Slashdot Mirror
EFF and Sony Disclose New DRM Security Hole
Dotnaught writes "The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment said on Tuesday that SunnComm is offering a patch to fix a security vulnerability with its MediaMax Version 5 content protection software on 27 SONY BMG CDs. Security firm iSEC Partners discovered the hole following a request by the EFF to examine the SunnComm software. The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC. The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix."
And to think that only yesterday, there was a slashdot story wondering whether the EFF had outlived its usefulness... So there's your answer, I guess.
Sony has done more damage to the DMCA and set back DRM farther than the combined efforts of the EFF and like-minded people around the world. We should all thank them.
But first you install stealthy and quite possibly illegal software with one hand , and on the other you install DRM with a Security hole that hardly anyone will patch because they will likely not hear about it.
Way to go Sony , you truly are a bunch of arse-holes .
Well at least if this gets major press coverage it may cause an even large headache to ever encroaching wave DRM
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Great, now not only do I have to make sure all my users' applications are patched, but I have to track patches on every frigging DRM implementation out there as well.
Well, payback is a bitch.
I have already steered a friend away from a Sony stereo to another brand, making it clear that Sony is not a good "citizen" and they would do well to stay clear of any Sony products.
Yes, I am only one puny person, but I've already cost them a couple of hundred bucks, and will continue do so at every opportunity.
A house divided against itself cannot stand.
DRM software has to do more than regular software to prevent users from circumventing it, with the latest craze being OS hooks.
Insecure software + OS hooks = HUGE security risks.
If you ever want to release a worm that takes advantage of a DRM security hole, just put it on a web site that tells you how to disable that particular DRM. People will google for a way to disable their DRM, go to your site, and WHAM.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
From EFF: "We're pleased that SONY BMG responded quickly and responsibly when we drew their attention to this security problem," said EFF staff attorney Kurt Opsahl. "Consumers should take immediate steps to protect their computers."
As if Sony, which already has a boatload of negative publicity, could do anything else. I think even the stuffed shirts there must now realize that they can't let anything else fall through the cracks or their music business might collapse. Don't be surprised in Sony divests itself of BMG music at some point in the future, to keep from losing customers for its home electronics business.
GetOuttaMySpace - The Anti-Social Network
Or
Sit here and rip the whole thing off the net for free and burn it to CD and copy it to my IPod.Yeah DRM is a great way to stop piracy.Maybe they should try offering value for money instead.
Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?
/. understand the issue. 99% of the population don't even know what "installing software" means, have never done it (intentionally), and aren't to blame for being victims of such things.
Most of the victims have no idea that they're installing software on their computer. They're just playing a CD that they bought.
We geeks and nerds on
Blame the criminals, not their victims.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
The most interesting part about the whole Sony BMG rootkit fiasco, and now this, is that it seems as if Sony is doubly screwed from now on, because whenever they put out a new product, it's going to be hacked from all sides, to find little holes like this. I'm sure there are plenty of other products out there that behave similarly or have holes in them, that are from other companies, and aren't getting exposed because they didn't piss off the internet community.
It's this kind of backlash now that is bustin Sony, because anything they put out from now on better be bullet-proof, or else it will wind up being counterproductive
It just doesnt make sense. Would you hire the burglar that broke into your home to install your security system?
Ah, but the great majority of victims of the first Sony rootkit still have it installed. They haven't heard about the problem, or head and didn't understand at all. If you take a look at the removal instructions, you'll see that there isn't a chance that your typical Joe Sixpack could ever follow them. If he tried, the result would probably be a machine that didn't boot.
But most of the victims haven't tried to remove it, because they don't have any idea it's there.
You might well hire the burglar if you had no clues that he was the burglar, and if friends and the BBB recommended him. This is an old sort of scam.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.