On last.fm: Interview with the mini mall rap guy!
BNET Business Network:
BNET
TechRepublic
ZDNet
200 TalkBacks

By John Borland
Posted on ZDNet News: Dec 7, 2005 12:58:00 AM

Sony BMG Music Entertainment and the Electronic Frontier Foundation digital rights group jointly announced Tuesday that they had found, and fixed, a new computer security risk associated with some of the record label's CDs.

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.

Sony's rootkit fiasco

The issue affects a different set of CDs than the ones involved in the copy-protection gaffe that led Sony to recall 4.7 million CDs last month, and which has triggered several lawsuits against the record label.

"We're pleased that Sony BMG responded quickly and responsibly when we drew their attention to this security problem," EFF staff attorney Kurt Opsahl said in a statement. "Consumers should take immediate steps to protect their computers."

The announcement is the latest result of the detailed scrutiny applied by the technical community to Sony's copy-protected discs, after a string of serious security issues were found to be associated with the label's antipiracy efforts.

The record label's copy-protected discs have been on the market for more than eight months. But in late October, blogger Mark Russinovich discovered that they surreptitiously installed a "rootkit" programming tool. Rootkit tools are typically used by hackers to hide viruses on hard drives, so Sony's move opened up a potentially serious security hole.

The controversy escalated as other researchers discovered new security flaws associated with the copy-protected CDs, which used technology from British company First 4 Internet. Virus writers began distributing malicious code that took advantage of the holes. The label recalled all the discs with the First 4 Internet technology installed, offering an exchange program for consumers who had purchased any of the 52 CDs affected.

Following those revelations, the EFF asked computer security company iSec Partners to study the SunnComm copy protection technology, which Sony said has been distributed with 27 of its CDs in the United States. iSec found the hole announced Tuesday and notified Sony, but news of the risk was not released until SunnComm had created a patch.

Sony said another security company, NGS Software, has tested the patch and certified that it addresses the vulnerability.

The patch can be downloaded from Sony's site. A list of the CDs affected in the United States, and a slightly different list in Canada, is also posted on the site.

Sony said it will notify customers though a banner advertisement directly in the SunnComm software, as well as through an Internet advertising campaign.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 200 Talkback(s)
Actually
quote::but its the fact they are in the smallest minority thats the real issue at hand, thats the bottom line why they dont have issues like windows has. I guess we will just have to wait and see.::qu... (Read the rest)
Posted by: tracy anne Posted on: 12/27/05 You are currently: a Guest | | Terms of Use
What Sony is still in business?  Mectron | 12/06/05
because  CobraA1 | 12/07/05
What are you smoking?  techboy_z | 12/07/05
You are Wrong....  jwschull@... | 12/07/05
I agree with jwschull.  clockmendergb@... | 12/07/05
acronyms  dr_who@... | 12/07/05
acronyms  dr_who@... | 12/07/05
Boycot  MJC12 | 12/07/05
Sony is way bigger than you imagine  Dr_Zinj | 12/07/05
Dunno  regloff@... | 12/07/05
Sony SDM-X95KB LCD Monitor  Too Old For IT | 12/07/05
Sony Boycott?  Not*A*Clue | 12/07/05
What you say is true but...  elkabong453 | 12/07/05
for starters http://www.sony.com  AKN3t4dmin | 12/07/05
Short Their Stock!  Henrick Ericcson | 12/07/05
What about their online games?  JediKnightMaya | 12/07/05
It's not only CD's  pkrdk | 12/13/05
sony is only as big as its customer base  L8NYTE916@... | 12/22/05
People still by from MS (NT)  bpick_z | 12/07/05
Edit  arzasa@... | 12/07/05
Are you still using Microsoft products? - NT-  Update victim | 12/07/05
Before you parade your ideas  James Dean_z | 12/06/05
blah blah  mobrien_12@... | 12/06/05
Yeah!  ejhonda | 12/07/05
English  radar_z | 12/07/05
lol, ok....  regloff@... | 12/07/05
and you wink  D-Ram | 12/07/05
No! The first letter of his sentence  DrWattsOn | 12/07/05
Actually that technique...  s_gamgee | 12/08/05
Awww, come on guys!  tygermom@... | 12/21/05
before you parade your stupidity...  cicuta | 12/07/05
Oh no...he brought out the royal "thou"  techboy_z | 12/07/05
The majority ...  An_Axe_to_Grind | 12/07/05
but you..  D-Ram | 12/07/05
Don't be a jerk!  jwschull@... | 12/07/05
JW! True! However,  DrWattsOn | 12/07/05
Get a grip  ross@... | 12/07/05
Addendum  pguglietti | 12/08/05
wise up idiot  L8NYTE916@... | 12/22/05
Message has been deleted.  James Dean_z | 12/06/05
but Linux is safe  Linux Geek | 12/06/05
M$ and Sony should merge, and make a superduperPS3/XBox360!!!  Jeff Spicoli | 12/06/05
but...  linuxoverwindows | 12/07/05
yeah and sony will make sure  L8NYTE916@... | 12/22/05
yeah and sony will make sure  L8NYTE916@... | 12/22/05
They plan on buying up a hundred of the distros  Boot_Agnostic | 12/07/05
For now. If it becomes popular, and it won't...  HypnoToad | 12/07/05
Actually  CobraA1 | 12/07/05
Remember...  3D0G | 12/07/05
correction  CobraA1 | 12/07/05
Missing the point  3D0G | 12/07/05
It wouldn't be because...  Tony Agudo | 12/07/05
Yes but...  maxo_z | 12/07/05
Actually  tracy anne | 12/27/05
Security through Obscurity is a MYTH--Wake up  bpick_z | 12/07/05
And Apple Never Patches Its Software as A Result  PMC-CON | 12/07/05
Dream on...  bpick_z | 12/08/05
My understanding is not for long  Cayble | 12/15/05
Actually  tracy anne | 12/27/05
I'm having this vision ...  rick752 | 12/06/05
He's An American  markdoiron | 12/07/05
Ah crap .. you ruined a perfectly good vision sad  rick752 | 12/07/05
Why?  Doc Farmer | 12/07/05
Since he is an American, Bonus Time!!!  Too Old For IT | 12/07/05
'Naturalized' American  flatliner | 12/07/05
He's An American  markdoiron | 12/07/05
Maybe  regloff@... | 12/07/05
great idea but lets leave the full name out of it  L8NYTE916@... | 12/22/05
But...  Zorched | 12/07/05
Close, but  DrWattsOn | 12/07/05
I agree...  Zorched | 12/07/05
Article leaves out quite a bit  tic swayback | 12/06/05
Maybe Not  osreinstall | 12/06/05
Even so....  tic swayback | 12/07/05
So what if they are.  osreinstall | 12/07/05
It's bad for business  tic swayback | 12/07/05
If it is bad for business, let them off themselves.  osreinstall | 12/07/05
Rights versus smart decisions  tic swayback | 12/07/05
Yep.  osreinstall | 12/07/05
What DRM really means  DarthRidiculous | 12/06/05
HaHaHa  creep144 | 12/07/05
Maybe the next EULA ...  Too Old For IT | 12/07/05
That trick has been ruled against consistently.  Jim-MN | 12/08/05
Should also sue them for over abundance of supply  Boot_Agnostic | 12/07/05
You know, we REALLY don't need this crap...  BitTwiddler | 12/07/05
Nothing will change  xshakes | 12/07/05
amen...  JMcCullagh | 12/07/05
My OS is secure, good luck with yours  bpick_z | 12/07/05
Foolish remark  DarbyOhara | 12/07/05
Would be if I were using Windoze...  bpick_z | 12/08/05
Secure really?  nECrO_z | 12/08/05
/o:?  rocky1 | 12/07/05
NOT just at the music store  DrWattsOn | 12/07/05
I will NEVER buy CD's again, way too dangerous!!!  xunil skcor | 12/07/05
RE: I will NEVER buy (Major Label) CD's again  TwangGuru | 12/07/05
Right no the mark  aussiedawg | 12/07/05
A disc left off the list...  genehunter@... | 12/07/05
How can you tell?  tenryuu | 12/21/05
Exactly  Marcus Lycus | 12/07/05
CDs  Dr_Zinj | 12/07/05
As if RealPlayer or Windoze Media Player are not proprietary!  bpick_z | 12/07/05
Question for European Union-philes  Too Old For IT | 12/07/05
They will NEVER answer,...  DrWattsOn | 12/07/05
An Intelligent Discussion on the Mac Issue  PMC-CON | 12/07/05
Actually, they're not.  Wolfie2K3 | 12/07/05
You are such a wintard  bpick_z | 12/08/05
I wonder  yyuko@... | 12/07/05
Spot On  Simon@... | 12/07/05
Not happening here (yeah we tested)  Too Old For IT | 12/07/05
A lesson the industry needed  Ken_z | 12/07/05
Hear, hear!  chas_2 | 12/07/05
No doubt, legilative action is warranted.  elkabong453 | 12/07/05
All this ant-piracy technology cost money.  b8zs4@... | 12/08/05
Sony  Cattus | 12/07/05
On Sony and Capitalism  chas_2 | 12/07/05
Exactly Right.  Zorched | 12/07/05
Condolezza Rice  Middle of the Road | 12/07/05
Now there is a reliable source  stan@... | 12/07/05
Jailed before committing a crime  jumpa | 12/07/05
Capitalist System  Marcus Lycus | 12/07/05
Grammar  vanwill_z | 12/07/05
Doesn't anybody know what "on topic" means anymore?  nECrO_z | 12/08/05
You people ALL need to get lives.  rsouza@... | 12/07/05
follow your own advice  cicuta | 12/07/05
You Think so !!!!  GillesR | 12/07/05
Get Serious  Middle of the Road | 12/07/05
Thanks for joining the circle  Boot_Agnostic | 12/07/05
Song at it again  handballbearok | 12/07/05
Hear, Hear!!  Too Old For IT | 12/07/05
Fine for Congress and Big Business  Marcus Lycus | 12/07/05
Sony should be liable for damages  Sxooter_z | 12/07/05
Recall? What recall?  hawkeyeaz1 | 12/07/05
Yeah, what recall?  nECrO_z | 12/08/05
It Really Bugs Me  jimc52@... | 12/07/05
Well, said.  Zorched | 12/07/05
Don't know if Albert really said that, but  DrWattsOn | 12/07/05
Yes, He did.  Zorched | 12/08/05
Your final sentence  DrWattsOn | 12/07/05
Take a Tylenol  bluumax | 12/07/05
Should read 'Windows security risk found'  Chad_z | 12/07/05
What the hell...  itanal | 12/07/05
ROFL!  Chad_z | 12/07/05
Ballmer is posting again...  bpick_z | 12/08/05
Article: 100% of Linux Home Users Unhappy  PMC-CON | 12/07/05
Speaking as a happy Linux-at-home user...  Zogg | 12/08/05
Glad you're all happy and wishing the same for Windows users  Boot_Agnostic | 12/08/05
This just increases piracy!  scancode | 12/07/05
Piracy on the High-Net!  Tahuyahick | 12/07/05
Hey! Wait a minute...  sykandtyed | 12/07/05
Correction wink  sykandtyed | 12/07/05
HA HA HA HA HA HA HA HA HA !  Cayble | 12/09/05
Thank goodness Sony hasn't figured out how to  Boot_Agnostic | 12/07/05
Only if sony doesn't knowingly rip off the World like they did with the PS2  creep144 | 12/07/05
Sony lacks Honor  NonCartoonist | 12/07/05
What other Sony products  BlackSocks | 12/07/05
CD-DVD-TV-Sat-Rad-Vid future?  Tahuyahick | 12/07/05
what other sony products?  chuckles1000 | 12/07/05
Simple answer  gregh_z | 12/07/05
You should get a Mac  bpick_z | 12/08/05
Keep trying DRMs Sony, you'll still be defeated with ...  Artstar | 12/07/05
Holy Cow! Sony's latest fix opens up more vulnerabilities!  tic swayback | 12/07/05
Goddamnit Sony!  timbc | 12/07/05
Sony  philmh17@... | 12/07/05
Shoot SONY  heystoopid | 12/07/05
the entertainment industry needs to learn  jachamp | 12/07/05
They must be coerced! They only "learn"  DrWattsOn | 12/07/05
Sony anti-piracy fix should be declared illegal.  fred@... | 12/07/05
Yet another reason to boycott Sony (NT)  RichardFH | 12/07/05
Call to Action  zdcrap | 12/07/05
That's what they want you to do...  genehunter@... | 12/07/05
Call to action  zdcrap | 12/07/05
even - Leo Kottke?!  docfeetz | 12/07/05
Yep, even Leo Kottke  coffeejoe | 12/21/05
that they had found, and fixed  tedman | 12/07/05
Compared to Sony........  Bumbleball | 12/07/05
Compared to Sony........  Bumbleball | 12/07/05
Anti Piracy Efforts are wrong and mis-directed  newwestd | 12/07/05
New Sony CD security risk found  msd1107 | 12/07/05
Sony rootkits the only way???  chuckles1000 | 12/07/05
Sony rootkits the only way???  chuckles1000 | 12/07/05
Lock 'em up.  Mawdo | 12/08/05
Copy protected CD-disks  Zut | 12/08/05
Copy protected CD-disks  Zut | 12/08/05
cd. hidden messages???  davezoned | 12/08/05
Hire Garrison Keilor!  s_gamgee | 12/08/05
All this ant-piracy technology cost money.  b8zs4@... | 12/08/05
I mean passed on to you (brainfart...)  b8zs4@... | 12/08/05
just don't buy cd's..  Arrg | 12/08/05
Ther's a quality difference.  b8zs4@... | 12/08/05
Sony CD badware  grntwtr@... | 12/08/05
Gov't Should Take A Look  aulax@... | 12/08/05
DRMs at the end of copyright  jumpa | 12/08/05
Ditgital Millennium CopyWRONG Act  btljooz | 12/08/05
What's next? My friends can't listen?  Smorks | 12/09/05
Here Here! Well said!  Cayble | 12/09/05
DRM EVIL!!!  Betelgeuse58 | 12/09/05
Stick together!!  justmenow | 12/11/05
can sony hardware be trusted?  jeniesis1 | 12/14/05
Sony & malware  jimcutrer@... | 12/16/05
No problem, I quit buying  dguith@... | 12/21/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads