Though it wouldn't happen in a million years, I'd like to think this will bring Sony to it's knees.
I'd like to think that:
1) Sony will lose millions in the class-action lawsuit they're now facing, 2) They'll have to pay many thousands of dollars for copyright infringement, 3) They (including their corporate officers) would be brought up on charges for violating U.S. cybercrime law......because if anyone other than a multinational corporation and major Congressional donor had done this, that's exactly what would happen.
...since Sony says over 2 million disks containing the rootkit have been sold, that puts them under the gun for roughly U.S. $150 billion in damages:)
Perhaps the copyright owners could offer to settle: have Sony repay all of the people who have been extorted for money because of filesharing (double for damages), set up a legal defense for other file-sharers and promise to stop all such activities in the future. That would only run them about $100-$200 million, so it would be quite a deal.
Assuming they're not worried about whoever it is taking off, your point is a valid one. But if the type of imaging we're talking about is more than simply copying the data (e.g. analyzing the disk using a microscope, in order to look for overwritten data), then you're likely talking several months to run the process.
Assuming there's no data leakage, and assuming the encryption is properly implemented, and assuming a good passphrase is used, I think it's extremely unlikely that anyone will be getting through modern strong encryption within 30 years, much less 3 months.
Of course, that's a fair number of "assumings". 3 months is about the time frame I'd expect it to take to do a full image of a hard drive using a technique like Magnetic Force Microscopy and analyze the results for leaked, overwritten information.
Seriously, nobody, including name-your-favourite-government-agency, is brute forcing a 256-bit AES key. Not in 90 days. Not in 90 years.
I agree with this, and what's more, given everything publicly known about certain three-letter government agencies, I seriously doubt they have better ways to get through encryption than brute forcing (if simply faced with ciphertext, that is).
HOWEVER, it's notable that 90 days is about the amount of time I'd expect it to take to fully image a modern, high-gigabyte hard drive using a technique like magnetic force microscopy and analyze the results.
I think there's probably another reason: recording industry consultants who sell the artist on the contracts with visions of fame and fortune through all the services provided to the artists by the companies.
First you say the money does actually go to the artists, then you make an excuse for why it doesn't. To me, that's not being terribly consistent.
I wasn't responding very well to what you wrote. Rather, what I should have done was point out that there are other reasons besides doing well financially in the deal why artists might sign record label contracts, such as not having much of an alternative in the business.
Again, while intuition would indicate that the majority of P2P traffic is likely copyright-infringing materical, I would be interested in seeing something more updated, especially since systems like bittorrent are now being used to distribute large files like Linux distro.iso's.
Though I'd also think illegally downloading movies would offset this...
I'm very much looking forward to the day in which most artists market their product directly to their customers, or use downloaded recordings on the Internet (perhaps via P2P) to promote tours, and cut out the middleman as completely as possible.
Yes, the record comanies are essentially the only game in town if you want to sell millions of albums. Yes, the record companies have substantial bargaining power compared to any particular band, especially one without a track record of sales. But that's irrelevant -- bands could, if they wanted to, figure out how to market and sell their own product if they didn't like the deal being given to them by the record companies.
First of all, the reason I made the point about artists was to drive home the fact that claims of how P2P is "hurting artists" are most likely exaggerated, given the fact that the artists don't do all that well in the current process to begin with.
However, I think your statement above doesn't go far enough. The record companies, up until now, have been pretty much the only game in town if one wanted to be successful in the business, period, since most bands didn't have the cash or the connections to successfully market and sell their own product. It's not just a matter of "figuring out how to do it".
Again, not really relevant as to whether or not copyright infringement is coccuring.
No, but it is relevant to the point I was explicitly making and the one in the GGP I said I was addressing: namely, the implication that filesharing is hurting artists.
Come on, you don't think that the statement "legalized extortion" isn't inflammatory? Besides, it's nonsense anyway -- if it's legal, it ain't extortion.
If what they're doing is filing frivolous lawsuits against people who can't defend themselves with no evidence of actual infringement to back them up, then while the term may not be legally accurate, I think it does describe the process to the average reader accurately enough, complete with my disdain for the unethical tactics invovled.
It does, but this is an issue between the artist and the record labels.
No, actually, it doesn't. At least, if you believe someone who used to run a record company. Call me crazy, but that's where I put my faith.
Those contracts are willingly signed, and it varies between record labels. Nobody's holding a gun to people's heads to sign up with record labels, but they seem to keep doing it.
First you say the money does actually go to the artists, then you make an excuse for why it doesn't. To me, that's not being terribly consistent.
As for the contractual nature of the thing, no one isn't saying the process isn't legal. Whether it's fair is another story: people get screwed with contracts all the time, especially when they don't have reasonable alternatives.
CD sales are down. It doesn't matter if you believe file-sharing is damaging record companies. It's their intellectual property.
CD sales may simply be down because the record companies are issuing fewer releases. This doesn't appear to be the work of P2P, since, in fact, profits are up.
As for the intellectual property part: I never claimed otherwise. I was merely addressing the point that illegal file sharing doesn't appear to be damaging record companies, and by extension, the artists. In fact, given the evidence, the opposite--counterintuitive though it may be--may just as easily be true.
The vast majority of P2P traffic is illegal piracy, nothing more.
Just out of curiosity, how do you know this? I'll agree that it may be intuitive, but I've never read any study nor seen hard numbers on the subject. I've certainly not seen anything lately.
You scapegoat "greedy corporations" with non-specific accusations in order to distract from discussing the artists not getting paid
I'm not sure whether or not you mean to imply that illegal file sharing=artists not getting paid, but this does open the door to an interesting conversation I had recently with the former president of a prominent record company (retired about a year and a half ago). He told me several interesting things:
1) Most musicians don't do very well at all in their dealings with record companies. In general, under the current regime, the money doesn't go to the artists. 2) File sharing isn't damaging the record companies. This fact is also borne out by the record profits record companies are now reporting, despite the fact that file sharing has increased substantially over the last couple of years, and the fact that record companies are actually releasing fewer records. 3) Record companies could be making use of file sharing as part of major new business models. The biggest problem, though, is that most heads of record companies are out-of-touch old men who not only don't have a clue about the technology, but they barely have a clue about music in the first place.
To sum up, I'm not sure where you were going with your comment, and I'm also unsure as to why you think it's "biased" to claim the record companies' actions amount to legalized extortion, especially when it appears they may have been going after people with very little, if any, evidence of actual infringement. But I'll leave elaboration on those points to you.
Is this really true? If you use P2P to share original works of art (nothing is stopping you from doing it) - for instance a personal flickr - or to share legitimate files like Linux distros, why would you really care about someone fighting the RIAA regarding copyright issues?
You may, indeed. We don't know all the ways Media Sentry has been identifying IP's as those to go after. The official story is that they do a search for a song, identify the IP's that have it, pick one, download the mp3 to make sure it's the song they think it is, use "Kazaa"'s facility for getting a list of other song files, and if the number of songs is above, say, 500, they'll print out the list and the owner of the IP gets a demand for money roughly six months to a year later.
However, I'd bet that Media Sentry's contract depends in part on delivering IP addresses, which might put pressure on them to keep numbers up. What if, instead of looking for a popular song, they just start scanning for the port Kazaa uses, and if they find it open, tag the IP address as one to go after? Furthermore, what if they don't bother to download the song to make sure it's the one they think it is?
The RIAA isn't engaging in their "sue 'em all" campaign because they think they're actually shutting down bad guys and thereby directly making a dent in file sharing. They're doing what they're doing to rack up numbers they can trumpet for their PR campaign against P2P.
I'm betting they've been more than a tad sloppy in the process, and if so, anyone who uses P2P for any reason is a potential target (well, technically, anyone could be a target, whether they use P2P or not, if an IP address is mistakenly or falsely tagged as engaging in illegal P2P file sharing).
This is exactly why unaccountable billionaire corporations should NOT be allowed to operate their own para-law-enforcement activities.
I have to disagree. Since the RIAA's extortion cases--in other words, their campaign using lawsuits to shut down p2p networks--have basically consisted of no evidence of actual infringement, shutting down their current operations will most definitely be in P2P users' interests.
Further, it would appear from the counterclaims that MediaSentry may have been engaged in some highly shady and legally dubious behavior of its own (e.g. perhaps browsing people's computers without permission and using what they find, even if its non-p2p related, to "encourage" settlement. Maybe they've been doing so using default Windows shares, rather than Kazaa or other p2p sharing features. Who knows?). If this is the case, then many of the RIAA's claims about p2p filesharing may themselves be called into doubt. Again: something from which P2P users would benefit.
Ultimately, P2P users will benefit if the RIAA's terror campaign gets shut down. Ironically, given the fact that the record companies are seeing some record profits even as filesharing goes up, so may the record companies.
Ray, I've read your blog with great interest. Now, I'm not a lawyer, but I would imagine it's fairly rare when a case comes along that so blatantly pits heavy-handed bad guys against those who are barely capable of defending themselves. The last such one that comes to mind involved the tobacco companies.
Anyway, you guys are on the side of angels, here. The RIAA either needs to get evidence that people are actually infringing, or stop extorting money from the defenseless.
A few questions:
1) if the RIAA wanted to put together a decent case, could it actually download the files itself, or hire someone to do so, then file infringement based upon the files downloaded? 2) is there a chance of a class-action (or some other type of) lawsuit that would reclaim all the settlement money that's been extorted out of individuals by the RIAA? 3) can you forsee some sort of legislative effort to allow RIAA to bring successful copyright lawsuits against people based only on the evidence they now have? One which would withstand judicial review and not simultaneously open a huge can of worms?
Proof is for trials - simple allegations are for complaints, the document that a motion to dismiss goes up against.
Yep. And if the RIAA starts losing these things in trials, and has the charges dismissed with prejudice, and has to pay attorneys' fees and court costs, I think we may see either a drastic reduction in the number of lawsuits or a drastic increase in solid evidence of illegal actions in the lawsuits (e.g. files actually downloaded from the defendant). Either way, it's a good thing, IMHO.
Now, IANAL, but how much more descriptive can you be? They're practically handing them a printout with what illegal files had been being shared, are they not? What else is necessary?
Evidence that some sort of illegal activity actually occured (e.g. the copying of copyrighted material).
It's not enought to claim someone made copyrighted material available for copying. Otherwise, the RIAA could, for example, sue anyone who left a CD in an unguarded place.
I don't think that's a can of worms we want to open. The judge may see otherwise, of course, but it looks like the law and precedent are pretty clear on this (to my unlawyerly eyes, anyway).
Not to downplay the seriousness of this exploit -- it's a true, critical flaw. Glad there's a patch available already, and even though Firefox has had fewer critical vulnerabilities than IE over the years (even now, IE has two critical bugs that have been around for over a year), I'd very much like to see the frequency of FF security holes go down.
Sadly, I'm not a coder, so I'll just have to hope for the best:)
Glad to hear you hate intellectual dishonesty. Because when you said, "I don't. I've seen literally dozens of stories that are only peripherally associated with MS, only to also see dozens of slashbots decide that's the right time to complain about them" you were not responding to what I actually wrote.
I called on the *same people* who are bashing Mozilla for something beyond its control or responsibility to bash MS for the same thing.
All I'm looking for is the consistency the "underrepresented" pro-MS Slashdot posters constantly demand from everyone else. That's fair, right?
People on/., remember that is the target audiance we are talking about, would cry foul on MS. Obviously it is not reasonable, but people here are not always reasonable, and they get mod'd -5 Reasonable, automatically, when MS is involved.
Well, since this thread and line of argument was started by "poor Microsoft! Can't get a fair shake on Slashdot! Look how bad Mozilla is!" whining, I think this statement is a tad disingenuous.
It's amazing to me, considering all the complaining pro-MS types do around here, just how well represented they are in these discussions.
...are Microsoft astroturfers and trolls coming out in force on Slashdot to bash Mozilla whenever the "opportunity" presents itself. Amazing what a bunch of whiners Microsoft fanboi's can be.
I know you know this, but for the sake of casual readers: as has been stated elsewhere in this story, this wasn't a Mozilla-controlled site. It wasn't sent out from Mozilla with a virus in any way, shape or form. The problem was not with "Mozilla", but with an unauthorized modification to it. And yes, modification of a downloadable binary to insert a virus/trojan horse/other could be done with any software. No one has ever claimed otherwise.
To be fair, the same people should bash Microsoft if some rinkydink OEM ships a computer with a Windows virus on it. Somehow, I kinda doubt we'll see that...
Slashdot Mirror
Though it wouldn't happen in a million years, I'd like to think this will bring Sony to it's knees.
...because if anyone other than a multinational corporation and major Congressional donor had done this, that's exactly what would happen.
I'd like to think that:
1) Sony will lose millions in the class-action lawsuit they're now facing,
2) They'll have to pay many thousands of dollars for copyright infringement,
3) They (including their corporate officers) would be brought up on charges for violating U.S. cybercrime law...
It's not theft. It's copyright infringement, and Sony and others sue hundreds of people every month for many thousands of dollars over it.
Are you saying DVD Jon doesn't have the same rights as Sony?
...since Sony says over 2 million disks containing the rootkit have been sold, that puts them under the gun for roughly U.S. $150 billion in damages :)
Perhaps the copyright owners could offer to settle: have Sony repay all of the people who have been extorted for money because of filesharing (double for damages), set up a legal defense for other file-sharers and promise to stop all such activities in the future. That would only run them about $100-$200 million, so it would be quite a deal.
(posted also at p2pnet)
It depends upon the imaging.
Assuming they're not worried about whoever it is taking off, your point is a valid one. But if the type of imaging we're talking about is more than simply copying the data (e.g. analyzing the disk using a microscope, in order to look for overwritten data), then you're likely talking several months to run the process.
I agree, for the most part.
Assuming there's no data leakage, and assuming the encryption is properly implemented, and assuming a good passphrase is used, I think it's extremely unlikely that anyone will be getting through modern strong encryption within 30 years, much less 3 months.
Of course, that's a fair number of "assumings". 3 months is about the time frame I'd expect it to take to do a full image of a hard drive using a technique like Magnetic Force Microscopy and analyze the results for leaked, overwritten information.
Seriously, nobody, including name-your-favourite-government-agency, is brute forcing a 256-bit AES key. Not in 90 days. Not in 90 years.
I agree with this, and what's more, given everything publicly known about certain three-letter government agencies, I seriously doubt they have better ways to get through encryption than brute forcing (if simply faced with ciphertext, that is).
HOWEVER, it's notable that 90 days is about the amount of time I'd expect it to take to fully image a modern, high-gigabyte hard drive using a technique like magnetic force microscopy and analyze the results.
I think there's probably another reason: recording industry consultants who sell the artist on the contracts with visions of fame and fortune through all the services provided to the artists by the companies.
In the interests of fairness, when I wrote
First you say the money does actually go to the artists, then you make an excuse for why it doesn't. To me, that's not being terribly consistent.
I wasn't responding very well to what you wrote. Rather, what I should have done was point out that there are other reasons besides doing well financially in the deal why artists might sign record label contracts, such as not having much of an alternative in the business.
Again, while intuition would indicate that the majority of P2P traffic is likely copyright-infringing materical, I would be interested in seeing something more updated, especially since systems like bittorrent are now being used to distribute large files like Linux distro .iso's.
Though I'd also think illegally downloading movies would offset this...
I'm very much looking forward to the day in which most artists market their product directly to their customers, or use downloaded recordings on the Internet (perhaps via P2P) to promote tours, and cut out the middleman as completely as possible.
Yes, the record comanies are essentially the only game in town if you want to sell millions of albums. Yes, the record companies have substantial bargaining power compared to any particular band, especially one without a track record of sales. But that's irrelevant -- bands could, if they wanted to, figure out how to market and sell their own product if they didn't like the deal being given to them by the record companies.
First of all, the reason I made the point about artists was to drive home the fact that claims of how P2P is "hurting artists" are most likely exaggerated, given the fact that the artists don't do all that well in the current process to begin with.
However, I think your statement above doesn't go far enough. The record companies, up until now, have been pretty much the only game in town if one wanted to be successful in the business, period, since most bands didn't have the cash or the connections to successfully market and sell their own product. It's not just a matter of "figuring out how to do it".
Again, not really relevant as to whether or not copyright infringement is coccuring.
No, but it is relevant to the point I was explicitly making and the one in the GGP I said I was addressing: namely, the implication that filesharing is hurting artists.
Come on, you don't think that the statement "legalized extortion" isn't inflammatory? Besides, it's nonsense anyway -- if it's legal, it ain't extortion.
If what they're doing is filing frivolous lawsuits against people who can't defend themselves with no evidence of actual infringement to back them up, then while the term may not be legally accurate, I think it does describe the process to the average reader accurately enough, complete with my disdain for the unethical tactics invovled.
It does, but this is an issue between the artist and the record labels.
No, actually, it doesn't. At least, if you believe someone who used to run a record company. Call me crazy, but that's where I put my faith.
Those contracts are willingly signed, and it varies between record labels. Nobody's holding a gun to people's heads to sign up with record labels, but they seem to keep doing it.
First you say the money does actually go to the artists, then you make an excuse for why it doesn't. To me, that's not being terribly consistent.
As for the contractual nature of the thing, no one isn't saying the process isn't legal. Whether it's fair is another story: people get screwed with contracts all the time, especially when they don't have reasonable alternatives.
CD sales are down. It doesn't matter if you believe file-sharing is damaging record companies. It's their intellectual property.
CD sales may simply be down because the record companies are issuing fewer releases. This doesn't appear to be the work of P2P, since, in fact, profits are up.
As for the intellectual property part: I never claimed otherwise. I was merely addressing the point that illegal file sharing doesn't appear to be damaging record companies, and by extension, the artists. In fact, given the evidence, the opposite--counterintuitive though it may be--may just as easily be true.
The vast majority of P2P traffic is illegal piracy, nothing more.
Just out of curiosity, how do you know this? I'll agree that it may be intuitive, but I've never read any study nor seen hard numbers on the subject. I've certainly not seen anything lately.
Do you have a reference?
You scapegoat "greedy corporations" with non-specific accusations in order to distract from discussing the artists not getting paid
I'm not sure whether or not you mean to imply that illegal file sharing=artists not getting paid, but this does open the door to an interesting conversation I had recently with the former president of a prominent record company (retired about a year and a half ago). He told me several interesting things:
1) Most musicians don't do very well at all in their dealings with record companies. In general, under the current regime, the money doesn't go to the artists.
2) File sharing isn't damaging the record companies. This fact is also borne out by the record profits record companies are now reporting, despite the fact that file sharing has increased substantially over the last couple of years, and the fact that record companies are actually releasing fewer records.
3) Record companies could be making use of file sharing as part of major new business models. The biggest problem, though, is that most heads of record companies are out-of-touch old men who not only don't have a clue about the technology, but they barely have a clue about music in the first place.
To sum up, I'm not sure where you were going with your comment, and I'm also unsure as to why you think it's "biased" to claim the record companies' actions amount to legalized extortion, especially when it appears they may have been going after people with very little, if any, evidence of actual infringement. But I'll leave elaboration on those points to you.
Is this really true? If you use P2P to share original works of art (nothing is stopping you from doing it) - for instance a personal flickr - or to share legitimate files like Linux distros, why would you really care about someone fighting the RIAA regarding copyright issues?
You may, indeed. We don't know all the ways Media Sentry has been identifying IP's as those to go after. The official story is that they do a search for a song, identify the IP's that have it, pick one, download the mp3 to make sure it's the song they think it is, use "Kazaa"'s facility for getting a list of other song files, and if the number of songs is above, say, 500, they'll print out the list and the owner of the IP gets a demand for money roughly six months to a year later.
However, I'd bet that Media Sentry's contract depends in part on delivering IP addresses, which might put pressure on them to keep numbers up. What if, instead of looking for a popular song, they just start scanning for the port Kazaa uses, and if they find it open, tag the IP address as one to go after? Furthermore, what if they don't bother to download the song to make sure it's the one they think it is?
The RIAA isn't engaging in their "sue 'em all" campaign because they think they're actually shutting down bad guys and thereby directly making a dent in file sharing. They're doing what they're doing to rack up numbers they can trumpet for their PR campaign against P2P.
I'm betting they've been more than a tad sloppy in the process, and if so, anyone who uses P2P for any reason is a potential target (well, technically, anyone could be a target, whether they use P2P or not, if an IP address is mistakenly or falsely tagged as engaging in illegal P2P file sharing).
This is exactly why unaccountable billionaire corporations should NOT be allowed to operate their own para-law-enforcement activities.
I have to disagree. Since the RIAA's extortion cases--in other words, their campaign using lawsuits to shut down p2p networks--have basically consisted of no evidence of actual infringement, shutting down their current operations will most definitely be in P2P users' interests.
Further, it would appear from the counterclaims that MediaSentry may have been engaged in some highly shady and legally dubious behavior of its own (e.g. perhaps browsing people's computers without permission and using what they find, even if its non-p2p related, to "encourage" settlement. Maybe they've been doing so using default Windows shares, rather than Kazaa or other p2p sharing features. Who knows?). If this is the case, then many of the RIAA's claims about p2p filesharing may themselves be called into doubt. Again: something from which P2P users would benefit.
Ultimately, P2P users will benefit if the RIAA's terror campaign gets shut down. Ironically, given the fact that the record companies are seeing some record profits even as filesharing goes up, so may the record companies.
1) Tobacco Industry Report: smoking definitely doesn't cause cancer.
2) Petroleum Industry Report: global warming is a myth
The RIAA's in great company, these days.
Ray,
I've read your blog with great interest. Now, I'm not a lawyer, but I would imagine it's fairly rare when a case comes along that so blatantly pits heavy-handed bad guys against those who are barely capable of defending themselves. The last such one that comes to mind involved the tobacco companies.
Anyway, you guys are on the side of angels, here. The RIAA either needs to get evidence that people are actually infringing, or stop extorting money from the defenseless.
A few questions:
1) if the RIAA wanted to put together a decent case, could it actually download the files itself, or hire someone to do so, then file infringement based upon the files downloaded?
2) is there a chance of a class-action (or some other type of) lawsuit that would reclaim all the settlement money that's been extorted out of individuals by the RIAA?
3) can you forsee some sort of legislative effort to allow RIAA to bring successful copyright lawsuits against people based only on the evidence they now have? One which would withstand judicial review and not simultaneously open a huge can of worms?
Proof is for trials - simple allegations are for complaints, the document that a motion to dismiss goes up against.
Yep. And if the RIAA starts losing these things in trials, and has the charges dismissed with prejudice, and has to pay attorneys' fees and court costs, I think we may see either a drastic reduction in the number of lawsuits or a drastic increase in solid evidence of illegal actions in the lawsuits (e.g. files actually downloaded from the defendant). Either way, it's a good thing, IMHO.
Now, IANAL, but how much more descriptive can you be? They're practically handing them a printout with what illegal files had been being shared, are they not? What else is necessary?
Evidence that some sort of illegal activity actually occured (e.g. the copying of copyrighted material).
It's not enought to claim someone made copyrighted material available for copying. Otherwise, the RIAA could, for example, sue anyone who left a CD in an unguarded place.
I don't think that's a can of worms we want to open. The judge may see otherwise, of course, but it looks like the law and precedent are pretty clear on this (to my unlawyerly eyes, anyway).
Indeed. I don't understand the hype. I wonder how many holes we can find in the un-patched release of (Insert browser here).
Maybe I'm a cynic, but I don't think it's too tough to tell where the hype is coming from.
I agree. This is a huge difference.
:)
Not to downplay the seriousness of this exploit -- it's a true, critical flaw. Glad there's a patch available already, and even though Firefox has had fewer critical vulnerabilities than IE over the years (even now, IE has two critical bugs that have been around for over a year), I'd very much like to see the frequency of FF security holes go down.
Sadly, I'm not a coder, so I'll just have to hope for the best
Glad to hear you hate intellectual dishonesty. Because when you said, "I don't. I've seen literally dozens of stories that are only peripherally associated with MS, only to also see dozens of slashbots decide that's the right time to complain about them" you were not responding to what I actually wrote.
I called on the *same people* who are bashing Mozilla for something beyond its control or responsibility to bash MS for the same thing.
All I'm looking for is the consistency the "underrepresented" pro-MS Slashdot posters constantly demand from everyone else. That's fair, right?
People on /., remember that is the target audiance we are talking about, would cry foul on MS.
Obviously it is not reasonable, but people here are not always reasonable, and they get mod'd -5 Reasonable, automatically, when MS is involved.
Well, since this thread and line of argument was started by "poor Microsoft! Can't get a fair shake on Slashdot! Look how bad Mozilla is!" whining, I think this statement is a tad disingenuous.
It's amazing to me, considering all the complaining pro-MS types do around here, just how well represented they are in these discussions.
...are Microsoft astroturfers and trolls coming out in force on Slashdot to bash Mozilla whenever the "opportunity" presents itself. Amazing what a bunch of whiners Microsoft fanboi's can be.
I know you know this, but for the sake of casual readers: as has been stated elsewhere in this story, this wasn't a Mozilla-controlled site. It wasn't sent out from Mozilla with a virus in any way, shape or form. The problem was not with "Mozilla", but with an unauthorized modification to it. And yes, modification of a downloadable binary to insert a virus/trojan horse/other could be done with any software. No one has ever claimed otherwise.
To be fair, the same people should bash Microsoft if some rinkydink OEM ships a computer with a Windows virus on it. Somehow, I kinda doubt we'll see that...