Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

EFF and Sony Disclose New DRM Security Hole

CowboyNeal posted more than 8 years ago | from the yet-another dept.

Sony 258

Dotnaught writes "The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment said on Tuesday that SunnComm is offering a patch to fix a security vulnerability with its MediaMax Version 5 content protection software on 27 SONY BMG CDs. Security firm iSEC Partners discovered the hole following a request by the EFF to examine the SunnComm software. The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC. The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix."

Sorry! There are no comments related to the filter you selected.

yes we all know (3, Funny)

scenestar (828656) | more than 8 years ago | (#14201462)

How big of a drama it is.

Sue the bastards and get it over with.

Re:yes we all know (4, Informative)

saskboy (600063) | more than 8 years ago | (#14201739)

Patience...

http://www.boycottsony.us/ [boycottsony.us] has the latest news on developments in the Sony case, and www.sonysuit.com lists the lawsuits.

A New lawsuit for Candians is being opened by http://www.glynhotz.com/ [glynhotz.com] an Ontario lawyer. The XCP CDs appear to still be on many store shelves, more than a week after the recall was announced in Canada.

Useful indeed (5, Insightful)

Renegade Lisp (315687) | more than 8 years ago | (#14201479)

And to think that only yesterday, there was a slashdot story [slashdot.org] wondering whether the EFF had outlived its usefulness... So there's your answer, I guess.

Re:Useful indeed (1)

Southpaw018 (793465) | more than 8 years ago | (#14201533)

Damn. Beat me to it you did. Mod parent up; this sums up yesterday's BS story.

Re:Useful indeed (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14201534)

seeing as they are now in COOPERATION with the culprits, I'd say they have outlived purpose and used up all their welcome.

Re:Useful indeed (0)

Anonymous Coward | more than 8 years ago | (#14201563)

And to think that only yesterday, there was a slashdot story wondering whether the EFF had outlived its usefulness...
Just to be clear. The story from yesterday was from The Register, it was not a Slashdot story. It was posted on Slashdot so that we could discuss the issues raised in the story and eventually to poke holes in the logic of the troll who wrote it. Perhaps it would have been better just to ignore it, but at least we now all know that The Register are nought but flamebaiters

Re:Useful indeed (0)

Anonymous Coward | more than 8 years ago | (#14201624)

Just to be clear. The story from yesterday was from The Register, it was not a Slashdot story. It was posted on Slashdot so that we could discuss the issues raised in the story and eventually to poke holes in the logic of the troll who wrote it. Perhaps it would have been better just to ignore it, but at least we now all know that The Register are nought but flamebaiters

Does it make a difference? Am I supposed to trust Slashdot stories all of the sudden?

Re:Useful indeed (0)

Anonymous Coward | more than 8 years ago | (#14202072)


Does it make a difference?


Well, yes. Of course.

The Slashdot article was a presented in the form of a question, "Has the EFF outlived its usefulness?" Those in the Slashdot community who chose to participate discussed the issue and the consensus seemed to be that the answer is no, the EFF has not outlived its usefulness. Compare this with the original story from The Register, where the author was offering his viewpoint in absolute terms.

The difference between the two is night and day. To reiterate, The Register article presented a viewpoint, the Slashdot article asked if The Register article was correct in its conclusions.

Perhaps not (Was Re:Useful indeed) (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#14201606)

From EFF: "We're pleased that SONY BMG responded quickly and responsibly when we drew their attention to this security problem," said EFF staff attorney Kurt Opsahl. "Consumers should take immediate steps to protect their computers."

As if Sony, which already has a boatload of negative publicity, could do anything else. I think even the stuffed shirts there must now realize that they can't let anything else fall through the cracks or their music business might collapse. Don't be surprised in Sony divests itself of BMG music at some point in the future, to keep from losing customers for its home electronics business.

Everyone should have known... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14201688)

... that Sony & BMG merging was bad news.

Look what happened the last time the Krauts & Japs got together!

Re:Everyone should have known... (2, Funny)

$RANDOMLUSER (804576) | more than 8 years ago | (#14201736)

Sauerbraten and sashimi?

Re:Perhaps not (Was Re:Useful indeed) (5, Insightful)

CaptainZapp (182233) | more than 8 years ago | (#14202028)

Most surprising is the change of Tune of Mr. Hesse, from:

"Users don't know what a rootkit is so why should they care"

to

"We are taking the concerns of our customers very seriously, blahblahblah"

Could it be that Mr. Hesse is full of shit?

Assume the Position (4, Funny)

xmuskrat (613243) | more than 8 years ago | (#14201480)

Hopefully the fix is them turning around, bending over, and grabbing their ankles.

Re:Assume the Position (4, Funny)

BushCheney08 (917605) | more than 8 years ago | (#14201493)

Hopefully the fix is them turning around, bending over, and grabbing their ankles.

I really don't want to know what the plug for the hole looks like.

Oh christ, so fucking what? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14201487)

Let's all have another wank-fest about how evil SONY are, and how the RIAA want to kill babies and eat kittens. Fucking yay.

How about some real articles? You know, interesting stuff that requires more than three brain cells and an ability to type "TEH MPAA R EVAL!11!!?" or "GENTTO ROXORZ!!!11!!1"? I guess that sort of topic wouldn't appeal to 90% of the fuckers on this site though, so let's keep posting more Slashvertisments about LCD projectors and links to some wank-stains "blog" and pretend it's news.

Re:Oh christ, so fucking what? (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14201540)

I assume you'd prefer a wank fest about how great Vista will be, or perhaps a piece on (insert overhyped emergent technology of choice here). Sounds to me like your interests would be better served by filtering the content and just looking at the flash ads.

Re:Oh christ, so fucking what? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14201727)

You seem confused. Such shitty "news" should stay buried in the previously mentioned wank-stains "blog", where it belongs. While you may consider such things news-worthy, that's probably because you're too busy rubbing your two remaining brain cells together and posting your inane insights on said wanky "blog".

No why don't you go back to giggling at Strongbad?

Bad Music (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14201490)

Well looking at the list of titles [sonybmg.com] , anyone who owns one of these deserves to be PWNED.

Re:Bad Music (2)

FidelCatsro (861135) | more than 8 years ago | (#14201564)

I don't agree that anyone deserves to be owned , bar the creators of the DRM with a lawsuit.
I may not like most of the music there and can see your point .Come on though ,how can you say everyone , Santana are still cool and are up there with Barry White on Music you play for romantic evenings

Re:Bad Music (3, Funny)

Flyboy Connor (741764) | more than 8 years ago | (#14201623)

...you play for romantic evenings

You must be new here.

Re:Bad Music (2, Funny)

Chaffar (670874) | more than 8 years ago | (#14201652)

Come on though ,how can you say everyone , Santana are still cool and are up there with Barry White on Music you play for romantic evenings

On romantic evenings I turn off the music to make sure no one's home.

Re:Bad Music (1)

FidelCatsro (861135) | more than 8 years ago | (#14201767)

Oye como va my right-hand
Bueno pa gosar myself

Re:Bad Music (1)

xtracto (837672) | more than 8 years ago | (#14201828)

On romantic evenings, I turn up the music volume to make shure the neighbors don't know what I am doing.

Quick Question... (5, Interesting)

parsnip11 (637516) | more than 8 years ago | (#14201498)

Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?

Their software phones home and cripples your computer. Would anyone here actually trust them?

Re:Quick Question... (1)

Timo_UK (762705) | more than 8 years ago | (#14201550)

I for one don't welcome our wannabe-overlords and will be avoiding Sony products like the plague in future.
Who knows what else they are hiding in their software (and most products these days come with some sort of software)

Re:Quick Question... (1)

Directrix1 (157787) | more than 8 years ago | (#14201793)

You're stupid if you think these things are limited to Sony. People talk about how stupid religious people are with their blind faith. Well, reliance on binaries without source is blind faith too.

Re:Quick Question... (2, Insightful)

geminidomino (614729) | more than 8 years ago | (#14201995)

Well, reliance on binaries without source is blind faith too.

Reliance on binaries WITH source is blind faith, too, if you can't read hundreds of thousands of lines of source yourself, since taking someone else's word for it is just as much "blind" faith.

That's the answer! Only unemployed programmers should use computers!

Re:Quick Question... (1)

MysteriousPreacher (702266) | more than 8 years ago | (#14202110)

True but you don't go far enough.

How can they be sure that there isn't some nasty spyware in the hardware or federal agents in the house across the street reading your screen contents with an electro-magneto-view'o'scope? Personally I think that everyone should live along in wooden shacks in the middle of nowhere. The only reason to leave the house is to buy supplies and post a few pipe bombs.

Re:Quick Question... (5, Insightful)

jc42 (318812) | more than 8 years ago | (#14201697)

Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?

Most of the victims have no idea that they're installing software on their computer. They're just playing a CD that they bought.

We geeks and nerds on /. understand the issue. 99% of the population don't even know what "installing software" means, have never done it (intentionally), and aren't to blame for being victims of such things.

Blame the criminals, not their victims.

Re:Quick Question... (1)

parsnip11 (637516) | more than 8 years ago | (#14201780)

Right.... The vast majority of people who have put the cd in and whose computers are sending messages back to suncomm w/o their knowledge won't be installing the patch anyway.

Who is the audience for this patch? People who already know that spy-ware and cripple-ware have been installed on their pc's. Given that Suncomm and Sony have already done a lot of "Bad Things" without your approval would you then VOLUNTARILY install MORE of their software on your PC?

It just doesnt make sense. Would you hire the burglar that broke into your home to install your security system?

Re:Quick Question... (4, Insightful)

jc42 (318812) | more than 8 years ago | (#14202130)

It just doesnt make sense. Would you hire the burglar that broke into your home to install your security system?

Ah, but the great majority of victims of the first Sony rootkit still have it installed. They haven't heard about the problem, or head and didn't understand at all. If you take a look at the removal instructions, you'll see that there isn't a chance that your typical Joe Sixpack could ever follow them. If he tried, the result would probably be a machine that didn't boot.

But most of the victims haven't tried to remove it, because they don't have any idea it's there.

You might well hire the burglar if you had no clues that he was the burglar, and if friends and the BBB recommended him. This is an old sort of scam.

Thank you Sony! (5, Insightful)

Suzumushi (907838) | more than 8 years ago | (#14201512)

Sony has done more damage to the DMCA and set back DRM farther than the combined efforts of the EFF and like-minded people around the world. We should all thank them.

Re:Thank you Sony! (5, Interesting)

morgan_greywolf (835522) | more than 8 years ago | (#14201580)

Yes, but the one thing they haven't been successful in is pointing out the danger of DRM to Joe Sixpack. A number of people I've spoken with have never heard of the Sony 'rootkit' case and had no idea that playing a recent Sony DRM-protected CD on a Windows PC could be dangerous to their computer system.

Re:Thank you Sony! (0)

Anonymous Coward | more than 8 years ago | (#14201632)

Enough people have heard about it that sony's artists are whining, because some of them basically dropped off the sales charts after it got out.

Re:Thank you Sony! (2, Insightful)

VitaminB52 (550802) | more than 8 years ago | (#14201659)

Yes, but the one thing they haven't been successful in is pointing out the danger of DRM to Joe Sixpack.

Antivirus software reporting the Sony DRM software as a virus should take care of that.
Oh yes, and popular DJ's on national radio should warn their audience about the Sony DRM shit^H^H^Hoftware.

Re:Thank you Sony! (1)

BushCheney08 (917605) | more than 8 years ago | (#14201933)

Oh yes, and popular DJ's on national radio should warn their audience about the Sony DRM shit^H^H^Hoftware.

Yeah, because it makes perfect sense for them to tell people to boycott one of the companies that pay their bills... *rolls eyes*

Re:Thank you Sony! (1)

Anonymous Brave Guy (457657) | more than 8 years ago | (#14201991)

I don't know about the US, but here in the UK, most commercial radio stations seem to be funded by the ad placements, not the recording industry. They do need a special kind of licence to play the music over the air, though, and presumably the copyright holder could deny them permission to do it.

Re:Thank you Sony! (1)

BushCheney08 (917605) | more than 8 years ago | (#14202118)

Don't get me wrong. I *do* think that DJs should mention this, since that's supposedly (although this is highly arguable) part of their role in being in the media. I'm sure, however, that this is something that is getting mentioned at the college and local radio levels. Problem is that in the US, it's well known that the major radio networks/providers receive a lot of money from the major labels to promote their crap, and this is where my comment above comes in. After all, it's not the dorky little guy sitting in the poorly ventilated studio at the top of the student center that the majority of people listen to for their entertainment...

-former dorky little guy who sat in the poorly ventilated studio at the top of the student center

Re:Thank you Sony! (1)

16K Ram Pack (690082) | more than 8 years ago | (#14201896)

Make a video about it and keep it short, bold and simple. The tactics of anti-piracy groups in the UK is basically to keep it simple with messages like "copying=theft" and "copying=supporting drug dealers/terrorists/bogeyman-of-the-month".

Something like "if your CD doesn't have the compact disc logo, it may contain dangerous programs. Always ask for a real compact disc"

Build it into the OS (3, Funny)

Phillip2 (203612) | more than 8 years ago | (#14201523)

It is clear that DRM software is going to be as open to bugs as any other
software, and some of these will constitute a security threat.

Surely the solution is obvious. If they built DRM software directly into the
operating system, then it could be happily updated with all the rest of the
software, using whatever update mechanisms your OS provides.

I'm sure that the security minded folks on slashdot will be the first to
support a legal requirement for DRM in all OS'es, so that we can solve this
problem before it becomes really serious.

Phil

Re:Build it into the OS (2, Insightful)

/ASCII (86998) | more than 8 years ago | (#14201576)

It's obvious that you are joking, but the problem is that this is exactly the solution that will be proposed, and in politics it is the preferred type of solution.

Re:Build it into the OS (5, Insightful)

eggoeater (704775) | more than 8 years ago | (#14201591)

It is clear that DRM software is going to be as open to bugs as any other software...
Actually...much more so.
DRM software has to do more than regular software to prevent users from circumventing it, with the latest craze being OS hooks.
Insecure software + OS hooks = HUGE security risks.
If you ever want to release a worm that takes advantage of a DRM security hole, just put it on a web site that tells you how to disable that particular DRM. People will google for a way to disable their DRM, go to your site, and WHAM.

You know someone will do this. :) (1)

Benanov (583592) | more than 8 years ago | (#14202047)

My friend, that is social engineering at its finest. Hats off to you. :)

Re:Build it into the OS (0)

Anonymous Coward | more than 8 years ago | (#14201802)

Why into OS?

Implement it in the hardware using Trusted Computer Platform (TCP) instead.

Re:Build it into the OS (2)

meringuoid (568297) | more than 8 years ago | (#14201826)

I'm sure that the security minded folks on slashdot will be the first to support a legal requirement for DRM in all OS'es, so that we can solve this problem before it becomes really serious.

* applauds *

Bravo! It's been far too long since I've seen a really good troll on /. - too many people think it's sufficient to copy and paste classic trolls of the past, or don't understand trolling and just post obscenities and flamebait, so it's wonderful to see a new, proper troll from time to time.

Good trolling is, to my mind, a legitimate artform closely related to the best forms of satire, and should aim to receive torrents of outraged replies from people who've completely missed the joke. The best of them that I've seen here ended up with both Troll and Funny mods being applied, leading to what may well be the highest accolade Slashdot can grant, the super-rare +5 Troll. Good luck, and may the Force be with you :)

Sorry to be rude (4, Insightful)

FidelCatsro (861135) | more than 8 years ago | (#14201525)

But first you install stealthy and quite possibly illegal software with one hand , and on the other you install DRM with a Security hole that hardly anyone will patch because they will likely not hear about it.
Way to go Sony , you truly are a bunch of arse-holes .
Well at least if this gets major press coverage it may cause an even large headache to ever encroaching wave DRM

Did you catch the best part? (3, Interesting)

rbochan (827946) | more than 8 years ago | (#14201853)

According to this report [com.com] at CNET,
"Sony said it will notify customers though a banner advertisement directly in the SunnComm software"

So now you get banner ads with your audio cd+DRM.
Nice.

Re:Did you catch the best part? (1)

tutori (821667) | more than 8 years ago | (#14202042)

Punch the monkey to waive your right to sue?

Effective DRM (5, Funny)

faqmaster (172770) | more than 8 years ago | (#14201527)

Root kits, Serial Copy Management, Macrovision, Content Protection for Prerecorded Media, Advanced Access Content System, blah, blah, blah. The most effective DRM is for the lables to continue to put out crappy music. Eventually we'll all find something better to listen to.

In Soviet Russia... (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14201535)

... DRM discloses YOU !

the paranoid ac (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14201544)

"The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC. The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix."

 
I've never understood how any userland bullshit software could manage the complexities of opening up a hole *on accident*. Call me paranoid, but, when shit like this gets 'found', they call it being 'found' because someone put it there.

Re:the paranoid ac (4, Informative)

ergo98 (9391) | more than 8 years ago | (#14201674)

I've never understood how any userland bullshit software could manage the complexities of opening up a hole *on accident*. Call me paranoid, but, when shit like this gets 'found', they call it being 'found' because someone put it there.

To install the software originally the user had to be an administrator (a lot of software requires admin rights because most of the system won't allow a basic user to install system-wide software. e.g. It could add files in your user directory and the like, but not in Program Files). From then on the software is running as System, operating as a part of the system (which is why it's called a root kit).

My guess is that the folder where the software is stored has the ACLs set to Everyone with Full Control, or something similar. Because this root kit is run as System when the system boots up, a simple user exploit could circumvent user isolation by overwriting some of the rootkit files, and on next boot it'll be running as System, with full local permissions.

Re:the paranoid ac (1)

SilverspurG (844751) | more than 8 years ago | (#14201830)

You're probably right. It's the parent poster's point that any programmer should know to not do that and, if they did, it was probably done on purpose.

Re:the paranoid ac (2, Interesting)

jc42 (318812) | more than 8 years ago | (#14201762)

Call me paranoid, but, when shit like this gets 'found', they call it being 'found' because someone put it there.

Hey, Paranoid, you're not paranoid enough.

I keep noticing the same misuse of the passive voice to avoid saying who's to blame. As a programmer, it's perfectly obvious to me that no computer ever installs software by accident. It takes some significant software to install something like this, and (as the Intelligent Design folks like to point out), this software doesn't get there by random flipping of bits from alpha-particle impacts. Someone spent a lot of time writing the software that does the installing, and they knew what they were doing when they wrote it.

Something else I noticed: Before seeing this article on slashdot, I'd just been reading the coverage of the story on news.google.com, and I was a bit bemused by the fact that I couldn't find mention of the kinds of computers that were vulnerable to this exploit. Now, call me paranoid too, but I'll make the wild surmise that they were running Microsoft Windows.

Anyone know? Is this one infecting OSX, linux and Solaris boxes? Or maybe PalmOS or Symbian smartphones?

Inquiring minds want to know ...

Revised titles for Sony Rootkit CDs (5, Funny)

digitaldc (879047) | more than 8 years ago | (#14201551)

Since they are redoing the CDs, maybe they can change the names too?

Alicia Keys - Unplugged, but still Infected
Amici - Forever Defined as Dishonest
Britney Spears - Hitme, but Don't RipMe
Cassidy - I'm A Hustla in Your PC
David Gray - Life In Slow Motion Since your PC has a Rootkit
Faithless - Forever Faithless Sony
Imogen Heap - Speak For Yourself, I Love Rootkits
Leo Kottke/Mike Gordon - Sixty Six Steps to Uninstall the Rootkit
Raheem Devaughn - The Hate Experience
Santana - All That I Am Allowed to Copy
Stellastarr* - Harmonies for the Haunted PC
Various - So Annoying: An All Star Tribute To Rootkits
Wakefield - Which Side Are You On? Sony or the Public?
YoungBloodZ - Everybody Know Me, Nobody Copy Me

You know... (1)

Pac (9516) | more than 8 years ago | (#14201611)

I understand it is supposed to be a joke, but I can't help being amazed by the fact that I can recognize exactly two artists from your list, Britney and Santana. And the former just because she's a famous TV/news celebrity, I have never really listened to anything from her, except the occasional unnoteworthy clip. I own some songs/cds from Santana.

Maybe I should spend some time listening to some top-40 radios. But then again, maybe not.

Re:You know... (2, Interesting)

Renegade Lisp (315687) | more than 8 years ago | (#14201657)

Maybe I should spend some time listening to some top-40 radios. But then again, maybe not.

You might wanna check out last.fm [last.fm] instead. Not exactly to get more top-40-ish in your musical taste, but to find all sorts of cool music you would never come across otherwise. Just type the names of those bands you don't know into their interface, and listen to some preview tracks. Or let them analyze your listening habits and suggest music to you. They even give you your own personalized radio station.

No, I'm not affiliated with them, just an amazed user for a couple of weeks now.

Re:You know... (0)

Anonymous Coward | more than 8 years ago | (#14201699)

Pandora [pandora.com] kicks ass too.

Re:You know... (1)

imadork (226897) | more than 8 years ago | (#14201749)

I can only assume, due to your 4-digit ID, that you are like me, and have a 2-digit Age whose first digit is "3" or higher. We're just getting old, that's all. Top-40 radio is not aimed at us. We'll just stick to the "Best of 60's, 70's, and 80's" stations and wonder why the new acts can't all sound like Lionel Richie or Billy Ocean.

Here's another (2, Funny)

Yolegoman (762615) | more than 8 years ago | (#14201614)

Switchfoot - Nothing is Sony

Re:Revised titles for Sony Rootkit CDs (0)

Anonymous Coward | more than 8 years ago | (#14201798)

Why just change the names? They should go all the way and get some decent musicians to write some decent music, imagine that!

I wonder.. (5, Interesting)

LilWolf (847434) | more than 8 years ago | (#14201556)

..did they also fix that little issue where the DRM installs itself even if the user doesn't accept the EULA?

No more money for Sony (4, Insightful)

pedestrian crossing (802349) | more than 8 years ago | (#14201557)

Great, now not only do I have to make sure all my users' applications are patched, but I have to track patches on every frigging DRM implementation out there as well.

Well, payback is a bitch.

I have already steered a friend away from a Sony stereo to another brand, making it clear that Sony is not a good "citizen" and they would do well to stay clear of any Sony products.

Yes, I am only one puny person, but I've already cost them a couple of hundred bucks, and will continue do so at every opportunity.

Re:No more money for Sony (1)

pregister (443318) | more than 8 years ago | (#14201831)

The great irony about the whole DRM and Sony thing is that I am now not just a casual downloader but I actively seek out copied (and safe) versions of spyware/DRM-enabled media. I usually buy my music, support the artists, blah blah blah...but no more.

Since they've decided to surreptitiously install system-crippling crap on my computer, I've decided they are the enemy. I'll download anything they distribute. Neener neener neener! Smooch my fine red tomato, Sony! Hahaahaha!

Now if 95% of the stuff they release didn't suck , this would actually be enjoyable.

-p

Re:No more money for Sony (1)

samureiser (903923) | more than 8 years ago | (#14201940)

As a tech guy, I take every advantage to mention this problem. If they ask me how work has gone, I tell them that I had to fix a computer today that broke because of Sony. If they are a user and I'm clearing out viruses and they ask me what this "rootkit" is that the AV software found, I use Sony's DRM as an example.

Sure, we're only two people on /. but if everybody here dropped their 2 cents about Sony whenever opportunities present themselves (and did so, mind you, in language end users can understand), this could become very effective.

Anybody here do tech support for a major news outlet?

Re:No more money for Sony (1)

Jaysyn (203771) | more than 8 years ago | (#14202099)

I recently got a Co-Worker to return a Sony Network Walkman, but it was before the DRM fiasco. I do have everyone in the office avoiding Sony CDs now however.

Jaysyn

Buy it, then... (1)

NoxNoctis (936876) | more than 8 years ago | (#14201605)

Go download the MP3's.

Re:Buy it, then... (0)

Anonymous Coward | more than 8 years ago | (#14201743)

So, you're advocating:

1) Buy CD
2) Download mp3s by torrent
3) Get prosecuted for copyright violations
4) ???
5) Profit (someone else's at your expense)

Obviously, IANAL but if you download MP3s of a vinyl record or tape that you own there's a copyright violation. Won't this apply to CDs too? (I don't agree with this but other than offering fair use as an excuse anyone qualified to comment like to confirm either way)

Re:Buy it, then... (1)

NoxNoctis (936876) | more than 8 years ago | (#14201881)

The problem is this, the music industry sees P2P as being detrimental to their wallet size by nature. If I go out and buy a CD, I'm either going to rip each and every track of sound to my desktop as cute little MP3's, or go download a torrent of the tracks and the cover art. How that is a copyright violation is beyond me. I padded their wallets, gave the band their $0.50, and got the music I wanted. I really hate to say it, but fair use is my best friend.

Onion article (3, Insightful)

BushCheney08 (917605) | more than 8 years ago | (#14201638)

Neat - they're gonna sue people for *talking*!!! (1)

bjanz (573487) | more than 8 years ago | (#14201747)

Wow -- I can see it now: people sitting around at Starbuck's all wearing black cardboard rectangles across their eyes so the security cameras can't tell who they are while they talk about the latest music releases! SHEESH!!! I guess the answer is to NOT tell anyone about ANYTHING a major label does anymore, and stick to indie labels instead (better music anyhow). The majors haven't figured it out yet: vertical marketing only works for a little while. If all you sell is rap, hip-hop, and Britney Spears - without developing *new* talent and taking risks - you'll suffer the same fate as Columbia and WB: you'll either get bought or collapse. Best 2 new groups I've heard lately were Reverend Glasseye's "Our Lady of the Broken Spine" and Snake River Conspiracy's "Sonic Jihad", both on indie labels. Haven't bought a major label album in... shit... months... \burt

Now lets see (4, Insightful)

Ilex (261136) | more than 8 years ago | (#14201669)

I could drive into town and spend £12/$12 on a DRM'd malware infected CD which may or may not play in my cars CD player / Ipod

Or

Sit here and rip the whole thing off the net for free and burn it to CD and copy it to my IPod.
<sarcasm>
Yeah DRM is a great way to stop piracy.
</sarcasm>
Maybe they should try offering value for money instead.

The only real fix ... (3, Insightful)

WidescreenFreak (830043) | more than 8 years ago | (#14201675)

Sony is really setting DRM and copy-protection back by several years. And with each annoucement, they are making more and more people dislike DRM. That's not a bad thing, I suppose, but they're making it painfully obvious that the only fix for this is the complete removal of the software for people's systems with instructions on how to prevent the software from being loaded again in the future. (Sadly, a huge number of people don't know about the Shift key as an autorun disabler.)

Frankly, I want to see a major mea culpa from Sony on just about every TV and radio station that targets the audience from all of those DRMed audio CDs complete with previous said instructions and a promise (that will be kept) that such DRM techniques will never be used in the future.

Considering that even artists themselves are starting to fight back against DRM stating that it does nothing but hurt the fans, which is true, it's about time for the heads of these companies to realize that Sony has crossed the line and that DRM for audio CDs is not only useless but can have dire consequences. I'm not going to use that silly "information wants to be free" dogma that is used too often on /. but it's become clear that negative reactions like DRM are not what keep CD sales going.

Maybe they should - gasp! - try adding value that the customer wants and cannot get over the Internet through downloading rather than trying to add chains to a product that we want to legally buy. For example:
* Buy the CD and get the concert DVD for 1/2 price
* Buy the CD and get a discount on concert tickets and merchandise
* Buy the CD and accumulate points that can be redeemed for other items

Tactics like these, where items that cannot be downloaded are offered as incentive, is a much better alternative to increase sales than pissing off the customer base by nefarious methods such as DRM. This is particularly true because DRM can be defeated by one simple method: CD line out --> PC line in.

In short, make it worth my while to buy the CD and not download it. DRM, particularly the kind that Sony implemented, does the opposite.

Re:The only real fix ... (1)

Tran (721196) | more than 8 years ago | (#14201836)

The problem is not limited to CDs and PCs. Apparently Sony's philosophy on DRM is prevasive throughout their product line. Maximum PC reports that Sony is actively patching their PSP via games to prevent 3rd party hacks. You want that shiny new game, well, the newest frimnware gets downloaded into your PSP and is required to run the new game. I had once thought that I may buy a PSP despite the debacle on the music side, thinking it was a music side issue/philosophy only. Not anymore.

Re:The only real fix ... (0)

Anonymous Coward | more than 8 years ago | (#14201873)

CD out to Line in is not defeating DRM, it is making an analog recording instead a digital copy.

Re:The only real fix ... (1)

Secrity (742221) | more than 8 years ago | (#14201918)

I would settle for true Compact Disks that contain good music and have imaginative covers and liners.

Re:The only real fix ... (1)

WidescreenFreak (830043) | more than 8 years ago | (#14201956)

Hey, let's not make TOO many demands of the current music industry. We want a resolution that's as least possible. Good music? Creative covers and liner notes? On the same CD? In the era a cookie-cutter, pop music? Good luck. ;)

Re:The only real fix ... (1)

Secrity (742221) | more than 8 years ago | (#14202029)

Mea culpa, mea culpa ;)

Re:The only real fix ... (1)

itscolduphere (933449) | more than 8 years ago | (#14202097)

Maybe they should - gasp! - try adding value that the customer wants and cannot get over the Internet through downloading rather than trying to add chains to a product that we want to legally buy. For example:
* Buy the CD and get the concert DVD for 1/2 price
...
...


Already starting to see things like this. For instance, one of Dashboard Confessional's albums comes with their MTV2 Album Covers performance on DVD. I've seen several concert DVDs lately which also include DVDs of at least portions of the concert (OAR, Big Bad Voodoo Daddy are two that are sitting on my shelf). Rob Zombie's Past, Present, Future CD (AKA greatest hits) came with a DVD of, if not all, at least most of his music videos.

Granted, once these things are mass-produced on DVD you can't assume they aren't available for download for free (someone will rip them), but I do see it as a value-add that makes the CD worth buying. IIRC none of these CD's were any more expensive than a normal CD with nothing additional included.

iSecPartners (2, Informative)

under_score (65824) | more than 8 years ago | (#14201686)

FWIW, I have known one of the founding partners at iSec, Jesse Burns, since high school. He's a very very smart guy with almost instinctual understanding of security issues and problems. This is a shameless plug for my friend's company: they're great and you'd do well to hire them if you want a good security audit or training done.

Gross misconduct (0, Troll)

ilovegeorgebush (923173) | more than 8 years ago | (#14201691)

"The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix"

In my opinion, this is a severe mistake. With all the publicity that this attrocious farse that is the rootkit, was getting, they ran the risk of knowing about a security hole, not letting people know, and allowing millions of users to be vulnerable because of their big bro mentality.
Its shocking.

Re:Gross misconduct (1)

corellon13 (922091) | more than 8 years ago | (#14202037)

Actually, I think that this is one of the rare moments they were trying to look out for their users. Announcing the exploit without a fix would result in letting every 13+ old kid with a computer and no life go ahead and see how many computers you can hack while you can.

I mean, I assume this happens all the time with lots of software. I find it hard to believe that M$ and other software companies don't know about many of the vulnerabilities well before the public is alerted. I would love to hear from anybody with personal experience regarding known vulnerabilities and the timing around notifying the public, and providing a fix.

iSec Partners are all ex-@stake (1)

QuantGuy (654249) | more than 8 years ago | (#14201696)

They left @stake en masse when the company was acquired by Symantec in 2004, and in so doing decimated the San Francisco office. Every one of the folks at iSec is absolutely top-notch. And no, I'm not astroturfing...

Funny but I feel safer with "disreputable" sources (4, Interesting)

guidryp (702488) | more than 8 years ago | (#14201714)

Corporations are sometimes their own worse enemy. It has gotten to the point that I feel safer downloading my music from complete strangers on the internet than buying it in a store.

The other farce in this fiasco is that these methods of protection are so easy to defeat that "anyone" who actually uploads music would not be slowed down for even a second.

So we have an extreme example of a rights denial system that penalizes in the extreme the clueless who never were going to upload anyway, and does nothing, not one iota, to stop uploaders.

Earth to idiots at corp HQ. Sony will feel the pain for years to come on this one. If I were an artist, I would be looking for a "no DRM" clause in my contracts when dealing with these morons.

EFF (5, Funny)

Kev_Stewart (737140) | more than 8 years ago | (#14201730)

Never underestimate the awesome power of pale vegetarian lawyers.

Sony Software (4, Interesting)

Ankou (261125) | more than 8 years ago | (#14201735)

This may be a little off topic, but with this whole Sony root kit thing has anyone checked their Sony software lines for the same exploits? I had been an avid user of Sony Vegas software since they bought out Sonic Foundry, but now I am scared to install it again. There goes about 400 dollars just cuase I lost trust for Sony. It was great software much faster and more stable than Premier Pro, probably becuase Sony didn't write it. It makes you wonder what else they have corrupted in their control game.

Re:Sony Software (1)

SilverspurG (844751) | more than 8 years ago | (#14201965)

If you have the time and expertise you can install it within a virtual machine or WINE and monitor network traffic from the host environment. I wouldn't write that $400 off so quickly.

Re:Sony Software (2, Insightful)

Ankou (261125) | more than 8 years ago | (#14202033)

Good call, that may work for network trasmisions, but there are other possible scenarios to take into consideration. For instance, how do I know if when I create a training video and burn it with their software, I dont propagate their root kit on that CD/DVD. The software does come with all kinds of protection options, so it isn't crazy to think of that kind of scenario. You are right 400 dollars isn't something to write off so fast. Imagine though being sued later by a client who's computer got infected with one of those videos. This is all hypothetical, just something to consider.

Favorite example of Sony DRM-infected CD: (0)

Anonymous Coward | more than 8 years ago | (#14201786)

Our Lady Peace: Healthy In Paranoid Times

50 Titles, not 27 (1)

saskboy (600063) | more than 8 years ago | (#14201788)

27 + 23 Canadian discs [some same artist] = 50 affected titles. You can figure out how many unique artists will be pissed off at Sony for this latest blunder...

http://www.sonybmg.com/mediamax/titles.html [sonybmg.com]

Wake up Artists (2, Informative)

4Dmonkey (936872) | more than 8 years ago | (#14201808)

Someone should go and tell the artists that they dont need these greedy evil middlemen to sell their music nowadays. They can simply create their own portals.
That should solve a lot of problems.

The patch is flawed (2, Insightful)

Ch*mp (863455) | more than 8 years ago | (#14201858)

The patch prevents you from 'innocultating' your PC against the risk of future 'infection'.

The gist of this press release is that I now have to keep a list of all the titles that might be affected just in case I, or anyone in my family decides to buy a MediaMax protected CD (or are given one as a gift) - Yes you can still buy a flawed CD. Even if Sony issues a recall on ALL affected CDs that does not give me 100% protection from this mess.

I now have to keep monitoring my PC forever more in case someone obtains an 'original' CD with the flawed DRM.

How exactly is this announcement and patch supposed to help me?

- All they've done is made my home admin tasks more complicated by heaping another problem onto me and they haven't given me an adequate solution.

Re:The patch is flawed (0)

Anonymous Coward | more than 8 years ago | (#14202049)

Don't run as administrator and you can't get it. Do you log into your linux box as root all the time?

Doubly Screwed (4, Insightful)

Anonymous Coward | more than 8 years ago | (#14201887)

The most interesting part about the whole Sony BMG rootkit fiasco, and now this, is that it seems as if Sony is doubly screwed from now on, because whenever they put out a new product, it's going to be hacked from all sides, to find little holes like this. I'm sure there are plenty of other products out there that behave similarly or have holes in them, that are from other companies, and aren't getting exposed because they didn't piss off the internet community.

It's this kind of backlash now that is bustin Sony, because anything they put out from now on better be bullet-proof, or else it will wind up being counterproductive

Big List of DRM CDs? (1)

Milican (58140) | more than 8 years ago | (#14201892)

Does anyone know if there is a website out there that has a list of all the DRMed CDs put out by Sony and others? I looked on Google, but didn't find anything...

I would like to know so that I can make sure my dollars don't go to DRMed CDs.

JOhn

Not far enough (2, Funny)

Havenwar (867124) | more than 8 years ago | (#14201968)

Until they make a patch for the crappy music on most of those CD's, I'm not purchasing. Oh, and while they're at it, make a patch for their distribution, since it seems something is faulty with their current method of forcing me to walk to the store and buying the physical disc... when I don't even have a regular cd-audio player.

Of course this is a needed step for the "average joe" out there that didn't even know he got a malicious rootkit for free when playing a cd on his pc, but then again, does this average joe even know there is a patch out?

as for the rest of us... too little, too late.
they have to start with digital distribution without drm, or they will fail.

DRM (3, Funny)

Kaenneth (82978) | more than 8 years ago | (#14202055)

Some people say 'Digital Rights Managment' is good for the consumer.

Some doctors used to recommend cigarettes.

sony logo (0)

Anonymous Coward | more than 8 years ago | (#14202133)

Am I the only one who was freaked out that they had put a picture of the sony logo in place of the word sony, until reading the next line and realising that what I was seeing was the badly thought through section logo.

Apple/iTunes - "the Safe way to buy music" (1)

quokkapox (847798) | more than 8 years ago | (#14202153)

Apple could really capitalize on this whole Sony Rootkit DRM fiasco by advertising iTunes as the only "safe" way to get your music - they REALLY could clean up by finding a way to enable users to buy the entire album all at once instead of individual songs, for the same price as the typical retail physical CD.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?