Slashdot Mirror
Trojan Using Sony DRM Rootkit Spotted
Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."
Sony, you are despicable loathing scum who will no longer get another penny from me. For deliberately putting computers I maintain at risk to save a penny on your end, I find you guilty as charged. Microsoft should be suing you for such as well. In fact everyone just gang up on Sony and charge with those attorneys. Burn in hell bastards...
It's just a rumor, but Sony should have some Engineering and Executive positions open in 3....2....1...
Couldn't see this one coming from day one or anything.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
...but wow, sucks for Sony!
by Sony H4X0rZ
I reccomend voting with our wallets, and not purchasing Sony/BMG products. Also see here
Also here is the company that created the DRM technology.
You might want to add a couple of more zeros to the settlement check you are thinking about
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
One great force behind this right is that past acts bear no allowances for future acts. If I let you into my house yesterday, you have no right to be here today. I may contractually allow you to come and go as you please, but I have to willfully sign the contract with witnesses noting the act.
Sony's DRM uses government force (through copyright provisions) to settle its legality. They say that by using their property, you have to permanently give up your natural right to private property (free speech Statists wrongfully call it Right to Privacy). Sony is wrong.
By violating numerous natural rights, Sony has opened itself to a demand for restitution. I wholeheartedly believe that corporate protections are wrong, as is copyright. My solution? Go after Sony through the shareholders directly (they own the business and allowed the breach of a basic human right). Demand restitution for the trojan if you receive it.
Imagine if you buy a Saab and Saab has an agreement stating "If you turn the car on, you allow two Saab employees to ride in your trunk and search your house for proof you might install a non-Saab oil filter." You've signed nothing. The two Saab employees open your house door, take up residence and leave the door wide open. Two typical pro-copyright arguments: You're not allowed to install non-Saab oil filters or how else would Saab make money? Why would they design cars?
This is the problem with copyright. Instead of individuals protecting proprietary information of value (books, music, etc) and producing it in the best way over anyone else (live shows, subscriptions to new music, etc), they say "copy us and government will use force against you."
It's all wrong. Don't publicly say anything valuable to you. Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
Holy cow. Knew it was coming though.
..the malware is in the wild but a full technical analysis of the Trojan is yet to be completed.
Alright damnit, who's got a copy?
"The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. "
Ooh fun to be had here. Sony are gonig to love this publicity.
Ha ha. I have little respect for these companies who I see to be the same as those who four hundred years ago sold "herbs" to protect you from the plague. These ppl still profit from ppl's lack of knowledge.
Early reports indicate the IRC backdoor is used by the propagator of the virus to bombard you with random chat messages from #windowshelp. So far the most common phrases appearing are "how do i reformat" and "how do i download the internet?"
My 3D Texturing Skinning work (under construction)
Since there was some confusion about how you can tell if this rootkit is installed, remember that it hides files beginning with '$sys$' -
1) If you're not using windows, you're fine.
2) Create a file on your desktop ('test.txt' should be fine). Rename the file to '$sys$test.txt'.
If the file is gone, you're vulnerable.
Video for Online Dating Profiles
Wait until the legal liability Sony will incurr starts affecting the stock price... Pretty quickly you'll see heads roll for this.
Happy Posting.
And let the firestorm or lawsuits increase.
Hopefully this will push a whole bunch of issues to the attention of people, such as EULA's and the like, and maybe, just maybe, we'll get some good case law on it that is in the interest of the consumer.
I hear the trojan witter is also using an unusual distribution method. Ricky Martin CDs.
Evil? Yes. But there are uses! Not that it has any affect on my Mac or Ubuntu box...
Well, I was debating buying a PS3 instead of a Nintendo Revolution. Not anymore!
Can anyone explain if this rootkit prompts for a password when installing (during the autorun, I presume)
As an OS X user, I'd find it slightly odd that my music CD is prompting me for an administrative password.
But to stay on topic, I'm sure this is but one of the many exploits that will be based on this rootkit.
Does anyone have a comprehensive list of CDs that install it, and is it true that Sony has been using it since April?
If you don't know what AltaVista is (was), get off my lawn.
"I said 'Ha Ha'"
This just added evidence to the California lawsuit. Let's see how Sony backs up its security claims now. How many more lawsuits will we see before all is said and done.
We all knew the rootkit was a security issue. Is it really a shock that theres a trojan taking advantage?
Told ya so.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
What versions of Windows? Linux? Mac OS X? - Yet another reason to switch?
I don't have this problem. I choose to run Linux.
I don't know if they are selling these DRM encrusted music discs in the UK, but if they are, each and every one of them will be breaching the 1990 Computer Misuse Act, and in a way that the act does cover - namely it alters the system without your approval or knowledge. What is doubly sad is that the software was written by a British company. Still, makes it easier to sue them.
Secondly, does this rootkit install even if you are logged in as a normal Windows user, not Administrator? That suggests a security hole in Windows. However I suspect the issue is Windows making users Administrator by default, which is a really dumb system, security wise.
It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
Disappearing Rootkit Malware
1. Duty 2. Breach (pronounced unreasonableness) 3. Proximate Causation 4. Damages 5. Profit
There is no reset button in life; however, there are bonus levels.
Because I thought it would be striped...
Sony just loves everyone $sys$anally. They are the greatest company ever when it comes to technology $sys$that $sys$sucks. Everyone is gonna love $sys$to $sys$hate Sony, and they will $sys$not buy any Sony product that they see. It's because Sony loves $sys$to $sys$fuck $sys$with their customers.
so does this at all put sony in hotwater with microsoft legally? perhaps this rootkit, trojan email or not, violates the windows eula.
I am a hardcore libertarian on most political issues. My ideal society has no gun control except on those currently in a mental institute or a prison, almost no taxes, little regulation, nearly absolute property rights (including an elimination of eminent domain in most cases) and many of the other things you'd associate with the libertarian philosophy. I even support the RIAA suing the hell out of thousands of file sharers because I've lost all sympathy for people who want music but aren't willing to *gasp* pay for it.
What I cannot support is the poorly veiled vigilantism that passes for the concept of "self-help" in IP circles. It is not the same as sitting on your porch with a shotgun when looters are running rampant like in New Orleans, rather it's akin to hiring a private army to go through New Orleans and preemptively shoot anyone that looks like a looter without any sort of governmental or moral authority backing you. This is exactly what you get from that concept and it should now become apparent to everyone but the most academic copyright expansionists that "self-help" is anathema to a society that values the rule of law and private property rights.
It's also ironic that many supporters of this idea are enamored with John Locke who would have had a raving shit fit if someone tried to tie classical liberalism and "self-help." The very point of establishing a government in the first place according to classical liberal theory is "to make all men bound to one law." "Self-help," in liberal terms, is the opposite because it makes as Locke would have said, "every man a law unto himself."
Then again this is what happens when people limit themselves to voting for the corporatist party (Republicans) versus the socialist party (Democrats). Either way you get a system where big institutions are allowed to become laws unto themselves. *Cue some leftist to come tell me how socialism works, how no American understands Real Socialism(tm) and why Capitalism is absolutely identical in practice to Italian Fascism*
Click here or a puppy gets stomped!
wohoooooooo Evil Sony DRM
noooooooooo IBM, Sony, and Philips are creating a Linux adoption..
wohoooooooo Evil Sony DRM
noooooooooo IBM, Sony, and Philips are creating a Linux adoption..
wohoooooooo Evil Sony DRM
infinite loop, brain shu u ut ing d o wwwwn
noooooooooo IBM, Sony, and Philips are creating a Linux adoption..
wohoooooooo Evil Sony DRM
noooooooooo
If someone creates a worm that exploits a negligent design flaw in Sony's DRM or Microsoft Windows, then couldn't the affected sue Sony or Microsoft? This would include non-users of these products whose internet usage was disrupted. And as someone who does NOT use DRMed Sony CDs or Microsoft Windows, I have NOT agreed to these company's EULAs with all their legalese of limited liability. Thus non-users may have more rights to sue than users of these products.
IANAL. Any thoughts?
Two wrongs don't make a right, but three lefts do.
Are the IRC servers the bot connects to public? If so, has the staff of those networks been informed so that can prevent the zombies from connecting? (Presumably by blocking port 8080 and/or gline anyone joining #sony)
If the IRC servers are private, will the owners be investigated?
Can we be just a little proactive in containing this?
=Smidge=
Trojans, root kits? What's with all the talk about sex on /. these days?
will that affect Sony PS3 prices? :D
Here's the Slashdot crowd's chance to get the phrase invented by a Slashdotter out in the public eye. It's important that the public learn that DRM is a bad thing, and this is simply one way to tell them plainly how it is bad. DRM breaks their computer, or makes their life more difficult.
j html?articleID=173601122
"Infected with DRM"
Sony's rootkit has also been linked to Windows crashes, which isn't surprising to me. Most spyware causes instability in Windows because it is poorly written and designed to break parts of Windows to protect itself from removal. Sony writes, "This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
The incongruence of their words, is not startling to me, as they are playing a PR game to hide the fact that they messed up people's computers, and made them vulnerable to an attack that hasn't gained popularity yet, but now surely will. Virus writers will be able to easily hide their virus files using programs like Sony's cloaking DRM. Sony is lying that their cloaking DRM does not compromise security of an infected computer.
http://www.informationweek.com/story/showArticle.
Saskboy's blog is good. 9 out of 10 dentists agree.
Don't allow the user to execute email attachments. You know if this was a virus/worm/trojan for linux slashdot would be pretty quick to write up that current versions aren't affected. But they get off on the 500 "oh noes I'm going to switch right now" posts, which if half were true, Mac and linux wouldn't be at 3 and 1 percent market share..
El Reg says that Sony UK says they are not selling them in the UK.
What I say does not represent the views of my employers, my friends, my cats, or myself.
...any fool could tell you the word you're looking for is unregardless.
Sony does whatever the hell they want to in all of their branches. http://www.ctrlaltdel-online.com/comic.php?d=20051 104/
because it should force the antivirus companies to release a rootkit removal tool/virus definition update covering this little bit of nastiness.
You're using her as bait, Master!
They probably thought they could save some money, and are now facing class-action lawsuits. A classic example of penny-wise pound-foolish, as the Brits used to say.
I need help building/maintaining Artists for File Sharing ... which I hope will make Sony and friends obsolete.
My turnips listen for the soft cry of your love
Sue them in small claim court, tie up their resource (lawyer)
Well, almost perfect.
This is a great recipe for a successful trojan: Appeal to the vanity of ignorant, Windows-using suits (of which there are countless millions). It's sort of a cousin to the standard 419 scam: By appealing to greed, you convince the person to do something stupid (in the case of 419 scams, giving information to someone who promises something "too good to be true"; in this case, opening an attachment to an email that promises something "too good to be true").
Also noteworthy is the fact that the Windows-using suits are too stupid to realize that major business magazines (like other suit-run organizations) are hopelessly corporate, and thus are used to using phones first... not email first. So they wouldn't think to call and verify before blindly opening the attachment. (Of course, the fact that "opening attachments can hurt you" has not yet penetrated the thick fog in which most computer users perpetually wander. They can grasp the idea that "opening your door when someone knocks can hurt you", yet somehow the equivalent concept in computers evades them, since computers to them are magical fairy boxes that don't operate by the regluar laws of logic.)
Ah, but there is a flaw in the use of such a scheme in a trojan. The stupid Windows-using suits have money and power. Thus, I expect the person who wrote this trojan to be found, probably after a massive manhunt. Meanwhile, Jerome Brown from the ghetto, who raped LaQuaandah White from the ghetto, remains on the loose, since it's more important to attend to the needs of corporate America.
Just another day in American "justice"...
With spending like this, exactly what are "conservatives" conserving?
One of the things learned from boycotting GE (for making nuclear weapons) is that three times as many people actualy boycott as the number who sign-up.
that took too long. are trojan & virus creators sleeping??!! (flamebait)
but seriously now, why didn't this news (at least the rootkit) appear on the major news agencies? censorship maybe?
The scariest bit of this story, IMO, is that Sony is doing this. The same Sony that's pushing the BluRay disc format. The same format that has no required end-user protections. Imagine if the BluRay drivers themselves were essentially rootkits. HD DVD sounds better and better, if even for the fact that its not a Sony product.
Penny Arcade on printing out the internet:
Gabe: You need to get some more print cartridges.
Tycho: What is all this shit?
G: The web.
T: Which Web?
G: The Internet Web.
T: The whole thing?
G: No, I'm at about B. You just ran out of ink. Look, we just went through this!
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
This is crap. If I want to end my life, I should most certianly be allowed to give someone the right to kill me. I tis *my* life, no one should have any say what I do with it but me. Same goes with the slavery question. Maybe I enjoy having a master? Who are you to tell me what choices I should be making?
The only right you are born with is the right to die. You are not born with the right to personal property or anything else. Do you think that a spider has a right to it's web? If so, then why do you shoo it out of your house? If you don't , then why do you for some reason think nature has granted *you* "fundamental rights", but not other forms of life?
"Rights" are granted by society, a human construct, not by nature. The only reason people have rights is because that we as a community agree that certain things are allowed, and others are not.
It is when two sets of belief systems conflict with each other that we have problems; just because you feel that someone in China should have a "right" to free speech, does not mean that they automatically do, any more than just because someone in a cannabilistic tribe teels that Americans should have a "right" to eat each other, mean that they do. They are totally seperate sets of beleif systems, neither is any more wrong than the other. The only thing that determines what is "right" and "wrong" is society.
"I see Sony bent over, and a Trojan on the ground."
Synametic are refusing to remove it, they are however making it flash up in norton AV. Kinda pointless really.
I don't really see how Sony actually expected to get away with using this kind of technology to protect their copyrights. There is no way they couldn't have seen something like this happening.
Mark my words, this going to blow up in their face...as if it already hasn't...and the backlash will felt all throughout the DRM development industry. In fact, it could kill DRM altogether.
Will this kill Sony? Likely not, Sony is a huge company separated into different divisions. Its likely the bigwigs in Tokyo had nothing to do with the decision to include DRM technology on those audio CDs, but I'm certain they'll be 100% responsible for a sudden increase in unemployment within the next few days. Mark my words, the axe is going to fall at Sony any minute now.
If you've seen the movie "Network", stick your head out of the window and yell "I'm mad a hell and I'm not going to take it anymore!" Do you hear us you DRM developing anti-christs! Go away and leave us alone or we'll ALL sue your arses off!
Michael "TheZorch" Haney
thezorch@gmail.com
http://thezorch.googlepages.com/home
You would have thought that of all media companies in the world Sony would behave less stupidly with respect to copyright and DRM than all the other's. Let's not forget that it was Sony (the hardware manufacturer) who won the Betamax suit by which the media companies tried to kill the very same device that only a few years later would make them billions in video sales.
But NO! As soon as they've become a media company themselves they act precisely the same way like the ones who bullied them into the Betamax suit.
Are there any bets on how long it'll take until Sony (the media corporation) sues the socks off Sony (the MP3 device manufacturer)?
It's pretty simple: a physical thing that you're in possession of cann't be separated from you without violating your natural right to your own body. i.e. the sandwich is yours because I have to fight you to get it away from you.
Of course, this has no bearing on "intellectual property", to which there is no natural right. If you write a haiku, I can memorize it and make as many copies of it as I want, for example on my printing press. To prevent me doing so, you'd have to fight me to get my printing press away from me. Or something.
My turnips listen for the soft cry of your love
Sony President Defends Rootkit
The President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
Source
"What is the answer?" (Silence) "In that case, what is the question?" --Gertrude Stein
I'd recommend you move to Somalia then. No taxes, no regulation, property rights are entirely your responsibility, and everybody is free to do whatever they want.
I'll guess that the existance of the trojan makes them safe against DCMA attacks from Sony. Thus the root to getting rid of all DRM is clear. Make your virus dependent on something the DRM does, and there is a justifable cause to remove that DRM from peoples' system.
Personally I can't believe that I'm having the concoct reasons why a company would be able to provide you a tool for remove and deinstalling software on your own computer. How insane has this world got when an unread EULA could potentially give a company 'rights' to mess with your computer, and prevent you having the right to correct it?
We need a clean slate on all patent, copyright and attendant laws - and get them back to sanity. We can't go on like this.
Democrats aren't corporatists? Really? Since when? Last I checked both parties are highly influenced by corporate interests from campaign donations, lobbyists, media ownership, etc, and the policies of the USA strongly reflect this.
So when all the virus protection software is updated to rip out Sony's DRM software as malware will Sony sue them for removing its "legitimate" software? This thing seems to be quickly descending into comedy.
Letter To Iran
Sony should be fined for this. Installing rootkits on legit customers machines? What the hell? That should be agaisnt the law. I say everyone should boycott Sony for this.
If some bored teenager devised and distributed such a rootkit, he or she would be accused of costing businesses millions and thrown in jail for 10 years. Can someone explain to me why Sony is not getting prosecuted for "hacking" here? What makes them exempt (aside from whatever civil lawsuits are being brought against them)?
Join Tor today!
Apparently it's not as obvious to some other people as it is to me that the parent is clearly not saying Sony is not at fault because they purchased the rootkit from someone else. The parent is pointing out that Sony's ENGINEERS are most likely not at fault and that it was probably some idiot in a suit.
Wouldn't Sony be at least somewhat liable here? - I would love to see Sony get hammered for this one
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Sony: Hey, what do you have there?
Pandora: I'm not sure, it's some kind of box.
Sony: Lets open it!
Two Days ago: Post article 'Sony DRM Rootkit poses risk'
Yesterday: hack/code/fix - rinse and repeat
Today: Tada! Post article 'Trojan Using Sony DRM Rootkit Spotted'
The sales manager at the company I work for recently received a variant of this worm, and after finding that the attachment "didn't do anything" forwarded it on to me to find out why. I extracted the attachment and analysed it in IDA and discovered that it connected to one of two IRC servers and joined a specific channel.
.. suddenly they all quit and the room was empty except for me and the op.
.. I felt quite akin to him in many ways.
So posing as the trojan I logged onto the IRC channel. I idled there for a while watching the channel op send commands to the connected bots, and decided to have a go myself. The channel was +m but I could PRIVMSG the bots, and a bit more work in IDA revealed the command set - which contained an unload command. So I scripted my irc client to send a msg to every non-op in the channel with the command
"OH SHIT" he typed. He was more shocked than anything, and then more curious than angry. We ended up having a rather long and interesting conversation about our respective jobs. He told about his bot network, what he uses them for (in the UK it's for harvesting email addresses, apparently), the ££ he gets for it - it's a full time job for him - and who writes most of the bot software (his partner.) He was no stereotypical teenage script kiddie either, more a computer professional turned to the 'dark side' of IT
All in all, it was fascinating. (Btw, our firewall blocked the trojan from connecting to IRC and it was fairly easily to remove from the sales manager's laptop)
The entire concept of copyright is dependent on the existence of government as the entity that determines where A's rights end and B's rights begin. That is fundamentally incompatible with the whole notion of "self-help".
/. If the government wants us to respect the law, it should set a better example.
I call bullshit. Of course they can. Your right to life and liberty can be taken away after a fair trial.
One such right is the right to private property...
I call bullshit again. Your right to own property can be taken away after a hearing and being provided just compensation. Or do you believe the framers of the constitution were wrong? (Thats rhetorical...I know u think they were wrong).
Also, I do not believe that natural law and rights theorists (at least in its convential and well understood varients) believes that owning property is a natural right. There have always been classes of people who couldn't hold property. In fact, originally, non-land holders couldn't vote in some states. Besides, owning property isn't one right. It is a bundle of quite a few rights. The right to sell, the right to buy, the right to lease, the right to alienate, the right to inheret, etc.
One great force behind this right is that past acts bear no allowances for future acts.
Wrong, wrong, wrong, wrong, and WRONG.
If I stay on a piece of property, or use a path on your property, for 15-21 years, that belongs to you, as long as certain conditions of met, guess what buddy, it is mine. This law of adverse possession has been around for a very very long time. So, bullshit on your natural rights theory as u see it.
My solution? Go after Sony through the shareholders directly.
First of all...shareholders are immune from suit by virtue of the corporate shield. I know you don't think this should be the case, but it is. It encourages investment. However, in this case, where there is fraud and misrepresentation, a court could allow you to pierce the corporate shield and go after the shareholders. So, I agree with you here.
Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
I think I can agree with you on that. You can't concent to something that you don't know about. Which is why I find the Sony DRM rootkit and shrink-wrapped licenses so offensive.
Boycott isn't going to do squat to a company the size of Sony. If Sony BMG's profits actually go down, they'll just blame music pirate and file sharers. Then they'll get laws even worse than the DCMA passes. Everybody who get trojaned with the help of Sony's rootkit needs to sue Sony.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
This scandal should go to the TV news everywhere. Someone who plas a legally-purchased sony CD and has no intention (AT ALL) to commit an illegal act, suddenly can find his PC infected by viruses, backdoors, and turn his PC into a zombie used to send SPAM, hack into webservers, and whatnot.
So, if you don't want to get arrested for hacking, you have to go against the DMCA and break the Sony CD's DRM, and then copy its tracks to a safe, blank CD. OR, just download the mp3's from someone else.
Summarizing: If you want to be found innocent, you have to break the law.
Only in America!
With all the fuss about people "distributing software that is used for bad things" it will be interesting to see how a big-boy like Sony will fare. After all, until now, it has always been the little guy being attacked... P2P software writers, DeCSS people and the like. Now Sony has essentially distrubuted a handy rootkit for crackers to use. they could argue that it wasn't intended for that purpose, but so too did the prior "little guys" make the same argument...and failed under that argument. Why will Sony prevail? Based on the reputation of the company? Legal decisions shouldn't be made based on whether a company is established or not... that would be unfair and... well... prejudicial!
One line blog. I hear that they're called Twitters now.
Shhh, you don't want them to bring back a daily SCO story, do you?
I buy CDs if I want to support the artist, though not before some background checking on the album. I think it's fairly obvious that allofmp3.com does not share profits with the artist, particularly since the RIAA tried to get them shut down. So if I think an artist has enough talent to deserve my support, and if I have no reason to beleive there is any sketchy software on the CD (ie if it has the Compact Disc label on it), and I am relatively confident that buying an album won't support the RIAA, then yes, I'll buy a CD. (And I can't back this up with anything more that a serach for sony on RIAA radar, but i'd say chances are the last two "if"s pretty much coincide other). That being said, I'm still spreading the word about allofmp3.com to anyone I know.
Either way you get a system where big institutions are allowed to become laws unto themselves. *Cue some leftist to come tell me how socialism works, how no American understands Real Socialism(tm) and why Capitalism is absolutely identical in practice to Italian Fascism*
Given the quote above, you certainly do seem to need someone to explain to you what socialism is. I'm not even going to bother to try as I doubt you'd take any of it in, except to point out one thing that most of the "leftists" you complain about probably won't bring up or agree with:
Socialism is not restricted to the left - socialism is a label for a set of common traits of political ideologies, not a single ideology. Those ideologies span a very wide part of the political spectrum, to the extent that Marx and Engels felt it neccessary to devote a full chapter (of four) of the Communist Manifesto to deriding alternative socialist ideologies ranging from the far left to the far right.
As such, you may actually be justified in calling the Democrats "socialist" to some extent, they're just not supporters of the kind of socialism most people on the left support (and from a non-US standpoint, the Democrats would generally be considered a right wing party) - under Marx' classification they might fit into what he called "petty borgeois socialists". In other words a group that claim they work for social justice, but who does so from a middle class standpoint - that is, as long as it's just about getting the rich that foots the bill as opposed to a true redistribution of wealth and economic power.
Marx' claimed that such socialists are a distraction and ultimately serves the right wing by making poor people believe that their needs could be served within the confines of the bourgeois state.
Studies have shown that anybody who didn't see this coming a mile away might not have brains at all.
(Hi Sony)
I don't buy CDs anymore.
right-liberterianism is a contradiction in terms. market economies are inherently hierarchical.
This is a perfect example of left-wing extremism. I say that I want almost no taxes, virtually no regulation and private property rights that are nearly absolute, and this is the natural reaction of a lot of leftists to a libertarian statement of principle. It perfectly presents the false dichotomy inherent in left-wing thought: either we have a thorough and invasive government that taxes heavily, regulates heavily and on the surface keeps society moving smoothly, or we end up like a third world hell hole. Let's not forget that many of the problems in Africa can be traced back to the left-wing governments of Europe, such as France's whose enlightened elite saw fit to send in the foreign legion to fire on both rebel AND GOVERNMENT troops in the Ivory Coast not that long ago.
The very concept of nearly absolute property rights for all of society implies a government strong enough to keep the stronger members of society from taking the property of the weak, and that includes preventing yuppie scumbag white left-liberals from scheming up eminent domain abuse to help those "poor proles" in places like New London, Conn. The leftist response to Kelo, which was a blatant abuse of the weaker members of society was summed up by Nancy Pelosi's jubilant statement, "it was as if God has spoken." Leftist-leaning governments in the United States have systematically failed to protect life, liberty and property because the pursue some sort of social agenda.
And when those failed priorities of the leftist governments come home to roost, look at France for a good example of what to expect.
Click here or a puppy gets stomped!
This could end up being a turning point. The organisations pusing for DRM will easily and swiftly realise what this leads to:
All their heavy public relations work to portray the reluctant consumers as merely "pirates" is on for a trying test.
I wonder if Orrin's CDs are released with this kind of DRM. I assume his CDs also have the ability to destroy your computer if it thinks you are copying his music.
Invalid Checksum. Retrying.
I'm sure Wal-mart is hiring, leave your rights at the door.
I've been thinking quite a lot about security on OS X, and I've been trying to work out methods by which even a suspicious user could be tricked into revealing his password. Here's what I came up with:
I haven't tried it, but it seems that by asking for a password at a time when one would be expected, a nefarious program could easily persuade a user to give it away. I have no reason to believe that this strategy wouldn't work.
If your comment title says 'Re: Foo', I'm not likely to read it.
It's pretty simple: a physical thing that you're in possession of cann't be separated from you without violating your natural right to your own body. i.e. the sandwich is yours because I have to fight you to get it away from you
It's not that simple. What if the sandwich is on the table and I take it without you looking? I did not have to fight you for it. What if I stand on your lawn, I'm not hurting you directly. If I take your sandwich forcibly, do you have the right to violate my rights to take it back forcibly?
Most of societies rules don't deal with the self evident (I'm not allowed to kill you), they deal with the complex systems to maintain order and establish "fairness" (I can't stand on your front porch singing showtunes all day and night). Intellectual property is a construct to try and address issues related to things which are valuable yet intangible.
D6 63 0D 70 89 81 BB 8E 7B 7C 5F 5D 54 EA AB 73
IF antivirus vendors do start removing the sony rootkit, won't that qualify as circumvention of a copyright device and put them in clear violation of the DMCA? This just keeps getting better and better.
There is not nearly enough love in the world, but there is far too much trust.
So no effect on Macs?
OK.
Nothing to see here, move along....
If you don't allow guns to those in a mental institute, you're just asking for the state to declare that everywhere is a mental institute (or alternatively, that everyone has at least one mental problem) and thus no one should be allowed guns. Same argument for prisons. You're just asking for the state to convict everyone in order to take your rights away. Absolute property rights suck too: you're just asking for one rich guy to buy up everything and make you rent as his vassal for the rest of your life. This is one of the reasons that taxes are necessary: to prevent a nightmare consolidation of ownership.
If sony has absolute property rights over their cds, why shouldn't they be allowed to put whatever they want on them? I mean, it's your own fault if you don't check what that cd contains before exposing your computer to it. You're practically begging to have your computer rootkitted if you don't, and who is Sony not to oblige you?
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
lol what?
"This trojan has been brought to you by...
Sony.
When your files are too important to be seen by anyone.
Just $sys$ it."
Michael Coyne
http://turthalion.blogspot.com
'..but by using DRM which allows some limited copying, it is hoped that people won't feel the need to bypass the DRM entirely.'
j ul_05_art4
http://www.xcp-aurora.com/press_article.aspx?art=
Oh, no, we can't possibly imply that some corporation is behaving in bad faith!
A vulenrablity is a vulnerability, no matter who's responsible or what their intent.
(What the hell, the CERT site isn't even coming up for me now...)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Please, Santa, I'd like a Sony RootMan to go with my Sony Vaiorus, my Sony TrojanTron monitor and my Sony WormCam video.
Las qué passoun
tournoun pas maï
Then again this is what happens when people limit themselves to voting for the corporatist party (Republicans) versus the socialist party (Democrats). *Cue some leftist to come tell me how socialism works, how no American understands Real Socialism(tm)
Tell you how it works? (*) Nah... though I'll laugh at you if you genuinely believe that the American Democrat party are "socialist". (Who was it said that Clinton was the best Republican president America had had for a long time?)
Anyhow, people take political concepts like "democracy" on their own, expecting to get a whole load of other stuff with them. Capitalism isn't democracy. Democracy isn't liberty (though it's pretty much the best prerequisite to it I can think of right now).
Capitalism isn't fascism per se, but it can fit into a fascist-style system quite comfortably if that's the way the country's being run (a la China; not that they were any better under "communism", and please don't tell me that they're *still* a "communist" society because they're totalitarian; see "political concepts" above). On the other hand it can fit into a democratic society fine, so long as corporate interests aren't allowed to gain disproportionate influence.
(*) I don't consider myself a socialist, though you probably would. Since right-wing Americans consider anyone whose views are to the left of your Democratic party to be a foaming-at-the-mouth commie/terrorist/whatever, I wouldn't waste my breath trying to convince them otherwise.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Perhaps new Sony CDs should come with a gun toting thug. When you put a CD into your computer, said thug holds said gun to your head and if you break a copyright...BAM! Cherry pie.
MS and others are busy trying to make the *AA and company's wet dreams of perfect DRM come true and this happens. It's not possible that the malware crowd won't notice and put 2 and 2 together. Anyone want to place wagers on other DRM systems being targeted to be used in the furtherance of malware? It's like leaving an armory wide open with a sign reading, come on in bad guys, we got your tools right here...
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
The following year, all traces of this were removed in the next version and, afaik, it has never returned. I, for one, however, haven't bought their product since and don't plan to ever buy from them again.
I guess Sony just wasn't paying attention.
I wonder if Sony is pre-installing the rootkit on all the computers they are selling? It seems a natural thing for them to do.
So to get away from this virus, if I have the choice of buying an Windows type OS that SCO just developed or a Linux OS that Microsoft comes out with in response which would I choose???
Oh another Libertarian..
I even support the RIAA suing the hell out of thousands of file sharers because I've lost all sympathy for people who want music but aren't willing to *gasp* pay for it.
And how exactly is the RIAA able to sue thousands of file sharers? *gasp* regulation! *gasp* taxes! *gasp* government!!!! *faint*
In any case, your ideal society is the USA, circa 1890. Pre-federal income tax, pre-progressive reforms and labor/antitrust laws, way pre-environmental laws.
The 1890s sucked major ass, unless your name was Carnegie or Rockefeller. No fucking thanks.
That list of CDs can't be right. Those albums are all over the P2Ps. That's exactly what the rootkit is supposed to prevent from happening!
When I read about this first thing this morning I fired off an email to SANS http://www.isc.sans.org/ and got a reply quite quickly.
According to F-Secure http://www.f-secure.com/weblog the Trojan doesn't currently work, and in fact rebooting rids the computer of the infection.
We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed. Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error. In any case, this is a very good example of why software should not use rootkit hiding techniques.
Not that I'm suggesting anybody should... but it would be delicious to see Sony face a DDOS launched by computers infected using a Sony Rootkit exploit. Their pain would increase with every CD they sell.
So if I rename some files so they start with "$sys$", does that mean I'm making use of the Sony DRM "rootkit"? LOL!
I like how slashdotters all ignore the fact that the trojan could simply install their own rootkit, or pretend that there aren't already hundreds of thousands of PCs infected with them, or that using rootkit for spyware/trojan is anything new.
In other news, this could be a good way to hide your porn on the family pc
I'd say this is obviously more of a political statement than an actual attempt to improve effectiveness of the malware. There simply aren't enough machines out there with the Sony software installed to make them a reasonable malware target.
Someone hacked a pre-existing trojan slightly, to change the filenames to use $sys$, to change the channel it listens on to #sony, and to add the string SonyEnabled. It was done solely so that someone could write an article about it and it would add to the pressure against Sony. My guess is that the trojan was sent directly to the antivirus company, if it wasn't actually created by that company for publicity purposes.
At a large US-based firm, over 100,000 people may be told in the coming days that they can't play Sony DRM protected CD's at work. They will also be told why this ban has been put in place. Chances of this happening are good.
Consumer backlash will come, at times due to unforseen circumstances such as this.
Furthermore, in most (if not all) countries, "land ownership" does NOT include mineral rights (which are arguably a significant part of the land) and can often be overruled or dismissed by the Government should they decide they can make better use of the land (5th Amenndment in the USA includes this provision, I believe). As such, it is not really ownership and can - at best - be called borrowing from the State.
There are countries in which private ownership of any kind simply isn't recognized at all. Everything is communal. Such societies don't seem to be any less rights-respecting than any other. Indeed, the USA - which has more codified rights than almost any other country - has one of the worst records of any country for actually honoring what is codified. Indeed, not only is it not honored, even when the courts rule against it, the US Government doesn't always respect those decisions. (The Sioux won in the Supreme Court to have the Black Hills revert to them - that was something like 40 or 50 years ago and the US Government is still refusing to honor the ruling.) Even when it does respect them, it has the power to replace any judge that rules against them (as threatened by DeLay over the Terri Schaivo case) which does damage any semblance of independence or impartiality.
I do believe there are Natural Rights. I believe there is a Natural Right for any individual to be seen for oneself, that there is a Natural Right for any individual to improve their quality of life, that there is a Natural Right for any individual to hold to any beliefs they so choose, that there is a Natural Right for any individual or group to privacy and that there is a Natural Right for any individual or group to maximise potential and minimise harm.
Most of these are what Republicans and Libertarians would consider obnoxiously socialist. The only way to maximise potential is to maximise the flow of information and to guarantee the practicalities of learning that information in a manner that is useful and usable. In other words, maximal quality education and minimal restraint on learning. In practice, if you're from a poor family in a poor area in the US, the only way to learn is to be good at sports or be in the military. Oh, and be male. Poor females in the US are left to rot, regardless. The only way to be good at sports in the US seems to be to take dangerous (and eventually lethal) drugs. Brain damage and other sporting injuries are pretty common. The US military is routinely accused of fraudulant claims in recruitment efforts, violent abuse (sometimes lethal) against recruits and persecution of non-Christians. Rape of females in the US military also appears to be a common complaint - and rarely investigated.
Rights - Natural or otherwise - are only meaningful if enforcable. This is one reason the original version of the Magna Carta stipulated the right to seize (by force, if necessary) judicially-awarded compensation or enforce judicially-awarded rulings against the Government (in that case, the king). In other words, nobody - absolutely nobody - was above the law, and nobody could use executive priviledges to abuse the law or anything else. Name me one country that has such a provision today. (No, the US impeachment procedure doesn't count. The current Congress wouldn't impeach Bush if he was caught red-handed in an act of treason, and the population at large has no impeachment rights. The UK's vote of no co
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I have to give credit to sony for making it even more clear why we should not be using windows.
Is this not a public service of the highest order?
Well, have to admit, when I first glanced over and saw the title "Trojan Using Sony DRM Rootkit Spotted", I wondered how Trojan Condoms were incorporating Sony into their products. ;o)
Cheesy Movie Night
I can't see how this would affect limited users. Autoplay executes in the context of the logged on user. Autoplay doesn't even occur if the screen is locked for instance.
Please learn the art of interpreting analogy.
Let's see. You're comparing releasing a DRM-crippled disc to building death weapons for homicidal maniacs. And you feel that the other poster has something to learn?
Here's a hint: analogies only work when they're similar.
Just because RIAA tried to shut them down they must be illegal?
.ru DNS?
Or is it the
Did you bother looking it up?
"TNW: How do you respond to questions about artist royalties, when you charge so little per song and per album?
Mamotin: We pay all royalties according to our license, which we have obtained from ROMS. These royalties allow us to keep our prices at their current level."
From:
http://www.technewsworld.com/story/34512.html
Don't believe every^H^H^H^H^HAnything RIAA tells you.
*Cue some leftist to come tell me how socialism works, how no American understands Real Socialism(tm) and why Capitalism is absolutely identical in practice to Italian Fascism*
Nah. Their trains ran on time and their corporations were loyal to the Italian people (or Il Duce) and not to the almighty dollar.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
whats funny is that im not seeing any of the current articles showing up in the "Press" section of the XCP website. this is prolly the most press f4i received since they opened..
sucks for them.
omg u r the smartest man on the internet
thank u for explaining government 2 me
Socialism is not restricted to the left - socialism is a label for a set of common traits of political ideologies, not a single ideology.
Nationalist Socialism was probaly the best economic structure ever developed. However the people who created it were probaly the worst people ever born.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
One such right is the right to private property, closed to others' prying eyes or presence.
Yeah... what was that other thing called again... the Patriot 'somthing-or-other'? 'EnACTment' maybe?
I feel real safe where not only the government knows my private information, but now private companies can put dangerous software on my private property, without my knowledge or consent.
I am a hardcore libertarian on most political issues. [...] I even support the RIAA suing the hell out of thousands of file sharers because I've lost all sympathy for people who want music but aren't willing to *gasp* pay for it.
[...]
Then again this is what happens when people limit themselves to voting for the corporatist party (Republicans) versus the socialist party (Democrats). Either way you get a system where big institutions are allowed to become laws unto themselves.
The left hand doesn't know what the right hand is typing, it seems.
You can't take the sky from me...
Surf to http://www.theglobeandmail.com/servlet/story/RTGAM .20051110.gtsonynov10/BNStory/Technology
It's a moderately interesting read.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
...I'd look at filing a class action suit against Sony for everyone affected by this trojan. It's THEIR fault the damn thing exists in the first place.
Johnny Cochran, are you reading this?
The specific thing I'm talking about is extremely simple: whence the natural right to property?
You do not -- *naturally* -- have any right to an object not directly controlled by your person.
The topic you introduce is : your persistent right to dispense with or otherwise control things (the sandwich you laid down for a sec, the acreage you purchased from somebody at some point) that you don't presently possess.
Rights of this type are very complicated, and depend on your society's contract laws, property theory -- a million factors. These are conventional and not natural rights though.
My turnips listen for the soft cry of your love
While I am certainly as outraged as the rest of us as to the intrusiveness and poor (not to mention psuedolegal) practice employed by Sony in this regard, I think there is a positive that could arise from this. DRM had the potential to be employed slowly, behind the scenes, and if done in this manner, a frightening age could have befallen us. As it is, it appears Sony has actually provided the best, if not necessarily the first, legal argument AGAINST DRM. This incident has the possibility to expose DRM to the masses, not as a hated-but-necessary step in the progression of digital technology, but as an unthinkable encroachment into the rights of consumers. This could very well set back the progression of DRM for years to come, and if more companies adopt similar "protections", we could very well see legislation that would very well stop practices like this once and for all (well, perhaps thats a bit optimistic). I for one am grateful to Sony for giving us the legal and moral high ground necessary to fight this fight beyond the borders of our techie world.
Jeeze dude, sounds like you're one mugging away from being a police state lover. Good luck with that rigid belief structure.
Is there no federal or State legislation in the US with similar effect?
Pining for the fjords
For what it's worth, I got one of these messages yesterday:t ml
http://www.livejournal.com/users/ghewgill/48677.h
Hopefully this will help people know what to look for.
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.
Surely we all understood what was going to happen when we loaded the rootkit...err, "software". I mean, who wouldn't expect a simple music CD to serve as a conduit for information being passed back to the mothership through a 3rd party Trojan?
(For you literalist, I'm being facetious.)
Due to this inevitable release of a trojan using the Sony DRM Rootkit, the antivirus companies will be forced to write virus definition protections against it. So comically we'll be seeing the "Virus Alert!" warning message when we load up one of the Sony DRM CD's. Sony shouldn't be able to sue antivirus companies for this, because by definition their "DRM" is in fact a virus. Sony has successfully taken DRM to the next level, which is installing malware on the user's system. This case should do nothing but strengthen the opposition against DRM. I really hope this shows people just how ridiculous DRM is, and that digital content purchased for private use by the consumer should not have DRM, as it is against fair use. Some of these EULAs are garbage as well, because companies throw ridiculous clauses in there that would never hold up in a cort of law, and then these companies hide behind their EULAs that essentially say "By installing this software, you agree to be Rootkitted up the ass and fux0red by our DRM" which is total BS.
Cue some leftist to come tell me how socialism works, how no American understands Real Socialism(tm) and why Capitalism is absolutely identical in practice to Italian Fascism
Perhaps if we had some truth in advertising, so the parties were labelled "Socialist", "Capitalist", etc. Then there would be none of this patriotic "Republican", "Democratic", etc bullshit. If your views are libertarian, vote for the Libertarian party. If you're more socialist, vote for the Socialists.
And dear God, do I wish America wouldn't wig out every time socialism, communism, etc is mentioned. Of course, people would have to THINK to get over their knee-jerk "hate them reds". To the american people (not the parent poster): I don't care if you still don't like it after thinking about it, but at least THINK about it.
I don't know what kind of crack I was on, but I suspect it was decaf.
So far, I haven't seen any mention on the mainstream news about this. Maybe because it's too technical, but I think it's because CNN is a company of Time-Warner, and Time-Warner and Sony are fellow MPAA (and/or RIAA?) members. They (CNN) are great about covering the fluff. Count on them to down-play the stuff that hurts their business sleaze.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Nope, I didn't bother looking it up, but niether did I say it was illegal.
Now my questino to you is, did you bother to look it up?From projo.com:Now I wonder if you've read up on the falling out between ROMS and the RAO. My guess is no.
Now I'd have to ask if you sincerely believe that any significant portion of these licensing fees paid to the government body known as ROMS gets forwarded to the artists whose music is being sold on allofmp3.com. I'm thinkin 'round about none of it...but no, i cannot back that up. Prove me wrong. (It'd actually make me rather happy if you did)
So to reiterate my point, since you seem to have missed it: I have nothing against allofmp3.com, but I will still buy a CD if I know profits aren't going to the RIAA, and the CD is from an artist who I want to support. That's the way to truly foster the production of GOOD music--not corporate endorsed, mass-media overplayed drivel.
The RIAA can kiss my @$$
Without knowing the context of the quote, the quote is mostly meaningless.
Also, the "source" is an antivirus blog with only one sentence at about.com. GET A REAL SOURCE. Using a blog as a source only hurts your credibility.
Sony shows the world that DRM is bad and all of you are complaining! Really, do you actually know what you want?
If not, there damn well should be. Unfortunately, removing this from your own computer "by force" is a violation of the DMCA (under the DMCA - and correct me if I'm wrong - it's illegal to "circumvent a copyright protection measure" - and I think removing a rootkit installed as a copyright protection measure constitutes circumvention).
I love the USA, but God DAMN we have some fucked up laws.
SonySyph, I LIKE that name, and it's so much catchier than "Sony DRM Rootkit."
Anyone care to start a Google Bomb???
Better yet, have someone set up SonySyph.com and get web sites to link to it with the name "Sony." See to it that anyone who searches for Sony or Sony products gets the skinny on their root kit.
"Live Free or Die." Don't like it? Then keep out of the USA
I've tried mentioning this story to some of my non-geek friends, and their eyes just glaze over. I even try phrasing it like, "Sony put something on these CD's that just takes over your computer." They can't get it. The phone rings. The baby cries. Something interesting comes on TV. It's like their brain can't stay focused on the statement that a giant media conglomerate is trying to fuck with their computer, trying to fuck with them. I hate to say it, but these companies will eventually win, because the vast majority of people are so fucking clueless about this stuff, and firmly try to stay clueless. Fucking sheeple.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Can someone explain to me why the rootkit authors aren't being charged with computer crime?
The guys who write viruses (such as Nimda and Code Red) get arrested and sent to the Federal PMITA Prison for creating the viruses - why isn't the FBI making a beeline to First4internet and hauling them away?
Seems like a pretty open-and-shut case - has someone just not thought of it yet?
Please don't post articles that contain the words ROOT and TROJAN together. That is just too much for me at work.
So I keep hearing about these EULA's included with music cd's. I was wondering, how much legal strengtth does an EULA for a music cd have ?
It is an agreement, so I'd need to agree with it, right ? If I don't agree with I'm not allowed to listen to my cd ? I bought a MUSIC cd, that was the whole transaction , right there, the moment I paid for my music cd . I'm allowed to do anything with it that I wish (in the bounds of copyright law...) .
The Dutch will inherit the earth. If not, we'll settle for a bit of ocean. Beta delenda est!
How about Sony execs do jail time, just like other crackers/hackers?
http://www.rootstrikers.org/
Now, everytime I get a spam from a zombie machine or see a box DDoSed by a botnet we can thank Sony, because they're working hard to make the virus writing schmucks jobs easier.
Thanks.
I will never buy another Sony product again. I removed all Sony products from my amazon wishlist as Christmas shopping season approaches. I will grin from ear to ear as Sony is sued into oblivion. Honestly, I'd like to see the people responsible arrested.
isomerica.net | Foonetic IRC
$100,000,000.000
Now I'm a tracking money like a gas station.
tasks(723) drafts(105) languages(484) examples(29106)
Washingtonpost.com's Security Fix blog has dug up an interesting quote from Sony CEO Howard Stringer way back in 2001 that presages this whole problem:
... but in the end we're going to have to get serious about encryption and digital-rights management and watermarking."
Sony CEO Howard Stringer, who kept the audience laughing throughout the night with a battery of quips, said, "Right now it would be possible for us, and I've often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records, and make them listen to four hours of Yanni
He goes on to say:
So we play defense on the one hand and offense on the other hand. And if it seems a little illogical it's only defending our turf."
The anti virus companies are pussies. They are too afriad of the legal recourse of removing said product. That's why we can have updated anti virus on every single one of our computers here and still have machines loaded with spyware. It's almost pointless. The modern day malware isn't the I love you virus, it's the sony rootkit's. And they are just too afraid to remove the Sony rootkit's of the world.
If an officer ever threatens to taze you, say you have a pacemaker.
Actually, "irregardless" is a word according to Dictionary.com. However, even the dictionary has a side-note stating that it's a term still in dispute "for being an improper yoking of irrespective and regardless and for the logical absurdity of combining the negative ir- prefix and -less suffix in a single term."
It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
Hear, hear!
Sony has singlehandedly done more to thwart DRM and encryption and all these B.S. "secure" and "trusted" content cartels than all of the EFF and other opensource advocates could ever have possibly hoped to do.
When I am finally able to pull a digital TV HDTV signal directly to mythtv without any BS encryption and cable card, I will not forget Sony's contribution in raising everyone's awareness of the issue of how DRM is anti-consumer to legislation toppling proportions
Seriously, aside from the geeks who bought the CD to toy around with it, how many people have this installed on their machine? It's probably people who already have all sorts for virii on their systems. The rootkit doesn't have a remote vulnerability so they'd have to stupid to get this new trojan anyways.
I feel so left out :( where can I find a version for Linux, Solaris, DOS and Windows 3.1
"I bow to no man" - Riddick
One of my favorite topics. Many of the people that Moses freed from slavery wanted to go back to slavery, and Americans today would rather have the government take care of them than make their own decisions.
Erik Fromm added a lot to my view of the subject.
You can see how politicians and others take advantage of this by promising security in exchange for people's freedoms.
Anyway, I wish I could have a beer and some conversation with all you MS and Bush bashing, Linux and freedom-loving geeks!
I work helpdesk for a large public universiy. I'm positive that some of my calls are going to be infected with this at some point. My question, and all I care about, is this -- how am I supposed to tell if they're infected? Are AV programs detecting it? If they just check their computer in for a generic spyware/virus sweep, and I don't know how to specifically go after it, what clues are there to tell me to look for sony DRM?
Yes, I just found out that I bought a product that, without my approval, installs software on my computer that compromises it's security. I bought it with a Visa card, I'd like my money back. Can you reverse the charges, please?
Why? Well, this is supposed to be a music CD. But without informing me and wholly without my approval it installs root kit software. This root kit software could hide a key logger that could capture the credit card number I use in online transactions. I would think that would worry Visa.
"EFF is collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained the "rootkit" copy protection software. We've previously posted at least a partial list of CDs infected"
Partial List of Copy Protected CDs
The EFF is also considering a lawsuit against Sony.
So, if you've had the hassle of dealing with this DRM crap and live in California or New York, help them out by checking out this page
It's time to DO something. Enough of the whining. Help the EFF out.
Find a job you like and you will never work a day in your life.
van Zant: Get right with the man. It's not looking good for the artists...
Funny things is, this rootkit fiasco will just push more people to buy music online. Thanks for another nail on the CD market Sony, I'm sure you're going to make a lot of friends in the record industry :P
Boycott Sony by refusing to cover the PS3, and encourage other websites to do the same. If they are denied all the prelaunch coverage they need to create a groundswell of demand, it will have real consequences for them, and they will pay attention.
As well as mine.
I'll take note and look into the ROA bit. No, I hadn't caught that bit earlier.
Thanks for the 2 cents.
Why not go even further? When the computer boots up, remove the rootkit and display a genuinely-looking windows error message that says something like "Windows has detected Sony Digital Rights Management software, and has removed it. Please avoid listening to Sony music CDs on this computer". Then the trojan could remove itself after it's spread to 50 other computers, to ensure it doesn't become a problem itself.
Hit google news. it's on Fox, BBC, Financial Times, Washington Post, etc.
What im hearing from the Slashdot crowd. Or maybe I can.
If a spyware maker writes spyware, he is in his right to do so. If a virus writer makes a virus, he is in his right to do so. But to INSTALL that spyware, or provide a means of exploit, or the virus writer releases the virus into the wild, then he/she/it should be held liable.
This all boils down to the same mindset as the gun laws. We have a right to bear arms. REGAURDLESS. I have the right to own a gun. But that doesn't give me the right to kill someone with the gun.
If someone grows weed in his back yard. He should have the right to be able to do so. But if he sells it to the kid down the street for the sole purpose of getting high, and frying his brain, the man should go to prison.
Lets just ban everything. Lets ban Guns, Free Speech, Free Software, and hell, while we are at it. Let the U.S. just become China!
Oh.. My bad. That has already happened.
I think you are wrong. There was a list of the infected cds posted yesterday here at Slashdot. Go over to Amazon and read the reviews of every single item. They are schockful of "Stay Away" notes. I can only remember Neil Diamond. Look here at Neil Diamond's 12 Songs
Help fight continental drift.
CA antivirus is now removing the DRM. I think this is a violation of the DMCA, right? 5 years in prison and a big fine? Let the fireworks begin. story
It's a tad trickier than that. F4I is based in britain, and has no corperate presence in the US. As a result, any action would be long winded - in the extreme. I'm keeping an ear out for any word from the Crown Prosecution Service - but it normally takes them some time to start moving on these things.
They like to be, y'know, thorough.
Man has the right to live by his own law.
Man has the right to live in the way that he wills to do.
Man has the right to work as he will.
Man has the right to play as he will.
Man has the right to rest as he will.
Man has the right to die when and how he will.
Man has the right to eat what he will.
Man has the right to drink what he will.
Man has the right to dwell where he will.
Man has the right to move as he will on the face of the earth.
Man has the right to think what he will.
Man has the right to speak what he will.
Man has the right to write what he will.
Man has the right to draw, paint, carve, etch, mould, build as he will.
Man has the right to dress as he will.
Man has the right to love as he will, when, where, and with whom he will.
Man has the right to kill those who would thwart these rights.
Here is a useful definition of "natural right" that might help people understand the natural rights perspective:
natural right(n): A political condition required for the life of a morally autonomous being.
A natural right, in this view, is to political or social life what the requrirement for food, water or air is to physical life. I cannot say, "I relenquish my need for food" in any meaningful sense, because it is my nature to need food to live.
Likewise, for a being whose mode of life involves making and acting on its own value judgements, certain political conditions are required. The need for these political conditions cannot be relenquished.
"Tyranny" is a political condition, as is "republic", "police state", etc. Not all of these political conditions allow morally autonomous beings to live as such.
Note that I do not believe that natural rights theory is sufficient to construct a theory of society. Nor do I believe that protection of natural rights is a sufficient basis for a just society. Humans are more than rights-bearing creatures, and our social needs are far more complex than the needs described by natural rights. A natural-rights-only society is the bread-and-water diet of social theory: sufficient to sustain some kind of existence, but not sufficient for genuine health and happiness.
Blasphemy is a human right. Blasphemophobia kills.
Actually, 'irregardless' *is* a word.
It is if you are American, anyway. Have a look at http://dictionary.reference.com/search?q=IRREGARDL ESS
...because the urge to correct someone who feels the need to correct people is just too entertaining to pass up!
I just heard that Symantec may have helped with the creation of the rootkit, and that it wasn't just a creation of first internet. Can anyone confirm that?
Anyone got a spare double-sided tin-foil hat (shiny side outside and in)?
Your sig(k) has been stolen. There is a puff of smoke!
Sony will be forced to give every member of the class action suit a $100 off coupon towards the purchase of a new $3000 laptop...
Isn't that the way settlements with big mega-billion dollar corps end up?
I would trust any e-mail from a reputable business magazing. I mean, really, is there any other kind of magazing?
"Her idea of wit is nothing more than an incisive observation humorously phrased and delivered with impeccable timing."
From http://news.com.com/2100-1029_3-5944549.html
According to the EFF, the following CDs contain the DRM in question:
Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
What if you imported one of those CDs from the US? Would Sony be liable? Would the vendor be liable?
"1337olas wuz here! Free Sony brass!!!"
The latest Sony TV commercial; -or rather the first Sony TV commercial I have ever noticed, is a load of balls running downhill.
I can't remember what they were selling. Either I wasn't paying attention, or it is a secret.
Make engineers study ethics? I have seen a lot of ethical foibles in my profession, and they have *all* originated from executives. Why not make them take the damned course instead?
Sony didn't write the rootkit. They bought it from someone else.
How is this relevent? It was Sony Management that made the decision to infect their customer's computers with malware. It is Sony Management that needs to face the consequences. Personally I think sending every executive involved in this fiasco to prison for 10 to 20 years would send a clear message to the executives of any other company that would be evil enough to try a stunt like this.
Of course the company that created the code is equally at fault in this, and their executives should join Sony's in the big house. If it was hacker working for organized crime we'd want to lock them up, why should these people be given a pass just because their mob bosses were Sony executives?
Then Sony put it on the CDs.
The thing to make Sony notice is to boycott *ALL* Sony products.
They worry a lot more when you don't buy that 200" HDTV that they have been trying to sell you
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
Following the war, Heisenberg was held at a British detention facility. His conversations were recorded by hidden listening devices. On the day that the news of the first atomic detonation reached him, he expressed disbelief and stated that it was impossible according to his calculations. It was only much later that he decided to adopt the convenient claim that he sabotaged the bomb. It's a convenient story, because it makes him look more decent and smarter at the same time.
Just as well I buy all my CD's from AllOfMP3.com
Seriously though, most people behave and want to be honest.
Reduce prices, make it easy to download in whatever format you like, and I'd be more than happy pay via normal distribution channels. I'm not against companies making a profit.
Montgomery Gentry's "Something to be Proud of" is one of my favourite titles in this ironic parade of CDs infected with DRM.
Saskboy's blog is good. 9 out of 10 dentists agree.
I mean, from Microsoft, and other software companies. Or, for that matter, from law enforcement egencies. Here are a couple of points of comparison:
(1) I am sure that if someone wrote a "good" worm, the anti-virus companies would be on it. In this case, it is not treated as a virus. If the worm caused damage to computer systems, maybe law encforcement.
(2) How different is this from spyware? Is the cause of spyware somehow more noble? Or is it just a matter of where it comes from, or who has the power.
I know a lot of people are ticked off, and rightly so, but how about something real coming out of this, even if it is just a pound of corporate flesh?
Thats like saying that if I build a weapon and sell it to any 19 year old moron who wants one, I shouldn't be held liable if the up and shoot some storekeep with it!
Oh... wait....
So would you rather the 19 year old moron gets off scott-free because it was your fault for building the gun? That the gun just leaped into his hand, pointed at the storekeep, and the trigger pulled the moron's finger?
Go back and watch "Bowling for Columbine". Yeah, I know, half the population won't believe it just because Michael Moore did it, but go watch anyway. Notice how the smartest person in the whole film is Marilyn Manson. And notice how at the end of the day, all of the "politically correct" reasons people came up with didn't hold water, including the number of firearms. And remember, if you don't have a gun, you can always stab someone with a pen -- should we be suing pen manufacturers? Oh, hey, you can kill someone with your bare hands, so let's sue all the parents of the world, for creating such horrible weapons?
I think First4Internet is moronic and probably deserves to be shot, but only for sheer stupidity of business model. Sony is the real culprit here. And as there's currently no legal way of checking whether Sony is responsible enough to sell a rootkit to, we can't sue First4Internet.
Or maybe we can. I mean, if virus authors.... But no, I don't think virus authors should be held responsible, I think the other side should. DDOS attack? Sue every one of the users who runs a zombie. Worm? Sue the software provider. Social engineering / networking attack? Sue the IT department. User follows an email phish/scam/trojan? Tough luck, try not being such a DUMBASS next time.
The idea is simple -- the responsibility goes to the people who can actually fix the problem, and to the people who actually caused the problem in the first place. In the case of DRM'd CDs, it's Sony's fault for attaching a TROJAN to their CDs, and MS's fault for doing something moronic like leaving Autorun enabled.
Don't thank God, thank a doctor!
None of this flimsy DRM-riddled crap, thank you.
Got time? Spend some of it coding or testing
I wish I had moderator points.
emt 377 emt 4
One small point - 'Britain' having no law of trespass is inaccurate - England and Wales do. It's only Scotland that doesn't.
-Never argue with an idiot. They drag you down to their level, then beat you with experience-
Maybe IBM Thinkpads are also vulnerable to this. The ConfigSafe seems to introduce some hidden stuff like root-folders (C:\cminint, C:\preboot) and processes.
OK ./ers - I'm a geek lawyer in Minnesota, trying to take some positive action regarding Sony's recent (and absurd) DRM moves. I would like to talk (voice, email, whatever...) with anyone located in Minnesota who has either had a problem on their own PC due to the Sony DRM or has had a problem with work computers due to the clueless installing the Sony DRM on office machines. Here's my contact info: Chris Sandberg, cksandberg@locklaw.com, 612-339-6900. Whining is great, making things change is better!
Where I can find a copy of the email and attachment for this trojan? For some reason my level of spam has dropped through the floor recently, and I would love to take a look at this thing and start picking it apart. Any help is much appreciated.