Sony is secretly shipping a ROOT KIT on music CDs!!

Kirby

Kirby

2
#1
Messages
4,917
Likes
18
Location
Reading,PA
#1
Kudos to Mark Russinovich for finding and reporting this, I have used his software, he is one sharp dude!
==============================================================================

Sony rapped over music CD rootkit

Record label backtracks after public outrage over cloaking technology

Tom Sanders in California, vnunet.com 03 Nov 2005
Sony has released a patch for a music CD anti-piracy technology after security experts warned that it represents a potential security risk.

The copyright protection software would automatically install when a consumer inserted a music CD with the XCP digital rights management technology in their computers.

The software is designed to limit the number of copies that users can make of the CD and restrict ripping of the disk.

Software developer Mark Russinovich, of Sysinternals, reported on Monday that he had detected a secretly installed rootkit on his system.

Russinovich traced the software back to Sony and the XCP technology back to First 4 Internet, an English software developer.

The rootkit served to hide the digital rights management technology from the user as well as the system itself, including from antivirus software. When Russinovich tried to remove the application, he found that his CD drive was disabled.

Sony uses the rootkit to prevent the user from removing the copyright protection technology and violating Sony's copyright. But worm authors could exploit this feature to hide malicious applications.

The patch will remove the cloaking capability of the software to enable users to remove the Sony tool. But this will render their systems incapable of playing the CD.
 
E

epj3

Senior Member
#4
Messages
7,370
Likes
0
Location
Lancaster, PA
#4
I think the shinedown or velvet revolver cd I bought 8 months ago...I tried to rip it and couldn't becuase it auto-installed a copy-protection plugin. I just uninstalled the "plugin" and disabled autorun. Different idea but still installing software w/out your permission. What if someone were to listen to that cd at work and it installed software on their company pc?

If you guys think that is bad - sony usually requires you to encode to Atrac3 for any of their mp3 players - the reason sony's mp3 players are a ripoff.
 
Kirby

Kirby

2
#6
Messages
4,917
Likes
18
Location
Reading,PA
#6
Now Sony is really in deep S#.+

It didn't take long - someone exploited Sony's *S&*(^DA copy protection root kit. They deserve to be sued for this - how about "Aiding and Abetting a hacker"?

====================================================

A computer security firm said Thursday it had discovered the first virus that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc. Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

Later on Thursday, security software firm Symantec Corp. also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG's spokesman John McKay in New York was not immediately available to comment.
 
You must log in or register to reply here.


Top