Yes, Again. Another Vulnerability In A Sony BMG Offering

from the make-it-stop dept

How much do you think Sony BMG dislikes Alex Halderman? Halderman, a graduate student working under Ed Felten at Princeton, became quite well known to the recording industry two years ago after publicizing how the copy protection scheme being used by what was then just BMG, supplied by SunnComm, could be defeated by holding down the shift key as you inserted the disc. This wasn't a high tech solution. The software needed to run to be installed, and it would run automatically if you had autorun enabled, which most people do. Holding down the shift key just overrides autorun. Nothing special -- but Halderman made sure that blocked the copy protection and (more importantly) got that information out. That eventually meant that SunnComm even thought about suing Halderman for publishing a way to circumvent copyright protection, in violation of the DMCA. After realizing how stupid this idea was, SunnComm backed down on the lawsuit threats, leaving Halderman and Felten (who has been threatened with plenty of lawsuits himself) to continue their work. And, in the last couple of weeks, the two of them have been pretty damn busy investigating the whole Sony rootkit thing. Their big find, earlier this week, was how the uninstaller for the rootkit opened up new security holes. The rootkit, though, comes from First4Internet, not SunnComm. Sony BMG still does use SunnComm's copy protection on other CDs, and over the weekend Halderman pointed out why SunnComm's technology might not be a rootkit, but certainly fit the definition of spyware. To make things even better, Halderman has just published another post noting that SunnComm's uninstaller is just as bad as the XCP uninstaller for the rootkit. In other words, if you've used SunnComm's uninstaller to get rid of their copy protection, you've left your computer incredibly vulnerable to malicious attacks. Yes, the saga continues...


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Steve, Nov 17th, 2005 @ 6:02pm

    Appreciate

    Hi Mike,
    Your columns are great, thanks!
    Steve

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    arcfixer, Nov 17th, 2005 @ 6:40pm

    No Subject Given

    Agreed. Keep it coming.
    .
    (Next to last sentence: "incredibly" for "incredible"?)

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Mike (profile), Nov 17th, 2005 @ 7:08pm

    Re: No Subject Given

    (Next to last sentence: "incredibly" for "incredible"?)

    Whoops. Sorry. Thanks for pointing that out. Fixed now.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Happy user, Nov 17th, 2005 @ 10:05pm

    Re: No Subject Given

    I'm much agreed with the above replies -- thanks for all the great postings Mike!

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Y Pennog Coch, Nov 18th, 2005 @ 5:53am

    One good thing did arise from this mess...

    >>> The saga continues
    [...]
    >>> Yes, Again.

    Second all the above posts - ongoing coverage much appreciated. This is one of those stories where even the tiniest new detail changes who is vulnerable to what, and that makes every last bit important to know.

    Meanwhile, some good news. Thanks to Mark Russinovich's original post at sysinternals.com, I now know what a filter driver is, how to find them on your PC and how to remove one safely (it wasn't a Sony thing in my case, I think pxhelp20.sys came with WinAmp). My ancient CD-writer drive now burns CD's again.

    BTW, if you find pxhelp20.sys on your system, don't just delete the file, your CD drive will probably become unusable in Windows.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Fundriving, Nov 18th, 2005 @ 8:14am

    Sony

    The sad part of this story is us techies are all a flutter and in an uproar about this story, but sadly, I think the general public doesn't have a clue.

    I have talked to clerks at local retail stores and students on the college campus I work on and there is no idea about the seriousness of this transgression. No outrage, no...nothing. Out of six people I have talked with 5 didn't even know about the story.

    My point is. How do we really send a strong message to Sony and big companies if the majority of consumers stay oblivious?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Nov 18th, 2005 @ 8:50am

    No Subject Given

    Mike, do you or any of your readers know of a site that has a comprehensive list of CD copy-protection-related malware? I know all eyes are on Sony right now, but I doubt they are the only company that First4Internet deals with. I would bet that all the other major labels include similar software... in which case, they ought to get a share of the scorn. There's plenty to go around.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Mike (profile), Nov 18th, 2005 @ 9:03am

    Re: No Subject Given

    I haven't seen a compensive listing. We mentioned that Universal Music uses it too. The other report I saw said that Universal and EMI ran tests with it, but only Sony BMG went into fully supporting it.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This