Slashdot Mirror
Sony's SunnComm DRM Patch a Security Risk
Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."
Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.
The publishers are just middlemen (middle-management?) scrambling to keep their distribution means relevant: cut them out like a cancer.
a) Freely download
b) Buy what you like (second hand if possible)
c) Pay to see the artists live
Trolling is a art,
Phew, after seeing the list of artists all I can say is if these are the artists who'll be affected I'll be secure for years to come!
I wonder how this will play out if a minor buys one of the broken CDs, puts it in their parents computer and it gets taken over. As (at least in the US) minors cannot agree to contracts, I'm thinking the EULA cannot legally be agreed to by them. Since their EULA installs the rootkit on yes or no answers, this turns out to be illegal on so many levels. So much for buying Sony ever again, they make decent TVs, it is a shame that one of their divisions has to make such a bad image for the whole company.
today is spelling optional day.
Given the titles affected, consumers had it coming.
The original explanation of this, from Ed Felten and Alex Halderman, is at http://www.freedom-to-tinker.com/?p=942
Did anyone really think that Sony were going to stop doing evil things? They don't see themselves as having any financial benefit from truly removing the damage they do to their consumers' computers. They have their reasons for wanting this crap of there in the first place, and a bit of bad publicity they think will blow over soon enough just isn't going to make those reasons go away.
There will be an updated patch eventually that actually does a half decent job of removing the worst of the security holes - they'll have to if they don't want a blanket removal of all their spyware from AV companies as a security measure. Not even a giant of Sony's stature can last too long being seen actively attacking and damaging all of their customers.
Then, after the news outlets have had their fill of the story, 6 months or so down the line they won't be wanting to run the same thing over again. Sony will then be free to come out with the next wave of evil but slightly less dangerous malware. That's how it goes. The next round will be a bit less dangerous, a LOT more secretive, but with the same anti-consumer schemes.
That's my opinion, anyway.
1. sony claims it needed the DRM crap to prevent pirates
2. sum up the recall of the cds and drm development into "loses due to pirates"
3. lots of news: "p2p makes music company loose money!"
4. ?
5. PROFIT!
Someone should write a song about that.
Oops, I Did It Again?
Where is Sony Music located, and how can I get in touch?
The corporate headquarters for Sony Music Entertainment Inc. is located in New York City:
Sony Music Entertainment Inc.
550 Madison Ave
New York, NY 10022-3211
sonymusiconline@sonymusic.com
x installed rootkit
x virus was written to use rootkit
x lied about it sending info
x licensing was illegal
x contained stolen copyrighted code
x created patch that contained vulnerability
x patch collected info from machine
x another drm contained vulnerability
x created patch with vulnerability
9 strikes. Did I leave anything out?