Slashdot Mirror
Sony RootKit Still A Problem?
XMilkProject writes "Current research indicates that some "350,000 networks--many belonging to the military and government--contain computers affected by [Sony's rootkit]." This is down from over half a million last month. "The security researcher worked from a list of 9 million domain-name servers.. asking each to look up whether an address used by the XCP software--in this case, xcpimages.sonybmg.com--was in the systems' caches." Will Sony face future repercussions for this potentially long-term damage?"
Because new music sucks.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
NOSY
I personally don't buy CDs so I wasn't affected but from what I've heard there are some serious problems with the "patch" Sony provided. I'm just a bit curious... Does the patch keep the rootkit permanently disabled and removed? It seems to me that if we put a deviant Sony CD back into our computer that the rootkit would just be reinstalled. Then do we have to run the patch again? This is rediculous. I've do not intend on purchasing any music that has the SONY lable on it. This to me is just plain stupid. What gives Sony the right to install deviant software on "MY" pc and then make it stealth so that I don't know it's there. As far as I'm concerned I think that's the lowest a company can go. That's stooping to the level of those bastard red headed step children Spammers/Spyware installer/Virus/worm pushing assholes.
I'm to the point now watching this rediculous attempt from Sony to attach it's controls on something that I purchase the rights to use/listen/backup and trying to enforce through deviant means. What is this rootkit supposed to do!? They just wanted to install it for the Hell Of It? Nope, it's supposed to reinforce their stupid DRM bullshit and keep me from listening to the music that I paid for. I'm to the end of my rope. I think that there needs to be a group or mutiple groups put together that should purposefully break what Sony is trying to do. I've been years out of the programming/Computer industry and thus lack the skills to do it, but I think that we should form Anti-DRM, anti-Sony groups to demolish the protection that they put on their stupid CD's. I will not from this day forward purchase anymore music from Sony until they drop their Bullshit practices. I call for a Boycot of Sony's Music. I'm not sure what one man can start, but I'll be damned if I'm going to stand around any longer and watch Sony impose itself on me! They want me to buy their shit, then they want to enforce by deviance their policy, and after all that they hijack my PC for WHo knows what! Ahhh! Time for a Revolution. I love my PS2, but am refusing to play it again until SONY stops all this Bullshit! No more video games purchased either. Damn you Sony! Leave me the Hell alone! Stay off of my Computer and my CD's! Damn you!
With that said, I feel somewhat better, but am still disturbed deep inside that they would have to stoop to that level to try and enforce their protection. Maybe they don't realize that as the sound comes out of the speakers it can be recorded with a MIC and pirated that way, or through LINE OUT. Damn them. Rant Over.
Fight the fall of slashdot by supporting PlayfullyClever in your sig.
"While the security issues related to the copy-protection software have apparently affected U.S. government and military computers, the Department of Justice will not likely get involved, said Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School.
"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."
By the way, regardless of the magnitude of this problem currently, has Sony ever formally apologized for their damaging rootkit? They've said that most people "shouldn't care", or that it was their "right" to cripple people's computers, but I've not once heard them say sorry. Can anyone clarify?
If you look at the settlement in the New York District court it is nothing more than a slap on the wrist. Sony knowingly infected computers with what amounts to a trojan horse. In return they have to pay a little money and promise not to do it again. That's insane when you consider the witch hunts that have taken place for 16 year-old kids releasing a virus. Sony needs to pay and pay dearly for their deliberate criminal actions. The government always wants to send hackers a strong message...well then the same applies to corporations!
http://religiousfreaks.com/"Will Sony face future repercussions for this potentially long-term damage?"
No they won't because they're a huge multinational corporation who will probably layoff some employees and reward their top execs from the whole ordeal. I'm not trying to be some hippie about this, it's just the way the world works.
Security through Obscurity.
Proof by very large bribes. QED.
Robert K. Merton listed five causes of unanticipated consequences:
(I have applied them to Sony's decision to use rootkits)
1. Ignorance (It is impossible for Sony to anticipate everything.)
2. Error (Incomplete analysis of the rootkit problem, or following habits that worked in the past but may not apply to the current situation.)
3. Immediate interest in stopping a computer from copying something, may override long-term interests of sustaining their reputation as honest and trustworthy.
4. Basic values of trusting your customers may require or prohibit certain actions like installing a rootkit, even if the long-term result might be unfavorable. (These long-term consequences may eventually cause changes in those same basic values.)
5. Installing malware on people's computers is always a self-defeating prophesy (Fear of some consequence drives people to find solutions before the problem occurs, thus the non-occurrence of the problem is unanticipated.)
He who knows best knows how little he knows. - Thomas Jefferson
... what kind of person takes their Sony CDs to work in order to play them on PCs on a military network. Kinda bizarre that that's even possible.
;)
Makes me sleep better, on the other hand, to see that there are music lovers even there.
You know how the saying goes: Where one sings you may sit down and sing along, bad people have no song.
A World in a Grain of Sand / Heaven in a Wild Flower,
Infinity in the Palm of your Hand / And Eternity in an Hour.
Will Sony face future repercussions for this potentially long-term damage?
Of course not. They may pay a (relatively) small fine or two, but a quick a donation to a politician here and there, and that'll be all she wrote.
The whole concentration on the fact that military and government computers were infected is a tad sensationalist. You hear military or government and see DARPA or CIA.
In all odds the machines they're talking about are your typical office machines, used mostly for clerical work. Your network admin might not really worry or care about someone screwing it up; in all odds the people using them don't know enough to mess stuff up that badly.
I think all this is going to entail is the IT divisions of the important branches of the US government running rebuilds a little ahead of schedule...
Sony won't be harmed at all. But since this incident an Air Force unit I used to belong to can no play music cd's on computers. Doing so can result in corporal punishment.
Part of the problem with the Sony Rootkit is the fact that many stores **STILL** are selling the rootkit enhanced CDs.
I personally have seen this at several Borders stores in my area, and each time I mention this to the management I recieve blank "deer in the headlights" looks.
Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
...I heard somewhere that if you play these new Sony CD(s) backwards, the rootkit data will say, "yur sole iss miiine. yur sole iss miine. Haaaaale Goooooogle! Whaaaaaat issss thigh bidding miii massster? RaaaaaaaaaaAaAaaAaaa!" ...and a plume of blood will shoot out of your CD tray and melt your face like that dude from Raiders of the Lost Ark.
\\//_
Sony == Dangerous to my PC
What a great way to promote a brand.
it's a blue bright blue Saturday hey hey
Sadly, not only will Sony face no long term damage, but this will be a blockbuster year for them as they release PS3 and millions of quick-to-forget Slashdotters rush out to buy a PS3.
If consumers were smart, they'd go buy a Nintendo Revolution - or even an Xbox - and intentionally skip the next Playstation. Unfortunately, they won't, because their souls are fueled by acquisition and shiny-new-toy syndrome.
- A $5 limit on damages
- The requirement that you must sue Sony in New York
Once the settlement is official, Sony will have opened themselves up, such that they can be sued in court anywhere in the United States.Small claims court is the most likely venue, because you don't really need a lawyer to represent yourself and if Sony doesn't send a representative, you get a default judgement.
Collecting might be a bitch, but in this case, it definitely won't be the lawyers making all the money.
[Fuck Beta]
o0t!
The answer is clear. The U.S. must invade Japan to overthrow the government responsible for this cyber terrorism.
I used to do assistant net admn in the armed forces, and it's amazing how little security there is on most military computer networks. They don't allow DHCP, but as the admin I found that there were no lockdowns on installing software like AIM and such. Only problem was, network security was dictated by higher commands, so I could do nothing but watchdog the system.
So it's really no suprise to me to so this rootkit affecting so many military and government compys, given their lack of conecern about system security.
You do a non-recursive lookup.
[root@kryten pete]# nslookup
> set norecurse
> www.xmob.co.uk
Server: 192.168.0.1
Address: 192.168.0.1#53
Name: www.xmob.co.uk
Address: 217.77.184.55
> www.microsoft.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
*** Can't find www.microsoft.com: No answer
>
Your new Sony-BMG non-standards compliant music disc contains the Pwned.exe wonderful pretty music player. Click here to hear the music you've already paid for. Remember, you cannot return opened CD's for any refund. Have a nice day!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Er no you didn't. $sys$ is what you want.
The sony rootkit fiasco is an example of criminal conduct, not a civil tort matter. Why some high level Sony USA execs aren't in the slammer now is beyond me. Like you said, if some teenage scripter had done this, they would be facing 30 years or something, but because it's a large important company they are facing a few fines.
"Even more interesting is that there may be at least half a million infected computers... I say 'may be at least' because the data doesn't smell right to me. Look at the list of infected titles, and estimate what percentage of CD buyers will play them on their computers; does that seem like half a million sales to you? It doesn't to me, although I readily admit that I don't know the music business."
As Schneir notes, these are not big selling CDs. Here is the list from the EFF link above:While Dan Kaminsky's methodology seems basically sound, if the results don't add up it suggests that there is something else going on. Maybe somehow each computer queried more than one DNS server, or some similar effect occured to artifically inflate the number of computers he is counting.