EFF and Sony Disclose New DRM Security Hole

← Back to Stories (view on slashdot.org)

EFF and Sony Disclose New DRM Security Hole

Posted by CowboyNeal on Wednesday December 7, 2005 @01:45AM from the yet-another dept.

Dotnaught writes "The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment said on Tuesday that SunnComm is offering a patch to fix a security vulnerability with its MediaMax Version 5 content protection software on 27 SONY BMG CDs. Security firm iSEC Partners discovered the hole following a request by the EFF to examine the SunnComm software. The vulnerability involves a directory installed on users' computers by the MediaMax software that could allow a third party to gain control over the affected Windows PC. The EFF and iSEC delayed disclosing the problem until SunnComm could develop a fix."

5 of 258 comments (clear)

Min score:

Reason:

Sort:

Useful indeed by Renegade+Lisp · 2005-12-07 01:50 · Score: 5, Insightful

And to think that only yesterday, there was a slashdot story wondering whether the EFF had outlived its usefulness... So there's your answer, I guess.
Thank you Sony! by Suzumushi · 2005-12-07 01:55 · Score: 5, Insightful

Sony has done more damage to the DMCA and set back DRM farther than the combined efforts of the EFF and like-minded people around the world. We should all thank them.
Re:Build it into the OS by eggoeater · 2005-12-07 02:06 · Score: 5, Insightful

It is clear that DRM software is going to be as open to bugs as any other software...
Actually...much more so.
DRM software has to do more than regular software to prevent users from circumventing it, with the latest craze being OS hooks.
Insecure software + OS hooks = HUGE security risks.
If you ever want to release a worm that takes advantage of a DRM security hole, just put it on a web site that tells you how to disable that particular DRM. People will google for a way to disable their DRM, go to your site, and WHAM.

--
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
Re:Quick Question... by jc42 · 2005-12-07 02:24 · Score: 5, Insightful

Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?

Most of the victims have no idea that they're installing software on their computer. They're just playing a CD that they bought.

We geeks and nerds on /. understand the issue. 99% of the population don't even know what "installing software" means, have never done it (intentionally), and aren't to blame for being victims of such things.

Blame the criminals, not their victims.

--
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Re:Perhaps not (Was Re:Useful indeed) by CaptainZapp · 2005-12-07 03:01 · Score: 5, Insightful

Most surprising is the change of Tune of Mr. Hesse, from:
"Users don't know what a rootkit is so why should they care"
to
"We are taking the concerns of our customers very seriously, blahblahblah"
Could it be that Mr. Hesse is full of shit?

--
ich bin der musikant
mit taschenrechner in der hand
kraftwerk