Many of you may have read the thread concerning a class action lawsuit against Sony Corp.
http://forums.massassi.net/vb3/showthread.php?t=37212&highlight=sony
The situation has become very in-depth.
It started October 31 when a man name Mark Russinovich posted on his Sysinternals Blog that he had found a rootkit installed on his PC using RootKit Revealer. He was able to trace it back to a CD he had bought off Amazon.com of the Van Zant brothers that was produced by Sony BMG(a joint venture between Sony and the German company Bertelsmann Music Group). This DRM rootkit, also known as the Extended Copy Protection(XCP) software, developed by First 4 Internet, was included on Sony BMG's new cds, which, unbeknownst to the user, automatically installed it into the Windows registry when the cd was inserted into the drive. It ensured that the cd could only be played on the media player that was shipped with the disk, and also limited the user to making 3 copies of the cd. In addition, it would "phone home" and reveal information such as what songs you were listening too and how many times the cd was played; by definition a form of spyware. However, it also included many security holes, effectively allowing any third-party to access and control your computer or install hidden trojans and viruses(such as the WoW hack). Because of its depth in the system, if an attempt was made to delete the rootkit, it would disable the cd drive or even crash Windows.
On November 2nd, Sony announced it would be releasing a patch to remove the rootkit vulnerability from any infected system. This patch was made available over Sony's website and was hoped to fix the problem. Unfortunately, it was found that the ActiveX component of the patch allowed for another, even more seroius security breach:
One Tuesday, November 8th, Thomas Hesse, Sony President of Global Digital Business, made the statement during a BBC interview:
On November 11th, Symantec offered another patch that effectively fixed the security hole in the rootkit, but did not uninstall it. At this point Sony halted production of the cds containing the rootkit and recalled the ones already in stores. Two days later Microsoft announced that it would take steps to wipe the rootkit from infected Windows systems, and on the following Monday, Sony publically apologized and withdrew its flawed uninstaller.
The Chicago Tribune reported on November 25th that cds contaning the rootkit were still on shelves even after the recall two weeks before. Incidently, the same day First 4 Internet, the company that originally developed the rootkit, removed its website from the internet and replaced it with a page containing some simple contact info.
In addition, sections of the code contained in the original rootkit seem to have been stolen from a variety of different sources outside of the Sony Corporation.
There is another distribution of DRM software, MediaMax, produced by SunnComm, and used on another set of Sony cds that is causing problems. This DRM, though not including a rootkit, performs many actions consistant with spyware.
It was also found that the MediaMax installer can permanently activate and run the copy protection driver even if the user never agrees to the EULA.
In addition, the uninstaller for the MediaMax software includes a similar web browser security breach to the original XCP rootkit patch that is even easier to execute.
Most recently, another exploit was found in the MediaMax software. The problem is MediaMax installs itself into a directory that anyone is allowed to modify. Therefore it is possible for anyone to add malicious software to MediaMax files, which executes the next time the program is run.
Another patch was released to fix this new problem, yet:
The story to date:
An estimated 24 million cds were produced containing either the First 4 Internet rootkit or the SunnComm MediaMax software. Though the Sony BMG cds were pulled off the shelves, MediaMax is still on the market in the hopes that Sony can fix the problems. This does not seem likely seeing as how MediaMax, its patch, and its uninstaller all contain serious exploits. Sony now finds itself in several class action lawsuits, initiated by parties including the Electronic Frontier Foundation, groups in Oklahoma, Washington D.C., and New York, and the state of Texas.
It has been a complete disaster for Sony and is an example against copyright control systems such as DGM. I personally disagree with what Sony attempted to do and am glad it blew up in there face.
Here is a list of the cds containing the XCP:
Most of them are not big names, but just in case:
Sony BMG CDs
![[http://craphound.com/images/foxtrotrootkit.jpg]](http://craphound.com/images/foxtrotrootkit.jpg "http://craphound.com/images/foxtrotrootkit.jpg")
http://forums.massassi.net/vb3/showthread.php?t=37212&highlight=sony
The situation has become very in-depth.
It started October 31 when a man name Mark Russinovich posted on his Sysinternals Blog that he had found a rootkit installed on his PC using RootKit Revealer. He was able to trace it back to a CD he had bought off Amazon.com of the Van Zant brothers that was produced by Sony BMG(a joint venture between Sony and the German company Bertelsmann Music Group). This DRM rootkit, also known as the Extended Copy Protection(XCP) software, developed by First 4 Internet, was included on Sony BMG's new cds, which, unbeknownst to the user, automatically installed it into the Windows registry when the cd was inserted into the drive. It ensured that the cd could only be played on the media player that was shipped with the disk, and also limited the user to making 3 copies of the cd. In addition, it would "phone home" and reveal information such as what songs you were listening too and how many times the cd was played; by definition a form of spyware. However, it also included many security holes, effectively allowing any third-party to access and control your computer or install hidden trojans and viruses(such as the WoW hack). Because of its depth in the system, if an attempt was made to delete the rootkit, it would disable the cd drive or even crash Windows.
On November 2nd, Sony announced it would be releasing a patch to remove the rootkit vulnerability from any infected system. This patch was made available over Sony's website and was hoped to fix the problem. Unfortunately, it was found that the ActiveX component of the patch allowed for another, even more seroius security breach:
Quote:
by J. Alex Halderman and Ed Felten
The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.
The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.
One Tuesday, November 8th, Thomas Hesse, Sony President of Global Digital Business, made the statement during a BBC interview:
Quote:
Most people, I think, don’t even know what a rootkit is, so why should they care about it?
On November 11th, Symantec offered another patch that effectively fixed the security hole in the rootkit, but did not uninstall it. At this point Sony halted production of the cds containing the rootkit and recalled the ones already in stores. Two days later Microsoft announced that it would take steps to wipe the rootkit from infected Windows systems, and on the following Monday, Sony publically apologized and withdrew its flawed uninstaller.
The Chicago Tribune reported on November 25th that cds contaning the rootkit were still on shelves even after the recall two weeks before. Incidently, the same day First 4 Internet, the company that originally developed the rootkit, removed its website from the internet and replaced it with a page containing some simple contact info.
In addition, sections of the code contained in the original rootkit seem to have been stolen from a variety of different sources outside of the Sony Corporation.
There is another distribution of DRM software, MediaMax, produced by SunnComm, and used on another set of Sony cds that is causing problems. This DRM, though not including a rootkit, performs many actions consistant with spyware.
Quote:
Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site.
It was also found that the MediaMax installer can permanently activate and run the copy protection driver even if the user never agrees to the EULA.
In addition, the uninstaller for the MediaMax software includes a similar web browser security breach to the original XCP rootkit patch that is even easier to execute.
Most recently, another exploit was found in the MediaMax software. The problem is MediaMax installs itself into a directory that anyone is allowed to modify. Therefore it is possible for anyone to add malicious software to MediaMax files, which executes the next time the program is run.
Another patch was released to fix this new problem, yet:
Quote:
SonyBMG has released a patch that purports to fix the problem. However, our tests show that the patch is insecure. It turns out that there is a way an adversary can booby-trap the MediaMax files so that hostile software is run automatically when you install and run the MediaMax patch.
The story to date:
An estimated 24 million cds were produced containing either the First 4 Internet rootkit or the SunnComm MediaMax software. Though the Sony BMG cds were pulled off the shelves, MediaMax is still on the market in the hopes that Sony can fix the problems. This does not seem likely seeing as how MediaMax, its patch, and its uninstaller all contain serious exploits. Sony now finds itself in several class action lawsuits, initiated by parties including the Electronic Frontier Foundation, groups in Oklahoma, Washington D.C., and New York, and the state of Texas.
It has been a complete disaster for Sony and is an example against copyright control systems such as DGM. I personally disagree with what Sony attempted to do and am glad it blew up in there face.
Here is a list of the cds containing the XCP:
Most of them are not big names, but just in case:
Sony BMG CDs
Your skill in reading has increased by 1 point.
![[http://images.mzzt.net/burnsauce.gif]](http://images.mzzt.net/burnsauce.gif "http://images.mzzt.net/burnsauce.gif")