Guess What? That Latest Sony BMG Patch? It's Vulnerable Too

from the shut-the-window-open-the-door dept

The incompetency of Sony BMG is reaching previously unfathomable heights. Yesterday we wrote about the latest patch the company had issued to fix a security hole in the SunnComm MediaMax copy-protection software its CDs load onto people's computers. Surprise surprise -- the patch closes one hole and opens another. Ed Felten and Alex Halderman say the supposed fix features the same kind of vulnerability as the one it's intended to remedy, only slightly modified. Again, the CDs featuring this malware copy protection haven't been recalled, unlike the Sony BMGs behind the separate rootkit fiasco. It's hard to have much trust in the company when its fixes are just as bad as the initial problem.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Javi0084, 7 Dec 2005 @ 11:06am

    Oh Great

    Will it ever end?

    reply to this | link to this | view in chronology ]

  • identicon
    Sony hater, 7 Dec 2005 @ 11:53am

    Original SONY letter to consumers

    Hey everyone.. I got my hands on a copy of the letter they were originally gonna post on their site (before their lawyers/pr people got a hole of it).. the

    To Our Valued Customers:
    You’re either living under a rock or suffer from mild retardation if you aren’t aware of the recent attention given to the XCP content protection malware hidden on some SONY BMG CDs (we couldn’t get it on all of them fast enough). This malware was provided to us by a third-party vendor, First4Internet, so it’s really not our fault. Ranting & raving from the blogsphere has centered on security concerns raised about the use of CDs containing this malware, which proves our customers are just a bunch of wining teenagers that nobody listens to anyway.

    We could care less about the concerns of consumers regarding these discs, so we are instituting a mail-in program, because it’s the biggest pain-in-the-ass option we could come up with short of having you walk your CD to our branch office in Kalamazoo, that will allow consumers to exchange any CD with XCP malware for the same CD without us snooping on your computer system and receive MP3 files of the same title which we know you’ll immediately begin swapping on file sharing networks. We also have asked our retail partners to remove all unsold CDs with XCP malware from their store shelves and inventory but they won’t do that because it would really be a hassle for them… so suck it and consider yourself warned.

    We could also care less if there was any inconvenience this may cause our customers and we are committed to making this situation right for us. It is important to note, if it makes you feel better, that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players (because our bastard customers can’t copy music on those devices).

    Our new initiatives follow the measures we have already taken, albeit a day late and a dollar short, including the suspension of the manufacture of CDs with the XCP malware. In addition, to address security concerns, we provided to major software and anti-virus companies a software update, which also may be downloaded at http://cp.sonybmg.com/xcp/english/updates.html. We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer… well, actually we’re just saying that so you all shut the fuck up.
    Ultimately, our bottom line and fat wallets are our primary concern, and our goal is to help bring our artists' music to as broad an audience as possible, unless that involves sharing files… cause then we’ll sue you. Going forward, we will continue to identify new, invasive, annoying and moderately unethical ways to meet demands for flexibility in how you and other consumers steal… I mean listen to music.

    The revised letter can be found on their site..

    reply to this | link to this | view in chronology ]

    • identicon
      Sam O' Rogers, 8 Dec 2005 @ 9:28am

      Re: Original SONY letter to consumers

      What's the address in Kalamazoo? I'll stop by there tonight on my way home.

      A West Michigan Resident.

      reply to this | link to this | view in chronology ]

  • identicon
    Keegan Orange, 7 Dec 2005 @ 12:50pm

    No Subject Given

    They are so unatractive right now.

    reply to this | link to this | view in chronology ]

  • identicon
    Jordan, 7 Dec 2005 @ 1:05pm

    I could have told you this...

    SOE, Sony's online entertainment industry, and publisher of Everquest and Star Wars Galaxies, in gneral represents their company. I've played SWG for two years now, and gone through three "fix-alls" of the game, and it just created new problems each time. so they push out another unpopular change, people get pissed, and leave. last time i buy a sony CD. hello WOW!

    reply to this | link to this | view in chronology ]

    • identicon
      Aramis Rosicrux, 7 Dec 2005 @ 2:15pm

      Re: I could have told you this...

      What? People are still playing that first-generation MMORPG crap? Serves them right for not getting their head out of the sand and taking a look at all the new games.

      Me? I do not buy Sony CD's no matter what, and I sure wouldn't play Eversmack or SWG (ack! and some people think this is a space sim and give up on the genre! Try Eve Online people!)

      Friends dont let friends buy Sony... or any other megacorp that tries to shove DRM software onto our systems under any guise!

      Boycott the companies who use malware and tell your friends to simply do without any Sony title until all attempts to controlling what we do with our music after we leave the store!

      reply to this | link to this | view in chronology ]

    • identicon
      Aramis Rosicrux, 7 Dec 2005 @ 2:16pm

      Re: I could have told you this...

      What? People are still playing that first-generation MMORPG crap? Serves them right for not getting their head out of the sand and taking a look at all the new games.

      Me? I do not buy Sony CD's no matter what, and I sure wouldn't play Eversmack or SWG (ack! and some people think this is a space sim and give up on the genre! Try Eve Online people!)

      Friends dont let friends buy Sony... or any other megacorp that tries to shove DRM software onto our systems under any guise!

      Boycott the companies who use malware and tell your friends to simply do without any Sony title until they abandon all attempts to controlling what we do with our music after we leave the store!

      reply to this | link to this | view in chronology ]

  • identicon
    Good Will, 7 Dec 2005 @ 1:06pm

    Hey Sony, Here's an Idea

    Don't recall the CD's. Just let everyone download free mp3's of the bad disks. That way we never have
    to stick the thing into our computers. It will probably be cheaper in the long run, and would be good publicity for a change.

    reply to this | link to this | view in chronology ]

  • identicon
    Foamy The Squirrel, 7 Dec 2005 @ 2:05pm

    The solution is simple

    FORMAT C: Avoid Sony products Anything else leave crap on the drive your Lord and Master Foamy

    reply to this | link to this | view in chronology ]

  • identicon
    Foamy The Squirrel, 7 Dec 2005 @ 2:06pm

    The solution is simple

    FORMAT C:
    Avoid Sony products
    Anything else leaves crap on the drive
    Your Lord and Master,
    Foamy

    reply to this | link to this | view in chronology ]

  • identicon
    curt, 7 Dec 2005 @ 2:53pm

    four letter word

    My mom told me never to use a four letter word. Guess she was right.

    reply to this | link to this | view in chronology ]

  • identicon
    John Bob, 8 Dec 2005 @ 4:12pm

    Sony's DRM

    The incompetance of this company is amazing!

    reply to this | link to this | view in chronology ]

  • identicon
    mmorpg list, 26 Dec 2006 @ 6:55am

    sony

    can't believe this, noobish mistakes and who pays for all this...?!?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.