Slashdot Mirror
EFF and Sony Disclose New DRM Security Hole
Dotnaught writes "The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment said on Tuesday that SunnComm is offering a patch to fix a security vulnerability with its MediaMax Version 5 content protection software on 27 SONY BMG CDs. Security firm iSEC Partners discovered the hole following a request by the EFF to examine the SunnComm software. The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC. The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix."
How big of a drama it is.
Sue the bastards and get it over with.
perpetually dwelling in the -1 pits
Hopefully the fix is them turning around, bending over, and grabbing their ankles.
activestudios web design
Why am I suddenly afraid my Sony speakers are going to do this:3 0/0021211&tid=126&tid=14
http://science.slashdot.org/article.pl?sid=05/11/
It is clear that DRM software is going to be as open to bugs as any other
software, and some of these will constitute a security threat.
Surely the solution is obvious. If they built DRM software directly into the
operating system, then it could be happily updated with all the rest of the
software, using whatever update mechanisms your OS provides.
I'm sure that the security minded folks on slashdot will be the first to
support a legal requirement for DRM in all OS'es, so that we can solve this
problem before it becomes really serious.
Phil
Root kits, Serial Copy Management, Macrovision, Content Protection for Prerecorded Media, Advanced Access Content System, blah, blah, blah. The most effective DRM is for the lables to continue to put out crappy music. Eventually we'll all find something better to listen to.
Are you...Are you some kind of genius?
No, ma'am, I'm just a regular Slashdot reader.
Since they are redoing the CDs, maybe they can change the names too?
Alicia Keys - Unplugged, but still Infected
Amici - Forever Defined as Dishonest
Britney Spears - Hitme, but Don't RipMe
Cassidy - I'm A Hustla in Your PC
David Gray - Life In Slow Motion Since your PC has a Rootkit
Faithless - Forever Faithless Sony
Imogen Heap - Speak For Yourself, I Love Rootkits
Leo Kottke/Mike Gordon - Sixty Six Steps to Uninstall the Rootkit
Raheem Devaughn - The Hate Experience
Santana - All That I Am Allowed to Copy
Stellastarr* - Harmonies for the Haunted PC
Various - So Annoying: An All Star Tribute To Rootkits
Wakefield - Which Side Are You On? Sony or the Public?
YoungBloodZ - Everybody Know Me, Nobody Copy Me
He who knows best knows how little he knows. - Thomas Jefferson
Switchfoot - Nothing is Sony
You must be new here.
On romantic evenings I turn off the music to make sure no one's home.
Never underestimate the awesome power of pale vegetarian lawyers.
Sauerbraten and sashimi?
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Until they make a patch for the crappy music on most of those CD's, I'm not purchasing. Oh, and while they're at it, make a patch for their distribution, since it seems something is faulty with their current method of forcing me to walk to the store and buying the physical disc... when I don't even have a regular cd-audio player.
Of course this is a needed step for the "average joe" out there that didn't even know he got a malicious rootkit for free when playing a cd on his pc, but then again, does this average joe even know there is a patch out?
as for the rest of us... too little, too late.
they have to start with digital distribution without drm, or they will fail.
Some people say 'Digital Rights Managment' is good for the consumer.
Some doctors used to recommend cigarettes.
The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC.
This is Windows we're talking about; I wouldn't be surprised if we're on to the seventh or eighty party by now.
Guy asked me for a quarter for a cup of coffee. So I bit him.
I upgraded to vegas 6.0c about 3 days before the rootkit story broke. I checked my system for the $sys$ rootkit according to the Sysinternals site and found nothing.
To answer a question with another question:
Is he a corporate executive?
- chrish
Wow, a woman with a fast car, uses Linux, AND a sharp sense of humour... No doubt about it, you must be very ugly :D
(kidding, only kidding!)