 
Support Wrong Planet Awareness!
| View previous topic :: View next topic |
| Author |
Message |
mjs82
Majestic Lord of the Sock Puppets
Joined: Jun 21, 2005
Posts: 2186
Location: Australia
|
 Posted: Wed Nov 02, 2005 12:45 pm Post subject: Sony Secret Piracy Software In CDs |
 |
|
From a friend at Washington Post Blogs:
| Quote: |
Shown in a washington Post blog is a new anti-piracy tool Sony has introduced to the retail CD market. According to the articles, from the washington post site, and others, Sony's new CD software prevents users from burning audio files to CD through hidden methods.
New research from Mark Russinovich over at Sysinternals (the company I've blogged about before as the source a ton of excellent and free software utilities) indicates that Sony BMG has configured some of its music CDs to install antipiracy software that uses techniques typically employed by hackers and virus writers to hide the program from users and to prevent them from ever uninstalling it
Sony may have the right idea for anti-piracy but probably the wrong methodology. Putting unwanted software on users' computers without properly describing what is being installed, does't sound very legitimate. What if they do more than just keep you from burning the files? Since they aren't mentioning what the software does exactly, it could do more than just anti-piracy, since the software being installed is known as a hacker tool.
From what I've read, Sony Music CDs are installing a toolkit called a rootkit that hides itself from users and makes sure they do not Burn their music onto CD. If the toolkit is uninstalled it may render the CD-ROM drive useless, or perhaps even the whole computer.
A "rootkit" is known in the hacking world as being capable of taking control of a users computer without the user ever knowing, or being able to detect with anti-virus/anti-spyware.
More information on a rootkit can be found at : http://en.wikipedia.org/wiki/Rootkit
If this is what sony is doing to Retail CDs, I don't see why downloaders are going to switch over anytime soon.
|
|
|
| Back to top |
|
Scoots5012
Senior Member
Joined: Jul 02, 2004
Age: 29
Posts: 2250
Location: Cheyenne Wyoming
|
| Posted: Wed Nov 02, 2005 2:17 pm Post subject: |
|
|
Next thing you know sony will be pushing a bill to give them full permission to do this kind of thing all the time.
_________________
I live my life to prove wrong those who said I couldn't make it in life... |
|
| Back to top |
|
Sean
Banned
Joined: Apr 04, 2005
Posts: 3503
|
| Posted: Wed Nov 02, 2005 3:58 pm Post subject: |
|
|
| Someone will probably find a way to detect and defeat it in a couple weeks. That's also all the more reason to stick with pirated CDs. |
|
| Back to top |
|
duncvis
Stroppy Get
Joined: Sep 11, 2004
Posts: 2286
Location: the dark side of the net
|
| Posted: Wed Nov 02, 2005 4:00 pm Post subject: |
|
|
Well it gives an incentive never to buy a Sony CD. Damn corporations!  |
|
| Back to top |
|
KingdomOfRats
Phoenix
Joined: Nov 01, 2005
Age: 24
Posts: 2735
Location: Manchester
|
| Posted: Thu Nov 03, 2005 7:56 pm Post subject: |
|
|
| If I buy a CD,I expect to be able to copy it to my hard drive for private use,hacker tactics from a major credible company is a pathetic way to treat it's majority of users who'm do not share their music on the internet. |
|
| Back to top |
|
ed
Forum Moderator
Joined: Dec 20, 2004
Age: 64
Posts: 1007
Location: central Massachusetts
|
| Posted: Thu Nov 03, 2005 8:07 pm Post subject: |
|
|
sounds like macs might be immune 
_________________
I love the beauty of Christmas
Dx'ed with AS
http://myspace.com/maxcreeked
|
|
| Back to top |
|
10691047
Sea Gull
Joined: Jan 30, 2005
Posts: 229
Location: Wisconsin
|
| Posted: Thu Nov 03, 2005 9:01 pm Post subject: |
|
|
I'm definately not buying any Sony CDs anytime soon. Hope someone sues their ass for damage.
_________________
This is my signature. Pretty cool eh?
|
|
| Back to top |
|
stellacotton
Yellow-bellied Woodpecker
Joined: Nov 07, 2005
Posts: 70
Location: AZ.
|
| Posted: Tue Nov 08, 2005 4:04 am Post subject: |
|
|
| Sean wrote: | | Someone will probably find a way to detect and defeat it in a couple weeks. That's also all the more reason to stick with pirated CDs. |
It was defeated basically as soon as it was created. I use AnyDvD by SlySoft with my dvd/cd burning software. Its the best out there. Its updated frequently. http://www.slysoft.com/en/anydvd.html
http://www.slysoft.com/download/changes_anydvd.txt
AnyDVD tackles Sony DRM Rootkit Virus!
If AnyDVD is installed and active on your PC, the new so-called "Sony DRM Rootkit Virus" has no access to your system and the affected audio CD appears unprotected regardless! Another good reason to get AnyDVD!
Read more information about Sony DRM Rootkit Virus:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.f-secure.com/weblog/#00000691
_________________
“I believe in Spinoza's God who reveals himself in the orderly harmony of what exists, not in a God who concerns himself with fates and actions of human beings.”
-- Albert Einstein
|
|
| Back to top |
|
Sean
Banned
Joined: Apr 04, 2005
Posts: 3503
|
| Posted: Tue Nov 08, 2005 4:22 am Post subject: |
|
|
| I was thinking that you could mask off the part of a retail Sony CD where the virus is located to copy the CD minus the virus to your computer for personal use. I've heard of a permanent marker being used on the outer edge of the last anti piract software Sony tried defeated several million dollars of R&D. |
|
| Back to top |
|
stellacotton
Yellow-bellied Woodpecker
Joined: Nov 07, 2005
Posts: 70
Location: AZ.
|
| Posted: Tue Nov 08, 2005 4:59 am Post subject: |
|
|
That method only worked with the (Key2audio)copyright protection. It was an early attempt by Sony to prevent cd copying. Nearly 3yrs old now. Most attempts now deal with adding bogus info and unreadable sectors to the cd/dvd. Which corrupts the cd/dvds navigation structure and rendors it uncopyable(I just made that up)lol That is unless you have a decryptor such as AnyDvd to automatically remove it before the writing process.
http://www.usatoday.com/money/tech/2002-05-20-copyproof-cd.htm
_________________
“I believe in Spinoza's God who reveals himself in the orderly harmony of what exists, not in a God who concerns himself with fates and actions of human beings.”
-- Albert Einstein
|
|
| Back to top |
|
eyeenteepee
Velociraptor
Joined: Aug 25, 2005
Posts: 488
Location: UK
|
| Posted: Tue Nov 08, 2005 7:12 am Post subject: |
|
|
| Sean wrote: | | I was thinking that you could mask off the part of a retail Sony CD where the virus is located to copy the CD minus the virus to your computer for personal use. I've heard of a permanent marker being used on the outer edge of the last anti piract software Sony tried defeated several million dollars of R&D. |
I've done that technique (for a fair use copy, honest) and it does work for the old system. It may work for this, it depends on where the PC portion of the disc is physically encoded related to the music portion. If they've got any sense, they will have embedded it somewhere that can't be masked out.
As regards this whole thing, I don't know whether to be more infuriated because they're screwing with my PC just so I can play or copy music, or because they set artifical limits on how many legit copies you can make. I back up all my CDs these days, then secure the originals to try and prevent theft. Why should Sony dicate how I use my personal property?
What they don't seem to realise is that if they prevent ALL copying successfully, people will carry on buying much the same amount of music that they do now, but do without the stuff they had been copying for free. So what will be acheived? Nothing at all of any use.
_________________
-~ God-damn the day that I was born ~
The night that forced me from the womb ~-
|
|
| Back to top |
|
HannahCapps
Tufted Titmouse
Joined: Oct 16, 2005
Posts: 39
Location: Newport News, VA
|
| Posted: Tue Nov 08, 2005 2:01 pm Post subject: |
|
|
great, I buy cd's to support the inderstery and they keep me from downloading it to my oun comp, nice...  |
|
| Back to top |
|
stellacotton
Yellow-bellied Woodpecker
Joined: Nov 07, 2005
Posts: 70
Location: AZ.
|
| Posted: Tue Nov 08, 2005 8:26 pm Post subject: |
|
|
Wired News Staff |
02:07 PM Nov. 02, 2005 PT
Sony BMG is facing a cacophony of criticism this week following the revelation that some of its CDs are packed with special copy-protection software that conceals itself with an advanced hacker cloaking technique. We think the company is getting off easy.
The firestorm began when Mark Russinovich, a computer security expert with Sysinternals, discovered evidence of a "rootkit" on his Windows PC. Through heroic forensic work, he traced the code to First 4 Internet, a British provider of copy-restriction technology that has a deal with Sony to put digital rights management on its CDs. It turns out Russinovich was infected with the software when he played the Sony BMG CD Get Right With the Man by the Van Zant brothers.
A rootkit is a particularly insidious type of Trojan horse that hides its existence from users and programs by tampering with the operating system on the most fundamental level. Where normal malicious code might be content to choose a deceptive file name, a rootkit "hooks" operating system calls that might reveal its presence, and essentially reprograms them to lie -- like bribing the coroner to conceal a murder.
And the lie the First 4 Internet code tells is a whopper. Under the program's influence, Windows will deny the existence of any file, directory, process or registry key whose name begins with "$sys$." Russinovich verified this by making a copy of Notepad named "$sys$notepad.exe," which promptly vanished from view.
That means that any hacker who can gain even rudimentary access to a Windows machine infected with the program now has the power to hide anything he wants under the "$sys$" cloak of invisibility. Criticism of Sony has largely focused on this theoretical possibility -- that black hats might piggyback on the First 4 Internet software for their own ends.
On Wednesday, Sony answered its critics by promising to issue a patch that allows antivirus software to pierce First 4 Internet's cloaking function. But in our view, the hacker and virus threat is something of a red herring. The harm of the Sony DRM scheme is not that it enables evildoers, but that Sony itself did evil.
We needn't go skulking through the computer underground to find malicious action here. By deliberately corrupting the most basic functionality of their customers' computers, Sony broke the rules of fair play and crossed a bright line separating legitimate software from computer trespass. Their actions may be civilly actionable.
Sony may even have committed a crime under the U.S. Computer Fraud and Abuse Act, which can carry fines and prison terms for anyone who "knowingly causes the transmission of a program ... and as a result of such conduct, intentionally causes damage, without authorization, to a protected computer." Corrupting Windows so it misreports the contents of a hard drive sounds a lot like "damage," and the click-wrap license agreement on the Sony disk amounts to pretty thin "authorization" -- disclosing only that "this CD will automatically install a small proprietary software program ... intended to protect the audio files embodied on the CD."
Nor are we comforted by assurances from First 4 Internet's CEO Mathew Gilliat-Smith, who, in an interview with CNET's News.com, defended his software this way: "For the eight months that these CDs have been out, we haven't had any comments about malware (malicious software) at all." Rootkits, like other cover-ups, rarely generate complaints before they're discovered.
Sony should immediately disclose the full details of its deployment of the First 4 Internet software, and assure the public that it will not use similar tactics in the future. Honest programs have no need to conceal themselves or their actions from users. Honest companies, too.
---------------------------------------------------------------------------------------
Looks like the patch they released is drawing suspicion/criticism too!
http://www.theinquirer.net/?article=27426
http://www.freedom-to-tinker.com/?p=921
http://www.sysinternals.com/blog/200...-internet.html
_________________
“I believe in Spinoza's God who reveals himself in the orderly harmony of what exists, not in a God who concerns himself with fates and actions of human beings.”
-- Albert Einstein
|
|
| Back to top |
|
mjs82
Majestic Lord of the Sock Puppets
Joined: Jun 21, 2005
Posts: 2186
Location: Australia
|
| Posted: Thu Nov 10, 2005 9:46 pm Post subject: |
|
|
Just another follow-up for those interested:
| Quote: |
By MATTHEW FORDAHL, AP Technology Writer
45 minutes ago
SAN JOSE, Calif. - A controversial copy-protection program that automatically installs when some Sony BMG audio CDs are played on personal computers is now being exploited by malicious software that takes advantage of the antipiracy technology's ability to hide files.
The Trojan horse programs — three have so far been identified by antivirus companies — are named so as to trigger the cloaking feature of Sony's XCP2 antipiracy technology. By piggybacking on that function, the malicious programs can enter undetected, security experts said Thursday.
"This could be the advanced guard," said Graham Cluley, senior technology consultant at the security firm Sophos. "We wouldn't be surprised at all if we saw more malware that exploits what Sony has introduced."
The copy protection program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus, and disclosure of its existence has raised the ire of many in the computing community, who consider it to constitute spyware.
Sony BMG Music Entertainment and the company that developed the software, First 4 Internet, have claimed that the technology poses no security threat. Still, Sony posted a patch last week that uncloaks files hidden by the software.
On Thursday, Sony released a statement "deeply regretting any disruption that this may have caused." It also said it was working with Symantec and other firms to ensure any content-protection technology "continues to be safe."
Neither Sony spokesman John McKay nor First 4 Internet CEO Mathew Gilliat-Smith returned messages seeking additional comment.
Windows expert Mark Russinovich discovered the hidden copy-protection technology on Oct. 31 and posted his findings on his Web log. He noted that the license agreement that pops up said a small program would be installed, but it did not specify it would be hidden.
Manual attempts to remove the software can disable the PC's CD drive. Sony offers an uninstallation program, but consumers must request it by filling out two forms on the Internet.
"What they did was not intentionally malicious," Cluley said. "If anything, it was slightly inept."
The copy-protection software, which Sony says is a necessary "speed bump" to limit how many times a CD is copied, only works on Windows-based PCs. Users of Macintosh and Linux computers are not restricted.
The viruses also only target Windows-based machines.
The infection opens up a backdoor, which could be used to steal personal information, launch attacks on other computers and send spam, antivirus companies said.
Sony also is facing legal headaches. On Nov. 1, Alexander Guevara filed suit in Los Angeles County Superior Court seeking class action staus. He claims Sony's actions constituted fraud, false advertising, trespass and violated state and federal laws barring malware and computer tampering.
His attorney, Alan Himmelfarb, did not immediately return calls seeking comment.
The Electronic Frontier Foundation, an online civil liberty group, said it is hearing from people who have run into problems with the copy protection software. It is considering filing its own lawsuit, said EFF staff attorney Jason Schultz.
"You can't uninstall it, you can't find it, and it's vastly more invasive in terms of privacy and personal property than any other (digital rights management) program to date," he said.
|
|
|
| Back to top |
|
stellacotton
Yellow-bellied Woodpecker
Joined: Nov 07, 2005
Posts: 70
Location: AZ.
|
| Posted: Thu Nov 10, 2005 10:58 pm Post subject: |
|
|
Posted at 06:35 PM ET, 11/ 8/2005
Calif. Lawsuit Targets Sony
A class-action lawsuit has been filed on behalf of California consumers who may have been harmed by anti-piracy software installed by some Sony music CDs. A second, nationwide class-action lawsuit is expected to be filed against Sony in a New York court on Wednesday seeking relief for all U.S. consumers who have purchased any of the 20 music CDs in question.
http://blogs.washingtonpost.com/securityfix/
_________________
“I believe in Spinoza's God who reveals himself in the orderly harmony of what exists, not in a God who concerns himself with fates and actions of human beings.”
-- Albert Einstein
|
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
