Welcome to WebmasterWorld Guest from 54.226.110.143

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Trojans Exploit Sony CD Copy-Protection On Music CDs

     
8:26 pm on Nov 2, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 23, 2002
posts:3687
votes: 0


Sony, in their futile digital rights management efforts, has taken to playing dirty with the music CDs. Multiple security sources are confirming the existence of spyware in the form of rootkits on Sony's music CDs. This behavior is unethical in the eyes of many and the legality may be questionable as well.
emphasis mine

Full Story [securitypronews.com]

Hidden software no less, and difficult to remove. So you buy a CD from SOny BMG, pop it into your PC to play it, and bam, you have unwanted software installed on your PC and Sony made it difficult to get rid of.

Both F-Secure and SysInternals said conventional means won't get rid of the file. They said if you just delete it, it could "cripple" your computer.
1:18 am on Nov 3, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


to avoid such ...run reg mons , worm hooks , critical file checksum monitors ..and keep all your sys files in backup off machine in usb keys in constantly updated over written files ..

there are sites which run sell give away digital rights management kill apps ..but they cant be linked to from here ..

1:24 am on Nov 3, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 23, 2002
posts:3687
votes: 0


Yeah, I popped in a Sony CD to test and my registry monitor tossed up a warning. What is Sony thinking?
1:26 am on Nov 3, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


An amazing story, and one that could cost Sony dear. As we are actually talking about a music CD, you should reasonably expect it not to contain any software at all, let alone a rootkit. Not withstanding the legal aspects of the case, it is another example of the utter futility of attempting to copy-protect a digital work - the rootkit is Windows-only, so anyone with a Mac or Linux can still rip the CD safely and share the music. Copy protection is an utterly pointless masquerade more designed to give the impression of control where none actually exists (or can exist).

When are we going to get at least one major record company who actually has the slightest notion of understanding of the phenomenon they are facing?

1:30 am on Nov 3, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 7, 2003
posts:1406
votes: 0


I can understand the WHY of their actions, but not the HOW. As I understood from the article, the rootkit they used is a common tool for hackers and it's only a matter of time before someone exploits it. That argument was dismissed as "academic", as if, sure it can be done but who would do it. That seems kinda irresponsible...
1:47 am on Nov 3, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


>> I can understand the WHY of their actions

I can't. Seriously, I just don't get why they are doing this. Is is mass insanity within the recording industry or total miscomprehension of the issues involved? The facts are simple: you cannot "protect" digital content. How hard is that for them to understand?

4:39 am on Nov 3, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 25, 2003
posts:943
votes: 125


Western (world?) Economics remains based upon the 1776 world view of Adam Smith who in Wealth of Nations laid the foundation of current free-market economic theory. Industrialisation just beginning, everything (except human life/labour) scarce and therefor individually valuable.

Many things these days are abundant not scarce. This is true of electronics (Apollo 11 went to the moon on less computing power and memory than my calculator...yesterdays supercomputer power in todays X-Box...); agriculture (many countries now pay farmers not to grow crops to prop up prices...); communications (bandwidth that used to cost thousands, became hundreds, became tens, is almost free...radios that cost hundreds now given away free in promotions...satelite television dishes that were 4-metre diameter and 2-thousand dollars now under 0.5 metre and free with a years subscription...)

And of course the audio recordings that were expensive, analog, and individual are now affordable, digital, and abundant. But the monoliths of government and business (and most of academia) only know/understand the economics of scarcity. The economics of abundance will cause even more ridiculous luddite behaviour as the dinosaurs of economic scarcity go extinct.

A very good time not to be employed by a dinosaur.
Or stand too close to one.

10:55 pm on Nov 3, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Oct 20, 2003
posts:252
votes: 1


Also in Australia the only legal way you can get music onto an iPod is to buy it from the Apple iTunes store and they don't have access to all the artists people want.
8:17 pm on Nov 6, 2005 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


what this means to me?

I will NEVER buy another Sony disc again.

2:07 am on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 18, 2002
posts:2307
votes: 31


Wow, that didn't take long:

Viruses Exploit Sony CD Copy-Protection [news.yahoo.com]

The Trojan horse programs — three have so far been identified by antivirus companies — are named so as to trigger the cloaking feature of Sony's XCP2 antipiracy technology. By piggybacking on that function, the malicious programs can enter undetected, security experts said Thursday.

So, do you think they can be sued since they install the software without telling you?

4:38 am on Nov 11, 2005 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


if there are losses caused by their "malicious" action, and you can get a lawyer to take your case... I think yes

I'd like to hear lawman's opinion on this one

10:05 am on Nov 11, 2005 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14221
votes: 226


According to that article, someone in Los Angeles has already filed suit and is going for class action status.
10:21 am on Nov 11, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Feb 25, 2003
posts:323
votes: 0


I think it might be a smart move for Sony to say 'OOPS' and do a major recall. That's the only way they will be able to take this blow and not lose too much.
10:26 am on Nov 11, 2005 (gmt 0)

Moderator This Forum

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 28, 2001
posts:3569
votes: 42


I'd like to hear lawman's opinion on this one

Webwork's opinion would matter more than mine. I don't do that kind of law.

6:32 pm on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 8, 2004
posts:865
votes: 0


I feel more like a criminal buying movies and music than stealing them. I bought Terminator 2 WMV-HD and felt like I was committing a crime everytime their flaky server wasn't working and I had to send 20 or 30 requests to their DRM server so I could watch the movie I paid for. Not to mention I had to install special software (Interactual) to play the movie that didn't allow me to fast foward or rewind. The DRM license only lasts five days, so everytime I want to watch the movie I have to hope their DRM server is up and working otherwise I can't watch the movie. What happends if they close down that division of the company, do they shut down that DRM server also, meaning I can never watch my movie again? If DRM isn't bad enough, now they are infecting machines with trojans.

They treat their customers (the ones that pay for their products and keep them in business) like criminals. Soon they'll want a background check and fingerprints to hear a preview to the new Vanilla Ice album.

9:53 pm on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 7, 2003
posts:1406
votes: 0


Sony is backing down from this one. They have announced that they will no longer embed this anti-piracy software (XCP copy protection system) into its CDs. I wonder it they'll recall those CDs or, will one of them get sold at a garage sale one day, and yet another PC gets infected that afternoon...

From the article I read.

We also intend to re-examine all aspects of our content protection initiative..

.. Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.
10:22 pm on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 29, 2001
posts:2145
votes: 0


>>>Soon they'll want a background check and fingerprints to hear a preview to the new Vanilla Ice album.

How about a sobriety test, or something for mental illness if you still want to hear Vanilla Ice.

10:47 pm on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


Easy fix = limewire
10:54 pm on Nov 11, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


there's always one ..limewire is a very good way to catch nasties ..less you know the exact checksum and data map etc of what you are "inviting" ..which if you did ..you'd have it already ..would n't you ..:)..

and wouldn't feel the need to join one of these "own me" clubs ..

11:11 pm on Nov 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
posts:804
votes: 0


But it gets better it seems that the DRM copyright protectors made a "small" error:

dewinter dot.com slash modules.php?name=News&file=article&sid=215

11:32 pm on Nov 11, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


silly me ..disregard that..(changes batteries in optimouse) ...:(

read it ..love it :))

and these are the people whom we should trust with the linux patents :o

further reading..

[sysinternals.com...]

11:57 pm on Nov 11, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


more ..
[news.bbc.co.uk...]

The wave of indignation isn't helped by this ..

Thomas Hesse president of Sony BMG's Global Digital Business division:

“Most people I think don't even know what a root kit is so why should they care about it”

well ..do we care?

12:22 am on Nov 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
posts:804
votes: 0


But you need to understand the true irony here.

Sony's bought and paid for congress critters put laws on the books dealing with this sort of thing and there goes Sony puting pirated code on million(s) of CDs at 150K a pop it comes out well above Sony's current asset size.

12:55 am on Nov 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
posts:804
votes: 0


Oppsy.

'A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

"It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."'

From:

[thedenverchannel.com...]

[edited by: Woz at 2:19 am (utc) on Nov. 12, 2005]
[edit reason] Made link live [/edit]

1:12 am on Nov 12, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


Sony's bought and paid for congress critters put laws on the books dealing with this sort of thing and there goes Sony puting pirated code on million(s) of CDs at 150K a pop it comes out well above Sony's current asset size.

Now if you hadn't drawn my attention to that little peice of maths I wouldn't have to be typing this on my spare keyboard and wiping the wine off of the screen ..:))

A small price to pay for such a thought tho ..

How fast can sony stock fall ..

interesting side issue in there about the competence or lack of it shown by the emails from "ceri" ..and also the ISP sticky services they do ..the largest ISP here in France ..semi government owned wanadoo uses their tech ..I wonder if they are legal in doing so?

well ..I can now spend sunday afternoon translating the form letter thats to be found in the blog for the benefit of non english speaking french IT sites ..

I remember some folks thinking that I was joking when last year I posted a list of possibles ..( including letting people play music CD's on PC's ) how to compromise the security of someones system ..that the "Lan guy" said was OK ..

Didn't think at the time that Sony were gonna be the next "ninja hackers" ..

1:37 am on Nov 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
posts:804
votes: 0


We will see, at least Sony has suspended the DRM mess for the time being.

This will be a fun one to watch.

1:45 am on Nov 12, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


But
Have they recalled all the cd's ..via prime time TV and radio " we got it wrong and it's our fault your pc wont work" ads in all languages ...in all countries ..

and posters in all music stores in all countries
and offered to pay for the fix to all machines affected..?

how come I don't think so ...

3:21 pm on Nov 12, 2005 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


>> and one that could cost Sony dear

let's hope so. They sue people when they get harmed so a bit of payback would be nice. Hopefully it's a large enough settlement to send a message

3:47 pm on Nov 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 19, 2003
posts:804
votes: 0


Well it could also be a huge problem for them in another sense, for they have an legal obligation to provide some things and because of what they have done would amount to a little clash with the anticircumvention provisions of the DCMA.
9:50 pm on Nov 12, 2005 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:Nov 27, 2002
posts:410
votes: 0


Wow this entire thread blew me away, I agree, when will anyone get it. SONY looks like a bunch of spoiled brats/executives that have no clue AT ALL!

Hollywood

This 72 message thread spans 3 pages: 72