Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "rootkits"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Nov 21st 2007 5:40pm


Filed Under:
botnets, computers, dan geer, rootkits, security, vulnerabilities



Is It A Good Idea To Violate The Security Of Your Customers If They're Security Ignorant?

from the asking-for-serious-trouble dept

Rich Kulawiec writes in to point out that security expert Dan Geer is suggesting that merchants violate the security of customers they deem as security risks. His argument is, basically, that there are two types of users out there: those who respond "yes" to any request -- and therefore are likely to be infected by multiple types of malware doing all sorts of bad things -- and those who respond "no" to any request, who are more likely to be safe. Thus, Geer says merchants should ask users if they want to connect over an "extra special secure connection," and if they respond "yes," you assume that they respond yes to everything and therefore are probably unsafe. To deal with those people, Geer says, you should effectively hack their computer. It won't be hard, since they're clearly ignorant and open to vulnerabilities -- so you just install a rootkit and "0wn" their machine for the duration of the transaction.

As Kulawiec notes in submitting this: "Maybe he's just kidding, and the sarcasm went right over my (caffeine-starved) brain. I certainly hope so, because otherwise there are so many things wrong with this that I'm struggling to decide which to list first." Indeed. I'm not sure he's kidding either, but the unintended consequences of violating the security of someone's computer, just because you assume they've been violated previously are likely to make things a lot worse. This seems like a suggestion that could have the same sort of negative unintended consequences as the suggestion others have made about creating "good trojans" that go around automatically closing the security holes and stopping malware by using the same techniques employed by the malware. Both are based on the idea that people are too stupid to cure themselves, and somehow "white hat" hackers can help fix things. Now, obviously, plenty of people do get infected -- but using that as an excuse to infect them back, even for noble purposes, is only going to create more problems in the long run. Other vulnerabilities will be created and you're trusting these "good" hackers to do no harm on top of what's been done already, which is unlikely to always be the case. No, security will never be perfect and some people will always be more vulnerable -- but that shouldn't give you a right to violate their security, even if for a good reason.

26 Comments | Leave a Comment..

 
Culture

Culture

by Mike Masnick

Tue, Sep 4th 2007 10:08am


Filed Under:
business model, columbia, music, riaa, rootkits

Companies:
columbia records, riaa, sony



How The Record Labels Are Only Ten Years Behind In Their Thinking About Business Models

from the eventually-they'll-get-there dept

The NY Times Magazine is running an interesting profile of Rick Rubin, the well-known producer who had tremendous success over the past twenty years producing all sorts of successful musical acts -- from the Beastie Boys to Slayer to Johnny Cash -- and who took over as the co-head of Columbia Records back in May. While the story itself is interesting and focused on some of Rubin's peculiarities and his key focus on finding and producing good music -- there are a few other interesting tidbits that come out. The first is how Rubin was completely pissed off at Columbia prior to joining the company because the Sony rootkit debacle hit just as a Neil Diamond album Rubin produced had come out to great fanfare. It was apparently number 4 on the charts -- the highest ever for a Diamond opening. Except, Columbia is a subsidiary of Sony BMG and so the Neil Diamond album was included among those that had the rootkit -- and the furor over that got it pulled from the shelves, and that basically killed its commercial prospects. So, at least we know that Rubin won't be a fan of such things.

However, the article suggests that Rubin and others in the industry are much more interested in setting up some sort of universal subscription system that would allow any subscribers access to any music on any platform. What's most amusing about this is that this is exactly the proposal the EFF suggested many, many years ago, which recording industry executives insisted would never work. What's even funnier is they might be right now, after managing to screw up all sorts of goodwill from customers. Back when the EFF suggested it, it probably still could have worked. However, Rubin is exactly right on where the industry is headed if it doesn't figure out these new business models quickly: "The future technology companies will either wait for the record companies to smarten up, or they'll let them sink until they can buy them for 10 cents on the dollar and own the whole thing." That's why I've always figured that things would work out in the end. If the RIAA members keep shooting themselves in their collective feet, then the problem will eventually take care of itself. Of course, the labels could avoid a lot of the problems if they learned how to actually embrace certain aspects of file sharing. It's not clear that Rubin (or anyone else in the industry) has gone that far yet. They're just still working through the ancient EFF plan they derided when it first came out. In fact, one of Rubin's other questionable ideas is setting up a fake word-of-mouth marketing organization, where Columbia has hired a bunch of young adults to promote their music online on blogs and in forums and such. Hasn't anyone explained to them that word-of-mouth is about people who legitimately enjoy the music -- not those who are paid to promote it? File sharing was legitimate word-of-mouth marketing. Hiring young adults to spam forums is not.

23 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Aug 28th 2007 8:23am


Filed Under:
rootkits, security

Companies:
f-secure, sony



Sony Caught In Yet Another Rootkit Mess?

from the don't-they-know-to-check-for-these-things? dept

Sony is a big company, and various parts and subsidiaries are pretty much totally disconnected from other areas of the company, but given the disastrous PR that Sony had to deal with following the original rootkit debacle (which really was more of a BMG issue than a Sony one) you would think that perhaps someone higher up at Sony corporate would have sent around a memo or something to all the rest of Sony, suggesting that they check around and make sure that none of their products had rootkit-like functionality. Either that didn't happen... or someone didn't get the memo. It appears that a line of USB flash drive sticks that Sony sold have been discovered to install rootkit-like functionality that hides a folder on users' computers. And, of course, just like the original Sony rootkit, this hidden folder is perfect for malware writers to use as hiding places for their malware. While this one probably isn't as big a deal as last time around, let's see if Sony figured out that brushing it off because no one knows what rootkits are isn't exactly the best response to such a discovery. In the meantime, this highlights (once again) how weak many security programs are that they don't automatically look for this type of action in order to prevent it from happening in the first place.

29 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Tuesday

1:56pm: Jury Says Fictional Character Can Be Libelous (28)
12:44pm: Spam King Alan Ralsky Gets Four Years In Jail (28)
11:39am: Publishers Getting The Wrong Message Over eBook Piracy (39)
10:28am: Calling For An Independent Invention Defense In Patents (26)
9:12am: Microsoft Tries To Silence Revelation Of Bing Cashback Flaws; Leads To Revelation Of Other Problems (41)
8:03am: Don't Blame Facebook For Some Kids Beating Up Another Student (61)
6:46am: Hulu Telling Sites To Stop Embedding So Much (44)
5:00am: Once Again, If The Gov't Has Data, It Will Be Abused (42)
2:53am: As Expected, Social Networking Generation Running For Office Face Their Permanent Record Online (31)
12:55am: IMAX Sues Cinemark For Building Competing System... While Being An IMAX Customer (14)

Monday

10:26pm: Filmmaker Allowed To Use The Name Rin Tin Tin To Describe Rin Tin Tin (6)
8:25pm: Senators Begin Questioning ACTA Secrecy (32)
6:34pm: Brazil E-Voting Machines Not Hacked... But Van Eck Phreaking Allowed Hacker To Record Votes (15)
5:08pm: FCC Doesn't Think The Lack Of Competition Is A Major Barrier To Broadband? (36)
3:49pm: Heads Of Major Movies Studios Claiming They Just Want To Help Poor Indie Films Harmed By Piracy (47)
2:38pm: USPTO Convinced By Amazon That Online Gift Giving Patent Is Legit (19)
1:31pm: Tiburon Approves Recording Every Car That Enters/Leaves... Despite More Evidence Of Traffic Camera Abuse In UK (90)
12:18pm: Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (53)
11:01am: Spanish Court Dismisses Complaint From Nintendo Against Counterfiet DS Cartridges, Since They Add Functionality (12)
9:55am: Dear PR People: If Your Exec Has A Comment, Our Comments Are Open (25)
8:44am: What Kind Of Mickey Mouse (And Donald Duck) Lawsuits Are These? (23)
7:30am: Prosecutors Ending Lawsuit Against Lori Drew (13)
6:06am: Dear Rupert: You Don't Succeed By Making Life More Difficult For Users (70)
4:20am: ESPN Writer Suspended From Twitter (59)
2:10am: School Can't Handle Critical Community Message Board; Sends Legal Nastygram (21)

Friday

7:39pm: Liberian Laws Are A Secret Due To Copyright; Even The Gov't Doesn't Have Them (43)
6:56pm: Lily Allen: It's Ok To Sell My Counterfeit CDs, Just Don't Give My Music For Free (97)
6:10pm: EFF Looks To Bust Bogus Podcasting Patent; Needs Prior Art (34)
5:28pm: Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (65)
4:44pm: Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (43)
More arrow
Quick Links
Close
E-mail It