Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony's SunnComm DRM Patch a Security Risk

Posted by Zonk on from the spears-cds-bring-one-of-the-horsemen dept.

Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."

5 of 218 comments (clear)

  1. Oh goodness! More to investigate and recall. by saskboy · · Score: 4, Informative

    I even went to the bother of giving the EFF, Sony, and "independent 3rd pary verification" the benefit of the doubt that they wouldn't frick things up AGAIN after their XCP DRM patch hole. Now I have to update my blog to say the MediaMax patch is hosed.

    http://www.independentbands.com/cd/switchfoot/noth ingissound.html
    Some interesting info was brought to my attention today by http://www.glynhotz.com/ the lawyer in Ontario suing Sony over XCP for consumers in Canada. EMI issued a recall on a DRM infected CD, on October 6, shortly after Sony was notified of the rootkit in their XCP CDs.

    Any one care to investigate this further?

    http://www.boycottsony.us/

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  2. original article from Felten and Halderman by edfelten · · Score: 5, Informative

    The original explanation of this, from Ed Felten and Alex Halderman, is at http://www.freedom-to-tinker.com/?p=942

  3. Illegal by DeanFox · · Score: 3, Informative


    "Sony BMG said the MediaMax copy protection system, which is supposed to stop people making illegal copies of CDs, has been used on 50 titles sold in North America."

    Why do the keep emphasizing, "making illegal copies" when it is not illegal? I have the right to make as many copies as I want. What I cannot do is make un-authorized copies (fair use IS authorized) or distribute those copies.

  4. Re:Don't sit HERE whining, TELL THEM by entirety · · Score: 5, Informative

    Where is Sony Music located, and how can I get in touch?

    The corporate headquarters for Sony Music Entertainment Inc. is located in New York City:

    Sony Music Entertainment Inc.
    550 Madison Ave
    New York, NY 10022-3211
    sonymusiconline@sonymusic.com

  5. Re:Eat me, Sony. by sgent · · Score: 3, Informative
    Almost, but not quite... Companies pay taxes (at least in the US) on net income, not revenue. So extending your example of a 50% tax rate and $20 net income...

    50% of $20 = $10 available to shareholders and $10 in taxes. If the company then distributes that $10 to the shareholders (sends them a check) the shareholder's have to pay taxes on the money recieved on their personal income taxes.

    Ok, now assume they have a recall that costs them $5. So its $20 - $5 writeoff = $15. $15 x 50% = 7.50 in taxes, and 7.50 to distribute.

    The concept of a write-off is often misunderstood. One reason that its even such an issue is in the case of small to medium business. Remember that the corporate income is taxed, and then taxed again when distrubted to shareholders. A small business can buy a MSDN subscription for $2,000. This means that it will only clost the owner approximately $1,000 in take home pay. Its not that its free, but just that it costs less to the owner than if joe blow hobbiest had bought the same subsription.*

    *Note, taxes are complex, this doesn't even attempt to explain the complexities -- including common workarounds.