Text Message From The Police: SLW DWN >>
<< TiVo Gets Its Wish: People Start Forgetting...
 tdicon 


(Mis)Uses of Technology

by Mike Masnick

Tue, Nov 15th 2005 10:12am





Details On The Sony BMG / First4Internet Uninstaller Problem

from the it-just-gets-better-and-better dept

It seems the folks over at First4Internet, who made the Sony rootkit in the first place, aren't the sharpest knives in the drawer when it comes to designing secure applications. After all, the rootkit left open the ability for other malware to hide behind it, and, as mentioned yesterday, the web-based uninstaller they provided has a huge security hole. Ed Felten and Alex Halderman have detailed the security problems with the uninstaller, and it's quite a security hole. Basically, they were using an ActiveX control to download and run the uninstaller, but the control stays on your machine and is open for any other website to use. So all a malicious coder needs to do is code some nasty malware that looks for that ActiveX control and if you visit that website, you're toast. As Felten and Halderman note, this is only the web-based uninstaller. Sony BMG and First4Internet also provide a downloadable uninstaller that doesn't appear to have similar issues (or, at least they haven't been found yet). Either way, every step of the way, this story just gets more and more ridiculous.

5 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    The UK company that supplied the DRM software

    identicon
    giafly, Nov 15th, 2005 @ 11:01am

    Email: [email protected] [email protected] [email protected]
    Phone: Tel: +44 (0)1295 255777, Fax: +44 (0)1295 262682
    Post: 6 South Bar Street, Banbury, Oxfordshire, OX16 9AA, UK Google Map
    Management Team: Nick Bingham Chairman, Mathew Gilliat-Smith CEO, Tony Miles Operations & Technical Director, Peter Worrall Marketing & Research Director, Nick Drew ICA Business Development Manager (thanks, voidstar)
    There's nothing on the first4internet press page since August.

    reply to this | link to this | view in thread ]

  2.  

    smooth move sony

    identicon
    Sissy Pants, Nov 15th, 2005 @ 11:56am

    Sony must have at least 1 competant engineer that works for them. It's hard to believe the root kit was allowed to be put out in the first place. The fact that they did a half ass job at the uninstaller is rediculous...

    note to self; don't buy sony

    reply to this | link to this | view in thread ]

  3.  

    Re: smooth move sony

    identicon
    Anonymous Coward, Nov 15th, 2005 @ 1:43pm

    Ironically I was about to go buy a Sony digital camera this weekend.. but now I am worried about what might be included? Maybe their software will quietly call home and send back pictures of my naked girlfriend?

    The Canon Powershot now looks like a better deal..

    reply to this | link to this | view in thread ]

  4.  

    Re: smooth move sony

    identicon
    Bunch a' pricks..., Nov 15th, 2005 @ 8:12pm

    Ditto for me. Sony just lost a bunch of money I was gonna spend too. I'm in the market for a new camcorder having not upgraded since 1999. Jvc hasn't seen a penny of my money since I discovered the famous eo error which will apparently eventually effect EVERY Jvc camcorder. Sony had improved the reputation of their camcorders and was high on my list. Now I won't buy a Sony camcorder, my son, who is a good kid won't get the PSP he despirately wants for Christmas and I won't buy the PS3 I've been looking forward to buying. As angry as I am over this whole rootkit thing I'm more insinsed by the fact that my son has to suffer because of these pricks. I really hope that someone starts an official Sony boycott. I'm taking part already, but I'd love to add my name to an official list posted for Sony to see.

    reply to this | link to this | view in thread ]

  5.  

    Re: smooth move sony

    identicon
    Bunch a' pricks..., Nov 15th, 2005 @ 8:16pm

    Engadget actually adressed a similar yet less ominous issue more than a year ago... http://features.engadget.com/entry/3239236478279892/

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Text Message From The Police: SLW DWN >>
<< TiVo Gets Its Wish: People Start Forgetting...
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This