Category: Uncategorized
-
Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs
[This post was co-written by J. Alex Halderman and Ed Felten.] Over the weekend a Finnish researcher named Muzzy noticed a potential vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. We took a detailed look at the software and discovered that it is…
-
Don't Use Sony's Web-based XCP Uninstaller
Alex Halderman and I have confirmed that Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit. We are working furiously to nail down the details and will report our results…
-
Sony Shipping Spyware from SunnComm, Too
Now that virus writers have started exploiting the rootkit built into Sony-BMG albums that utilize First4Internet’s XCP DRM (as I warned they would last week), Sony has at last agreed to temporarily stop shipping CDs containing the defective software: We stand by content protection technology as an important tool to protect our intellectual property rights…
-
SonyBMG DRM Customer Survival Kit
Here’s a handy bag of tricks for people whose computers are (or might be) infected by the SonyBMG/First4Internet rootkit DRM. The instructions here draw heavily from research by Alex Halderman and Mark Russinovich. This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about…
-
SonyBMG "Protection" is Spyware
Mark Russinovich has yet another great post on the now-notorious SonyBMG/First4Internet CD “copy protection” software. His conclusion: “Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall.” Here’s how the uninstall process works: The user somehow finds the obscure web page from which he can request…
-
RIAA Critics, and their Critics, Debate Lawsuits
Last week the EFF released a report criticizing the RIAA’s lawsuits against individuals accused of P2P infringement. Some commentators have criticized the EFF. Tim Lee at Tech Liberation Front summarizes their argument: I’m ordinarily sympathetic to the EFF’s arguments, but in this case, I agree with Adam [Thierer]: “OK Fred, then what exactly IS the…
-
SonyBMG and First4Internet Release Mysterious Software Update
SonyBMG and First4Internet, the companies caught installing rootkit-like software on the computers of people who bought certain CDs, have taken their first baby steps toward addressing the problem. But they still have a long way to go; and they might even have made the situation worse. Yesterday, the companies released a software update that they…
-
CD-DRM Rootkit: Repairing the Damage
SonyBMG and First4Internet are in the doghouse now, having been caught installing rootkit-like software on the computers of SonyBMG music customers, thereby exposing the customers to security risk. The question now is whether the companies will face up to their mistake and try to remedy it. First4Internet seems to be trying to dodge the issue.…
-
CD DRM Makes Computers Less Secure
Yesterday, Sysinternals’s Mark Russinovich posted an excellent analysis of a CD copy protection system called XCP2. This scheme, created by British-based First4Internet, has been deployed on many Sony/BMG albums released in the last six months. Like the SunnComm MediaMax system that I wrote about in 2003, XCP2 uses an “active” software-based approach in an attempt…
-
Net Neutrality and Competition
No sooner do I start writing about net neutrality than Ed Whitacre, the CEO of baby bell company SBC, energizes the debate with a juicy interview: Q: How concerned are you about Internet upstarts like Google, MSN, Vonage, and others? A: How do you think they’re going to get to customers? Through a broadband pipe.…