Slashdot Mirror
Sony's SunnComm DRM Patch a Security Risk
Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."
Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.
The publishers are just middlemen (middle-management?) scrambling to keep their distribution means relevant: cut them out like a cancer.
a) Freely download
b) Buy what you like (second hand if possible)
c) Pay to see the artists live
Trolling is a art,
I think that after Sony loses EVEN MORE money because of this, they may be a little conservative in the future. I still urge everyone to not buy any Sony products (I just talked my parents out of buying a $1300 Sony Camcorder, a $200 Sony car stereo system, and a Sony HDTV that has a price that I don't know). We need to show these guys that WE WILL NOT TOLERATE this sort of shit. These guys are doing whatever they can to make as much money as they can. Let's kick them where it hurts.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
The EFF should have pointed out the vulnerabilities to Sony and left it at that, there was no need for the EFF to lend its name to Sony's fix for the problem.
Did anyone really think that Sony were going to stop doing evil things? They don't see themselves as having any financial benefit from truly removing the damage they do to their consumers' computers. They have their reasons for wanting this crap of there in the first place, and a bit of bad publicity they think will blow over soon enough just isn't going to make those reasons go away.
There will be an updated patch eventually that actually does a half decent job of removing the worst of the security holes - they'll have to if they don't want a blanket removal of all their spyware from AV companies as a security measure. Not even a giant of Sony's stature can last too long being seen actively attacking and damaging all of their customers.
Then, after the news outlets have had their fill of the story, 6 months or so down the line they won't be wanting to run the same thing over again. Sony will then be free to come out with the next wave of evil but slightly less dangerous malware. That's how it goes. The next round will be a bit less dangerous, a LOT more secretive, but with the same anti-consumer schemes.
That's my opinion, anyway.
1. sony claims it needed the DRM crap to prevent pirates
2. sum up the recall of the cds and drm development into "loses due to pirates"
3. lots of news: "p2p makes music company loose money!"
4. ?
5. PROFIT!
I disagree. Even though in theory this should happen, I feel that anyone who understood the nature and purpose of DRM was already against it in every way. I don't think that this fiasco attracted anyone's attention except of those who are already pretty much against DRM. This isn't really a M$ Vs. Linux Vs. Mac debate, where each party has its own arguments. I think that even the people who are against piracy kinda see how pointless these types of measures are, especially those that harm the innocent (i.e. the thing about not being able to copy more than 3 times screwing over iPod users?).
x installed rootkit
x virus was written to use rootkit
x lied about it sending info
x licensing was illegal
x contained stolen copyrighted code
x created patch that contained vulnerability
x patch collected info from machine
x another drm contained vulnerability
x created patch with vulnerability
9 strikes. Did I leave anything out?