Slashdot Mirror

← Back to Stories (view on slashdot.org)

President of RIAA Says Sony-BMG Did Nothing Wrong

Posted by Hemos on from the well-might-be-true dept.

Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" It seems that the latest spin is to portray the Sony rootkit as no more of an issue than a software coding error that unintentionally creates a security hole. Will they get away with it among the non-technical public?" Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!

8 of 631 comments (clear)

  1. Unaware? by NexusTw1n · · Score: 4, Informative
    "the technology they used contained a security vulnerability of which they were unaware".
    I assume the next step is suing the software house that produced the DRM for them. Because they, at the very least, should have known they were implementing a standard root kit with all the risks that entails.

    Those of us involved with IT security know this attack vector all too well. If you want to really scan for virus and trojans on a crtical PC, you map the administrative shares C$ D$ etc to another PC, and run the virus scanner on that machine.

    That way you know for certain that you haven't been rooted, a kit can only hide from the PC it is hidden on, not another machine.

    I see rootkits all the time, the main entry is through backup software exploits rather than O/S holes. (Or autorunning CDs). You will regularly see script kiddies taking advantage of a root kit placed there by other hackers.

    So anyone who works in IT, especially someone who works in root kit creation, cannot claim that they were unaware of potential security problems.

    It was incredibly irresponsible and pleading ignorance is no excuse.
    --
    It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein
  2. Re:Wrong illegal and unethical by multriha · · Score: 5, Informative

    The parts of the software are installed and activated before the EULA is even displayed to the user.

  3. Re:Wrong illegal and unethical by _LORAX_ · · Score: 4, Informative

    I can confirm that at least one disk "Chris Botti" the rotkit installed WITH NO EULA. That IS patently illegal in any handbook.

  4. FoxTrot tries to educate the Public by Jaxim · · Score: 5, Informative

    Did you all see today's FoxTrot? It appears that existence of Sony's rootkit is becoming more and more mainstream.
    http://news.yahoo.com/news?tmpl=story&u=/uclickcom ics/20051121/cx_ft_uc/ft20051121

  5. The state of Texas apparently disagrees by Zygote-IC- · · Score: 4, Informative

    Just got a press release in our newsroom that the Texas Attorney General Greg Abbott is suing Sony BMG.

    Full release can be found at http://www.oag.state.tx.us/oagnews/

    Don't mess with Texas.

  6. Re:Unaware? by whoever57 · · Score: 4, Informative

    If you want to really scan for virus and trojans on a crtical PC, you map the administrative shares C$ D$ etc to another PC, and run the virus scanner on that machine. You surely can't think that can you? If you are accessing the shares remotely, you need the kernel on the compromised machine to tell you what files exist. If the kernel doesn't list the files, do you think it will make them available over the share? The only way to be sure is to boot from CD or another, known good, hard disk.

    --
    The real "Libtards" are the Libertarians!
  7. DRM doomed? by mgessner · · Score: 4, Informative

    This article on Yahoo! says DRM is doomed. FTA: "The fact that so-called digital rights management might always be a doomed experiment became painfully clear with the fiasco that erupted after Sony BMG Music Entertainment added a technology known as XCP to more than 50 popular CDs."

    Let's hope. I always thought this was stupid. I bought the CD. The concept of fair use says I should be able to listen to it when, where and how I want. Fussing about people trading music just goes to show how badly the music industry knows it's wrong and that it's been screwing artists since the beginning. They're not treating their artists nor their customers well.

    --
    "Sometimes the truth is stupid." - Lawrence, creator of Prime Intellect
  8. Re:No regedit required at all... by kawika · · Score: 4, Informative

    everphilski, have you actually checked that with the Sony CDs? Because it doesn't work.

    The settings on the AutoPlay tab are for "Autoplay V2" which determines the action based on the content of the CD (mp3 files, image files, etc.). The Sony CDs use "Autoplay V1" which only requires a file named Autorun.exe in the root of the drive. Even if you turn off all the features on the Autoplay tab, it will not disable Autoplay V1.

    There are several ways to disable the V1 variety, if you don't want to manually RegEdit just download TweakUI and you can turn it off that way. If you prefer the registry method, Google for DriveTypeAutoRun to disable them on a per-drive letter basis or services cdrom autorun to turn it off for all CD/DVD drives.