Page 8 of 9 FirstFirst ... 456789 LastLast
Results 71 to 80 of 89

Thread: Sony DRM

  1. #71
    Junior Member
    Join Date
    Nov 2005
    Posts
    2

    Default

    SLOW TO ACT? Sony BMG is in a catfight with a well-known computer-security outfit that became aware of the software problem on Sept. 30 and notified the music company on Oct. 4 -- nearly a month before the issue blew up. F-Secure, a Finland-based antivirus company that prides itself on being the first to spot new malware outbreaks, says Sony BMG didn't understand the software it was introducing to people's computers and was slow to react. ...
    "Sony didn't _understand_ the software" is an understatement of galactic proportions. Someone just needs to be honest and truthful about Sony and say "Sony sucks." Their laptops suck. Their attempts at software development suck. Their technical support sucks. Their digital cameras suck. Their CD/DVD-ROM/RAM drives suck. And now their attempt at DRM sucks. Sony is on my blacklist of companies to not buy anything from for 10 years.

  2. #72
    Junior Member
    Join Date
    Nov 2005
    Posts
    8

    Default

    Well, I wouldn't say "Their CD/DVD-ROM/RAM drives suck" since they are made by Lite-On, but the retail versions are not a great value...just get a Lite-On and you have a Sony, or an HP, now that Lite-On has their new Lightscribe contract.

  3. #73
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Besides installing software before issuing the EULA, the following articles indicate that there is a security hole in the older SunnComm MediaMax Version 5 Digital Rights Management (DRM) software that Sony/BMG distributed on their CDs:

    Will the DRM saga never end?

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry

    FYI...

    - http://www.wired.com/news/print/0,1294,69763,00.html
    Dec. 07, 2005
    "...The software used a Microsoft Windows feature called AutoRun that executes software on a CD without the user's knowledge or consent. Holding down the Shift key stopped AutoRun and prevented the software from being installed. Halderman wrote about the software, and the "infamous Shift key attack," in an academic paper and posted it online. Within 24 hours, SunnComm was threatening a $10 million lawsuit, and vowing to refer Halderman to authorities for allegedly committing a felony under the controversial Digital Millennium Copyright Act, or DMCA. By the next day, the company had backed down in the face of public outrage. Looking back, Halderman says, "The whole experience was a whirlwind.... The response was way bigger than (anything I'd) expected"..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Here is an Electronic Frontier Foundation (EFF) article concerning the vulnerability in SunnComm MediaMax Version 5 DRM software :

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  6. #76
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy

    FYI...

    Not Just Another Buggy Program
    - http://www.freedom-to-tinker.com/?p=944
    Thursday December 8, 2005 by Ed Felten
    "Was anybody surprised at Tuesday’s announcement that the MediaMax copy protection software on Sony CDs had a serious security flaw? I sure wasn’t. The folks at iSEC Partners were clever to find the flaw, and the details they uncovered were interesting, but it was pretty predictable that a problem like this would turn up...if you decline the MediaMax licence agreement, and the software secretly installs itself anyway, you will face risks that you didn’t choose. You won’t even know that you’re at risk. All of this, simply because you tried to listen to a compact disc. Experience teaches that where there is one bug, there are probably others. That’s doubly true where the basic design of the product is risky. I’d be surprised if there aren’t more security bugs lurking in MediaMax...."

    (More detail at the URL above.)

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #77
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Apparently no one here has been watching the Sony BMG pages:
    http://cp.sonybmg.com/xcp/english/form14.html
    UNINSTALL REQUESTS

    The uninstall software can be downloaded here.

    If you have already run the uninstaller and still have problems or questions, please click here to complete a customer service request.
    This takes you to a page explaining the options, including:
    http://cp.sonybmg.com/xcp/english/updates.html
    INFORMATION ABOUT XCP PROTECTED CDs

    CDs containing XCP content protection software developed by First4Internet for SONY BMG may increase the vulnerability of your computer to certain computer viruses. To address these concerns, we are providing you with a software tool for download that offers you two options.

    You may either:

    Update the XCP software on your computer.
    This option installs an update which removes the component of the XCP software that has been the subject of public attention and will alleviate concerns you may have about the software posing potential security vulnerabilities. It will also enable you to continue using the protected disc(s) on your computer.

    Completely uninstall the XCP software and associated content protection files.
    This option will remove all XCP and associated content protection files, including service/processes, registry entries and folders from your computer. Note that once you delete the XCP content protection software, if you wish to play a CD protected with XCP it will be necessary to reinstall the XCP software in accordance with that CD's End User License Agreement after you insert the disc into your computer.

    Please note that you must reboot your computer after running the software tool.

    If you have previously uninstalled the XCP software using the Sony BMG customer support website, and you are concerned about security issues relating to the delivery of ActiveX controls, both options will result in the deletion of these controls.

    For users who have previously uninstalled XCP software using the uninstaller made available prior to November 18, 2005, we recommend that you run the currently available uninstaller, to eliminate a potential security vulnerability presented by the earlier uninstaller that was brought to our attention.

    Please note that uninstalling from your computer the XCP software and associated content protection files loaded from an XCP-protected CD will NOT delete or affect your use of any audio files that you have previously transferred from an XCP-protected CD. Such files remain subject to the digital rights management rules in the End User License Agreement: namely that you may rip the audio into the secure formats provided on the disc, move these tracks to compatible portable devices, and make up to three copies of each track on to CD-Rs.

    Please be advised that this program is protected by all applicable intellectual property and unfair competition laws, including patent, copyright and trade secret laws, and that all uses, including reverse engineering, in violation thereof are prohibited.

    The XCP software tool is available for download here as an EXECUTABLE (2.3 MB) or ZIP FILE (1.03 MB)
    <<< Added with Edit >>>This appears to be the executable uninstaller recommended by Mark Russinovich, though I haven't done anything to confirm this myself. At this point I don't see any new comments on Mark's Blog either, so it must have just released. We'll see how this fares over the next few days.
    Last edited by bitman; 2005-12-09 at 20:47.

  8. #78
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow

    FYI...

    Microsoft Security Bulletin MS05-054
    Cumulative Security Update for Internet Explorer (905915)
    - http://www.microsoft.com/technet/sec.../MS05-054.mspx
    Published: December 13, 2005
    "...This cumulative security update sets the kill bit for the First4Internet XCP uninstallation ActiveX control. For more information about this ActiveX control, visit the SONY BMG Web site. Older versions of this control have been found to contain a security vulnerability. To help protect customers who have this control installed, this update prevents older versions of this control from running in Internet Explorer. It does this by setting the kill bit for the older versions of this control that are no longer supported. This kill-bit is being set with the permission of the owner of the ActiveX control..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #79
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    Sony BMG To Settle One Copy Protection Class-Action Lawsuit
    - http://www.techweb.com/article/print...section=700028
    December 29, 2005
    "Lawyers working the class-action lawsuit against Sony BMG Music filed a proposed settlement with a federal court Wednesday that if approved, would force Sony to stop making copy-protected CDs, pay affected customers a small fee, and provide replacement discs and/or other albums. Several class action suits were filed in New York and California during November that claimed Sony's copy-protection technology, which had come under fire earlier in the month, damaged buyers' computers. On Dec. 1, the court consolidated about 10 pending class-action cases, and appointed two law firms, Girard Gibbs & de Bartolomeo of California, and Kamber & Associates of New York, to handle the combined suit. According to the settlement papers filed with the U.S. District Court, Southern District of New York, "the parties engaged in virtual round-the-clock settlement negotiations" through most of December. "The primary and overriding concern of the parties over the course of these lengthy, arms’-length negotiations was an effort to provide prompt relief to consumers affected by XCP and MediaMax software, in order to limit the risk that these consumers’ computers would be vulnerable to malicious software," the papers continued. Among the provisions of the settlement, Sony BMG would be barred from using XCP or MediaMax technologies to copy-protect its music CDs, will continue to update the uninstall utilities for removing the XCP and MediaMax copy-protection schemes, and will offer two different incentive programs to buyers of XCP-protected discs so that they return copy-protected CDs. Furthermore, until 2008, any copy protection scheme Sony BMG uses on its audio CDs must meet a slew of criteria, including ones which require that it get users' explicit permission before installing rights software, that uninstallers for the copy protection be available, and that a third party verify that the copy-protection technology doesn't present any security risk..."

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #80
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default Symantec Norton Protected Recycle Bin Exposure

    January 10, 2006
    Norton SystemWorks contains a feature called the Norton Protected Recycle Bin, which resides within the Microsoft Windows Recycler directory. The Norton Protected Recycle Bin includes a directory called NProtect, which is hidden from Windows APIs. Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer.

    Symantec has released a product update that will now display the previously hidden NProtect directory in the Windows interface.
    http://securityresponse.symantec.com...006.01.10.html

    January 12, 2006
    Symantec just admitted that the "Norton Protected Recycle Bin," or "NProtect" feature of Norton SystemWorks, deliberately conceals a directory from Windows APIs to protect the files from accidental deletion. A commercial security vendor using rootkit technology? Unbelievable. Symantec explained its thinking in a security bulletin. "When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect."
    http://www.computerworld.com/blogs/node/1573
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •