The Sony/BMG Rootkit debacle has also been noticed on the Drudge Report, with a 'Financial Times' story link:
http://news.ft.com/cms/s/018223e4-52...0779e2340.html
Printable View
The Sony/BMG Rootkit debacle has also been noticed on the Drudge Report, with a 'Financial Times' story link:
http://news.ft.com/cms/s/018223e4-52...0779e2340.html
And now their idiotic actions may end up stopping folks being allowed to listen to music CD's at work:
http://news.com.com/Sony+rootkit+pro...op&tag=nl.e433
Great move Sony, that will really encourage prople to go and buy more CD's :rolleyes:
Experts: Sony Plan Widens Security Hole (Associated Press @ Yahoo! News)
http://news.yahoo.com/s/ap/20051115/...y_protection_1
Sony is in a hole and just keeps on digging.
Once again...
Wow, Sony... wow. :mad:
This is unbelievable. This is just a sign that the government needs to stop this. I wouldn't be surprised if CIA computers have at some point been infected with Quirked files. I am absolutely in shock that one of the leaders in the technology would let a problem like this run on so long. No Sony CD stuff for me.
:<
It just gets better and better...
Apparently the software used to install the anti pirate features may itself be pirated..
http://yro.slashdot.org/article.pl?s...50229&from=rss
I'm starting to wonder if Sony is on some kind of corporate suicide mission. Now it looks like they may be price rigging for online stores, and if they're doing it in the UK there's a good chance that they're doing it elsewhere too. They sure do have an odd way of keeping the customer happy :rolleyes:
http://www.channelregister.co.uk/200...iable_pricing/
Using a work machine to listen to personal CDs would kind of be the equivalent to using the Internet at work as far I'm concerned. A lot of companies don't allow the latter so conversely probably wouldn't allow the former.Quote:
Originally Posted by SuperSparks
That's what MP3 players and CD discman are for.
Clearly from that article there were some companies that did allow it, and now no longer will, not because they have any objections to the staff listening to music, but because they cannot risk the security implications.
It now appears that there is a different DRM scheme by SunComm on other Sony CD's, very nearly as bad as the rootkit:
http://www.freedom-to-tinker.com/?p=925
Yeap, Sony products sux big time. As well their tech support department.
I will never buy a Sony product again.
Everything I had home was Sony products, form TV to Playstation.
1. Two years ago I bought a laptop (Vaio) which died 1 month after warranty expired - the problem was with the memory slot on the motherboard, see this thread: http://www.hardwareanalysis.com/content/topic/15026/
Sony support department its almost inexistent and when I got to speak with a representative he said that we have to change the motherboard and this will be $900. I sold it for parts on ebay for a total of 425. Paied
2. My Sony DVD which was almost top of the line, paid 600 bukcs for it. I get a big reading error and it stops. Now I watch movies on my Xbox.
3. My Playstation. Same problem. I/O read error on most CD/DVD's.
My TV and my VCR are still running, but I don't know for how long. :confused: :mad:
My humble opinion.
If you still want to see about sony rootkit go here:
http://www.zeropaid.com/news/5902/Li...ith+root-kit+/
or for a list of Sony CD's with root-kit:
http://www.eff.org/deeplinks/archives/004144.php
In continuation of Finks last post...
http://www.security.ithub.com/articl...05dtx1k0000599Quote:
Someone in the Netherlands did a decompile on the XCP rootkit that has gotten most of the attention lately. It seems that parts of the rootkit use the LAME mp3 encoder, which is licensed under the Lesser GPL. That means by delivering only an executable (the rootkit) without source or crediting, XCP violates the GPL Violating the GPL puts Sony at massive legal risk for—wait for it—copyright infringement.
Ahhhhhhhhhhhhh, now wouldn't it just be nice if Sony was sued for hundreds of millions of $ for copyright infringement as well as by the consumers? :)
Thanks for the heads up! I did a scan on my system and didn't find any root kits. Here is a list of songs/albums with the rootkit on it.
Sony BMG CDs with XCP software
— Trey Anastasio, Shine (Columbia)
— Celine Dion, On ne Change Pas (Epic)
— Neil Diamond, 12 Songs (Columbia)
— Our Lady Peace, Healthy in Paranoid Times (Columbia)
— Chris Botti, To Love Again (Columbia)
— Van Zant, Get Right with the Man (Columbia)
— Switchfoot, Nothing is Sound (Columbia)
— The Coral, The Invisible Invasion (Columbia)
— Acceptance, Phantoms (Columbia)
— Susie Suh, Susie Suh (Epic)
— Amerie, Touch (Columbia)
— Life of Agony, Broken Valley (Epic)
— Horace Silver Quintet, Silver's Blue (Epic Legacy)
— Gerry Mulligan, Jeru (Columbia Legacy)
— Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
— The Bad Plus, Suspicious Activity (Columbia)
— The Dead 60s, The Dead 60s (Epic)
— Dion, The Essential Dion (Columbia Legacy)
— Natasha Bedingfield, Unwritten (Epic)
— Ricky Martin, Life (Columbia)
Please add the foo foo fighters and the dave mathews band to my list of infected CD's!
Also Sony has now made my ban list!
Seriously, Somebody needs to go to jail over this. I have read that the root kit causes Microsoft Media Center to crash completely with blue screens of death.
Even if Sony recalls the cd's which they are doing..... the damage is done. For me to take them off my ban list I would have to see a setelment of a substaintial amount for every person who purchased a cd or jail time for most of the BMG department heads.
Are you aware that even if you use the removal tool from Sony, it has been reported that your computer is still vulnerable to attack as it leaves a security hole. Thats just great!
Also the Microsoft Malicious Software Removal Tool is only for Win 2000 and above leaving many Win ME, and Win 98SE and below users open for attacks. This is not Microsofts Fault and we know who is at fault and they sould pay for this crime shouldn't they?
The more I read about this the sicker it gets!
I am very dissapointed in SONY!! It will be hard for me to get over this if at all! I even use a Sony Laptop too (PCG NVR-23)! Makes me sick it really does!
You can run a beta test scan on your computer for rootkits. Here is the link to Kaspery Labs http://www.f-secure.com/blacklight/try.shtml
Note: The F-Secure BlackLight Beta only works on 32-bit Windows 2000, Windows XP and Windows 2003 Server. The current F-Secure BlackLight beta does not work on Windows NT, 95, 98, ME, or 64-bit Windows.
A day late and a dollar short, Sony have now decided to actually recall and replace the affected CD's:
http://news.bbc.co.uk/1/hi/technology/4441928.stm
It also turns out that Sony has been doing some price fixing with the online vendors in the UK. No doubt it has also been occurring elsewhere as well. Sony was forcing the online vendors to add 10-15% onto the online prices for Sony products.
There was a time when Sony was known for top quality products, as in buy Sony or Panosonic. Those days are definitely gone for Sony, never to return again.
Linda
This site lists how to delete the XCP and directs you to a site to determine if you have it on your computer.
It also notes that you should not use IE if you have the XCP and have made it to at least step 2 of Sony's uninstall process as you leave yourself open to a malicious web page. Firefox does not seem to be affected..
http://www.freedom-to-tinker.com/?p927
Doc
I SO agree! And, it's not sufficient for Sony to "right the wrong" in this case, because the problem is only 1/2 that they DID it, and that it caused PROBLEMS... the other 1/2 is that they have this INTENT in the first place! I simply can't trust a company that thinks and makes decisions in that manner, regardless of outcome.Quote:
Originally Posted by LindaHewitt
I'm DONE with Sony forever, and hope others will react the same way. :mad:
Add my name to that list!...:mad:Quote:
I'm DONE with Sony forever, and hope others will react the same way.
Too late, yes, but its good to see them make a step in the right direction. Question is how they will act from now on. If they think the public will forget about this after their CD recalls, they are wrong. They still have a long way to go to right their wrongs.Quote:
Originally Posted by SuperSparks
I made the decision very quickly to never by Sony again when I first heard the news, right from the get-go.
But, it might go a long way in their recovery if they posted photos of the idiots they fired when said idiots realized that the jig was up!!! ;-)
From that linkHow does this dude know that sort of information, does he hack into peoples networks ?Quote:
However, work by respected net expert Dan Kaminsky found that more than 500,000 networks have at least one machine on them using XCP.
Although the CDs containing XCP were only released in the US, Mr Kaminsky found that 44,000 copies were installed on machines in the UK.
Also is 500,000 networks world wide because as a % or worldwide networks I reckon that would be pretty pathetic.
If he were to hack into 500,000 network, he'd probably be a bit busy. No idea how he could know that information. It may be BS. He might be trying to advertise himself.
Considering though, that around 2 million of the CDs were sold, 500,000 is a pretty high %.
He found the info by the simple expedient of querying the DNS cache of a largeish sample of networks. Any rootkit software that has phoned home will have the web address stored in its network DNS cache. As there is no reason fopr anyone to visit that site, it's a pretty sure bet that any visits to the site have been made by the rootkit and so he extrapolated the information from that.
Here's a good article on how Dan Kaminsky did it:
http://www.wired.com/news/technology...,69573,00.html
Looks like Wired is having an issue ... but read that article a few days back, very interesting. Gotta love those apps that "phone home" ! ;-) NOT
I think his assumption that people wouldn't got the First4 website of their own accord is bad.Quote:
Originally Posted by SuperSparks
When this issue first arose I know I followed a link there from somewhere, and yes it was very boring.
However, that means according to Dan my work network as being compromised when in reality it hasn't, unless one fo the other 10,000 odd employees has installed the software anyway.
Also one of those links http://updates.xcp-aurora.com/ in that article is a fix for the cloaking problem so hundreds of thsousands of people could have visited the site to get the fix thus skewing his results even more.
Alphabetised list with product codes:
http://cp.sonybmg.com/xcp/english/titles.html
Here is an interesting article. I'm inclined to agree that we don't appear to have been at all well served by those companies that should be protecting our PC's:
Real Story of the Rogue Rootkit
After reading this article and several others regarding this merger. And,as happy as I've been with the NEC DVD RW's I've bought recently, looks like I'll be heading back to LiteOn or such in the future. :rolleyes: How sad for NEC! :(
Yep... This means no more NEC drives for me, too.
aedh
Does anyone know if AVG detects/quarantines/deletes this rootkit cr@p?
No. So far, only one AV will detect or remove rootkits. The only AV that has rootkit detection is the new F-Secure security suite. However, MS has released a detection and removal tool, and MS AntiSpyware will get rid of it.Quote:
Originally Posted by shiva_42
Your best bet is to download the Rootkitrevealer or go to F-Secures website and download their rootkit program in Beta version.
Rootkit Revealer....scroll down the page:
http://www.sysinternals.com/SecurityUtilities.html
Thanks Poppy, I didn't have the time to link to the site.
You're welcome usil.
gave me a opportunity to be helpful....:D
Maybe some good will come out of all this, at last the right questions are starting to be asked:
http://news.bbc.co.uk/1/hi/technology/4456970.stm
http://news.com.com/Who+has+the+righ...09.html?tag=nl
Here are the objectives that we should strive for, IMO:
- Define Fair Use standards
- Establish a standard format for EULAs
- EULAs must include full disclosure
- Consumers must be able to read the EULA prior to the making the purchase
Right now, a EULA can contain anything that the corporate entity wants to include or not include. Currently, there is not even a requirement that the information included be factual and complete.
Yesterday, when I did a Google on "Sony rootkit" there were 12,600,000 links. Last week there were only 5,500,000. We need to capitalize on this by getting laws passed that are similar to the fair use doctrine for VCRs and there must also be full disclosure. If a company does not comply, then the company is 100% liable with treble damages for deceptive trade practices.
Anyway, that is the approach that I think that we as a community should take. Under my proposed rules, Sony or any other intellectual property owner, would still be protected against any commercial distribution of their intellectual property.
Cheers,
Linda
;) :rolleyes: :cool:
My work recieved an email yesterday in it there was a statement from SOny-BMG claiming
"None of the affected products have been released in Australia"
"Copy protection of this nature is not being used in the Australian market"
"Any titles in Australia are from Illegal Parrallel Imports"
Can any one confirm if this is so or is it Phony Australia following the denial line? and we didnt do it the pirates did!