Home | Community | Message Board

MushroomMan Mycology
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Kraken Kratom Red Vein Kratom   PhytoExtractum Kratom Powder for Sale   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals CBD Concentrates   Unfolding Nature Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1
Offlinephi1618
old hand

Registered: 02/14/04
Posts: 4,102
Last seen: 14 years, 1 month
Sony's DRM rootkit
    #4939064 - 11/15/05 08:27 PM (18 years, 7 months ago)

Sony screws up bad

This is an issue that could go here or in Politics, maybe even music, art, and lit.



If you don't already know, Sony's recently been caught installing malware on the computers of people who try to play purchased CDs on their computers.

This software introduces security breaches, secretly sends info. to Sony about the computer it's installed on, alters the function of the operating system, prevents people from using their CD drives in perfectly legal ways, and is presently not possible for the average user to remove cleanly.

The DRMalware comes with a EULA (end user license agreement) that includes provisions like: you can't sell the CD, if the CD is stolen, you have to delete the music, and they can do anything they want to your computer.

After it came to public attention, Sony published an uninstaller that introduces some serious security holes into the computer of anyone who runs it. Microsoft will soon include an uninstaller with their anti-virus packages.

Additionally, it has recently come to light that the malware violates copyright by including open-source (LGPL) code, in violation of the licence of that software.



This move shows Sony's extreme hostility and utter contempt for their customers.



Personally, I'm pretty happy about it because it's had no direct effect on me (I use Linux and haven't purchased a Sony CD in a few years) because it makes the Sony and the RIAA look pretty fucking bad. It's definitely super-bad PR, and is leading to lawsuits - it's not clear how thoroughly the very invasive EULA protects them from their otherwise gregious breaches of civil and criminal law here (US), in the UK, and in other counties.

However, it sucks for the poor saps who actually paid for their music.



Here's a timeline:
http://www.boingboing.net/2005/11/14/sony_anticustomer_te.html

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 4 months, 7 days
Re: Sony's DRM rootkit [Re: phi1618]
    #4940504 - 11/16/05 06:35 AM (18 years, 7 months ago)

> it makes the Sony and the RIAA look pretty fucking bad.

Kind of like when US Senator Orrin Hatch was pushing for the right of the RIAA and the MPAA to be able to remotely destroy computers of users that were suspected of having copyrighted music on their machine. Somebody pointed out that his own web server was being used as a warez box and that under his proposal the RIAA/MPAA would be justified in destroying his machine. Idiots, all of them.


--------------------
Just another spore in the wind.

Extras: Filter Print Post Top
InvisibletrendalM
J♠
Male User Gallery

Registered: 04/17/01
Posts: 20,815
Loc: Ontario, Canada Flag
Re: Sony's DRM rootkit [Re: Seuss]
    #4941444 - 11/16/05 11:56 AM (18 years, 7 months ago)

I really have to just laugh every time these companies come out with a new way of "preventing" anyone from digitally copying their products :lol:

I can just see the board meeting...

"Ok, so we have this DRM software and it is UN-BREAKABLE! Finally we will atually get the $25 we want for each and every person who listens to our shit!"

Three months later....

"Uh, sir....the hackers cracked our DRM software..."
"You're fired!" :smirk:


--------------------
Once, men turned their thinking over to machines in the hope that this would set them free.
But that only permitted other men with machines to enslave them.

Extras: Filter Print Post Top
Offlinephi1618
old hand

Registered: 02/14/04
Posts: 4,102
Last seen: 14 years, 1 month
Re: Sony's DRM rootkit [Re: trendal]
    #4941634 - 11/16/05 01:03 PM (18 years, 7 months ago)

Funny thing about this program is that it fucks up your computer, but only if you run it.

Circumventing it is as easy as turning auto-run off in WinXP.

Extras: Filter Print Post Top
InvisibleVvellum
Stranger

Registered: 05/24/04
Posts: 10,920
Re: Sony's DRM rootkit [Re: phi1618]
    #4943454 - 11/16/05 08:08 PM (18 years, 7 months ago)


Extras: Filter Print Post Top
Offlinedaimyo
Monticello

Registered: 05/13/04
Posts: 7,751
Last seen: 12 years, 4 months
Re: Sony's DRM rootkit [Re: Vvellum]
    #4944641 - 11/16/05 11:40 PM (18 years, 7 months ago)

It would be funny to see someone write something very damaging that exploited this, and Sony getting sued over it.


--------------------
"I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man."

Extras: Filter Print Post Top
Offlinephi1618
old hand

Registered: 02/14/04
Posts: 4,102
Last seen: 14 years, 1 month
Re: Sony's DRM rootkit [Re: phi1618]
    #4949732 - 11/18/05 12:00 AM (18 years, 6 months ago)

The anti-virus and anti-spyware software distributors were very slow to pick up on this problem. The sony malware's been out for several months, but only after significant public outcry have the major AV and anti-spyware manufacturers (including MS) decided to do anything:

http://www.wired.com/news/privacy/0,1848,69601,00.html
Quote:

What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home.

But much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.

McAfee didn't add detection code until Nov. 9, and as of Nov. 15 it doesn't remove the rootkit, only the cloaking device. The company admits on its web page that this is a lousy compromise. "McAfee detects, removes and prevents reinstallation of XCP." That's the cloaking code. "Please note that removal will not impair the copyright-protection mechanisms installed from the CD. There have been reports of system crashes possibly resulting from uninstalling XCP." Thanks for the warning.

Symantec's response to the rootkit has, to put it kindly, evolved. At first the company didn't consider XCP malware at all. It wasn't until Nov. 11 that Symantec posted a tool to remove the cloaking. As of Nov. 15, it is still wishy-washy about it, explaining that "this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software."






Only one AV company, F-Secure, has really taken this threat seriously. They have this to say:
http://www.f-secure.com/weblog/archives/archive-112005.html#00000694
Quote:

In order to hide from the system a rootkit must interface with the OS on very low level and in those areas theres no room for error.

It is hard enough to program something on that level, without having to worry about any other programs trying to do something with same parts of the OS.

Thus if there would be two DRM rootkits on the same system trying to hook same APIs, the results would be highly unpredictable. Or actually, a system crash is quite predictable result in such situation.

So imagine a situation where Joe Customer buys CD from label A and another CD from label B. Label A uses third party DRM from company X and Label B uses from company Y.

Then our user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and wont boot again. This is something I would not like to associate with buying legal CDs.






To be fair, AV companies might be afraid to mess w/ this without major public outcry because of the DMCA (digital millenium copyright act says that it's illegal to circumvent security measures).

Still, Sony's rootkit is exactly the sort of software their products should protect people from.

Extras: Filter Print Post Top
InvisibleVvellum
Stranger

Registered: 05/24/04
Posts: 10,920
Re: Sony's DRM rootkit [Re: phi1618]
    #4949873 - 11/18/05 01:00 AM (18 years, 6 months ago)


Extras: Filter Print Post Top
OfflineThePredator
Your a eunich ifyou don't useunix!

Registered: 08/23/05
Posts: 542
Last seen: 17 years, 11 months
Re: Sony's DRM rootkit [Re: Vvellum]
    #4952189 - 11/18/05 03:14 PM (18 years, 6 months ago)

Any window users here actually suprised? For another hint thats the only  windows malware installed by companies that has been found :wink:

protect your rights, move to *nix

Also remember if you run windows any cd you put in can use auto run to install itself, and even with autorun off it can still circumvent it.


--------------------

Extras: Filter Print Post Top
OfflineCatalysis
EtherealEngineer

Registered: 04/23/02
Posts: 1,742
Last seen: 15 years, 11 months
Re: Sony's DRM rootkit [Re: phi1618]
    #4952929 - 11/18/05 06:41 PM (18 years, 6 months ago)

Developers discover open source code in Sony BMG

SNAFU: You probably weren't expecting this

By INQUIRER staff: Friday 18 November 2005, 10:07
REUTERS REPORTED that an analysis of code in the XCP program used by Sony BMG borrows heavily from an open source program called LAME.

But the article claims that the code isn't identified as open source, throwing the community into a state of near incandescence.

If open source is used, the entire app is supposed to be open to the community.

The Reuters report quotes a German programmer as saying that there are five functions in the XCP software which match LAME functions to a tee.

Meanwhile, web site Freedom to Tinker claims that another uninstaller for another type of Sony digital rights management software leaves some security gaps. ?

Extras: Filter Print Post Top
Offlinephi1618
old hand

Registered: 02/14/04
Posts: 4,102
Last seen: 14 years, 1 month
Re: Sony's DRM rootkit [Re: Catalysis]
    #4963813 - 11/21/05 12:03 PM (18 years, 6 months ago)

RIAA defends Sony's actions:
http://www.malbela.com/blog/archives/000375.html
Quote:

Cary Sherman: There is nothing unusual about technology being used to protect intellectual property. You can't simply make an extra copy of a Microsoft operating system, or virtually any other commercially-released software program for that matter. Same with videogames. Movies, too, are protected. Why should CDs be any different?

Cary Sherman: The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?





Texas doesn't agree:
http://www.oag.state.tx.us/oagnews/release.php?id=1266&PHPSESSID=qa8osf9a557inps6lk26npa813
Quote:

AUSTIN - Texas Attorney General Greg Abbott today sued Sony BMG Music Entertainment as the first state in the nation to bring legal action against SONY for illegal ?spyware.? The suit is also the first filed under the state?s spyware law of 2005. It alleges the company surreptitiously installed the spyware on millions of compact music discs (CDs) that consumers inserted into their computers when they play the CDs, which can compromise the systems.



Quote:


Because of alleged violations of the Consumer Protection Against Computer Spyware Act of 2005, the Attorney General is seeking civil penalties of $100,000 for each violation of the law, attorneys? fees and investigative costs.



Extras: Filter Print Post Top
InvisibleHuehuecoyotl
Fading Slowly
Male User Gallery

Registered: 06/13/04
Posts: 10,689
Loc: On the Border
Re: Sony's DRM rootkit [Re: phi1618]
    #4965070 - 11/21/05 04:59 PM (18 years, 6 months ago)

It is hilarious that they violated the GPL making copyright protection tools.


--------------------
"A warrior is a hunter. He calculates everything. That's control. Once his calculations are over, he acts. He lets go. That's abandon. A warrior is not a leaf at the mercy of the wind. No one can push him; no one can make him do things against himself or against his better judgment. A warrior is tuned to survive, and he survives in the best of all possible fashions." ― Carlos Castaneda

Extras: Filter Print Post Top
OfflineCatalysis
EtherealEngineer

Registered: 04/23/02
Posts: 1,742
Last seen: 15 years, 11 months
Re: Sony's DRM rootkit [Re: Huehuecoyotl]
    #4965308 - 11/21/05 06:07 PM (18 years, 6 months ago)

You know who is really going to get fucked in all this? First4Internet

Sony is already trying to pass the blame onto them.

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Kraken Kratom Red Vein Kratom   PhytoExtractum Kratom Powder for Sale   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals CBD Concentrates   Unfolding Nature Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* Microsoft DRM Cracked.... Again DiploidM 540 0 07/16/07 06:16 PM
by Diploid
* DRM is a jail for music SweetJimmyBrown 401 0 10/17/05 12:57 AM
by SweetJimmyBrown
* Rootkit... what. the. fuck. 5HTSynaptrip 1,714 11 05/20/11 11:08 AM
by 5HTSynaptrip
* Windows XP unknown rootkit infection - Linux to the rescue! Asante 642 4 01/13/10 03:11 AM
by Annom
* DRM Is Dying DiploidM 694 5 04/15/07 01:09 PM
by jdirty
* Bill Gates: DRM Has Huge Problems DiploidM 931 6 12/28/06 04:09 PM
by Oatman2000
* ZUNE DRM InsolentPrude 543 0 07/15/07 02:04 PM
by InsolentPrude
* How do you bypass DVD copy protection? RandalFlagg 1,456 14 08/29/06 06:03 PM
by Newbie

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,419 topic views. 0 members, 2 guests and 4 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.009 seconds on 14 queries.