Jump to content

Sony Recalls Hacker Cd's


Farma

Recommended Posts

Sony recalls hacker CDs

From: Agence France-Presse From correspondents in New York

November 17, 2005

SONY BMG said overnight it was recalling millions of music CDs with copy protection software that experts said could expose personal computers to viruses and hackers.

Sony BMG, one of the world's biggest music companies, said it was ending the use of the software provided by a third-party vendor and allowing consumers who purchased CDs to exchange them for similar items without the software.

The joint venture of Japan's Sony and German-based BMG reacted to a firestorm of protests and the threat of legal action over its use of the so-called XCP copy protection software.

When one of the CDs is inserted into a PC, the XCP software can modify computer settings and, according to some experts, expose the computers to a variety of malicious software programs.

"We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right," Sony BMG said in a letter to customers on its website.

"It is important to note that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players."

Sony said it was halting the use of the copy protection software developed by First4Internet, and providing technical data to anti-virus companies to help fix any problems on affected PCs.

One security firm, Internet Security Systems, went so far as to label the copy protection in the CDs as "malware" or malicious software, noting that it did not allow consumers the ability to remove it.

"This software actively attempts to hide its presence from users and does not offer uninstall functionality," ISS said in a bulletin.

"The software also provides a cloaking mechanism that is being used by different trojans to hide their presence," it said, referring to a common type of computer virus.

Security firm Sophos said its poll of more than 1500 business PC users showed 98 percent believe the software is a "security threat".

"In taking aim at the music pirates, Sony succeeded only in shooting itself in the foot," said Graham Cluley, senior technology consultant at Sophos.

"System administrators have a very low opinion of any code which endangers the safety of their networks."

San Francisco law firm Green Welling LLP said this week it sent a letter to Sony BMG demanding that the music firm fix the problems created by the software on its music CDs.

"Although billed by Sony BMG as common digital rights management (DRM) software that is just for copy protection, it seems that it is really much more," the law firm said.

"The XCP, or extended copy protection, software utilizes 'rootkit' technology that hides the software from users. The software creates a security risk for personal computers that allows hackers to hide damaging programs in computers that have Sony BMG's software in them," the letter continued.

"The software also secretly communicates with Sony's servers and can be used to send information back to the users' media player programs."

Sony BMG officials could not be reached for additional comment, but the New York Times reported that some two million CDs with the copy protection had been sold out of some five million shipped to retailers.

Reports have indicated the XCP program was installed on CDs of artists including Celine Dion, Ricky Martin and others.

The Electronic Frontier Foundation, an activist group critical of the software, has blasted Sony BMG for a "nefarious program, burying it deeply and obscurely within your operating system."

"The program will monitor your computer activity in the name of preventing the so-called epidemic of 'piracy' that results from people making extra copies of their music CDs or favorite songs," EFF said.

"Worse yet, there is no 'uninstall' feature on this program. It's like the roach motel - once Sony BMG's surveillance program checks in, you can't make it check out without completely wiping your entire system clean."

EFF said several other Sony-BMG CDs are protected with a different copy-protection technology, sourced from SunnComm.

http://finance.news.com.au/story/0,10166,1...0-31037,00.html

Link to comment
Share on other sites

I really hate efforts to build digital rights management into software, because it is always done at the customers inconvenience, this is a classic example.

Another Sony example is their pathetic attempt to build DRM into their hopelessly proprietary memory sticks and then use it as a marketing feature "Magic Gate". The magical thing about it is that after paying twice as much for your lame-duck memory stick you discover it will mess you up when trying to copy music onto it.

Link to comment
Share on other sites

"With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."

http://yro.slashdot.org/article.pl?sid=05/...tid=188&tid=158

associated links

http://www.the-interweb.com/serendipity/in...s/20051117.html

http://hack.fi/~muzzy/sony-drm/

Link to comment
Share on other sites

Ha ha! That's a classic. I can only hope that someone sues Sony. That would be bloody funny.

That's already happening apparently. :o

The label is already facing a class action lawsuit in California over its use of copy-protection software on its CDs that hides itself when the CD is played on a Windows-based PC.

And now at least two other suits are on the way, one in New York and another in Italy.

source
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...