NationStates Jolt Archive


Please Micro$oft... Kill Sony!

Syniks
16-11-2005, 18:34
:headbang:

http://www.chicagotribune.com/technology/la-fi-micro16nov16,1,7488414.story Requires Registration... So:

Sony Security Snafu Worsens
Software to yank an anti-piracy program from music fans' PCs creates a bigger breach.

From Associated Press
Published November 16, 2005

The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs got worse Tuesday as researchers said Sony's suggested method for removing the program widened the security hole that the original software created.

Sony has moved to recall the discs in question. But consumers who have listened to them on their computers or tried to remove the software the CDs installed could still be vulnerable.

"This is a surprisingly bad design from a security standpoint," said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, J. Alex Halderman. "It endangers users in several ways."

The XCP copy-protection program was included on at least 20 Sony CDs, including releases by Van Zant, the Bad Plus, Neil Diamond and Celine Dion. Sony BMG said 4.7 million were shipped, with 2.1 million sold.

When the discs were put into a PC — a necessary step for transferring music to iPods and other portable music players — the CD automatically installed a program that restricted how many times the discs' tracks could be copied and made it inconvenient to transfer songs into the format used by iPods.

That anti-piracy software — which works only on Windows PCs — came with a cloaking feature that allowed it to hide files on users' computers. Security researchers classified the program as spyware, saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC's CD drive.

The program also gave virus writers an easy tool for hiding their malicious software. Last week "Trojan horse" programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said.

Trojan horses are typically used to steal personal information, launch attacks on other computers and send spam.

Stung by the controversy, Sony BMG and the company that developed the anti-piracy software, First 4 Internet Ltd. of Oxfordshire, England, released a program that uninstalls XCP. But the uninstaller created a new set of problems.

To get the uninstaller program, users were asked to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, the program makes the computer open to downloading and installing code from the Internet.

According to security experts, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.

"The consequences of the flaw are severe," Felten and Halderman wrote in a blog posting Tuesday after being alerted by a Finnish researcher, Matti Nikki. "It allows any Web page you visit to download, install and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get."

On Tuesday evening, Sony BMG was preparing to release another tool for removing XCP. It was unclear when it might be available.

Other programs that knock out the original software are likely to emerge. Microsoft Corp. said the next version of its tool for removing malicious software, which is automatically sent to PCs via Windows Update each month, would yank the cloaking feature in XCP.

Sony BMG said Tuesday that it would pull unsold CDs with the software from store shelves and let consumers exchange CDs they had already purchased.

The company had said Friday that it would halt production of CDs with the technology and "reexamine all aspects of our content protection initiative."

Copyright © 2005, The Los Angeles Times
The Elder Malaclypse
16-11-2005, 18:36
What is Sony?
Hybrid Combine
16-11-2005, 18:39
:eek: :eek: OMG :eek: :eek:
DrunkenDove
16-11-2005, 18:40
A music company. They also do electronic stuff. They range from somewhat to middling in evil.
Branin
16-11-2005, 18:41
What is Sony?
A generally awesome electronics and music brand. I can't belive they did this, it is out of character.
The Similized world
16-11-2005, 18:42
What is Sony?
Sony is shorthand for Satanic Ogre Nagging You
The Elder Malaclypse
16-11-2005, 18:46
Wait a minute, I dont think this "Sony" is all that bad, maybe he's got home troubles. You know, troubles with his home?
Hybrid Combine
16-11-2005, 18:47
A music company. They also do electronic stuff. They range from somewhat to middling in evil.

"Middling" i would saw they were evil, i mean anyone who makes a console called "play station" has to be evil... havent they?
Sick Nightmares
16-11-2005, 18:48
And here in lies the BEST part of it. The people who weren't affected by this? The ones who didn't actually pay for the CD! Sony 0 - Pirates 1

I think Sony just boosted the pirate population by a few million! So I say THANK YOU SONY! You have basically shot yourself with your own gun. Priceless
Bolol
16-11-2005, 18:49
This makes me happy that I use a Mac.
Pure Metal
16-11-2005, 18:53
A generally awesome electronics and music brand. I can't belive they did this, it is out of character.
ah come on all these giant corporations are as bad as each other.
intel being sued by AMD for antitrust and anticompetitive behaviour, for example.

even the much loved Apple aren't as squeaky clean as their holier-than-thou image professes (bloody apple)
Syniks
16-11-2005, 18:58
This makes me happy that I use a Mac.
Hmmm... Could it be $ony is in league with the Devi... er... Steve Jobs?!?!?

http://ubersoft.net/comics/hd20051114.png

:D
The Infinite Dunes
16-11-2005, 19:05
Why does microsoft need to do anything? To me, this seems like a really easy legal case of hacking, unintentional damage, purposeful denying of consumer rights, placing software on a privately owned computer without the owner's consent and a fair few others. All the software seems about as useful as a white flag against an rampaging army. So it stops you transfering music from the CD a certain number of times and slows transfer to iPod specific files. So what? Who's the say the person can easily transfer the music to other people's computer with ease or burn multiple CDs? If I'd bought one of those disc I'd be rubbing my hands with glee at the money I could look forward to from suing Sony. They've even admited their intentions of the software and that's defective. Open and shut case.
Syniks
16-11-2005, 19:10
Why does microsoft need to do anything? To me, this seems like a really easy legal case of hacking, unintentional damage, purposeful denying of consumer rights, placing software on a privately owned computer without the owner's consent and a fair few others.
It's not so much that it was "software" - which you had to consent to install - but that it was a virtually uninstallable "rootkit" that modified M$ source code.

Plus, M$ has better lawyers. ;)
OceanDrive2
16-11-2005, 19:31
it was a virtually uninstallable "rootkit"Please Micro$oft... Kill Sony!Bill Gates better hurry...Before the Sony Playstation totally pwns the XBOX ....again :D

BTW Microsoft windows comes with spy stuf and other shit too...

have you ever tried to uninstall MSmediaPlayer or MSmessenger or MSexplorer.. or the other evil eggs ?
Sick Nightmares
16-11-2005, 19:38
Bill Gates better hurry...Before the Sony Playstation totally pwns the XBOX ....again :D

BTW Microsoft windows comes with spy stuf and other shit too...

have you ever tried to uninstall MSmediaPlayer or MSmessenger or MSexplorer.. or the other evil eggs ?
Has anyone ever heard of a EULA?

Loosely translated, it says "Click accept to be fucked in the ass"
And people just click click clicked away. Evil? YES Legal? YES
Sdaeriji
16-11-2005, 20:15
Why does microsoft need to do anything? To me, this seems like a really easy legal case of hacking, unintentional damage, purposeful denying of consumer rights, placing software on a privately owned computer without the owner's consent and a fair few others. All the software seems about as useful as a white flag against an rampaging army. So it stops you transfering music from the CD a certain number of times and slows transfer to iPod specific files. So what? Who's the say the person can easily transfer the music to other people's computer with ease or burn multiple CDs? If I'd bought one of those disc I'd be rubbing my hands with glee at the money I could look forward to from suing Sony. They've even admited their intentions of the software and that's defective. Open and shut case.

Because Microsoft has the resources and the legal army to bend Sony over a table like nothing you or I could ever possibly achieve suing Sony ourselves.
Sdaeriji
16-11-2005, 20:18
A generally awesome electronics and music brand. I can't belive they did this, it is out of character.

Let's keep in mind this is Sony BMG, not Sony Electronics or any other division of Sony. They have almost nothing to do with one another besides being owned by the same people.
Greater Valia
16-11-2005, 21:07
A generally awesome electronics and music brand. I can't belive they did this, it is out of character.

HAHAHAHAHAHAHAHAHA!!!!11one1!!1 Please tell me your kidding here?
Greater Valia
16-11-2005, 21:08
Has anyone ever heard of a EULA?

Loosely translated, it says "Click accept to be fucked in the ass"
And people just click click clicked away. Evil? YES Legal? YES

Hah! No where in the End User Liscense agreement did it say anything about rootkitting your computer. So legally the shit has just hit the proverbial fan.