Sunbeltblog has a suggestion (from Ben Edelman) for SONY on how to get the word out to customers that they have the problem laden XCP/ rootkit/ trojan/ drm software that’s been burning up tech news… Distribute an ad through their own rootkit. It does, after all, “phone home” from time to time and…. it looks like a banner can be displayed. Details on Ben Edelman’s site.
Tag: XCP
-
More Sony lawsuit news… Texas files suit
The security fix is reporting on the latest lawsuit filed against Sony/BMG for the DRM rootkit known as XCP.
“Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers,” Abbott is quoted as saying in a press release on his official Web site. “Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime.”
-
More on Sony’s copyright infringement with their DRM Rootkit
“What a tangled web…” there is more today at freedom-to-tinker on the evidence that Sony (and or first4internet), have infringed on copyrighted code in their DRM software XCP which has been at the middle of quite a bit of controversy the last few weeks. Most of the coverage has been on some of the cloaking capabilities, the security vulnerabilities and the uninstaller vulnerabilities… but it looks fairly obvious that at least some GPL or LGPL code has been used without abiding by the terms of the GPL/LGPL
-
Sony’s OTHER DRM software uninstaller will be pulled
According to zdnet.com, Sony and SunnComm are pulling the OTHER DRM uninstaller from the web and it will be replaced with a safer version of the uninstaller. Researchers blogging at freedom-to-tinker.com had detailed serious vulnerabilities in the uninstaller for the DRM software made by SunnComm (called MediaMax). The companies say an effort will be made to contact the 223 users who had downloaded the uninstaller for the MediaMax software.
-
OTHER Sony DRM software has security flaws too.
You almost want to bury your head in the sand at this point if you’re Sony…. Freedom-to-tinker has some details. The last couple weeks the XCP copy protection that Sony uses has been the center of a Firestorm for rootkit capabilities and massive security problems. Well, it seems the OTHER Digital Rights Management (DRM) software they use ( SunnComm MediaMax ) has some serious flaws too.
-
The best way to get rid of the Sony DRM rootkit
The SecurityFix has a great how to article for the general public on the best way to remove the Sony DRM rootkit that’s been big news the last two weeks in tech circles. First, DON’T use Sony’s removal software as that introduces more security problems. Hopefully Sony will get together a removal for THAT eventually. Right now though, Microsoft has updated it’s malicious software removal tool to remove the Sony rootkit. This link is to Windows Live Safety Center, which will give a page with, among other things, a button that says “Full Service Scan” in the lower right hand corner.
-
Sony DRM Rootkit — it’s worse
I did this as updates to an earlier post, but it probably deserves it’s own post now. The morning brought us the news of SERIOUS flaws in the Uninstaller ActiveX control for Sony’s DRM, then came news of ANOTHER flaw, this one a privilige escalation “attacker can take control of PC” vulnerability in the DRM rootkit (XCP) itself. The other bit of news to come has been the extent of the install base of XCP.
-
SONY DRM rootkit – the gift that keeps on giving
Well… I said, more legs than a centipede for this one…. It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use an (InstallUpdate) download which could be exploitable AND if that’s not enough, a n ExecuteCode function which could crash the browser. It should be noted that the ActiveX uninstaller REMAINS ON THE SYSTEM after the SONY DRM ROOTKIT is removed, meaning that these functions would be available for remote exploit even after the XCP software is uninstalled.
-
Sony BMG suspends pressing DRM protected cds
It looks as though Sony has decided to suspend pressing cds with the XCP copy protection software. Numerous sources are reporting on the “capitulation” of Sony on the matter. It seems as though this is a temporary stop, from what I read they will likely pursue other means of DRM.
-
More Sony DRM news
It looks like a list of Sony Music titles with the recent onerous DRM “rootkit” is being gathered. The Sunbelt blog has links to several lists. The EFF has a list here, there are two others though out there, here and here.
Among other things, another post mentions the stupid things Sony-BMG leadership has had to say on the matter…
“Most people, I think, don’t even know what a Rootkit is, so why should they care about it?”
and, it’s also noted the installer can be bypassed by pressing the shift key when loading the cd (to skip autorun.) (Does telling this actually violate the DMCA – spreading information on circumventing copy protection?)