Slashdot Mirror
Sony Rootkit may Lead to Regulation
An anonymous reader writes "Computerworld has a story about DHS officials meeting with Sony to read them the riot act, following the rootkit fiasco. From the story: 'A U.S. Department of Homeland Security (DHS) official warned today that if software distributors continue to sell products with dangerous rootkit software, as Sony BMG Music Entertainment recently did, legislation or regulation could follow.'"
The world runs on money.
So they have not been punished for their crime,
They are not even being told they will get punished if they do it again,
It seems to say, if you do it again, only then will make it illegal so you can't do it a third time.
(Gee, I'll have to try that one next time I get busted by the cops - its only my first offence, officer, you shouldn't lock me up until I've done it at least 3 times)
Ohh, you mean legalization and decriminalization of these behaviors, so that this does not become an issue again. Anything less than a total ban, backed up by some serious time in a federal pound you in the ass facility, means that someone has been bought out.
I was merely trying to point out how "fucked up" the system is - we live in a world that allowed the two events described above to have the outcomes they did...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
But the 15 year old is a terrorist for attacking national infrastructure. The company is just trying to protect it's godgiven right for profits.
Why merely threaten legislation if it continues to happen? Laws against "products with dangerous rootkit software" wouldn't seem to harm anyone. Enact the legislation now.
From TFA:
I guess that depends on what you mean by malicious. As far as I'm concerned, anyone who distributes trojans is either malicious, or mentally insane — on the same level as the man who thinks he's a poached egg.
You mean this was legal?
Red Leader Standing By!
Last time I checked, the DHS doesn't work for the Legislature. Their job begins and ends with enforcing the existing laws.
If you were blocking sigs, you wouldn't have to read this.
Should it not read RICO act?
A 17 year old writing a stupid trojan that does little but spread receives a 2 year sentence in jail and is only safe from compensation since companies didn't want to have the public know their systems are insecure.
... yeahsure) receives... a recommendation not to do anything like this again or else we might have to think about creating laws banning this behaviour (hey, those laws exist, enact them!).
Read: Juvenile dick-waving without commercial interest -> 2 years prison.
A large corporation spreading a rootkit with their product to their paying customer with the intent to cripple their customer's software performance (not being able to use it as intended, by manufacturer or user) that also has the capability of spying on their behaviour (allegedly they didn't use that function, but
Read: Commercial malvolent infiltration of customer's computers -> Nada.
The world sure is changing. When I was still in school, adding "commercial" to a crime sure upped your sentence by some magnitude. Nowadays it seems to be your "get out of jail" card if you commit a crime with financial interest.
Al Capone simply died too early. He'd love these times.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Uh, how about prosecution.
Take off every sig. For great justice.
I'm sure good things will come of this. :/
Americans call this politics, the rest of the world call it corruption.
Corporation: An organization created in order to generate individual profit without individual responsibility.
That is why no on is in jail, it goes against the very idea of corporations.
"If you can't live without me, why aren't you already dead?"
Given the raft of class action lawsuits launched against Sony, and the subsequent restrictions on TPM (technological protection measures) software they can use, would any company dare risk including root-kit like TPM's? At the end of the day the risk-benefit analysis will rule it out without the need for legal intervention surely?
Was the DRM aspect intentional? Yes.
Was the security problem intentional? No.
What is being discussed in TFA? The security problem.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
I've often wondered why things like this rootkit exist in the first place. Does Sony only employ those who are morally bankrupt? Surely someone at some point in Sony would have said "Hey, this is kinda evil".
Check out 18 USC 1030 - Fraud in connection with computers
Subsection (3) states that anyone who "intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States" and causes damage is in deep poop.
Imagine a Department of Defense employee on a secure computer popping in a Sony Rootkit CD - woops!
There is no need to qualify 'dangerous' software. Anything that does things behind your back is dangerous. Look up the word misfeasance.
As there was no means to 'undo' or uninstall completely, the damage was compounted, and the window of exposure undefined.
Maybe they are stupid, and unaware of all the other rootkits, and have not considered that rootkit combinations may lead to other horrible consequences.
Time to make things that don't uninstall, flat out illegal, and triple damages for misrepresentations about same.
Why is a non-voting entity allowed to give political contributions?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I agree it stinks, but I'm not exactly sure how we stop it short of a constitutional amendment, and if that amendment is too broadly worded, the cure could be worse than the disease.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
"Shareholders" are about as identifiable as "terrorists." Let's cut through the bullshit on this one.
When you count out who the majority VOTING shareholders are, you will find that a vast majority of the time, they are the same decision makers who are citing "will of the shareholders." It's bullshit. A doctor should do no harm regardless of who pays his fees. A corporation should do no evil regardless of shareholder interest or profit-making directives. The decision of HOW to go about making profit was made by people and THOSE people should be held accountable for those decisions.
It's more of the baseball three-strikes mentality getting into the law. You did it once, fine, strike one. Do it again, that's strike two and we legislate. Once more and then you'll be in trouble.
Except with enough campaign donations they can keep hitting foul balls without ever facing a real penalty.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Why is DHS the one that is playing enforcer here? How does policing corporations in private fit into their responsibilities of providing homeland security?
With computer crimes there's some kind of investigation from local and federal law enforcement (FBI maybe?) and maybe a public hearing or two to give the appearance to voters that something is going to be done.
Please point out the obvious here because I'm missing it.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
It really bugs me that DHS and generally everyone else are looking at this issue as if the security vulnerabilities in the Sony rootkit are the main issue. And perhaps it is to them, but not to me. The real issue is that Sony is installing software on computers without the owner's permission, and it's software that intentionally hobbles hardware/software you paid for. That's like being upset, not because a thief stole your TV, but because he left the back door unlocked when he left.
I'm entertained by the knee-jerk reactionism that has allowed this "sociopathic corporation" meme to float around. Corporations are held responsible. They get sued for breaking the law and then bankrupted--a death sentence. Ask Kenneth Lay what he thinks about the dearth of individual responsibility in corporate law. Furthermore, we all have a god-given right to make profit. No where do we have to act for the benefit of my fellow man; I just cannot hurt him. So if I should vote to say, fight a war in Iraq because I own lots of stock in military suppliers, I just sent a whole bunch of people to die killing a whole bunch of other people. Am I held individually responsible for my individual profits? Uh, no. So why can't corporations do the same?
A NYC lawyer blogs. http://www.chuangblog.com/
OK, let's plan how to do this. We need to elect a lot of legislators who will confirm judges leaning towards the repeals you suggest. The best way to do that is to form some political action corporation to help elect those candidates by giving them lots of money to help finance their election campaigns.
Oh wait...