Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony RootKit Still A Problem?

CmdrTaco posted more than 8 years ago | from the this-stuff-never-dies dept.

Sony 268

XMilkProject writes "Current research indicates that some "350,000 networks--many belonging to the military and government--contain computers affected by [Sony's rootkit]." This is down from over half a million last month. "The security researcher worked from a list of 9 million domain-name servers.. asking each to look up whether an address used by the XCP software--in this case, xcpimages.sonybmg.com--was in the systems' caches." Will Sony face future repercussions for this potentially long-term damage?"

cancel ×

268 comments

Nothing for you to see here. Please move along. (2, Funny)

JediTrainer (314273) | more than 8 years ago | (#14490893)

The first rule of the Sony Rootkit is that we do not talk about the Sony Rootkit.

The second rule of the Sony Rootkit is that we DO NOT TALK about the Sony Rootkit.

Of Course, that is Sony's Security Policy (3, Insightful)

slashbob22 (918040) | more than 8 years ago | (#14490965)

Security through Obscurity.

Re:Of Course, that is Sony's Security Policy (4, Funny)

BrynM (217883) | more than 8 years ago | (#14491153)

Security through Obscurity.
You missspelled "obsurdity". Why do people keep doing that? ;)

Re:Of Course, that is Sony's Security Policy (1)

vishbar (862440) | more than 8 years ago | (#14491376)

You missspelled "obsurdity".
So did you ;).

Re:Of Course, that is Sony's Security Policy (1, Troll)

sconeu (64226) | more than 8 years ago | (#14491406)

Maybe because it's spelled "absurdity".

Re:Of Course, that is Sony's Security Policy (1)

BrynM (217883) | more than 8 years ago | (#14491524)

Maybe because it's spelled "absurdity".
Um, that is part of the joke. "why do people..." oh, never mind :D

Re:Nothing for you to see here. Please move along. (0)

Anonymous Coward | more than 8 years ago | (#14491296)

$sys The first rule of the Sony Rootkit is that we do not talk about the Sony Rootkit.

$sys The second rule of the Sony Rootkit is that we DO NOT TALK about the Sony Rootkit.

There I fixed it for you

Re:Nothing for you to see here. Please move along. (3, Funny)

Anonymous Coward | more than 8 years ago | (#14491495)

Er no you didn't. $sys$ is what you want.

Re:Nothing for you to see here. Please move along. (1)

Nom du Keyboard (633989) | more than 8 years ago | (#14491356)

The second rule of the Sony Rootkit is that we DO NOT TALK about the Sony Rootkit.

Third rule: There is no Third Rule.

Re:Nothing for you to see here. Please move along. (1)

Teresh (911815) | more than 8 years ago | (#14491389)

The Third Rule is when in doubt, refer to rules one and two.

Re:Nothing for you to see here. Please move along. (2, Funny)

scottschor (860803) | more than 8 years ago | (#14491416)

rootkit ... I've got you, babe ... sony and share ...

Re:Nothing for you to see here. Please move along. (-1, Offtopic)

puddpunk (629383) | more than 8 years ago | (#14491513)

WHY ISNT THIS MODDED UP? :(

Safe.. (5, Funny)

seann (307009) | more than 8 years ago | (#14490898)

Because new music sucks.

Makes you wonder.... (3, Interesting)

antek9 (305362) | more than 8 years ago | (#14490986)

... what kind of person takes their Sony CDs to work in order to play them on PCs on a military network. Kinda bizarre that that's even possible.

Makes me sleep better, on the other hand, to see that there are music lovers even there.
You know how the saying goes: Where one sings you may sit down and sing along, bad people have no song. ;)

Re:Makes you wonder.... (5, Insightful)

Prophet of Nixon (842081) | more than 8 years ago | (#14491031)

Well, the scenario of taking CDs to work to play them on networked military PCs is not implausible at all; there are thousands of GS/staff employees who do that. What is implausible, at least in my experience, is those users having admin access to their machines. Was this rootkit able to install on XP under a user or power user account?

Re:Makes you wonder.... (1)

StevoJ (868524) | more than 8 years ago | (#14491130)

Doesn't seem likely. It replaced the CD-ROM drivers, which SHOULD require admin access.

Re:Makes you wonder.... (5, Interesting)

antiMStroll (664213) | more than 8 years ago | (#14491345)

What's implausible is the Sony executives responsible for distributing a hidden exploit aren't basking in the Guantanamo sun. Had this been Swedish or Thai teens you can bet your ass their faces would adorn newpapers worldwide and software giants decrying the vandalism.

exactly correct (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14491510)

The sony rootkit fiasco is an example of criminal conduct, not a civil tort matter. Why some high level Sony USA execs aren't in the slammer now is beyond me. Like you said, if some teenage scripter had done this, they would be facing 30 years or something, but because it's a large important company they are facing a few fines.

Re:Makes you wonder.... (1)

Firehed (942385) | more than 8 years ago | (#14491372)

From an effectiveness standpoint, I'd hope it would. What good does DRM do if it only works under admin accounts.

That said, most people use their computer under an admin account (at home anyways), and I certainly am NOT supporting the rootkit. But you can't expect it to be theoretically useful (theoretically being the keyword here, it's not as if it stopped anyone who wanted to pirate the music) if it only works with admin rights.

But I'm not going to go eBay a CD I don't want just to see if I can ruin my computer while logged into a standard or power user account.

Re:Makes you wonder.... (0)

Anonymous Coward | more than 8 years ago | (#14491408)

In my shop, (Programming shop for DOD finance apps) everyone has admin access to their machines. This may not be true of the mainframers across the way, or the beancounters in the dungeon. I'd wager 75% of the people in my shop haven't heard a peep about the Sony rootkit. This is a job to them, fantasy football/baseball/basketweaving and online poker occupy most of their thought, not the latest enemy of all things geek.

I'd not be the least bit suprised to find someone has a rootkit on their machine.

Re:Makes you wonder.... (5, Insightful)

Gonarat (177568) | more than 8 years ago | (#14491182)

.. what kind of person takes their Sony CDs to work in order to play them on PCs on a military network. Kinda bizarre that that's even possible.

Once upon a time, bringing in the CD would have been the safest way to listen to music. Nothing can be copied to a CD, and nothing could be brought in on a pressed CD other than music. Nothing for Military Security to be worried about. Ipods and other MP3 players could potentially be used to sneak data out.

Of course now with the DRM crap on the "CD", this is no longer true. The once friendly store bought CD is now a potential risk. Way to go Music Industry! And you wonder why sales are down in 2005 from 2004...besides crappy offerings.

They might as well change their name to (5, Funny)

Anonymous Coward | more than 8 years ago | (#14490903)

NOSY

How-to? (0, Offtopic)

Anonymous Coward | more than 8 years ago | (#14490904)

How do you restrict a DNS query to cache? Don't most DNS servers do recursive queries, looking up the address and replying if it is not in the cache?

Re:How-to? (1)

sholden (12227) | more than 8 years ago | (#14491057)

You use an iterative query.

Re:How-to? (1)

antbeats (806037) | more than 8 years ago | (#14491167)

i know microsoft released sony rootkit remover with their antispyware...ive been using it at work like a mad man...

Re:How-to? (3, Informative)

earthloop (449575) | more than 8 years ago | (#14491395)

You do a non-recursive lookup.


[root@kryten pete]# nslookup
> set norecurse
> www.xmob.co.uk
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: www.xmob.co.uk
Address: 217.77.184.55

> www.microsoft.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Non-authoritative answer:
*** Can't find www.microsoft.com: No answer
>

Get Back On Our Own - Boycott Sony (5, Interesting)

Py to the Wiz (905662) | more than 8 years ago | (#14490911)

I personally don't buy CDs so I wasn't affected but from what I've heard there are some serious problems with the "patch" Sony provided. I'm just a bit curious... Does the patch keep the rootkit permanently disabled and removed? It seems to me that if we put a deviant Sony CD back into our computer that the rootkit would just be reinstalled. Then do we have to run the patch again? This is rediculous. I've do not intend on purchasing any music that has the SONY lable on it. This to me is just plain stupid. What gives Sony the right to install deviant software on "MY" pc and then make it stealth so that I don't know it's there. As far as I'm concerned I think that's the lowest a company can go. That's stooping to the level of those bastard red headed step children Spammers/Spyware installer/Virus/worm pushing assholes.

I'm to the point now watching this rediculous attempt from Sony to attach it's controls on something that I purchase the rights to use/listen/backup and trying to enforce through deviant means. What is this rootkit supposed to do!? They just wanted to install it for the Hell Of It? Nope, it's supposed to reinforce their stupid DRM bullshit and keep me from listening to the music that I paid for. I'm to the end of my rope. I think that there needs to be a group or mutiple groups put together that should purposefully break what Sony is trying to do. I've been years out of the programming/Computer industry and thus lack the skills to do it, but I think that we should form Anti-DRM, anti-Sony groups to demolish the protection that they put on their stupid CD's. I will not from this day forward purchase anymore music from Sony until they drop their Bullshit practices. I call for a Boycot of Sony's Music. I'm not sure what one man can start, but I'll be damned if I'm going to stand around any longer and watch Sony impose itself on me! They want me to buy their shit, then they want to enforce by deviance their policy, and after all that they hijack my PC for WHo knows what! Ahhh! Time for a Revolution. I love my PS2, but am refusing to play it again until SONY stops all this Bullshit! No more video games purchased either. Damn you Sony! Leave me the Hell alone! Stay off of my Computer and my CD's! Damn you!

With that said, I feel somewhat better, but am still disturbed deep inside that they would have to stoop to that level to try and enforce their protection. Maybe they don't realize that as the sound comes out of the speakers it can be recorded with a MIC and pirated that way, or through LINE OUT. Damn them. Rant Over.

Idiot's guide to spelling (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14490956)

http://dictionary.reference.com/search?q=ridiculou s [reference.com]

Maybe you just spell it like you say it. If this is the case, please seek a speech therapy professional.

Re:Get Back On Our Own - Boycott Sony (5, Funny)

Luke PiWalker (946528) | more than 8 years ago | (#14490969)

Better yet, you could take in an old box and drop it on the front desk and go "Excuse me, you've installed a virus on my PC via a Sony CD. Will you be removing it or should I charge by the hour at £X00(add as many 0s as you likee, but 2 sounds about right) for having to remove it via a repair guy (don't say you, it seems supicious).

Demand compensation (for petrol to get there), the money to fix it and if they refuse tell them you'll take them to court for the damages (claim the box was used for something important like hosting websites and the rootkit has not passed some safety tests that all servers must pass at your company).

Aww the fun of being a sick little geek :D

Re:Get Back On Our Own - Boycott Sony (1)

ralphart (70342) | more than 8 years ago | (#14491018)

We were a Sony-less household this Christmas -- no slim Sony digital camera for my college student and no PSP for my high schooler. They were not all that pleased until I explained what a rootkit was and why it was so bad. They were still pissed, but at least understood I wasn't just being a cheapskate.

Re:Get Back On Our Own - Boycott Sony (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14491047)

"Rediculous" isn't a word.

Excellent excellent post otherwise. I don't mean to slam you or put you down, I just hope any future postings you make use the proper words. Again, no aim to slam, I'm far from a perfect poster (heh just search for anything posted by Anonymous Coward-- most is blathering idiocy)-- but spelling ridiculous, "rediculous", is silly.

Oh... Sony Sucks! That should stay on topic.

Re:Get Back On Our Own - Boycott Sony (1)

laura203 (664468) | more than 8 years ago | (#14491135)

Sony doesn't care if you don't play your PS2 - you've already paid them for it. Don't buy music or games and cancel your EQII accounts, but you're only hurting yourself if you 'boycott' by not using something already purchased.

Re:Get Back On Our Own - Boycott Sony (2, Insightful)

utexaspunk (527541) | more than 8 years ago | (#14491203)

So... you're going to boycott Sony by not playing the PS2 that you already paid for? How is that hurting Sony? Why not sell your PS2? Then you've at least possibly deprived Sony of purchase.

But then, the division that makes the PS2 is fairly disparate within the company from the one you're attempting to hurt. But then you've already admitted that you don't buy CD's, the record company couldn't really care less about you. Still- why attempt to harm the folks within the company who make a cool product for the actions of another part of the company which they have no say in?

Re:Get Back On Our Own - Boycott Sony (1)

ilyanep (823855) | more than 8 years ago | (#14491252)

Personally, we're not getting that Sony Plasma TV ($3000) nor the PSP ($100 I think?) nor the PS3 ($500) nor any other product that they make.

Enough people might do this for them to see what they've done. If not, then I'm all the better for it; no rootkits and no sucky support.

cybercriminals (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14490921)

I think that Sony should be treated like any cyber-criminal and prosecuted to the fullest extent of the law. In fact, their root kit could be considered a form of pirating. Sick the RIAA after their asses.

SONY SUCKS

Re:cybercriminals (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14491056)

I agree. And consider this: If Sony is NOT prosecuted, then we have "lowered the bar" to the point where nobody can be convicted of hacking anything. They might still prosecute hackers for theft, fraud, phising, etc. but the malicious virus writers will be off the hook. And if the civil class action suits are settled for chump change, then the bad guys could ride on that bandwagon as well. "Your honor, the precendent has been set. Sony deliberately infected millions of PCs. Our research indicates the class action settlement had a net cash value of about $1.00 per class member. Why should my client have to pay any more than Sony did?"

Sanctioned Sources!!! (-1, Flamebait)

Lord Bilbo (765419) | more than 8 years ago | (#14490934)

I guess this is from a source "sanctioned" by /.

When you submit a story linking to a non-"sanctioned" web site, it just gets rejected!!!!

Sorry to the poster of this story, but I needed to get my 2 cents in before I am expunged from the system!!!!!!!

Lord Bilbo

The quote that sums it up (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14490937)


"While the security issues related to the copy-protection software have apparently affected U.S. government and military computers, the Department of Justice will not likely get involved, said Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School.

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

Re:The quote that sums it up (1)

Silver Sloth (770927) | more than 8 years ago | (#14491189)

It may be harsh but employees working on military networks should be aware that no unauthorised software should be loaded in any form because you just don't know what payload it may carry. This is a good illustration to employees who think that 'security doesn't realy matter, anyway all I was doing was playing my latest CD'

I don't trust SONY, I don't trust anybody

Re:The quote that sums it up (1)

BigDork1001 (683341) | more than 8 years ago | (#14491413)

It may be harsh but employees working on military networks should be aware that no unauthorised software should be loaded in any form because you just don't know what payload it may carry.

Yes, we do know that we shouldn't be putting unauthorized software on the network. We go through training about it and are reminded from time to time. But it happens all the time anyway.

But then again, with this rootkit even if you clicked on disagree it would install on your computer. So Mr. Airman goes to listen to his new CD on his computer at work (which is okay) and before you know it rootkit on the computer.

I for one, welcome our new corporate overlords. (3, Funny)

Dr. Evil (3501) | more than 8 years ago | (#14491245)

The answer is clear. The U.S. must invade Japan to overthrow the government responsible for this cyber terrorism.

Re:The quote that sums it up (0)

Anonymous Coward | more than 8 years ago | (#14491339)

What a crock. If some 15 year old dork in Austria did this, they would insist that the kid be extradited and spent most of his life in prison. Major company does this, and nothing.

No, Sony needs a major bitch-slapping. If anything, I'm cutting them off at my wallet. If everyone did this, it would be similar to the death of a thousand cuts. No individual wallet will kill them, but enough will.

Re:The quote that sums it up (1)

metternich (888601) | more than 8 years ago | (#14491366)

How I long for Government of the people, by the people and for the people. Unfortunatly this hasn't been true for quite a while. [voteview.com]

Apology? (5, Interesting)

omeg (907329) | more than 8 years ago | (#14490940)

By the way, regardless of the magnitude of this problem currently, has Sony ever formally apologized for their damaging rootkit? They've said that most people "shouldn't care", or that it was their "right" to cripple people's computers, but I've not once heard them say sorry. Can anyone clarify?

Re:Apology? (1)

AviLazar (741826) | more than 8 years ago | (#14491176)

I would love for a class action suit to hit Sony regarding this. When I buy a program (i.e. world of warcraft) i know and expect to install stuff on my computer. When I buy music or movies I do not expect for anything to install. Hell when I put a movie in and the Activision (i think that is it) pops up to install itself so it can "play" the movie I just hit the cancel button. It is annoying to see it each time i stick the movie in (actually not really, it doesn't happen that often) but at least they ask me. SONYs rootkit, in all honesty, is starting to sway me to the side of piraters. By installing a program on my computer without my knowledge or permission they have violated my personal property.

I really would like a class action suit which would be for the cost of the CD + damages to computer (say $250-$500 is a fair number).

Re:Apology? (0)

Anonymous Coward | more than 8 years ago | (#14491246)

I really would like a class action suit which would be for the cost of the CD + damages to computer (say $250-$500 is a fair number).

The way class action suits work in this country, lawyers would get the bulk of the money, while consumers would get $1 and a coupon for a free Sony (with root-kit) CD of Sony's choosing.


Welcome Consumer Rights 101.

Re:Apology? (1)

hackstraw (262471) | more than 8 years ago | (#14491281)

By the way, regardless of the magnitude of this problem currently, has Sony ever formally apologized for their damaging rootkit?

I'm not big into apologies. They are worthless. Especially when the person keeps doing the same thing that they apologized for.

I require 2 things. 1) restitution or compensation for whatever you fucked me over with, and 2) assurance that the person will not do the thing again.

Sony owes people cash for screwing up people's computers and their time. They screwed up. An apology is OK. I guess some people might feel better for a while because of it, and possibly earn a little respect back. But compensation and change speaks much more loudly and means so much more than a simple "Oh, OK, I'm sorry".

Repercussions? Nah. (2, Insightful)

Alizarin Erythrosin (457981) | more than 8 years ago | (#14490943)

Will Sony face future repercussions for this potentially long-term damage?

Probably not. They're already getting off somewhat easy for the original hubub.

Re:Repercussions? Nah. (1)

Bohnanza (523456) | more than 8 years ago | (#14491147)

They're already getting off somewhat easy for the original hubub.

The penalty is less than a slap on the wrist, but is typical of the inconsequential "fines" levied against large companies these days. They can simply afford better lawyers than their opposition.

Re:Repercussions? Nah. (0, Flamebait)

gmuslera (3436) | more than 8 years ago | (#14491177)

Wonder what kind of repercussions had Microsoft because the multiples rootkits it bundled in his history (probably the latest WMF vulnerability could be called that way) and how much we can reach in the number of affected networks, but is far, far bigger than 350k, and is there since Windows 3.1, remotely explotable and without patches for most windows versions afaik.

If no problem yet for Microsoft, why should fear SONY?

Settled too soon. (4, Insightful)

gasmonso (929871) | more than 8 years ago | (#14490952)

If you look at the settlement in the New York District court it is nothing more than a slap on the wrist. Sony knowingly infected computers with what amounts to a trojan horse. In return they have to pay a little money and promise not to do it again. That's insane when you consider the witch hunts that have taken place for 16 year-old kids releasing a virus. Sony needs to pay and pay dearly for their deliberate criminal actions. The government always wants to send hackers a strong message...well then the same applies to corporations!

http://religiousfreaks.com/ [religiousfreaks.com]

Re:Settled too soon. (1)

wfberg (24378) | more than 8 years ago | (#14491046)

Well, a settlement in a civil suit, even if it is a class action, doesn't mean you won't be criminally prosecuted.

Also, I doubt the US government is included in the action's class.

Write (not e-mail) your congressman today. Make sure to sign the letter with a real pen, too (politician's like that sort of thing, reminds them of crayons).

Re:Settled too soon. (1)

Techguy666 (759128) | more than 8 years ago | (#14491200)

I would be most curious if a spyware/virus/worm starts using the Sony rootkit as a foundation. Sony actions are not be seen as a "crime" so what happens if the Sony rootkit is then automated and made self-propagating or somebody makes a harmless worm that propagates and hides in the hidden directories.

The malware coder may be tossed before the courts but I wonder if the (lack of) legal reaction to Sony's rootkit can be used as precedence? And if not, can the malware coder then drag Sony into the picture and get himself a reprieve of several decades as Sony's lawyers obfuscates things and bog down the legal process?

Sony may have gotten off lightly now, but it can still come back to haunt them as malicious coders use the company as a legal obstacle to prosecution.

You obviously didn't read the settlement (3, Informative)

TubeSteak (669689) | more than 8 years ago | (#14491244)

As part of the settlement, Sony is agreeing not to enforce two key portions of the EULA
  1. A $5 limit on damages
  2. The requirement that you must sue Sony in New York
Once the settlement is official, Sony will have opened themselves up, such that they can be sued in court anywhere in the United States.

Small claims court is the most likely venue, because you don't really need a lawyer to represent yourself and if Sony doesn't send a representative, you get a default judgement.

Collecting might be a bitch, but in this case, it definitely won't be the lawyers making all the money.

Repurcussions? No. (3, Insightful)

mindaktiviti (630001) | more than 8 years ago | (#14490955)

"Will Sony face future repercussions for this potentially long-term damage?"

No they won't because they're a huge multinational corporation who will probably layoff some employees and reward their top execs from the whole ordeal. I'm not trying to be some hippie about this, it's just the way the world works.

Good Question (-1, Redundant)

kid_wonder (21480) | more than 8 years ago | (#14490960)

Will Sony face future repercussions for this potentially long-term damage?
no

Sony's unintended consequences hurts them (5, Interesting)

digitaldc (879047) | more than 8 years ago | (#14490970)

Robert K. Merton listed [atfreeweb.com] five causes of unanticipated consequences:
(I have applied them to Sony's decision to use rootkits)

1. Ignorance (It is impossible for Sony to anticipate everything.)

2. Error (Incomplete analysis of the rootkit problem, or following habits that worked in the past but may not apply to the current situation.)

3. Immediate interest in stopping a computer from copying something, may override long-term interests of sustaining their reputation as honest and trustworthy.

4. Basic values of trusting your customers may require or prohibit certain actions like installing a rootkit, even if the long-term result might be unfavorable. (These long-term consequences may eventually cause changes in those same basic values.)

5. Installing malware on people's computers is always a self-defeating prophesy (Fear of some consequence drives people to find solutions before the problem occurs, thus the non-occurrence of the problem is unanticipated.)

Re:Sony's unintended consequences hurts them (1)

systmoadownfreak (943687) | more than 8 years ago | (#14491414)

I think that you really hit the nail on the head with numbers 3-5. The fact that they are so focussed on stopping people from copying their music leads one to believe that they are not spending as many resources as they could on developing a quality product. When so-called "security" takes precedent over functionality and customer service, there may be a problem.

Another good point you make is that Sony really has seperated themselves from their customers. Once you show the consumer that you don't trust them or you feel that they aren't capable of performing the necessary actions required to use a product, you have alienated your source of income, which is always a poor business practice.

Again, #5 is another example of taking the security of the product too seriously. Apparently Sony is unable to comprehend the idea that the customers are buying their music and regardless of whether or not they are copying the CD, they still have sold at least one copy. Every customer that you turn away due to poor business practices, is another customer that is likely to download music illegaly. They again have alienated the customer and basically said that since they are absolutely going to illegally share the CD, Sony has decided to infect your computer.

Simple answer.. (3, Insightful)

ThePatrioticFuck (640185) | more than 8 years ago | (#14490997)

Will Sony face future repercussions for this potentially long-term damage?

Of course not. They may pay a (relatively) small fine or two, but a quick a donation to a politician here and there, and that'll be all she wrote.

Government and Military (4, Interesting)

mendaliv (898932) | more than 8 years ago | (#14491012)

The whole concentration on the fact that military and government computers were infected is a tad sensationalist. You hear military or government and see DARPA or CIA.

In all odds the machines they're talking about are your typical office machines, used mostly for clerical work. Your network admin might not really worry or care about someone screwing it up; in all odds the people using them don't know enough to mess stuff up that badly.

I think all this is going to entail is the IT divisions of the important branches of the US government running rebuilds a little ahead of schedule...

Re:Government and Military (1)

avdp (22065) | more than 8 years ago | (#14491120)

Right. And not to minimize Sony's fault here, but government users (or most corporate users for that matter) should not be able to install (intentionally or not) software on their own PCs. It's a pretty good bet the NSA and DARPA PCs don't.

Will support HD-DVD (1)

TheDoctorWho (858166) | more than 8 years ago | (#14491013)

That's my reprecussion, cowboys.

Easy (non) solution... (2, Interesting)

andreMA (643885) | more than 8 years ago | (#14491024)

Take away the sonybmg.com domain name. Seems a reasonable punishment for domains used in such a way... Yes, I know the problem of infested machines that remain vulnerable thanks to Sony would still exist.

Sony won't be harmed, users will (4, Interesting)

Perl-Pusher (555592) | more than 8 years ago | (#14491035)

"Will Sony face future repercussions for this potentially long-term damage?"

Sony won't be harmed at all. But since this incident an Air Force unit I used to belong to can no play music cd's on computers. Doing so can result in corporal punishment.

Re:Sony won't be harmed, users will (1)

scottennis (225462) | more than 8 years ago | (#14491143)

Doing so can result in corporal punishment.

They give spankings in the Air Force?

Re: Sony won't be harmed, users will (2, Funny)

Black Parrot (19622) | more than 8 years ago | (#14491473)

> They give spankings in the Air Force?

Yeah, and they have a "don't ask, don't tell" policy regarding whether you like it, too.

Re:Sony won't be harmed, users will (1)

Lord Bilbo (765419) | more than 8 years ago | (#14491156)

Surely this can't be just!!!!!!

Why punish the Corporal?

And don't call me Shirley!!! :P

Re:Sony won't be harmed, users will (1, Informative)

Anonymous Coward | more than 8 years ago | (#14491170)

You mean they cane you? Or beat you in some other way?

Or did you mean court martial instead of corporal punishment.

Anonymous Pedant

Re:Sony won't be harmed, users will (1)

akunkel (74144) | more than 8 years ago | (#14491184)

Don't worry Corporal Punishment [amazon.com] is not on the Sony label.

Re:Sony won't be harmed, users will (1)

AviLazar (741826) | more than 8 years ago | (#14491225)

corporal punishment???

They will beat you for playing music on a computer? Hm, I can understand wanting to beat you for playing the Back Street Boys, but just playing music?

In all seriousness - I am pretty sure the military is not allowed to employ coproral punishment on it's soldiers (at least not officially).

Re:Sony won't be harmed, users will (0)

Anonymous Coward | more than 8 years ago | (#14491267)

Whats interesting is that in classified environments, I've found they prefer us to bring in mp3's and knowingly support piracy rather than have us bring media in.

Re:Sony won't be harmed, users will (1)

milimetric (840694) | more than 8 years ago | (#14491531)

That's truly disturbing. First we send these poor kids out to die for some ridiculous power stomp operation in Iraq. Now we don't let people play CDs because our affiliations are not with our own kids but with foreign mega coorporations.

Fuckin thought America was different than the rest of the world when I moved here. Fuckin everyone's the same, just bullshit people in a bullshit endless shit cycle. Wake up people, you're better than this. Do something about it. Tell your ex-commander or whatever that it's not the CDs that are causing it but SONY. If that doesn't work, sue the military, do something.

Problem not eliminated (4, Insightful)

gbobeck (926553) | more than 8 years ago | (#14491038)

Part of the problem with the Sony Rootkit is the fact that many stores **STILL** are selling the rootkit enhanced CDs.

I personally have seen this at several Borders stores in my area, and each time I mention this to the management I recieve blank "deer in the headlights" looks.

Re:Problem not eliminated (4, Insightful)

quokkapox (847798) | more than 8 years ago | (#14491075)

You would receive a similar blank stare if you remarked about mercury levels in the cans of tuna you are buying at the grocery store.

The retail checkout line is not the place to wage these types of battles.

Re:Problem not eliminated (1)

Mistlefoot (636417) | more than 8 years ago | (#14491263)

These have been 'recalled' by SONY. The retail level is definitely the place to wage this portion of the battle. If this were Tuna and a recall were out you can be assured the 'tainted' cans would be off the shelf in minutes.

I wonder how culpable a store becomes when they sell a recalled product AND have been advised of that fact?

Re:Problem not eliminated (0, Redundant)

Jerf (17166) | more than 8 years ago | (#14491443)

Yes, you two can win arguments by simply dropping words out of your opponent's points.

He said "retail checkout line", and there's a difference between that and the "retail level".

An episode of "Unwrapped" just went by on TV about Supermarkets, where they point out the modern supermarket can have on the order of tens of thousands of items. Your average supermarket checkout clerk can not be expected to remember the names of all of these items, let alone obscure information about what might happen if you stick a CD by one of the many sub-labels some company owns if you stick it in a computer. (Yes, the average supermarket doesn't sell CDs but the point applies across a lot of types of stores nowadays.)

GP is correct. Fighting at the retail checkout level is a waste of time.

Yes, Border's definately should know, but you're not going to correct the institutional ignorance by harassing the checkout clerk, who barely has the authority to process returns (if that), let alone pull product from the shelves or make decisions for the rest of the store/company.

(Read all the words.)

Re:Problem not eliminated (1)

TubeSteak (669689) | more than 8 years ago | (#14491275)

If you asked for the Manager, and he doesn't know squat, try getting the phone number for the regional/district office.

They tend to get the memos from Corp. Headquarters.

Re:Problem not eliminated (3, Insightful)

meringuoid (568297) | more than 8 years ago | (#14491290)

rootkit enhanced CDs

This battle is one of propaganda as much as anything else. If you use the enemy's terminology, you've already lost.

These are rootkit infected CDs. Use that phrase in conversation with your non-techie friends. 'Damn, I got an infected CD from Sony.' They'll not grasp all the geek details, but they'll get the picture.

Similarly, call what it is trying to do 'Digital Restrictions Management' whenever you have to explain what 'DRM' is. It's a far truer portrayal of what's going on.

Sony, the new ELO? (5, Funny)

Anonymous Coward | more than 8 years ago | (#14491045)

...I heard somewhere that if you play these new Sony CD(s) backwards, the rootkit data will say, "yur sole iss miiine. yur sole iss miine. Haaaaale Goooooogle! Whaaaaaat issss thigh bidding miii massster? RaaaaaaaaaaAaAaaAaaa!" ...and a plume of blood will shoot out of your CD tray and melt your face like that dude from Raiders of the Lost Ark.

\\//_

End result (4, Insightful)

quokkapox (847798) | more than 8 years ago | (#14491050)

These CDs will be out there forever, in users' libraries and bought and sold by used CD shops and flea markets. The end result of this fiasco is that Sony discs are something you watch out for and don't risk sticking in your computer, unless you're running the latest antivirus/antispyware software.

Sony == Dangerous to my PC

What a great way to promote a brand.

Re:End result (1)

j2fraser (733576) | more than 8 years ago | (#14491309)

My understanding is that there are no anti-virus or anti-spyware programs which treat the Sony CD-installed "anti-piracy" software as viruses or spyware. My McAfee software certainly didn't notice it at all. Somebody please correct me if I'm wrong.

Re:End result (1)

quokkapox (847798) | more than 8 years ago | (#14491402)

I think it's only a matter of time until they recognize and remove it, but as for future DRM malware, who knows?

Re:End result (1)

Nom du Keyboard (633989) | more than 8 years ago | (#14491444)

The end result of this fiasco is that Sony discs are something you watch out for and don't risk sticking in your computer, unless you're running the latest antivirus/antispyware software.

Maybe future OS's will automatically block this. Even firmware in the CD/DVD/HD/??? player can be inoculated against it.

Vista anyone?

Friction burns ... (1)

the bluebrain (443451) | more than 8 years ago | (#14491052)

... is what the individual would have gotten from being hauled into the slammer so fast - had it been an individual who performed what Sony did.

/sure it's been said, bears saying again

Sadly, no. (4, Insightful)

sethadam1 (530629) | more than 8 years ago | (#14491107)

Sadly, not only will Sony face no long term damage, but this will be a blockbuster year for them as they release PS3 and millions of quick-to-forget Slashdotters rush out to buy a PS3.

If consumers were smart, they'd go buy a Nintendo Revolution - or even an Xbox - and intentionally skip the next Playstation. Unfortunately, they won't, because their souls are fueled by acquisition and shiny-new-toy syndrome.

Re:Sadly, no. (0)

Anonymous Coward | more than 8 years ago | (#14491134)

Nintendo is a convicted monopolist due to its actions with the original NES in North America.

Microsoft is a convicted monopolist due to its actions with Windows.

As a result you must only buy a GP2X and load open-source emulators onto it.

Re:Sadly, no. (1)

sethadam1 (530629) | more than 8 years ago | (#14491175)

Nintendo is a convicted monopolist due to its actions with the original NES in North America.

Microsoft is a convicted monopolist due to its actions with Windows.


Fair. Both have hurt the market. Sony has hurt ME (the figurative me - as I write from an iBook).

As an American consumer, of couse, my first priority is ME.

Re:Sadly, no. (1)

quokkapox (847798) | more than 8 years ago | (#14491460)

Sadly, not only will Sony face no long term damage, but this will be a blockbuster year for them as they release PS3 and millions of quick-to-forget Slashdotters rush out to buy a PS3.

Not this slashdotter, nor his family nor friends. You neglect the power of the word of mouth. There are a lot of pissed-off consumers out there.

No. (1, Insightful)

Bob9113 (14996) | more than 8 years ago | (#14491121)

Will Sony face future repercussions for this potentially long-term damage?

No. Who do you think pays our politicians' wages? Are they going to bite the hand that feeds?

Worst marketing move ever... (2, Interesting)

vprasad (533778) | more than 8 years ago | (#14491129)

Well, second only to Intel's dropping their Pentium brand from their Pentium chips. To quote Weird Al, "It's all about the pentiums, baby"

One point, one question (1, Insightful)

AviLazar (741826) | more than 8 years ago | (#14491139)

First thing to note - just because a computer belongs to the military or any other branch of the gov't does not mean it is 1) a secured computer 2) a computer with access to sensitive materials. This computer could be the janitors computer.

What the hell...300,000 people are placing music CDs at work? No wonder our government gets nowhere - they are all busy listening to music and playing games. Get a regular CD player people - they aren't that expensive.

A sticky question (1)

linuxwrangler (582055) | more than 8 years ago | (#14491142)

I don't know the current government policy on use of computers for non-work use but it used to be very strict. Same thing at many large corporations.

So does the presence of such a policy weaken any case against Sony?

Government: You infected our computers.

Sony: Surely this is not true as your policy clearly forbids personal use of computers. Are you operating in violation of your own policy?

Here's a thinker (1, Troll)

GmAz (916505) | more than 8 years ago | (#14491180)

You would think that Military or Government agencies wouldn't allow their employees to put CDs into their computers for security reasons alone. Its rather sad that anyone can bring in a random CD and pop it in. No wonder secure data is able to walk off of those "secure" computers so easily. [Guard] - Please empty your purse please miss. [Woman] - Nothing in there except for my personals and some music CDs. [Guard] - Ok miss, you may pass. [Woman] - {murmering under her breath} Sucker...now wheres those classified documents.

Nah they will get off scott free (2, Insightful)

falcon5768 (629591) | more than 8 years ago | (#14491183)

They are a company, and a VERY large one to boot. They honestly can do no wrong unless it involves actually stealing money and getting caught doing it, and even then they would get away with it after they make a big scene to asure the public.

See Sony does things like this and its called a mistake. A hacker does something much less, and its call terrorism. Go USA!

Governement PCs (3, Interesting)

ArchAbaddon (946568) | more than 8 years ago | (#14491247)

"350,000 networks--many belonging to the military and government..."

I used to do assistant net admn in the armed forces, and it's amazing how little security there is on most military computer networks. They don't allow DHCP, but as the admin I found that there were no lockdowns on installing software like AIM and such. Only problem was, network security was dictated by higher commands, so I could do nothing but watchdog the system.

So it's really no suprise to me to so this rootkit affecting so many military and government compys, given their lack of conecern about system security.

What I don't and never have understood is.. (2, Insightful)

Crilen007 (922989) | more than 8 years ago | (#14491264)

Who are they affecting?

People who download music won't be affected, because they are downloading (IE Not buying the infected CD's)

So, just who are they trying to spy on? The customers who are giving them money and doing what they want?

It's so... 180 degrees out...

Record Yet (1, Troll)

Nom du Keyboard (633989) | more than 8 years ago | (#14491326)

Have we broken the record yet for Slashdot articles about a single company over a single issue across a limited period of time?

New security rule -- can't play music CDs (0)

Anonymous Coward | more than 8 years ago | (#14491335)

I have seen a new security rule: You can't play ANY music CD on ANY work computer. If you want to play music at work, you have to use an external CD player. This is a VERY good rule as exemplified by Sony! I wonder if this is the rule at those DoD networks????

Pwned (3, Funny)

Nom du Keyboard (633989) | more than 8 years ago | (#14491428)

Sony only agreed not to ship more CD's with the existing rootkits. Nothing against improved versions. In fact...

Your new Sony-BMG non-standards compliant music disc contains the Pwned.exe wonderful pretty music player. Click here to hear the music you've already paid for. Remember, you cannot return opened CD's for any refund. Have a nice day!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...