it is another example of the utter futility of attempting to copy-protect a digital work - the rootkit is Windows-only, so anyone with a Mac or Linux can still rip the CD safely and share the music. Copy protection is an utterly pointless masquerade more designed to give the impression of control where none actually exists (or can exist).

When are we going to get at least one major record company who actually has the slightest notion of understanding of the phenomenon they are facing?

1:30 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I can understand the WHY of their actions, but not the HOW. As I understood from the article, the rootkit they used is a common tool for hackers and it's only a matter of time before someone exploits it. That argument was dismissed as "academic", as if, sure it can be done but who would do it. That seems kinda irresponsible...
1:47 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



>> I can understand the WHY of their actions

I can't. Seriously, I just don't get why they are doing this. Is is mass insanity within the recording industry or total miscomprehension of the issues involved? The facts are simple: you cannot "protect" digital content. How hard is that for them to understand?

4:39 am on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Western (world?) Economics remains based upon the 1776 world view of Adam Smith who in Wealth of Nations laid the foundation of current free-market economic theory. Industrialisation just beginning, everything (except human life/labour) scarce and therefor individually valuable.

Many things these days are abundant not scarce. This is true of electronics (Apollo 11 went to the moon on less computing power and memory than my calculator...yesterdays supercomputer power in todays X-Box...); agriculture (many countries now pay farmers not to grow crops to prop up prices...); communications (bandwidth that used to cost thousands, became hundreds, became tens, is almost free...radios that cost hundreds now given away free in promotions...satelite television dishes that were 4-metre diameter and 2-thousand dollars now under 0.5 metre and free with a years subscription...)

And of course the audio recordings that were expensive, analog, and individual are now affordable, digital, and abundant. But the monoliths of government and business (and most of academia) only know/understand the economics of scarcity. The economics of abundance will cause even more ridiculous luddite behaviour as the dinosaurs of economic scarcity go extinct.

A very good time not to be employed by a dinosaur.
Or stand too close to one.

10:55 pm on Nov 3, 2005 (gmt 0)

10+ Year Member



Also in Australia the only legal way you can get music onto an iPod is to buy it from the Apple iTunes store and they don't have access to all the artists people want.
8:17 pm on Nov 6, 2005 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



what this means to me?

I will NEVER buy another Sony disc again.

2:07 am on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Wow, that didn't take long:

Viruses Exploit Sony CD Copy-Protection [news.yahoo.com]

The Trojan horse programs — three have so far been identified by antivirus companies — are named so as to trigger the cloaking feature of Sony's XCP2 antipiracy technology. By piggybacking on that function, the malicious programs can enter undetected, security experts said Thursday.

So, do you think they can be sued since they install the software without telling you?

4:38 am on Nov 11, 2005 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



if there are losses caused by their "malicious" action, and you can get a lawyer to take your case... I think yes

I'd like to hear lawman's opinion on this one

10:05 am on Nov 11, 2005 (gmt 0)

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



According to that article, someone in Los Angeles has already filed suit and is going for class action status.
10:21 am on Nov 11, 2005 (gmt 0)

10+ Year Member



I think it might be a smart move for Sony to say 'OOPS' and do a major recall. That's the only way they will be able to take this blow and not lose too much.
10:26 am on Nov 11, 2005 (gmt 0)

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I'd like to hear lawman's opinion on this one

Webwork's opinion would matter more than mine. I don't do that kind of law.

6:32 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I feel more like a criminal buying movies and music than stealing them. I bought Terminator 2 WMV-HD and felt like I was committing a crime everytime their flaky server wasn't working and I had to send 20 or 30 requests to their DRM server so I could watch the movie I paid for. Not to mention I had to install special software (Interactual) to play the movie that didn't allow me to fast foward or rewind. The DRM license only lasts five days, so everytime I want to watch the movie I have to hope their DRM server is up and working otherwise I can't watch the movie. What happends if they close down that division of the company, do they shut down that DRM server also, meaning I can never watch my movie again? If DRM isn't bad enough, now they are infecting machines with trojans.

They treat their customers (the ones that pay for their products and keep them in business) like criminals. Soon they'll want a background check and fingerprints to hear a preview to the new Vanilla Ice album.

9:53 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sony is backing down from this one. They have announced that they will no longer embed this anti-piracy software (XCP copy protection system) into its CDs. I wonder it they'll recall those CDs or, will one of them get sold at a garage sale one day, and yet another PC gets infected that afternoon...

From the article I read.

We also intend to re-examine all aspects of our content protection initiative..

.. Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.
10:22 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>>>Soon they'll want a background check and fingerprints to hear a preview to the new Vanilla Ice album.

How about a sobriety test, or something for mental illness if you still want to hear Vanilla Ice.

10:47 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Easy fix = limewire
10:54 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



there's always one ..limewire is a very good way to catch nasties ..less you know the exact checksum and data map etc of what you are "inviting" ..which if you did ..you'd have it already ..would n't you ..:)..

and wouldn't feel the need to join one of these "own me" clubs ..

11:11 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



But it gets better it seems that the DRM copyright protectors made a "small" error:

dewinter dot.com slash modules.php?name=News&file=article&sid=215

11:32 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



silly me ..disregard that..(changes batteries in optimouse) ...:(

read it ..love it :))

and these are the people whom we should trust with the linux patents :o

further reading..

[sysinternals.com...]

11:57 pm on Nov 11, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



more ..
[news.bbc.co.uk...]

The wave of indignation isn't helped by this ..

Thomas Hesse president of Sony BMG's Global Digital Business division:

“Most people I think don't even know what a root kit is so why should they care about it”

well ..do we care?

12:22 am on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



But you need to understand the true irony here.

Sony's bought and paid for congress critters put laws on the books dealing with this sort of thing and there goes Sony puting pirated code on million(s) of CDs at 150K a pop it comes out well above Sony's current asset size.

12:55 am on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Oppsy.

'A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

"It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."'

From:

[thedenverchannel.com...]

[edited by: Woz at 2:19 am (utc) on Nov. 12, 2005]
[edit reason] Made link live [/edit]

1:12 am on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Sony's bought and paid for congress critters put laws on the books dealing with this sort of thing and there goes Sony puting pirated code on million(s) of CDs at 150K a pop it comes out well above Sony's current asset size.

Now if you hadn't drawn my attention to that little peice of maths I wouldn't have to be typing this on my spare keyboard and wiping the wine off of the screen ..:))

A small price to pay for such a thought tho ..

How fast can sony stock fall ..

interesting side issue in there about the competence or lack of it shown by the emails from "ceri" ..and also the ISP sticky services they do ..the largest ISP here in France ..semi government owned wanadoo uses their tech ..I wonder if they are legal in doing so?

well ..I can now spend sunday afternoon translating the form letter thats to be found in the blog for the benefit of non english speaking french IT sites ..

I remember some folks thinking that I was joking when last year I posted a list of possibles ..( including letting people play music CD's on PC's ) how to compromise the security of someones system ..that the "Lan guy" said was OK ..

Didn't think at the time that Sony were gonna be the next "ninja hackers" ..

1:37 am on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



We will see, at least Sony has suspended the DRM mess for the time being.

This will be a fun one to watch.

1:45 am on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



But
Have they recalled all the cd's ..via prime time TV and radio " we got it wrong and it's our fault your pc wont work" ads in all languages ...in all countries ..

and posters in all music stores in all countries
and offered to pay for the fix to all machines affected..?

how come I don't think so ...

3:21 pm on Nov 12, 2005 (gmt 0)



>> and one that could cost Sony dear

let's hope so. They sue people when they get harmed so a bit of payback would be nice. Hopefully it's a large enough settlement to send a message

3:47 pm on Nov 12, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Well it could also be a huge problem for them in another sense, for they have an legal obligation to provide some things and because of what they have done would amount to a little clash with the anticircumvention provisions of the DCMA.
9:50 pm on Nov 12, 2005 (gmt 0)

10+ Year Member



Wow this entire thread blew me away, I agree, when will anyone get it. SONY looks like a bunch of spoiled brats/executives that have no clue AT ALL!

Hollywood

This 72 message thread spans 3 pages: 72
 

Featured Threads

Hot Threads This Week

Hot Threads This Month