Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony's SunnComm DRM Patch a Security Risk

Posted by Zonk on from the spears-cds-bring-one-of-the-horsemen dept.

Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."

8 of 218 comments (clear)

  1. Nice by ruiner13 · · Score: 5, Interesting

    I wonder how this will play out if a minor buys one of the broken CDs, puts it in their parents computer and it gets taken over. As (at least in the US) minors cannot agree to contracts, I'm thinking the EULA cannot legally be agreed to by them. Since their EULA installs the rootkit on yes or no answers, this turns out to be illegal on so many levels. So much for buying Sony ever again, they make decent TVs, it is a shame that one of their divisions has to make such a bad image for the whole company.

    --

    today is spelling optional day.

    1. Re:Nice by fdiskne1 · · Score: 4, Interesting

      This particular bug gets installed even if you decline the EULA. Sony and Sunncomm, what a wonderful combination. Remember, this is the same company that tried suing someone for putting on their web site "Hold the shift key down while inserting a copy protected CD to prevent the DRM software from being installed."

      Just shaking my head at their idiocy and getting ready to watch the fireworks, assuming anything actually happens because of this mess.

      --
      But why is the rum gone?
  2. Oh what a tangled web we weave... by digitaldc · · Score: 3, Interesting

    ...when Sony CDs we do receive.

    Now if people can be sued for unlawful downloading, do people have the right to sue for unlawful malware?

    I think I will go on over to Microsoft.com and find some information about 'Sony rootkit'
    Here are my results:

    Results for:
    all the words: sony rootkit; category: Support & Troubleshooting; site: All of Microsoft.com;

    Support & Troubleshooting

    no results were found in this category.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  3. Sony is out of touch by gasmonso · · Score: 4, Interesting

    They're constantly pushing for technologies that people don't want and hopefully is going to hurt Sony. First there was the memory stick, now destructive DRM and the possibility of locking down PS3 games to one device. If lawsuits don't correct this (and they most likely won't), it's up to the consumer to correct the issue with their wallet.

    gasmonso http://religiousfreaks.com/
  4. Re:Why was the EFF involved in this? by openfrog · · Score: 3, Interesting

    I see a good reason for the EFF to get involved. Sony was succeding in keeping the two DRM issues separate, at least on the legal and larger public side (developers are (were?) seen as a negligible entity. The Agreement for the patch was for the EFF a way to get Sony to recognise the reality of the larger problem. I don't know if the EFF knew already what would follow, but I would not be surprised. Good move EFF!

    --
    Think!

  5. Man Bites Dog by headkase · · Score: 3, Interesting

    Boycott's are ineffective and Sony's proven they're too incompetent to even clean up after themselves. I'd like to see some lawyers sick themselves on Sony... Let's see a class action settlement of ~$100 for each user to get a professional to remove the security hole the software introduces. They just don't seem to understand anything but dollars so at least the lawyers would be using the right stick.

    --
    Shh.
  6. Re:Eat me, Sony. by Shakrai · · Score: 4, Interesting

    Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.

    As much as I hate Sony you don't think they are absorbing the cost as well? Just because they get to "write it off" doesn't mean they magically get the money back. A write off or a charge off is just an accounting term. They will probably get to report that write off when they file their income taxes -- it will reduce the amount of taxable income they had -- but they still have to absorb the cost.

    You or I can do the same thing with some expenses. You can reduce your taxable income by reporting expenses for medical care, uninsured losses, crime losses or bad debt (you loan me money and I default). Whether or not this makes sense for you (vs just taking the standard deduction) is something that only you or your accountant could figure out.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  7. What a good product might look like by Ant2 · · Score: 4, Interesting

    What if you could purchase an Audio CD that:

    - could play in all CD players, including PCs and car stereos?
    - had an extra track with non-DRM MP3s, OGG, and WMA files?
    - included cover art in JPG and PNG format?
    - included the full lyrics in TXT format?
    - was free from DRM and other executables?
    - (oh, and actually had songs you liked)

    Would you buy this? I would.