Slashdot Mirror

← Back to Stories (view on slashdot.org)

DVD Jon's Code In Sony Rootkit?

Posted by Zonk on from the when-will-it-end dept.

An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."

4 of 585 comments (clear)

  1. Re:Wow. Just WOW. by iainl · · Score: 5, Informative

    The string is there because it's part of DVD Jon's code for stripping the DRM out of iTunes files, but yes - it's there all right. Matti Nikki points out the relevant offset in the article.

    --
    "I Know You Are But What Am I?"
  2. Sony's apology by RandoX · · Score: 5, Informative

    Get it here.

  3. Re:Wow. Just WOW. by Sam+H · · Score: 5, Informative

    I have to make sure everyone understands why this string is here. To be fair with Sony (or whoever they mandated), it is not an attempt from them to hide the code theft. Rather, it is an attempt by Apple to prevent not only code theft but also clean-room reimplementations.

    Apple's encryption scheme includes the generation of a key. The important parts of this key come from the machine's unique hardware information. But to prevent (at least that's my only plausible explanation for it) people from reimplementing the scheme by using the same information, they also add this copyright string to the key generation. Reimplementing their protocol means the string has to be used.

    We just store it ROT13'ed in VLC because it would be confusing to have an Apple copyright in our code. Although technically the string itself is created by Apple, it is too short to qualify for copyright.

    --
    God, root, what is difference ?
  4. The day the music died (err was killed by Sony)... by Thud457 · · Score: 5, Informative
    Sony CDs banned in the workplace

    I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:

    It has been brought to our attention that there is significant risk to the security and the operation of UC computers in using Sony BMG produced CDs. For this reason, the use of Sony BMG produced CDs in University of Canberra computers is prohibited.

    Here I thought this would only happen for "secure" workplaces. Sorta makes you feel sorry for SCO, they can't get anyone to even look at the crazy they're selling when Sony's got such a superior line of insane self-destructiveness.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff