Slashdot Mirror
DVD Jon's Code In Sony Rootkit?
An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."
The Revenge of the Sick (with copy protections)!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
looks like they owe the kid some royalties...
If you don't know what AltaVista is (was), get off my lawn.
This is GPL'd code, not LGPL'd, right?
Anyway, DVD John can actually sue Sony for all *revenue* that Sony made from the sale of the CDs, if I'm not mistaken (not just profits). That would grab them where it hurts!
"I have never let my schooling interfere with my education." - Mark Twain
I said right off the bat, that the Sony DRM package would be full of other's code. Seems to me that Sony hired some blackhats to get the job done for them. Violating the GPL is definitely the least of their worries, but just another strike against what is becoming an increasingly corrupt music giant.
Read the only personal Runyon page out there.
From the Sony binary file:
"pbclevtug (p) Nccyr Pbzchgre, Vap. Nyy Evtugf Erfreirq."
ROT 13 it, and you get
"copyright (c) Apple Computer, Inc. All Rights Reserved."
You couldn't make it up, could you?
"I Know You Are But What Am I?"
1st4: "We have this super code which stops 'teh kiddies' from copying"
Sony: "Cool, lets see."
1st4: "Its already on, go ahead try and copy it"
Sony: "Oooooooh, and they won't find it will they?"
1st4: "Never. We are teh elite blackhats."
Sony: "Ok be quiet about that one, when you you be ready to ship?"
liqbase
Bear in mind that Sony will never say that they're responsible for it. After all, they merely licensed the copy protection scheme from First 4 Internet. While we all should (rightfully) be pissed at Sony for including this on a bunch of their CDs, we should be equally as pissed (or moreso) at First 4 Internet for their (L)GPL violations and for making this product in the first place.
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Sony.....
Microsoft
Man- this is a tough one.
DVD Jon's Code In Sony Rootkit? "The ironing is delicious".
3.(1) A person is guilty of an offence if
(a) he does any act which causes an unauthorised modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.
I think First4Internet's little toy is designed to prevent or hinder access to programs and data held in a computer, don't you? And I really doubt that their click-through EULA constitutes authorisation to do so; it was fraudulently claimed that the Software was necessary to play the music, which was a plain lie as is shown by every Linux and Apple machine that plays it just fine without the rootkit installed.
I might add that even though these discs are not available in the UK, the Computer Misuse Act still holds.
Anyone know if we could possibly get Inspector Knacker to take a look at these felonious fellows?
Real Daleks don't climb stairs - they level the building.
Sony will never say that they're responsible for it. After all, they merely licensed the copy protection scheme from First 4 Internet.
Actually, Sony were responsible for distributing the software.
That's why they're in trouble.
Get it here.
SCO Unix source code found in Sony Rootkit. I wish.
They are both to blame. Comapany A says "Since a lot of companies want DRM, we'll give them some DRM. Who cares if it's a stupid and possibly illeagal implimentation, it will make us a buttload of cash." Company B comes along and says, "That's just what weve been looking for! We have no idea how it really works, and we don't care, but you buy a great lunch and the presentation used all of our required buzzwords."
"First 4 Internet" are idiots for thinking they were more clever than several million computer geeks around the world. Sony are idiots for not throughly researching exactly what the software they licensed did, and how it did it, as well as thinking they had some right to do as they wish with someone elses property.
My god, at this rate SCO code will be found next
Stop invalid scientific research. Ask your local scientists to feed their lab rats with a phytoestrogen-free chow.
It was Bush, wasn't it? I mean, he lied about the Windows Media Discs, didn't he? Or something?
rewriting history since 2109
I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:
Here I thought this would only happen for "secure" workplaces. Sorta makes you feel sorry for SCO, they can't get anyone to even look at the crazy they're selling when Sony's got such a superior line of insane self-destructiveness.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Look, it's very simple: people are kicking up a fuss about this because it is hypocritical for Sony to maintain its anti-copyright-infringement stance, and attempt to take the moral high ground in this regard, if Sony itself is infringing copyright left, right and centre.
If a politically powerful, fanatical anti-drug campaigner who constantly lobbied for pot-smokers to be thrown in jail for years and fined huge sums of money were caught smoking pot, I would not be surprised to see large numbers of people demanding that he be thrown in jail and fined millions, in keeping with the laws that he himself helped establish, even if they were pro-legalisation activists who firmly believe that the laws are unjust.
It is a challenge to the legal system to treat everyone equally under the law, and thus either apply an unfair, draconian law to everyone, including powerful parties who have previously used the law against their enemies, or to concede that the law is unfair and change it.
Sony paid someone for a root kit to be secretly installed on people's machines. A root kit. You know, like paying a criminal to bug someone's phone. Sony damn well should have gone over that thing with a fine toothed comb, as it would have been trivial for First4Internet to get credit card numbers, access to bank accounts, corporate secrets, and anything else it wanted. Or, say, accidentally give access to that stuff to everyone in the world.
All parties involved in an illegal activity are responsible for that activity. Sony is no different.
The ______ Agenda
Except after the initial exposure of this rootkit in their products, Sony bigwigs were on NPR radio broadcast saying essentially (paraphrased) "What they don't know won't hurt them". I'd certainly content that constitutes delayed action, and possibly collusion. Plus the factoids coming out that this rootkit may have possibly been distributed by Sony for over a year now.
Regardless of who wrote it, Sony is still the one who deliberately distributed millions of CDs containing this malware. They should have done due diligence on their own product before shipping. They've supposedly stopped making CDs with XPC, but they haven't done any of the things a reputable company should be doing: Offering complete replacement discs (without foistware), coupons/credit for further Sony products ("Don't boycott our brand, please"), and promise not to abuse their actual customers again. Instead, they've done practically nothing (except some basic CYA by halting further production) and practically promised that they'll be trying this again in some form in the future. Hardly sounds like an 'innocent' party.
Sony certainly deserves to get their collective ass handed to them. Its just a shame it will have to happen through lawsuits and consumer boycotts, as you'd think they would learn not to abuse their own paying customers. I guess not.
P.S. Screw you Sony, your products, warranties, and service have been crap for years, but now I will actively avoid anything to do with you.
{ - Generic Guy - }
There are many types of copyright violations with very different types of severity:
The first type is when someone goes out and downloads a song, lets say "...And Justice for All" by Metalica they have simply avoided paying for it by getting it through illegal means. This does not equate to any directly measurable loss of revenue because when the effective price of something is lowered, people are more likely to get it. Thus it is not only likely that someone would not have bought the CD if the pirate mp3s were not available, but it is actually more likely than not. This is of cause not a wholly moral practice, but it is cirtainly not as bad as many other evils that exist in society today. These are the infractions that occur on Kazaa and the ilk.
The second type of infraction is where one duplicates the media on which intellectual property is contained and sells it themselves at an actual monitary price. This is very different since there is a very obvious minimum bounds of loss of revinue caused by this which is of cause the markup on the pirated media. Motivation also changes in this type since there is a very clear misdirection in the chain of money where the pirate gets a clear financial benifit wheras they recieve none in the first set. This type of violation is criminal in most juristictions whereas the first type is wholly civil.
The third and most severe case is where intellectual property is rebranded and its credit is misappropriated to another party. This historically has been a result of industrial espionage but today, open source software is very vulnarable to it. This is equivalant to the Kazaa casual pirate claiming that they wrote "...And Justice for All". It means that not only does the pirate get the profit for the sale of the intellectual property instead of the legal creator, but those who are convinced to use this thing in future by seeing the rebranded thing will never go to the real author to get a copy for themselves. In either of the previous two types there is a likelyhood that the author will eventually get money or whatever they are looking for (usually an ego boost in the case of OSS) but in the third type this is not the cause. This is a far more thorough missapropriation of this IP and thus the term "stealing" is far more appropriate.
The reason that these three types are so neatly ranked is that as you can see, each one is a subset of the type before. Not everyone gets annoyed by violations every layer since OSS doesn't mind first or second type occuring but hates the third kind. SUN doesn't mind the first type occuring but hates the second and third with Java. Public domain doesn't mind any of the three. But no one will let one layer slide that is above something that annoys them.
This case with sony is clearly not a third type violation (which I would call stealing) but is a second type (which I would call piracy) since Sony did not claim to write this software or even advertise its existence. The GPL says you can do second type scenarios on the condition that you distribute the source code. Sony redistributed this IP for money but did not distribute the source code AFAIK so they voilated the rules on this level. This puts them on par with sleezy bootleg vendors on street courners and ebay pirate CD vendors but significantly worse than some kid downloading Nelly mp3s off Kazaa and significantly better than the jerks behind CherryOS.
So there you have it, why downloading some dumb pop song off the internet isn't as bad as taking credit for someone elses hard work and making millions of dollars off it and why sony are half way in between on this one.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
sicker is that apparently the companies that we rely on for getting rid of root kits knew about the software since 2004 and did nothing. good going guys.
doesn't it really make you look forward to VISTA - it is going to have this crap all over the os - they are working with media companies so everyone has to use windows to watch TV or DVDs.
none of these companies care about the consumer - they are going to give us what they are going to give us and that's it.
this why I chose open source and always will. no one is going to tell me how to use my computer.