Fix for Sony BMG DRM fix
p2p news / p2pnet: Finland’s Matti Nikki revealed the Sony BMG First 4 Internet rootkit DRM fix is nasty. Sony issued a ‘fix’ and in the US, Princeton’s Ed Felten and Alex Halderman have been working on a fix for the fix.
“Sony`s web-based uninstaller is a three step process,” says Halderman on Freedom to Tinker. “You fill out an uninstall request on Sony`s web site; Sony sends you an email with a link to a second request form. When you follow this link, Sony`s site automatically installs a piece of softwarean ActiveX control created by First4Internetcalled CodeSupport”; and, “After delay, Sony sends another email with a link to a third web page that removes the copy protection software.
“However, the CodeSupport component remains on your computer indefinitely.”
Then, in an update from Sony, “November 15th, 2005 – We currently are working on a new tool to uninstall First4Internet XCP software. In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days. Thank you for your patience and understanding.”
Because of a serious design flaw, “the CodeSupport component allows any web site you visit to download and run software on your computer,” says Halderman. “A malicious web site author can write an evil program, package up that program appropriately, put the packaged code at some URL, and then write a web page that causes CodeSupport to download and run code from that URL. If you visit that web page with Internet Explorer, and you have previously performed at least step 2 of Sony`s uninstall process, then the evil program will be downloaded, installed, and run on your computer, immediately and automatically. Your goose will be cooked.”
If you bought a Sony BMG CD and you’re now wondering if you’re in danger, “you should try to remove it using the instructions from our earlier post,” says Freedom to Tinker.
You can also see if you’ve been poisoned by Sony BMG via Felten and Halderman’s CodeSupport detector page.
“However, this may not be enough to prevent the software from being installed again, depending on your security settings,” says the blog. “If you have been exposed, the safest thing to do is to avoid using Internet Explorer until you receive a fix from Sony and First4Internet. Firefox should be a safe alternative.”
The story doesn’t say if Felten and Halderman are working on a fix for Apple users who are similarly at risk, this time from a SunnComm app.
“This just keeps on getting better and better,” says Australia’s Tony under the Matti Nikki story. “Well i’d like to say something to the perps.
” ‘Thank you Sony. Thank you for putting the consumer acceptance of drm back by years, if not decades. You’ve managed to do in a few short weeks something that would have taken the EFF years to achieve.’
“Way to go ;o)”
Yup. Way to go : )
And on SunnComm, “That’s not fair,” says a Reader’s Write. “XCP has only shipped 2 million CDs and they are getting all the publicity. We at SunnComm have shipped over 20M CDs and nobody wants to talk about us.
“We want to write a rootkit too, but we don’t have the experience yet. But we are trying. This is what I said two years ago:
” ‘Future versions of the SunnComm software would include ways that the copy-protecting files would change their name on different computers, making them harder to find.’ http://news.com.com/2100-1025-5089168.html
“See? We were working on this before First4Internet were even heard of. Yet they get all the publicity.
“Two years ago we were the ones that everyone talked about when we invented the Shift Key copy protection. It was a real breakthrough. We satisfied everyone. If you didn’t want to pirate the CD you just had to do nothing. If you wanted to pirate the CD, we let you press the shift key and presto, you could do anything you wanted. Ah the good old days.
“Sincerely,
“Peter (I get $1M in shares next year) Jacobs”
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
See:-
revealed – Muzzy: Sony BMG DRM spyware, November 15, 2005
Freedom to Tinker – Update: Sony Uninstaller Hole Stays Open, November 15, 2005, issue
similarly at risk – Sony BMG DRM on Macs, November 11, 2005
November 16th, 2005 at 3:39 pm
Since Outlook Express executes HTML using code from Internet Exploder, I wonder how hard would it be to write a worm that uses an Active X script to use Sony’s active-X control to do major damage? This is exactly what we need another mass mailing computer worm. What id this worm caused 10,000 computers to repeatedly dial 911? Hey thanks for putting entire nations at rissk in order to protect your monopoly, Sony! Get your cartel buddies to drop their lawsuit, and I just may not file a small claims court case against you.
November 17th, 2005 at 5:33 am
It’s very odd that Jacobs was so quick to post a denial of the obvious spoof piece linking SunnComm with the development of a DRM’d ear plug from Apple, but 5 days after Halderman called SunnComm’s copy protection software spyware, he still hasn’t managed to issue a denial or even address the issues.