[nflug] Sony spyware?

nolf precognitive at gmail.com
Thu Nov 3 05:49:24 EST 2005 

/herez a good piece to feast on...

Sony has released a patch <http://cp.sonybmg.com/xcp/> for a music CD anti
piracy technology after security experts warned that it forms a potential
security risk.

The copyright protection software would automatically install when a
consumer inserted a music CD with the XCP digital rights management
technology in their computers. The software is designed to limit the number
of copies that users can make of the CD and restrict ripping of the disk.

Software developer Mark Russinovich of
Sysinternals<http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html>on
Monday reported that he had detected that Sony secretly had installed
a
rootkit on his system. He traced the software back to Sony and the XCP
technology from First 4 Internet <http://www.first4internet.com/>, an
English software developer.

The rootkit served to hide the digital rights management technology from the
user as well as the system itself, including anti virus software. When
Russinovich tried to remove the application, he found that his CD drive was
disabled.

Sony uses the rootkit to prevent the user from removing the copyright
protection technology and violating Sony's copyright. But worm authors too
could abuse this feature to hide malicious applications.

The patch will remove the cloaking capability of the software to enable
users to remove the Sony tool. This will however render their systems
incapable of playing the music CDs.

"Sony's motives are reasonable from their point of view, but it's a terrible
security hole," said Roger Thompson, chief executive of security provider Worm
Radar <http://www.wormradar.com/>.

"The risk is that [worms] now have a place to hide things where anti virus
programmes can't see them. They can tug themselves in under the protection
of that rootkit," he told vnunet.com <http://www.vnunet.com/>.

Sony denies that the technology is malicious or compromises a security risk.


Rootkits are best known as hacker tools that allow them to hide malicious
software and build a back door into a system. Botnet operators are
increasingly using rootkits to prevent detection of their malware, which has
given rise to a commercial
industry<http://msn.vnunet.com/vnunet/news/2144149/rootkits-turn-professional>to
build and update these tools in the constant game of cat and mouse
between malware creators and anti-virus companies.

While acknowledging the potential risks involved with the Sony rootkit,
David Perry, global director of education with Trend Micro, said that the
practical threat is very small.

"The only time when we see people use these vulnerability is when [the tool]
reaches a substantial percentage of the public," Perry told
vnunet.com<http://www.vnunet.com/>.
"As of yet this has a very small impact."

He added that the association of the Sony technology with rootkits probably
caused the most outrage because the software is associated with hacker
tools.
---
hope is the quintessential human illusion... simultaneously the source of
your greatest strength and your greatest weakness

On 11/2/05, Daniel V <cloudlakedreamer at yahoo.com> wrote:
>
> Wait till you hear what Sony is up to...
>
> http://www.securitypronews.com/insiderreports/insider/spn-49-20051102SonyDistributingSpyware.html
>
> --- Josh Johnson <joshj at linuxmail.org> wrote:
> >
> On Wed, 2 Nov 2005, JJ Neff wrote:
> He has a bit of a point though. I've been trying to
> get a legally purchased CD to play on any PC Linux or
> Windows - without installing software from the CD. I
> cannot play a Shakira CD I bought on my PC at all.
> >
> ...
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one
> click.
> http://farechase.yahoo.com
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one click.
> http://farechase.yahoo.com
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20070525/375c40ef/attachment.html
-------------- next part --------------
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list