Slashdot Mirror
Revisiting the Infamous Sony BMG Rootkit Scandal 10 Years Later (networkworld.com)
alphadogg writes: Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview. Some say all this is karmic payback for what's become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. 'In a sense, it was the first thing Sony did that made hackers love to hate them,' says Bruce Schneier, CTO for Resilient Systems. Sony's scheme was revealed on Halloween of 2005, and was followed by a botched response, issuing and reissuing of rootkit removal tools, and lawsuits. There are object lessons from the incident which are relevant today.
made hackers love to hate them
I'm not a hacker, but I hate Sony too.
To show that the government is unwilling to play fairly. The Rootkit should have gotten executives jailed and massive fines. Instead it was a fairly minor lawsuit and move on with business.
No sir I dont like it.
It contains priceless discussions, too! Often more technical and polite than most forums..
In case you missed them, here is some coverage of the Sony BMG Rootkit and a few later articles which reference it:
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/essay...
https://www.schneier.com/blog/...
https://www.schneier.com/essay...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
https://www.schneier.com/blog/...
Did you just name-drop Mark Russinovich as a "co-worker" based on the two of you having once used the same reseller?
I need to go tell my esteemed colleague Elon Musk about this, he'll really get a kick out of it.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
would HOSTS have protected against the rootkit????
I wish it could be made clearer that a lot of the hacking was motivated by rage over the rootkit and the PS3 linux block. If it were more clear, companies may think twice about giving their customers the shaft.
For Sony there is little doubt the object lessons were "Now how do we do this and not get caught?"
My ism, it's full of beliefs.
Amen. Sony has been evil since they introduced DRM at the commercial level. "Copy bits" on DAT, on Minidiscs, CSS, HDCP, the list of shit Sony has secretly shoveled on the public is why I don't buy Sony, and why I recommend friends and family choose anything else.
John
ÂPushing Memory Stick when we already had SD Card which had the same form factor was the first thing.Or was it mini-disc? Pushing their proprietary formats, was the first thing.
 To be fair MemorySticks and MiniDiscs wern't the worst ar far as proprietary formats go. Talk about XD cards and Digital Compact Cassettes.
Any file that started with $sys$ was hidden from the OS, so it didn't take long for people to start hiding malicious files if you had the rootkit on your system.
http://it.slashdot.org/story/0...
http://games.slashdot.org/stor...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
http://it.slashdot.org/story/0...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
http://it.slashdot.org/story/0...
http://yro.slashdot.org/story/...
http://news.slashdot.org/story...
http://yro.slashdot.org/story/...
http://apple.slashdot.org/stor...
No one gives a shit, APK. Not one person here gives a shit about anything you have to "say".
Sony, Has a bunch of briliant people working away in the engineering sections of the company,,
but once you peirce the management wall, things change..
People de-volve into their "HIGH SCHOOL" distilates..
It's like going back to highshcool with all the social cliqiues, and whos cool, bla bla, but the big difference is they all have money and can action on most if not everything that comes to mind, negative or not..
to make matters worse, my superior was a very racially charged individual with a focus on Jews and Homosexuals. It was a shame the crap that used to fall out of his mouth.. It got so bad tward the end, they moved his office next to HR, due to the sheer ammounts of complaints being filed.. They finally got rid of him once they found another individual to take his place with a 10% cut in pay for the equivalent work..
I am by no means perfect, but I conduct my self in a professional and business manner every day when interacting with my fellows at the work place..
It seems Sony has not discovered that part of the world yet..
As far as I am concerned, Sony got what they Got, and deserved it.. Although based on the series of events that has unfolded since this incident, its a shame that Sony is unwilling or unable to learn from its past mistakes.. And now various people have cropped up to challenge them on it, as you can see in the press releases over the years chronicling Sony's blunderfucks year after year..
thank you for your time.
Pushing their proprietary formats, was the first thing.
So wouldn't that be BetaMax if it's the first proprietary format they pushed? The lost that one too... Sony = slow learners.
Was there anything before BetaMax with Sony's fingerprints on it?
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I also wonder if they didn't perhaps learn something, however painfully, from it all, as when Microsoft started talking about all the ridiculous DRM they were going to put on XBox One games, Sony responded by saying "Yeah, we're not doing that, share your games with friends all you like as far as we're concerned", and Microsoft had to quickly backtrack.
(Alternate lesson: Only Microsoft could wind up turning Sony into the 'good guys' in a situation.)
Bleh. Wasn't the first time enough?
Not for them. They did it again in a USB drive. http://techreport.com/news/130...
If you're going to snark, it helps to be right. Sony doesn't own Download.com, something you could've confirmed for yourself in seconds.
Download.com is a C|Net created site owned by C|NET parent company CBS Interactive, which in turn is owned by CBS Corp, which in turn is owned by National Amusements. Finally, National Amusements' majority owner is owned by Sumner Redstone (aka Rothstein) and family.
if you put in a FRACTION of the energy your kind does in trolling, you'd be putting us all to shame
You're getting close to a breakthrough. So close...
Re "we won't have to worry about"
The other side is a new legal idea that the brand owns the media, device, software flow and the user is just along for/granted a very limited rental experience.
"DOJ Claims Apple Should Be Forced To Decrypt iPhones Because Apple, Not Customers, 'Own' iOS" (Oct 26th 2015 )
https://www.techdirt.com/artic...
Some extra special hidden software might be back in a new way on any device or OS.
Domestic spying is now "Benign Information Gathering"
No matter what Sony did it is still not as bad as default windows 10, by far a bigger rooting of your privacy than anything Sony did, the most extreme on record.
Chaos - everything, everywhere, everywhen
Brand new Beastie Boys CD rookits my system.
Removal SW breaks IDE CDROM driver - inconvenient reinstall
Beastie Boys CD ripped to MP3 (the old fashioned way) CD made safe.
Never bought another SONY product (and very few CDS)
SONY deserves what they get for ever after. (no sympathy)
This perpetual motion machine Lisa made is a joke, it just keeps getting faster and faster. - Homer
Likewise. I once had a Sony rep try to get me to buy something at an office store. He couldn't fathom why I would boycott them and I couldn't fathom how to explain why. I think I shrugged and said something about bad behavior by the Sony corporation. He asked if there was anything he could do to make me reconsider. I simply said, "No".
With that attitude it's would be rather hypocritical to purchase products from any manufacturer. I guess you wont's be purchasing any Microsoft, Nintendo or Volkswagen products any time soon.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Yep. Sony used to make some really great consumer electronics in the 1980's –like my Walk-Man that was the size of a cassette tape box.
That suddenly stopped in the mid 1990's. All consumer products nose-dived in usability, durability, customer service. . . I quit buying anything SONY in the mid-1990's, for these reasons alone.
And I'm glad I did. In the following decades, Sony's love of DRM killed what could have been great platforms (e.g. mini-disc), and then later puled the rootkit stunt with music CDs around 2005.
This just solidifies my choice to avoid anything SONY. This includes custom installs for large-budget specific-need customers. Any subcontracting bid with the word "SONY" in it — I dump it in the trash without reading any specs within the bid. Any bidder thinking that a SONY product is appropriate is too stupid to have their bid carefully reviewed. I'd use a SANY or COBY product before ever patronizing SONY. Let them die.
Actually, yes, there could have been something (and actually, there still is) that Sony could do to make me a customer again. Their products are not bad from a technical point of view. They last. They are well engineered. They still are most of what made me (and I dare say us) customers two decades ago.
There is a simple thing that would have to change to make me a customer again: Treat me like a customer, not like a credit card. Treat me like a partner, not an enemy. The main problem I have with Sony today is that I feel belittled and ridiculed, if not outright offended, by the way they treat me. With vendor lock-in and the deliberate removal of functionality for no other reason than trying to force me to buy again.
It does not work that way.
There is a very simple way to make me buy something from a brand again: Give me what I want. If I know I get what I want from Sony, you need not force me to buy your stuff next time I am in the market for something you make. I'll gladly and willingly actually seek out this brand that I was satisfied with last time.
Just like it was 2-3 decades ago. People are lazy. They don't shop around if they are happy with what they get from a brand. They don't like to experiment, especially when it comes to things that are a considerable investment. Just look at cars. This only changes after bad experiences.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Please, don't talk to him. That's worse than saying Beetlejuice thrice.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yes, but Windows 10 is harder to avoid. Unfortunately.
Yes, right... Like you made any difference. When you boycott a giant like Sony, you're just one of an incredibly small number who will make no impact whatsoever.
Perhaps you've missed Sony's financial situation. Pre-rootkit I had a Sony TV; camcorder; reciever; digital camera; high end artisan monitor (21 inch - used at 2048x1536 when LCDs were 1024x768); SVHS; 100 disc CD changer... I was the decision maker for purchasing computer equipment at work, and had been buying Sony products in the mix. Since that time? My career has taken off allowing for much greater toy spending. $10k+ in photo gear, but no Sony. There are no Sony TV/entertainment products in the new house, another $10k+ loss for Sony; 65 computer systems at work, with no Sony systems or peripherals. I'm asked for recommendations all the time, and never suggest Sony. Sony's rootkit cost them a minimum of $50k in direct sales, plus lost referrals. I had preferentially bought Sony before then.
There are so many folks doing the same that it has added up, and Sony's bottom line has suffered.
Hypocrite: noun. Someone who stands by their beliefs.
Donald where's your dictionary?
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.