Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony's SunnComm DRM Patch a Security Risk

Posted by Zonk on from the spears-cds-bring-one-of-the-horsemen dept.

Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."

6 of 218 comments (clear)

  1. Eat me, Sony. by grub · · Score: 5, Insightful


    Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.

    The publishers are just middlemen (middle-management?) scrambling to keep their distribution means relevant: cut them out like a cancer.

    a) Freely download
    b) Buy what you like (second hand if possible)
    c) Pay to see the artists live

    --
    Trolling is a art,
    1. Re:Eat me, Sony. by The_Rook · · Score: 4, Insightful

      wanna bet that sony will figure out a way to charge the musicians for the recall and destruction of the "defective" discs?

      --
      when religion is no longer the opiate of the masses, governments will resort to real opiates.
  2. Why was the EFF involved in this? by Sanity · · Score: 4, Insightful
    Why did the EFF get involved in the announcement or endorsement of this patch? The EFF is a legal organization, not a technical organisation. Now, instead of the egg landing squarely on Sony's face, where it deserves to be, the EFF is embarrassed too.

    The EFF should have pointed out the vulnerabilities to Sony and left it at that, there was no need for the EFF to lend its name to Sony's fix for the problem.

  3. Big surprise by mrRay720 · · Score: 5, Insightful

    Did anyone really think that Sony were going to stop doing evil things? They don't see themselves as having any financial benefit from truly removing the damage they do to their consumers' computers. They have their reasons for wanting this crap of there in the first place, and a bit of bad publicity they think will blow over soon enough just isn't going to make those reasons go away.

    There will be an updated patch eventually that actually does a half decent job of removing the worst of the security holes - they'll have to if they don't want a blanket removal of all their spyware from AV companies as a security measure. Not even a giant of Sony's stature can last too long being seen actively attacking and damaging all of their customers.

    Then, after the news outlets have had their fill of the story, 6 months or so down the line they won't be wanting to run the same thing over again. Sony will then be free to come out with the next wave of evil but slightly less dangerous malware. That's how it goes. The next round will be a bit less dangerous, a LOT more secretive, but with the same anti-consumer schemes.

    That's my opinion, anyway.

  4. conspiracy teory by nazsco · · Score: 5, Insightful

    1. sony claims it needed the DRM crap to prevent pirates
    2. sum up the recall of the cds and drm development into "loses due to pirates"
    3. lots of news: "p2p makes music company loose money!"
    4. ?
    5. PROFIT!

  5. So let me get this right... by Anonymous Coward · · Score: 5, Insightful

    x installed rootkit
    x virus was written to use rootkit
    x lied about it sending info
    x licensing was illegal
    x contained stolen copyrighted code
    x created patch that contained vulnerability
    x patch collected info from machine

    x another drm contained vulnerability
    x created patch with vulnerability

    9 strikes. Did I leave anything out?