Tag: Privacy
-
Inside the MediaMax Prospectus
Bruce Hayden writes that MediaMax, the company associated with the CD-borne spyware product that Sony has not yet recalled, recently filed a prospectus with the SEC in connection with an upcoming stock offering. In the prospectus, the company is required to describe truthfully its business plans and associated risks. MediaMax’s prospectus is a window into…
-
CD Copy Protection: The Road to Spyware
Advocates of DRM (copy protection) have been keeping their heads down lately, while they try to figure out what went wrong in the SonyBMG DRM spyware fiasco. No doubt they’ll try to explain it away as an anomaly – just a little speed bump on the road to the effective, unobtrusive DRM future that they’re…
-
Not Just Another Buggy Program
Was anybody surprised at Tuesday’s announcement that the MediaMax copy protection software on Sony CDs had a serious security flaw? I sure wasn’t. The folks at iSEC Partners were clever to find the flaw, and the details they uncovered were interesting, but it was pretty predictable that a problem like this would turn up. Security…
-
MediaMax Bug Found; Patch Issued; Patch Suffers from Same Bug
iSEC, EFF, and SonyBMG issued a joint press release yesterday, announcing yet another serious security bug in the SunnComm MediaMax copy protection software that ships on many SonyBMG compact discs. (SonyBMG has recalled CDs that use another copy protection system, XCP, but they have not yet recalled discs containing MediaMax.) As we’ve written before, the…
-
DRM, Incompatibility, and Market Power: A Visit to the Sausage Factory
Yesterday Alex wrote about how SonyBMG’s XCP CD copy protection software includes a feature – apparently built on illegally copied open-source code – to translate music files into the FairPlay format used by Apple’s iTunes and iPod, but the feature was not exposed to users. The details are interesting. But equally interesting, I think, is…
-
The DMCA Should Not Protect Spyware
Yesterday was the deadline to submit requests for limited exemptions from the DMCA’s ban on circumvention of access control technologies. This happens every three years. Alex Halderman and I submitted a request, asking for an exemption that would allow the circumvention of compact disk copy protection technologies that have certain spyware-ish features or create security…
-
Sony, First4 Knew About Rootkit Issue in Advance
Security vendor F-Secure contacted SonyBMG and First4Internet about the companies’ rootkit software on October 4 – about four weeks before the issue became public – according to a Business Week story by Steve Hamm. Here’s the key part of the article’s chronology: Nevertheless, Sony BMG asked First4Internet to investigate. Both Sony BMG and F-Secure say…
-
MediaMax Permanently Installs and Runs Unwanted Software, Even If User Declines EULA
In an earlier post I described how MediaMax, a CD DRM system used by Sony-BMG and other record labels, behaves like spyware. (MediaMax is not the same as XCP, the technology that Sony-BMG has recalled; Sony-BMG is still shipping MediaMax discs.) MediaMax phones home whenever you play a protected CD, automatically installs over 12 MB…
-
What Does MediaMax Accomplish?
I wrote yesterday about the security risks imposed by the SunnComm MediaMax copy protection technology that ships on some Sony CDs. (This is not to be confused with the XCP technology that Sony recalled.) MediaMax advocates may argue that it’s okay to impose these security risks on users, because MediaMax effectively prevents copying of music.…
-
More Suits Filed; MediaMax Insecurity Remains
Yesterday two lawsuits were filed against Sony, by the Texas Attorney General and the EFF. The Texas suit claims that Sony’s XCP technology violates the state’s spyware law. The EFF suit claims that two Sony technologies, XCP and MediaMax, both violate various state laws. One interesting aspect of the EFF suit is its emphasis on…