Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony's SunnComm DRM Patch a Security Risk

Zonk posted more than 8 years ago | from the spears-cds-bring-one-of-the-horsemen dept.

Music 218

Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."

cancel ×

218 comments

Sorry! There are no comments related to the filter you selected.

Eat me, Sony. (5, Insightful)

grub (11606) | more than 8 years ago | (#14219301)


Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.

The publishers are just middlemen (middle-management?) scrambling to keep their distribution means relevant: cut them out like a cancer.

a) Freely download
b) Buy what you like (second hand if possible)
c) Pay to see the artists live

Re:Eat me, Sony. (-1)

Anonymous Coward | more than 8 years ago | (#14219364)

second post !

Re:Eat me, Sony. (1)

k4_pacific (736911) | more than 8 years ago | (#14219615)

Wasn't there a Seinfeld episode to this effect? I don't remember the exact quote, but...

Jerry: George, you can't take that, it's stealing!

George: These big companies, they just write it off anyways.

Jerry: Write it off? Do you even know what that means?

George: Yeah, uh, er, no.

YOU FAIL IT (1)

repruhsent (672799) | more than 8 years ago | (#14219640)

Jerry asked Kramer if he knew what writing things off was. George wasn't even in the conversation.

Re:Eat me, Sony. (4, Funny)

amliebsch (724858) | more than 8 years ago | (#14219729)

No, no, no, it was Jerry and Kramer.
* Kramer: "Its a write off for them!"
o Jerry: "How is it a write off?"
* Kramer: "They just write it off. Jerry, these big companies, they write off everything."
o Jerry: "(pause) You don't even know what a write off /is/."
* Kramer: "Do You?"
o Jerry: "No, I Don't."
* Kramer: "But /they/ do..and /they're/ the ones writing it off."

Re:Eat me, Sony. (0)

Anonymous Coward | more than 8 years ago | (#14219995)

You have violated copyright law by publishing the text of a comedy. We must punish you... Now - go to my room!

The Biggest Security Risk: +1, Informative (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14219623)


is Al-Qaeda [whitehouse.org] .

Patriotically as always,
K. Trout, M.D.

Re:Eat me, Sony. (4, Interesting)

Shakrai (717556) | more than 8 years ago | (#14219807)

Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.

As much as I hate Sony you don't think they are absorbing the cost as well? Just because they get to "write it off" doesn't mean they magically get the money back. A write off or a charge off is just an accounting term. They will probably get to report that write off when they file their income taxes -- it will reduce the amount of taxable income they had -- but they still have to absorb the cost.

You or I can do the same thing with some expenses. You can reduce your taxable income by reporting expenses for medical care, uninsured losses, crime losses or bad debt (you loan me money and I default). Whether or not this makes sense for you (vs just taking the standard deduction) is something that only you or your accountant could figure out.

Re:Eat me, Sony. (1)

Jeff DeMaagd (2015) | more than 8 years ago | (#14219952)

a) Freely download

Yeah, and but don't then turn around and complain if a company infringes on the GPL. I think that would be called hypocrisy.

b) Buy what you like (second hand if possible)

I already buy almost all of my music second hand.

c) Pay to see the artists live

That's usually stupidly expensive, I think most of the money probably goes to the property owners anyway.

OK. (1)

citizenklaw (767566) | more than 8 years ago | (#14219320)

Foot: Meet Mouth. Mouth, meet Foot. Is it just me, or is Sony *purposely* dragging its feet on this issue??

Re:OK. (1)

bhtooefr (649901) | more than 8 years ago | (#14219632)

I almost wonder whether this is Sony's attempt to go "Hah!" at the RIAA, by making DRM that sucks so badly that the populace actually knows what DRM is, and doesn't want it.

However, that's pretty unlikely, seeing as Sony's one of the Big Five that screws over the public ANYWAY...

Virii, worms and DRM ... (2, Insightful)

VitaminB52 (550802) | more than 8 years ago | (#14219325)

are the digital infections AV software should protect your PC against.

Re:Virii, worms and DRM ... (1)

dr_dank (472072) | more than 8 years ago | (#14219566)

Were Norton AV and the other anti-virus suites silent as Sony's rootkit ran wild on peoples systems? If so, their software would be in the garbage immediately if this were on one of my boxes.

Re:Virii, worms and DRM ... (1)

walt-sjc (145127) | more than 8 years ago | (#14219781)

Most AV software won't protect against spyware either. That's generally a separate product. The sony code is definately malware, but it isn't considered by the AV companies to be a virus.

Considering sony's stance, IMHO the AV companies should change their position, and their customers should demand it.

Re:Virii, worms and DRM ... (1)

VitaminB52 (550802) | more than 8 years ago | (#14220041)

Were Norton AV and the other anti-virus suites silent as Sony's rootkit ran wild on peoples systems? If so, their software would be in the garbage immediately if this were on one of my boxes.

<PRAGMATIC>

I wouldn't do that; IMHO an incomplete protection against digital malware is better than no protection at all.
</PRAGMATIC>

2nd POST!!! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14219328)

OMFGBBQ!!!! I WINZORSA

Phew! (5, Funny)

Anonymous Coward | more than 8 years ago | (#14219330)

Phew, after seeing the list of artists all I can say is if these are the artists who'll be affected I'll be secure for years to come!

Re:Phew! (1)

conteXXt (249905) | more than 8 years ago | (#14219453)

funny that. My very first reaction was also "Phew"

Judging by my recent cd purchases, I'll be safe evermore.

Re:Phew! (1)

HTH NE1 (675604) | more than 8 years ago | (#14219940)

Going by my recent CD purchases, I don't need to check the list.

Re:Phew! (1)

BrokenHalo (565198) | more than 8 years ago | (#14220056)

Judging by my recent cd purchases, I'll be safe evermore.

Same here. Out of curiosity, I had a bit of a prowl through my large-ish CD collection the other day, and I found only one with a Sony label after I had got about 20% of the way through, at which point I stopped.

Incidentally, that CD (John Williams: The Seville Concert) is one I was given by a relative, and I don't like it very much, so maybe it doesn't count anyway...

Re:Phew! (1)

Iriel (810009) | more than 8 years ago | (#14219516)

I get the joke behind the parent post, but I can actually say it with a pretty high level of seriousness.

About the most 'pop' artist I've bought a CD from was Nickelback, but they've been a disappointment since 'The Long Road' so I feel pretty safe on the CD front. Just looking at the kind of music-based podcasts I listen to will show you that most of the artists I listen to are self-sufficient. As for the few mainstream songs I do get these days, I'll pony up the dollar for a download on iTunes considering I listen to all of this on my iPod at work more than anywhere else.

Re:Phew! (0)

Anonymous Coward | more than 8 years ago | (#14220057)

Not to sound like a music snob, but BRMC and Faithless are hardly 'pop' or mainstream. These are artists that are fairly obscure; which means it's not just the big selling folks that are affected (infected?).

Which is why I use iTunes and Hymn.

Stupid should NOT recall the affected CDs (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14219335)

Anybody who listens to Britney Spears deserves the rootkit.

Nice (5, Interesting)

ruiner13 (527499) | more than 8 years ago | (#14219340)

I wonder how this will play out if a minor buys one of the broken CDs, puts it in their parents computer and it gets taken over. As (at least in the US) minors cannot agree to contracts, I'm thinking the EULA cannot legally be agreed to by them. Since their EULA installs the rootkit on yes or no answers, this turns out to be illegal on so many levels. So much for buying Sony ever again, they make decent TVs, it is a shame that one of their divisions has to make such a bad image for the whole company.

Re:Nice (4, Interesting)

fdiskne1 (219834) | more than 8 years ago | (#14219424)

This particular bug gets installed even if you decline the EULA [freedom-to-tinker.com] . Sony and Sunncomm, what a wonderful combination. Remember, this is the same company that tried suing someone [theregister.co.uk] for putting on their web site "Hold the shift key down while inserting a copy protected CD to prevent the DRM software from being installed."

Just shaking my head at their idiocy and getting ready to watch the fireworks, assuming anything actually happens because of this mess.

Re:Nice (1)

xtracto (837672) | more than 8 years ago | (#14219531)

just a quesiton, do you know what happened to the princeton guy? was he sued? do you have any other references with stories follow up?

Re:Nice (2, Informative)

cortana (588495) | more than 8 years ago | (#14219794)

Holding down the Shift key stopped AutoRun and prevented the software from being installed. Halderman wrote about the software, and the "infamous Shift key attack," in an academic paper and posted it online. Within 24 hours, SunnComm was threatening a $10 million lawsuit, and vowing to refer Halderman to authorities for allegedly committing a felony under the controversial Digital Millennium Copyright Act, or DMCA.

By the next day, the company had backed down in the face of public outrage. Looking back, Halderman says, "The whole experience was a whirlwind.... The response was way bigger than (anything I'd) expected."

Source: Wired News: Music Man Cracks DRM Schemes [wired.com] , 7th December 2005.

Re:Nice (1)

Ooblek (544753) | more than 8 years ago | (#14219490)

Can anyone tell me how to find this DRM stuff on my CDs? All I can see is a bunch of .mp3 files....does this mean I've been infected?

Re:Nice (1)

Kjella (173770) | more than 8 years ago | (#14219507)

I don't think that matters. A porn site doesn't get convicted if a minor got in by using daddy's credit card. They have in "good faith" believed that an adult has agreed to the EULA. What should bite their ass is secretly installing software even if you decline. That alone should be a lesser crime. Installing system-level patches to change the way the system works should be a felony hacking charge. That is what any other hacker would get if he secretly installed a rootkit with his apparently legitimate software.

Re:Nice (0)

Anonymous Coward | more than 8 years ago | (#14220049)

Just remember... all this bad publicity for Sony is being exploited by Intel/Microsoft/Sun and Apple. Intel just made it's big announcement about Le Grande, the Trusted Computing chipset... and spun it as a way to stop things like this happening. This, of course, is a total lie.

The music gene pool is self correcting (5, Funny)

lohphat (521572) | more than 8 years ago | (#14219343)

Given the titles affected, consumers had it coming.

Re:The music gene pool is self correcting (1)

autocracy (192714) | more than 8 years ago | (#14219459)

What the hell is wrong with Faithless?

I'm rather suprised Faithless is signed to Sony, but *shrug.*

PS -- God is a DJ :)

I can't get no sleep (0)

Anonymous Coward | more than 8 years ago | (#14219790)

I've been trying to uninstall all these Sony rootkits and security holes!

$sys$fnord

Re:The music gene pool is self correcting (1, Informative)

Anonymous Coward | more than 8 years ago | (#14219483)

Except for BRMC - excellent rock & roll - damned shame they're with Sony.

Re:The music gene pool is self correcting (2, Insightful)

91degrees (207121) | more than 8 years ago | (#14219630)

Indeed. If only the rest of the world could have perfect taste.

Re:The music gene pool is self correcting (1)

boingo82 (932244) | more than 8 years ago | (#14219797)

What's interesting to me is that Sony is only claiming about 20 CDs were affected, but I personally have purchased at least one that contains SunComm MediaMax, yet is not on their list. (Foo Fighters) I have seen other lists online showing over 50 affected CDs. The Foo Fighters alone released 4 titles that Sony put Media Max on. Anyone else notice how Sony only claims the shittiest, lowest-selling titles have the software at first? The first discs that admittedly had XCP were Celine Dion and a bunch of other crap that's most popular with people who are computer-illiterate. They're avoiding mentioning the infection of the discs that sold the most, especially those sold to people who actually understand the word "rootkit".

nth Post! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14219345)

I got the nth post!

Oh goodness! More to investigate and recall. (4, Informative)

saskboy (600063) | more than 8 years ago | (#14219353)

I even went to the bother of giving the EFF, Sony, and "independent 3rd pary verification" the benefit of the doubt that they wouldn't frick things up AGAIN after their XCP DRM patch hole. Now I have to update my blog to say the MediaMax patch is hosed.

http://www.independentbands.com/cd/switchfoot/noth ingissound.html [independentbands.com]
Some interesting info was brought to my attention today by http://www.glynhotz.com/ [glynhotz.com] the lawyer in Ontario suing Sony over XCP for consumers in Canada. EMI issued a recall on a DRM infected CD, on October 6, shortly after Sony was notified of the rootkit in their XCP CDs.

Any one care to investigate this further?

http://www.boycottsony.us/ [boycottsony.us]

Oh no! Don't write about us on your blog! (1, Funny)

Anonymous Coward | more than 8 years ago | (#14219870)

As a Sony executive, I am very concerned about your decision to write about this matter on your blog. As you may or may not already know, the self-important ramblings of an individual's personal web log are the strongest force for change yet seen by man. This is even despite the fact that writing about something on the Internet barely breaks the barrier of showing concern about the subject, as it takes very little effort. Nevertheless, we are "shaking in our boots" about your blog and sincerely hope you will reconsider your decision to write about us.

Re:Oh no! Don't write about us on your blog! (1)

saskboy (600063) | more than 8 years ago | (#14219992)

Well, considering my blog was singled out by Glyn Hotz as the force that got him on the air in Saskatoon and Regina this week, broadcasting his news of a Canadian class action lawsuit to a potential 700,000 people in Saskatchewan, I'd have to say it's not completely gone unnoticed by consumers here anyway.

Not that I'm getting all self-important mind you, but you just shouldn't completely discount the possibility that a blog is backed with action behind the scenes by opening up communication between motivated individuals.

Bitten by the patch? (3, Funny)

ReformedExCon (897248) | more than 8 years ago | (#14219357)

So you could be hit once by the original flaw. Then you could be hit one more time by the flaw in the patch?

Someone should write a song about that.

Re:Bitten by the patch? (5, Funny)

Arhat (779830) | more than 8 years ago | (#14219577)

Someone should write a song about that.

Oops, I Did It Again?

Re:Bitten by the patch? (0)

Caste11an (898046) | more than 8 years ago | (#14219589)

I've heard this one:

She got the mine
But I got the shaft....

Re:Bitten by the patch? (4, Funny)

k4_pacific (736911) | more than 8 years ago | (#14219646)

You can call it:
DRMed if you do, DRMed if you don't

Re:Bitten by the patch? (1)

rhendershot (46429) | more than 8 years ago | (#14220046)

I was gonna mod, but I bet others do. Instead I wanted to say this is so DRMed funny I nearly pee'd myself!

Re:Bitten by the patch? Lyrics (2, Funny)

amcdiarmid (856796) | more than 8 years ago | (#14219687)

Hit by the flaw, Bitten by the patch.
Lyrics by me.

I got hit by the flaw, and bitten by the patch
A computer rebuild, a 'driver with a ratchet
It's hit me, it'll be hitting you
How much did you pay for that Sony Doo-Doo?

I Put a music CD in my CD-Drive
Hit "I Accept" to some DRM jive
Now I'm here, waiting for the other shoe
and to make it worse, the music sucked too

Hit by the flaw, bitten by the patch
That company just said bend-over biatch
Bitten by the patch, hit by the flaw
hold on to your hat, 'cause that ain't all

Picked it up this morning from the TV news
Sony got another system that you don't want to use
As if the first one was'nt bad enough, with your computer flubed up
They got a second system that's also bad enough

Hit by the flaw, bitten by the patch
some big CEO needs to take it up the ass

"That's enough now, I'm Tired" - Oppourtunites never knock - The Clash - version where the kid sings it.

Re:Bitten by the patch? Lyrics (2, Funny)

93,000 (150453) | more than 8 years ago | (#14219789)

. . . and to make it worse, the music sucked too

Something about that line struck me terribly funny. Bravo.

I hope you're not mad that I reprinted it without permission [slashdot.org] .

Re:Bitten by the patch? (4, Funny)

ellijacket (937537) | more than 8 years ago | (#14219828)

I bought a cd the other day
then I placed it in my cd tray
My songs started playing to my delight
Then I danced away through the night
Never suspecting the sinister plan
That was put in place by the music man

My computer began to sneer and snort
Viruses were streaming through the ports
No matter what, I could not see
The viruses were hidden from me
I never suspected the sinister plan
That was put in place by the music man

I patched the bug and felt ok
My computer would live another day
but then my box fell to it's knees
no more bits could it process for me
I never suspected the sinister plan
Now I'll never buy from the music man.

Good bye Sony. (1, Interesting)

LWATCDR (28044) | more than 8 years ago | (#14219358)

I think that Sony is going to have some MAJOR issues. This DRM stuff my not mean a lot to the average music user but it could really hurt the PS3. The 360 is already out and it isn't bad. The Revolution is actually seems to be getting more interest than the PS3 from the press now.
I for one am not going to buy any CDs from Sony anytime soon. If I do I will rip them on my Linux box and burn clean copies to use.

Re:Good bye Sony. (1)

hal2814 (725639) | more than 8 years ago | (#14219426)

It's easy to boycott a system that hasn't come out yet (or doesn't have a launch lineup or even a finalized hardware setup yet). I imagine this ill-will towards Sony won't carry over to their PS3 console. For one thing, a lot of people do not equate Sony's media content divisions with their hardware divisions. Another thing, this is happening a year before the PS3 comes out. Are people going to hold a grudge for that long? I doubt it. Memories are generally shot.

Re:Good bye Sony. (1)

rpozz (249652) | more than 8 years ago | (#14219550)

The effect on the PS3 sales will unfortunately be minimal. Not only do the vast, vast majority of people not know or understand what they have done wrong, but after a few pretty screenshots or videos of the PS3, there'll be no doubt that people will conveniently forgive Sony for this crap. Remember all the /.ers overlooking the MPAAs actions when LOTR came out?

For this to make any long-term difference whatsoever, an enormous boycott would be needed.

Re:Good bye Sony. (0)

Anonymous Coward | more than 8 years ago | (#14219883)

LOTR was filmed in New Zealand instead of the US though, so it has at least 25% forgiveness built in ;)

Sony/BMG, A Division of Al-Qaida (2, Funny)

swschrad (312009) | more than 8 years ago | (#14219363)

congratulations, oh bearded one, for your infiltration of computers in the western world. and congratulations for keeping your sizeable stock holdings in Sony and Bertlesmann secret for so long.

there is no other plausible explaination for the number of times Sony/BMG has shot itself in the nuts over copy protection that cannot do what they want it to do. it MUST be a plot against humanity by the AntiChrist. no other logic works out.

This could be a good thing: (3, Insightful)

Donniedarkness (895066) | more than 8 years ago | (#14219380)

I think that after Sony loses EVEN MORE money because of this, they may be a little conservative in the future. I still urge everyone to not buy any Sony products (I just talked my parents out of buying a $1300 Sony Camcorder, a $200 Sony car stereo system, and a Sony HDTV that has a price that I don't know). We need to show these guys that WE WILL NOT TOLERATE this sort of shit. These guys are doing whatever they can to make as much money as they can. Let's kick them where it hurts.

Re:This could be a good thing: (1)

dmcooper (899820) | more than 8 years ago | (#14219493)

Hear Hear. Turned down the Sony camcorder option myself for a Panasonic.

Re:This could be a good thing: (0)

Anonymous Coward | more than 8 years ago | (#14220018)

Dear SONY,

It's you, not me, and this just isn't working out. Music is not software, and Music CDs should not require me
downloading patches to keep myself secure from your music media discs. I left you alone in my house,
and you left the doors wide open. When I came home I found out you had installed cameras in all the rooms
of my house to monitor my activity. I can't live with someone who can't respect my privacy.

It's over between us, and I'm telling all my friends what you did.

great way to keep kids away from britney... (1)

passingNotes.com (936024) | more than 8 years ago | (#14219390)

honestly, some of the artists excluding a handful of top 40 sellers are unusual compilations from pre-90's stars (neil diamond for example) and while i genuinely hope to see sony make ammends with consumers, there has been soooo much mixed information coming from so many sources that i honestly do not believe any typical sony cd purchaser a) understands what happened or what they should do, b) understands if that if he did undertstand, he was wrong and should rethink what he did (reapply patch, etc) or c) understand that the second revision to his understanding was wrong, and so should not have downloaded to begin with (the patch) or should just get the tunes elsewhere...how can they possibly hope for a clean fix even with a recall? the cd's are in the market, on hard drives and players already and communicating this to everybody as if it's on par with a tylenol scare is a bit absurd - privacy is paramount, but this is being presented as a deathknell to sony's consumer relationship building efforts...no amount of press or instructions or expert opinions with constantly revised advisories will help, they will only confuse - there is a need for just ONE clear and definitive statement from SONY itself, ideally a full page ad in major dailies, and this in turn should list all artists/CD's effected, and should ask for readers to tell friends. you think most neil diamon fans and britney junkies are getting the slashdot rss feed? right...

Re:great way to keep kids away from britney... (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14219579)

I honestly do not believe any typical sony cd purchaser
  1. understands what happened or what they should do,
  2. understands if that if he did undertstand, he was wrong and should
  3. understand that the second revision to his understanding was wrong, and so should not have downloaded to begin with (the patch) or should just get the tunes elsewhere...

I work in an IT company. We develop software for the masses. Yet two of my colleagues did not know the term "rootkit" or have heard about the Sony goof-up. These were not office clerks or marketing people. They were 30-ish and both had developer background.

That served as a reality check for me. This case has hardly been touched by the mainstream media.

What's worse, now scores of naive users will try out rootkit detectors with no understanding of using them properly. False alarms will ensue, like claims of Firefox running 10 rootkits. Yeah, right! There will be lots of noise in the blogs, and little mention in the mainstream media. Joe Public will not be enlightened by this.

Re:great way to keep kids away from britney... (1)

CyricZ (887944) | more than 8 years ago | (#14219929)

Why do you expect the mainstream media to provide decent coverage of this? They won't publish anything negative about a company as big as Sony, especially if Sony buys advertisements from them.

The problem is not with the mainstream media failing to report on this sort of an issue, for whatever reason. The problem is that the public in general is dumb enough to only get their news from the mainstream media.

So instead of complaining about how the mainstream media isn't reporting, do something beneficial. Inform people about this issue, and suggest that they avoid all Sony products, for instance. Print up notices and post them around. Get the word out yourself, rather than relying on some large, corporate newspaper to television news proram to do it for you.

Why was the EFF involved in this? (4, Insightful)

Sanity (1431) | more than 8 years ago | (#14219403)

Why did the EFF get involved in the announcement or endorsement of this patch? The EFF is a legal organization, not a technical organisation. Now, instead of the egg landing squarely on Sony's face, where it deserves to be, the EFF is embarrassed too.

The EFF should have pointed out the vulnerabilities to Sony and left it at that, there was no need for the EFF to lend its name to Sony's fix for the problem.

Re:Why was the EFF involved in this? (3, Interesting)

openfrog (897716) | more than 8 years ago | (#14219598)

I see a good reason for the EFF to get involved. Sony was succeding in keeping the two DRM issues separate, at least on the legal and larger public side (developers are (were?) seen as a negligible entity. The Agreement for the patch was for the EFF a way to get Sony to recognise the reality of the larger problem. I don't know if the EFF knew already what would follow, but I would not be surprised. Good move EFF!

--
Think!

SONY ES UNA MIERDAD (0)

xavsec (936766) | more than 8 years ago | (#14219419)

YO TE DIGO AHORRA QUE YO ESTOY CAGAO. MI ESPANOL ES BIEN MALO, PERO POR ALGUN RASON ESTOY ESCRIBIENDO EN ESTE LENGUAJE. ALLUDA ME POR FAVOR! eerr. sorry, not sure where that came from. anyway, Sony has most likely alienated their artists, their customers, and the fanatics over at the RIAA. I don't care though, I have had explosive diarrhea all morning -- and I must say, the addition of Sony malware on my system is not making things any better.

Oh what a tangled web we weave... (3, Interesting)

digitaldc (879047) | more than 8 years ago | (#14219428)

...when Sony CDs we do receive.

Now if people can be sued for unlawful downloading, do people have the right to sue for unlawful malware?

I think I will go on over to Microsoft.com and find some information about 'Sony rootkit'
Here are my results:

Results for:
all the words: sony rootkit; category: Support & Troubleshooting; site: All of Microsoft.com;

Support & Troubleshooting

no results were found in this category.

Re:Oh what a tangled web we weave... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14219667)

Shut up, you aren't cool because you watched Darkwing Duck as a kid.

Sony is out of touch (4, Interesting)

gasmonso (929871) | more than 8 years ago | (#14219450)

They're constantly pushing for technologies that people don't want and hopefully is going to hurt Sony. First there was the memory stick, now destructive DRM and the possibility of locking down PS3 games to one device. If lawsuits don't correct this (and they most likely won't), it's up to the consumer to correct the issue with their wallet.

gasmonso http://religiousfreaks.com/ [religiousfreaks.com]

Re:Sony is out of touch (0)

Anonymous Coward | more than 8 years ago | (#14219888)

Don't forget ATRAC.

original article from Felten and Halderman (5, Informative)

edfelten (135938) | more than 8 years ago | (#14219460)

The original explanation of this, from Ed Felten and Alex Halderman, is at http://www.freedom-to-tinker.com/?p=942 [freedom-to-tinker.com]

Big surprise (5, Insightful)

mrRay720 (874710) | more than 8 years ago | (#14219463)

Did anyone really think that Sony were going to stop doing evil things? They don't see themselves as having any financial benefit from truly removing the damage they do to their consumers' computers. They have their reasons for wanting this crap of there in the first place, and a bit of bad publicity they think will blow over soon enough just isn't going to make those reasons go away.

There will be an updated patch eventually that actually does a half decent job of removing the worst of the security holes - they'll have to if they don't want a blanket removal of all their spyware from AV companies as a security measure. Not even a giant of Sony's stature can last too long being seen actively attacking and damaging all of their customers.

Then, after the news outlets have had their fill of the story, 6 months or so down the line they won't be wanting to run the same thing over again. Sony will then be free to come out with the next wave of evil but slightly less dangerous malware. That's how it goes. The next round will be a bit less dangerous, a LOT more secretive, but with the same anti-consumer schemes.

That's my opinion, anyway.

PS3 Tooooo (1, Funny)

Anonymous Coward | more than 8 years ago | (#14219508)

PS3 is rumored to be a security risk. While Xbox 360 burns your house down. PS3 sends e-mails out to burglars as to which time you are not at home and how to get in and where you hide your key!

Recall won't be so effective... (1, Funny)

FellowConspirator (882908) | more than 8 years ago | (#14219536)

The damage is most likely done to those who are susceptible.

Anyway, the patch is a non-issue for Americans who are prohibitted by law from downloading or applying it. The patch issue only effects people in countries where it is not illegal to modify/remove/circumvent DRM software. In the States the solution is much simpler: just format the disk and reinstall the OS.

Re:Recall won't be so effective... (1)

Lifewish (724999) | more than 8 years ago | (#14220017)

If I recall correctly, there's some debate about whether the formatting process itself constitutes a circumvention measure. Ah, what a wonderful world we live in.

conspiracy teory (5, Insightful)

nazsco (695026) | more than 8 years ago | (#14219555)

1. sony claims it needed the DRM crap to prevent pirates
2. sum up the recall of the cds and drm development into "loses due to pirates"
3. lots of news: "p2p makes music company loose money!"
4. ?
5. PROFIT!

Re:conspiracy teory (1)

Spy der Mann (805235) | more than 8 years ago | (#14220031)

1. Buy defective SONY CD for 2 cents.
2. Paint it and add a nice suction cup for cars
3. ???
4. Profit!! :D

This is a good thing, in the long run (2, Insightful)

Eagle5596 (575899) | more than 8 years ago | (#14219570)

In the long run all of this trouble is a good thing. Sony is galvanizing people against DRM. In the future companies may find people simply don't buy any products with DRM because they are afraid there will be security holes. All in all this is probably a good thing for consumers in the long run as it will keep DRM off of CD's.

Re:This is a good thing, in the long run (3, Insightful)

Chaffar (670874) | more than 8 years ago | (#14219655)

"In the long run all of this trouble is a good thing. Sony is galvanizing people against DRM."

I disagree. Even though in theory this should happen, I feel that anyone who understood the nature and purpose of DRM was already against it in every way. I don't think that this fiasco attracted anyone's attention except of those who are already pretty much against DRM. This isn't really a M$ Vs. Linux Vs. Mac debate, where each party has its own arguments. I think that even the people who are against piracy kinda see how pointless these types of measures are, especially those that harm the innocent (i.e. the thing about not being able to copy more than 3 times screwing over iPod users?).

Re:This is a good thing, in the long run (1)

croddy (659025) | more than 8 years ago | (#14219718)

That's rather like claiming human casualities are a good thing, in the long run, because they galvanize people against wars.

I would say that it's fortunate that Sony is being hit with so much pressure and bad publicity, but I'd have a hard time seeing how it's a good thing that Sony is distributing malicious software with the sole purpose of depriving paying customers of their fair use rights.

attempt to stop ripping (2, Funny)

johann8384 (818276) | more than 8 years ago | (#14219572)

Sony will release a statement saying the security holes were put there intentionally to discourage ripping of the cds. This would prevent them from being shared as easily.

Larry, Cruly, and Moe (-1, Offtopic)

MECC (8478) | more than 8 years ago | (#14219578)


Moe is their leader.

Re:Larry, Cruly, and Moe (1)

MyNameIsEarl (917015) | more than 8 years ago | (#14219692)

I agree with the Cruly part. :)

Illegal (3, Informative)

DeanFox (729620) | more than 8 years ago | (#14219624)


"Sony BMG said the MediaMax copy protection system, which is supposed to stop people making illegal copies of CDs, has been used on 50 titles sold in North America."

Why do the keep emphasizing, "making illegal copies" when it is not illegal? I have the right to make as many copies as I want. What I cannot do is make un-authorized copies (fair use IS authorized) or distribute those copies.

Who the f**k cares? (0)

Anonymous Coward | more than 8 years ago | (#14219626)

Ok. Look at the song titles. Do you really think that anyone buying those titles will even hear about the problem let alone understand what it means? So they shove the cd into their (parentt's) computer and blammo... music and possibly videos or nifty extras are spit out.

They don't care. They got what they want. They probably won't notice a difference. And you whining about it here on a geeky nerd site (yes I am one of those too so I can say it) will not make a whit of difference. Sony will still make money. People will still blissfully buy the music or steal it and listen to it. Computers will still be compromised and run slower and hackers everywhere will be reading those emails from gramma while laughing maniacally.

Poop on a stick. Give it up!

--Russ

Man Bites Dog (3, Interesting)

headkase (533448) | more than 8 years ago | (#14219629)

Boycott's are ineffective and Sony's proven they're too incompetent to even clean up after themselves. I'd like to see some lawyers sick themselves on Sony... Let's see a class action settlement of ~$100 for each user to get a professional to remove the security hole the software introduces. They just don't seem to understand anything but dollars so at least the lawyers would be using the right stick.

Re:Man Bites Dog (1)

tomstdenis (446163) | more than 8 years ago | (#14219849)

sony this sony that sony this that and sony that this, sony sony sony, sony who sony what sony how and sony why? ...

IGNORE THEM.

Don't protest, don't argue, don't boycott, don't fight.

Just ignore them. I couldn't name you five popular Sony labeled bands or groups. Stop thinking about it.

Are people really that compelled to buy every piece of music they come into?

Tom

Affected artists ... (1)

Throtex (708974) | more than 8 years ago | (#14219631)

Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless.

What does that have to do with a story about DRM? We already know they're affected.

Web 2.0 (0, Offtopic)

web20 (937325) | more than 8 years ago | (#14219635)

In a Web 2.0 enabled world, no one should still be buying music on CD. I always make sure to listen to music on Podcasts. With the advent of AJAX and Ruby on Rails, sites are able to leverage Web 2.0 technologies easier than ever.

Re:Web 2.0 (2, Insightful)

meringuoid (568297) | more than 8 years ago | (#14219759)

sites are able to leverage Web 2.0 technologies

Please don't use the word 'leverage' again unless you can estimate a value in newton metres. It makes you sound like a PHB.

Rephrasing into sensible English,

sites are able to use Web 2.0 technologies

Re:Web 2.0 (1)

Gleng (537516) | more than 8 years ago | (#14220029)

Now there's a paradigm with some synergy!

Article Title Should Read (0, Redundant)

Anonymous Coward | more than 8 years ago | (#14219707)

"Sony is a Security Risk"

Don't sit HERE whining, TELL THEM (1)

NVP_Radical_Dreamer (925080) | more than 8 years ago | (#14219726)

Why sit here whining about it? Tell them how you feel, I did. Im sure a couple emails wont make a differnce, but with the combined effort of the /. community they will listen. Especially when you tell them like I did, that their bottom line will suffer since you now refuse to purchase ANY of their products again. http://www.sonymusic.com/about/faq.html [sonymusic.com]

Re:Don't sit HERE whining, TELL THEM (1)

CyricZ (887944) | more than 8 years ago | (#14219958)

Sony will probably collect your name, email address and whatever other information they can obtain about you. And then they'll pass it on to the RIAA, and you'll be listed as a pirate. And to threaten Sony's bottom line! Why, that's pure terrorism!

Re:Don't sit HERE whining, TELL THEM (1)

Viol8 (599362) | more than 8 years ago | (#14219962)

Pah , you think they'll listen?? The only thing they'll listen to is the
sound of their share price falling when people stop buying.

Re:Don't sit HERE whining, TELL THEM (5, Informative)

entirety (909951) | more than 8 years ago | (#14219963)

Where is Sony Music located, and how can I get in touch?

The corporate headquarters for Sony Music Entertainment Inc. is located in New York City:

Sony Music Entertainment Inc.
550 Madison Ave
New York, NY 10022-3211
sonymusiconline@sonymusic.com

finally now i can use p2p again (3, Funny)

nazsco (695026) | more than 8 years ago | (#14219809)

and when sony sues me (thu RIAA), i just load one of those handy cds with digital-rootkit-management and claim that someone else (probably at sony) was hijacking my computer and putting all those mp3, that i've never heard about before, there.

What people need to do (1)

DrugCheese (266151) | more than 8 years ago | (#14219839)

is to start voting agaisnt companies that screw over their market like this. Don't buy Sony. I've always found Sony to be in a favorable light, but this is just one huge bad call. Unless they recall all the CDs and replace them with clean CDs they will not fix this in my eyes.

I know! (2, Funny)

Ruff_ilb (769396) | more than 8 years ago | (#14219934)

Lets fix it with a rootkit!

What's this "mere days"? (1)

Robotech_Master (14247) | more than 8 years ago | (#14219953)

It was discovered, and remarked upon, and even posted in comments to the original Slashdot article about the patch, on the same day.

Contradictory tactics against file-sharing? (1)

ilovegeorgebush (923173) | more than 8 years ago | (#14219954)

Well to me, all this excessive DRM tactics seem to be having an adverse effect on what companies like Sony are actually trying to achieve. In all honesty, what is your average file-sharing fanatic gonna think and do when they read of rootkits and vulnerabilities in CDs they might want to buy?

I'll tell you.

"Im not buying cds if they're gonna risk the integrity of my PC" and download more songs from their favourite Peer-to-peer network; that's what they'll think and do, respectively.


Law suit anyone?

Anyone have one? (1)

ruiner13 (527499) | more than 8 years ago | (#14219974)

I am actually curious if anyone has any of these infected CDs if there is anything on the CD case or the liner notes that make any mention of the possibility that software will be installed on a computer if used on a PC, or if they even have the compact disc logo anywhere on it. Can anyone confirm? P.S., I would NOT advise putting it in your computer to see if there is anything on the CD, unless of course you happen to be running some other OS besides Windows or Mac (as I think some sort of kernel mod can be installed by some of these CDs, though it it more difficult to get it installed than on windows).

What a good product might look like (4, Interesting)

Ant2 (252143) | more than 8 years ago | (#14220048)

What if you could purchase an Audio CD that:

- could play in all CD players, including PCs and car stereos?
- had an extra track with non-DRM MP3s, OGG, and WMA files?
- included cover art in JPG and PNG format?
- included the full lyrics in TXT format?
- was free from DRM and other executables?
- (oh, and actually had songs you liked)

Would you buy this? I would.

Then how do we get rid of this thing? (2, Funny)

Darthmalt (775250) | more than 8 years ago | (#14220054)

Friend of mine bought the switchfoot cd and put it in her computer. I've tried using all the so called patches and microsoft's anti spyware all of which failed to remove it. I've gotten to the point where now I can see the files but they're write protected. If I bypass the write protection and delete them will it screw up the laptop?

CURSE YOU SONY!!! and your sudden but inevitable betrayal.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>