Dear EMI: Please Let Security Researchers Protect You From A Rootkit Fiasco

from the an-open-letter dept

Following the huge mess involving both of the copy protection systems Sony BMG uses on CDs having serious security vulnerabilities, it’s about time that people started paying attention to the other record labels as well. For some reason, Universal Music has gotten away unscathed, despite having a deal in place with First4Internet, the makers of the terribly flawed XCP rootkit copy protection that kicked off this whole story. Now, some are starting to look at EMI, but have realized that the DMCA does create something of a “chilling effect” as security researchers can be accused of breaking the law for investigating the copy protection. This situation is made worse by the fact that malicious hackers now know that copy protection schemes are a fertile area to mine for possible vulnerabilities. So, the EFF has put together an open letter to EMI, asking them to publicly state that they won’t go after security researchers who discover security holes in the Macrovision copy protection EMI has been using. While we wait for their answer (which we get the feeling may take a while) can someone please explain why the EFF insist on putting content like that in PDF format, rather than making an HTML version as well?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Dear EMI: Please Let Security Researchers Protect You From A Rootkit Fiasco”

Subscribe: RSS Leave a comment
ZOMG CENSORED (user link) says:

Re: Re: Maybe (The Remix) ft. Notorious ZO-M-G

I think it’s because, for some odd reason, corporate people have it in their head that pdf is the cat’s whiskers. When most sane people realize that is only the case when it’s a huge freaking chunk of data.

I was talking to my boss’ boss earlier today (small talk) and he brought up how he wished we could all work in nothing but pdf’s. I explained to him the cons of that and why pdf isn’t good for everything. I’m still working here so that’s a good sign 😀 Just goes to show that some people think pdf is the new html.

A person says:

Re: PDF = Control (Perceived)

My father is the manager of an architech buisness, and he insists that all the documents are in pdf. now that we are on a vacation at Lake Tahoe and he is doing work from his laptop via emailed documents and files from his employies, with incredibly slow (48 kbs) internet access with no printer, he realizes how dumb of an idea it was to require pdf files. It takes him about half an hour to load one, and he can’t even work on it! He had to send an email out to all his staff telling them no more pdf’s. I guess one of his staff had explained all this to him beforehand, and my father cut his pay and almost fired him for “Opposing company policy”.

Michael "TheZorch" Haney (profile) says:

I have a good question...

Why the heck hasn’t the British Government started a serious criminal investigation of First4Internet? Why haven’t any states here taken them to court? It is possible to take foreign companies to court, but it takes a lot of paperwork and diplomatic hoop-jumping to do it. I hear all this stuff about boycotting Sony and rebelling against companies using DRM but what about going after the jerks who developed XCP in the first place. I haven’t heard a thing about going after them at all despite the fact that its been confirmed that they stole Open Source code to make it.

dan says:

Re: Re: I have a good question...

I disagree with the analogy. Guns can be used for many other things aside from killing people. First4Internet developed this software with a rootkit built in ON PURPOSE. The purpose of a gun is not neccessarily illegal (the end user makes that choice), while the rootkit is illegal (and the end user has no choice).

Sony still deserves some blame for not investigating First4Internet before they decided to distribute their software, but First4Internet should still be liable.

Seer says:

Re: Re: Re: I have a good question...

Yes, the real people who we need to go after are the makers of this crappy software. Do you think the Sony execs who decided to go to XCP (I think that’s the company’s name) had any clue what a rootkit was? Or that XCP even told ANYONE at Sony how their software worked? No, they probably just released some “fact” sheet that advertised only the good things.

I guess you can blame Sony for not acting sooner and not really trying very hard in the beginning of this thing.

MikeVx says:


With the PDF, we can see exactly what EMI sees in the letter, formatting, letterhead and all, within the limits of our monitors. There is no reliable way to do this in HTML other than embedding a graphic in the page, with the usual problems with lower-resolution screens. Every PDF reader I’ve ever used starts up with the document scaled to fit the screen/window.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...