Slashdot Mirror
President of RIAA Says Sony-BMG Did Nothing Wrong
Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" It seems that the latest spin is to portray the Sony rootkit as no more of an issue than a software coding error that unintentionally creates a security hole. Will they get away with it among the non-technical public?" Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!
"President of RIAA Says Sony-BMG Did Nothing Wrong"
In other news, cows give milk.
Anyone interested in local radio coverage of this story, CJME.com is about to do a show on the Sony rootkit, you can listen live at 10:05AM CST, and again in the evening for a rebroadcast. Sorry, no podcast is made.
Saskboy's blog is good. 9 out of 10 dentists agree.
Well, I'm a sys-admin at a company with a few hundred desktops. AFAICT, there isn't any way to scan my whole network for the rootkit, and the only sure fire, safe way to remove it is to reimage the machines that have it. Thankfully, it does phone home, so we have started looking through firewall logs for anything trying to get to the phone-home website. Still, a major PITA.
I've seen 2 local bands forgo major label representation because of BAD contracts. Yet most big bands do sign bad deals.
I see a big reason for "major" labels, actually. I look at it as a co-op of bands that distribute the cost of production and marketing across hundreds of "talented" bands.
My problem is with the anti-freedom maneuvers of the labels. They corrupted radio rights, they helped destroy copyright, they subsidized the DMCA and they fostered anti-speech creations like Tipper's parental warning label and other bad ideas. I have no problem with stupid business tactics, it is when the law protects it that I'll call foul.
I put Snort sigs in place for the Sony traffic http://www.bleedingsnort.org/ and got hits from the following company
/*, multipart/*, ..Content-Type: .Content-Length: ...
I have loaded the Sony DRM sigs but have gotten hits from other products. I am wondering if this is a false alert or another company using this root kit for DRM
000 : 50 4F 53 54 20 68 74 74 70 3A 2F 2F 77 77 77 2E POST http://www./
010 : 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 2F 4D 50 photoshow.net/MP
020 : 53 4E 41 70 70 53 65 72 76 65 72 2F 73 65 72 76 SNAppServer/serv
030 : 69 63 65 73 2F 6C 6F 67 67 69 6E 67 20 48 54 54 ices/logging HTT
040 : 50 2F 31 2E 30 0D 0A 41 63 63 65 70 74 3A 20 61 P/1.0..Accept: a
050 : 70 70 6C 69 63 61 74 69 6F 6E 2F 2A 2C 20 61 75 pplication/*, au
060 : 64 69 6F 2F 2A 2C 20 69 6D 61 67 65 2F 2A 2C 20 dio/*, image/*,
070 : 6D 65 73 73 61 67 65 2F 2A 2C 20 6D 6F 64 65 6C message/*, model
080 : 2F 2A 2C 20 6D 75 6C 74 69 70 61 72 74 2F 2A 2C
090 : 20 74 65 78 74 2F 2A 2C 20 76 69 64 65 6F 2F 2A text/*, video/*
0a0 : 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20
0b0 : 74 65 78 74 2F 70 6C 61 69 6E 0D 0A 55 73 65 72 text/plain..User
0c0 : 2D 41 67 65 6E 74 3A 20 53 65 63 75 72 65 4E 65 -Agent: SecureNe
0d0 : 74 20 58 74 72 61 0D 0A 48 6F 73 74 3A 20 77 77 t Xtra..Host: ww
0e0 : 77 2E 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 0D w.photoshow.net.
0f0 : 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A
100 : 20 31 36 33 0D 0A 50 72 6F 78 79 2D 43 6F 6E 6E 163..Proxy-Conn
110 : 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 ection: Keep-Ali
120 : 76 65 0D 0A 50 72 61 67 6D 61 3A 20 6E 6F 2D 63 ve..Pragma: no-c
130 : 61 63 68 65 0D 0A 0D 0A 3C 3F 78 6D 6C 20 76 65 ache..........
190 : 3C 69 6E 73 74 61 6C 6C 49 64 3E 35 66 37 35 30 5f750
1a0 : 34 66 36 33 61 66 38 37 38 35 61 39 32 63 36 33 4f63af8785a92c63
1b0 : 63 62 64 38 30 61 38 66 63 63 66 3C 2F 69 6E 73 cbd80a8fccf
1d0 : 3C 2F 73 65 72 76 69 63 65 3E 0D 0D 0A
"Hey, I know we were found in your house in the middle of the night after breaking in a window, but we've cleaned up the mess and put in a new pane of glass. Aren't we responsible"?
Now, if only the non-technical people could see this....
What Sony did wasn't responsible, it was, in fact, a crime in many areas. Call and report it to your local police department.
On the civil side, you don't have to wait for the class action lawsuits against Sony BMG Music Entertainment and First 4 Internet to wind their way through the courts -- you can sue on your own in Small Claims Court. For a useful guide to get you started, visit SonySuit.com.
-- Mark Lyon http://www.marklyon.org
The thing that intrigues me is the RIAA has the nerve to support this action when Sony clearly suggested (not in a press release but in recalls) they made a mistake. This shows the RIAA does not care about their PR. It seems to me the RIAA views us as consumers who will buy their product at any cost, regardless of how they treat us. Like suggested before, they have a monopoly at hand. I'm hoping in the future that some of the consumers can conform to suggest reasonable methods of distribution and rights to combat the RIAA's evil actions. If not I think the RIAA will keep on pushing for complete control over digital distribution and rights.
For what it's worth, I think payola is going to die.
No, really. With the media consolidation what's to stop Sony, Capitol, etc. from buying up the radio stations? No payola necessary. The "DJ" (well. teleprompter reader really) will play the queued music from the satellite feed and announce them with a smile, or not keep his job. No payoffs required once the media consolidation process is complete.
There will still be an independent station here and there, but how much would you want to bet that the RIAA and Artist Rights Enforcement Corporation won't raise the licensing fees to air major labels' material once the consolidation of mainstream stations is complete?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
A high-placed source at Sony BMG has emailed me with some interesting information about the ongoing rootkit DRM fiasco. My source says,
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
there's a problem with the way you buy your records. do you really think that more of the money goes to the artist? is the artist really running the webstore or is the record label? think about that one...
for your parent's argument about major labels having a place... big bands do sign bad contracts all the time. why? advertising. they know they can get somewhere. think about that one. the beatles had a terrible contract, but they made more money afterwards when they did their own thing with apple records. a lot of the bigger bands today make their money through other means, not record sales. record sales means popularity, nothing more, nothing less. the more popular they are, the more poeple go to their concerts (where almost all the revenue goes to to the band). so far, the record labels haven't been able to touch concert revenue (don't you think they would've loved a chunk of the change bands like phish and the grateful dead made from touring alone?). the big label gets them advertisements, that's all (although phish and the dead became popular through word of mouth, the label just got them new fans).
please me, have no regrets.
It's a good point, but I've never seen it happen. All rootkits I've seen are visible over a share.
Rootkits are revealed on the network via firewall logs, and I've always tracked them down via this method. I suppose there may be kits that I may not be seeing, but they don't appear to be phoning home.
Remember that you can hide a file from the API, but you can't hide from NTFS itself otherwise you risk getting overwritten.
It's entirely possible that administrative shares get their file list from the disk volume itself and translate the information when it arrives using the clean kernel rather than the potentially infected API on the remote machine.
I'd be interested to know if anyone knows for certain if this is the case?
It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein
" I've seen 2 local bands forgo major label representation because of BAD contracts. Yet most big bands do sign bad deals."
Thats simply a shame...I've seen too many bands sign bad deals as well (note: I worked in the industry for several years before deciding to go back to school). The fact of the matter is, contacts in the music industry like any other industry are supposed to represent give and take. When my university decided that some of my research was too valuable and took up their right to offer the 'standard' 50% ownership of viable IPs in return for funding my project (after deducting the cost of the office space, percentages of professors above me's salary and a dozen other deductions that would mean that I'd probably owe someone before I saw a single dime -- and the 'scholarship' they offered was included in this) -- I decided to shop the contract around and when my university balked at that, I took my first grant to a former professor now running the sponsored research program of his new school on the west coast. It was a small grant (under $50k) but it got the point across.
The next time I applied for a grant, I was given MUCH better negotiable terms by my university. Both schools are of the same size and stature, so I never had to woodshed in the 'minors' to get my way.
How does this relate to your local bands? At one point I was a signed musician. I think technically I still am and still in contact with my A&R guy who occasionally asks if I can assist on a project. When I was given the contract, I immediately went to a lawyer -- and not the one they suggested -- but not before I read everything myself and made a lot of notes. Almost all of this was common sense when reading this, and my laywer confirmed that most of my concerns were legitimate. The rest of my band signed their rights away immediately (and the label made it sound as though if I didn't sign at the same time, their contracts would be void). I wrote the songs even though I wasn't the lead man, so I had more at stake and didn't give a fuck about their concerns.
Guess what -- without a protest, most of my concerns were addressed and either ammended or stricken. As taught in High School law, contacts are about give and take and the record companies know this. If a stupid metal head or bimbo pop singer is willing to sign anything that it put in front of him or her, they deserve getting screwed on a bad contract. The labels are giving you a contract with everything they could legally hope to attain and nothing more. You should ask for everything you could legally attain and nothing more -- and then an agreement should be struck between the two. And I have no problem with anyone asking for as much as they can get because only an idiot would do so.
So your local bands forgoing major label representation -- so what? They should have hired an entertainment lawyer and had representation from management (starting off -- these should be two seperate items to make certain that no one is out solely for themselves).
Thats more than I wanted to say about the subject.
Advertising is one reason for joining with a major label, but performances and word-of-mouth themselves are better advertisment; in fact, only recently have television commericals or billboards played an important role in advertising. Radio traditionally has been an artist's best medium for advertisment. Advertising, however, means nothing without distribution. Major labels distribute globally through retailers, which independent artists would have a difficult time emulating, unless they have achieved substantial success on the charts (Which is difficult, if not impossible, for indie artists due to the connections between radio--Viacom, Infinity, and Clearchannel--and the labels. Thus indie artists have to find different means of advertising as well). It's not some arcane industry secret that artists typically only make 8-15 points (cents per dollar) from album sales, and from that have to pay for studio time/musicians, managers, lawyers, tours, etc. The label handles manufacturing and distribution.
Interestingly, though, a growing number of artists, including myself, are choosing to survive as 'independent' as its profit margins are higher, and the artists themselves do not forfeit the copyrights to their songs to the labels. When you pirate music, the copyright you are breaching is not of the artist; the copyright for the recording typically is owned by their label.
More on this (and more) is discussed in a paper I wrote, available here.