• Register
  • Help
Page 1 of 4 1234 LastLast
Results 1 to 10 of 37

Topic: SONY added secret hacker "rootkits" to their XCP music CDs

Share/Bookmark
  1. #1
    Senior Member
    Join Date
    Oct 2004
    Location
    Los Angeles, CA
    Posts
    223

    Thumbs down SONY added secret hacker "rootkits" to their XCP music CDs

    Wow.

    A big thing in the hacker scene is the "rootkit", which allows for taking over PCs, creating back-doors, etc. Now we seem to have a concrete example of a large corporation (or at least, one division thereof) willing to exploit the home computers of private citizens.

    According to the following article, if you've played a Sony music CD on your computer that includes the XCP scheme, hidden software has been installed. One day someone found out and publicized it, noting that if you remove the Sony rootkit -- apparently, even with the patch Sony later felt compelled to release -- you can't listen to the CD you bought or make any use of your CD-ROM drive.

    While the Sony rootkit isn't much of a de facto security threat, it does use powerful techniques. It's also likely that other budding hackers will take note of how well they work.

    ---

    http://www.vnunet.com/vnunet/news/21...otkit-music-cd

    "Sony has released a patch for a music CD anti piracy technology after security experts warned that it forms a potential security risk.

    The copyright protection software would automatically install when a consumer inserted a music CD with the XCP digital rights management technology in their computers. The software is designed to limit the number of copies that users can make of the CD and restrict ripping of the disk.

    Software developer Mark Russinovich of Sysinternals on Monday reported that he had detected that Sony secretly had installed a rootkit on his system. He traced the software back to Sony and the XCP technology from First 4 Internet, an English software developer.

    The rootkit served to hide the digital rights management technology from the user as well as the system itself, including anti virus software. When Russinovich tried to remove the application, he found that his CD drive was disabled.

    Sony uses the rootkit to prevent the user from removing the copyright protection technology and violating Sony's copyright. But worm authors too could abuse this feature to hide malicious applications.

    The patch will remove the cloaking capability of the software to enable users to remove the Sony tool. This will however render their systems incapable of playing the music CDs."

    ---

    In a different explanation we find:

    http://www.washingtonpost.com/wp-dyn...110202362.html

    "But according to Mikko Hypponen, director of research for Finnish antivirus company F-Secure Corp., users who want to remove the program may not do so directly, but must fill out a form on Sony's Web site, download additional software, wait for a phone call from a technical support specialist, and then download and install yet another program that removes the files.

    Hypponen agreed that Sony's software could help hackers circumvent most antivirus products on the market today. He added that installing the Sony program on a machine running Windows Vista -- the beta version of the next iteration of Microsoft Windows -- 'breaks the operating system spectacularly.'

    'The people they're trying to stop from stealing their music are always going to find a way around these types of technologies,' Eisner said. 'Sony is just hurting people who obtain their products legally, and many of these same people are now going to think twice about doing so.'"
    Some experts learn more and more about less and less, until at last they know everything there is about nothing at all.

  2. #2

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Naturally...Sony denies that the technology is malicious or compromises a security risk. "The only time when we see people use these vulnerability is when the tool reaches a substantial percentage of the public"

    In other words: the more people use Sony cd's the higher the risks...
    Conclusion: don't use sony cd's on your PC.
    Best regards,
    Michiel Post


  3. #3

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    From my experience with these kind of companies, they have a lot of these business studies guys in their middle management that can only think in standard economic theory. In their logic, these mechanisms help to increase revenue. They simply cannot think in terms of socilogical aspects - like 'damage to image' and 'user's opinion'...

    Actually, I think the only way to reduce pirac< in the long run cannot be based on technological solutions; it must focus on the social aspects of the whole problem. And here, these companies are even weaker: Not only that they manipulate your computer (very bad for the company's reputation), they also threaten people who copy a CD with jail etc. That's plain stupid, since this will reduce the end user's loyality to the respective companies even further. And buyer loyality is probably the only thing that really could work (look at a band like 'Marillion' that sells their stuff directly to their fan base - they could even hijack the charts with their latest singles just based on the loyality of their fan base; heck, these fans sometimes even buy several versions of the *same* album... well, I just guess that these guys are a bit smarter than the rest of the industry... ).

  4. #4

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Quote Originally Posted by Michiel Post
    Naturally...Sony denies that the technology is malicious or compromises a security risk. "The only time when we see people use these vulnerability is when the tool reaches a substantial percentage of the public"
    With corporations like that who needs shady underground terrorist networks?

    In other words: the more people use Sony cd's the higher the risks...
    Conclusion: don't use sony cd's on your PC.
    Or... don't use sony CDs at all.

  5. #5

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Quote Originally Posted by kbaccki
    Or... don't use sony CDs at all.
    I feel the same about RealNetworks but if I want to listen to my local public radio station via the internet I have no choice but to use them.

    Ernie

  6. #6

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Quote Originally Posted by kbaccki
    Or... don't use sony CDs at all.

    Use Sony CDs, just dont buy them.

    And dont worry, soon you'll be able to find some software to copy these CDs in a regular way...

    Distrust your customer, loose your customer.

    Can you please tell me how would you react if you buy a car and the manu~~~turer traces your ever movement. Or you buy a computer and someone logs your every key stroke[How many copies you can make, how many people you can kill!!!!!!!].

    Well, well, well......

    I'm a fool after all, so is the human race...

    Click Intelligence.

  7. #7

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Quote Originally Posted by robin123
    Distrust your customer, loose your customer.
    The world is your customer, own the world.

  8. #8

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    [QUOTE=tquandt]Actually, I think the only way to reduce pirac< in the long run cannot be based on technological solutions; it must focus on the social aspects of the whole problem./QUOTE]Corporate mentality is similar to government mentality (they are in the same business, control for power and profit regardless of consequences) They simply don't recognize social issues.

    Don't buy Sony? They won't care until a few hundred thousand lost customers let them know they lost a sale because of their malicious malware. But if you want this to change, notify the ARTIST that you refuse to purchase their music until the software is removed. Ask to purchase a copy of their product from a home-burned copy of the pre-malware master direct from the artist, bypassing corporate entirely. Once the artists start complaining to the parent company about lost sales (or begin in significant quantities to abandon the corporations entirely and self-market, in truth they no longer NEED the corporations; just podcast to advertise and sell direct from your own site or some neutral third party like CD Baby,) it may help give a bit of impetus to a recall of a bad idea.

    But the fight that is going on underneath the operating system for control of your on-line and offline experience really needs to be aggressively addressed before we all become the victims of corporate bean-counter wars. My drummer's girlfriend's daughter has a Dell PC, she downloads from the peer-to-peer sites, plays CDs, has AOL, AIM. Real Networks, iTunes and a couple of other of these hook-monsters in her computer. She wound up buying a second disk for data, as the C drive needs a full restore about once a month, because of all the conflicting software demanding control of the system. This is beyond reason, now, it's just arrogance on the part of the idiots who spec the software. Corporations are infighting for control over your PC and your on-line experience. If you want ANY chance to retain some control over your PC's destiny, you need to get involved, NOW, with the various political processes that can address these issues. (Don't ask me what they are, I don't listen to music on my PC except for that I create myself...)
    Dasher
    -------
    It's all about the music - really. I keep telling myself that...

  9. #9
    Senior Member
    Join Date
    Oct 2004
    Location
    Los Angeles, CA
    Posts
    223

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    I'm glad some folks replied. At the same time, though, I'm surprised there aren't more replies. I hope that the lurkers reading this thread realize that security threats online are becoming more serious by the day. Now that big-name corporations are becoming more actively involved, we can expect numerous exploits in the future.

    Mac/Linux users are justified in any smugness they feel about this issue. It seems they don't need to worry.

    I do find it ironic that the threat posed by the same companies we're supposed to trust could actually drive people off the Windows platform when it comes to anything involving personal information. Windows users might be better off assembling a simple Linux box for e-commerce transactions and holding personal info.

    Hm..... I have an old Pentium III sitting around, currently as a backup GigaStudio box. I wonder if I should finally get into Linux.
    Some experts learn more and more about less and less, until at last they know everything there is about nothing at all.

  10. #10

    Re: SONY added secret hacker "rootkits" to their XCP music CDs

    Thanks to sony, folks have figured out a way to hide files from regular file scanners & cheat detectors & they are now cheating on WoW and other online games. I will not buy a single Sony product of any kind ever again because of what they've done.

Go Back to forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •