CITP Blog is hosted by Princeton University’s Center for Information Technology Policy, a research center that studies digital technologies in public life. Here you’ll find comment and analysis from the digital frontier, written by the Center’s faculty, students, and friends.
-
Jeff Dwoskin and Alex Halderman have developed a simple tool that can immunize a Windows system against the dangerous CodeSupport ActiveX control that we have written about over the past…
-
Update: Sony Uninstaller Hole Stays Open
Earlier today Ed Felten and I reported a serious security hole opened by the uninstaller that Sony provides to users who want to remove the First4Internet copy protection software. Further…
-
Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs
[This post was co-written by J. Alex Halderman and Ed Felten.] Over the weekend a Finnish researcher named Muzzy noticed a potential vulnerability in the web-based uninstaller that Sony offers…
-
Don't Use Sony's Web-based XCP Uninstaller
Alex Halderman and I have confirmed that Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge…
-
Sony Shipping Spyware from SunnComm, Too
Now that virus writers have started exploiting the rootkit built into Sony-BMG albums that utilize First4Internet’s XCP DRM (as I warned they would last week), Sony has at last agreed…
-
SonyBMG DRM Customer Survival Kit
Here’s a handy bag of tricks for people whose computers are (or might be) infected by the SonyBMG/First4Internet rootkit DRM. The instructions here draw heavily from research by Alex Halderman…
-
SonyBMG "Protection" is Spyware
Mark Russinovich has yet another great post on the now-notorious SonyBMG/First4Internet CD “copy protection” software. His conclusion: “Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that…
-
RIAA Critics, and their Critics, Debate Lawsuits
Last week the EFF released a report criticizing the RIAA’s lawsuits against individuals accused of P2P infringement. Some commentators have criticized the EFF. Tim Lee at Tech Liberation Front summarizes…
-
SonyBMG and First4Internet Release Mysterious Software Update
SonyBMG and First4Internet, the companies caught installing rootkit-like software on the computers of people who bought certain CDs, have taken their first baby steps toward addressing the problem. But they…
-
CD-DRM Rootkit: Repairing the Damage
SonyBMG and First4Internet are in the doghouse now, having been caught installing rootkit-like software on the computers of SonyBMG music customers, thereby exposing the customers to security risk. The question…