Sony BMG DRM spyware hacked
p2p news / p2pnet: A fingernail-sized piece of opaque tape stuck on the outer edge of a Sony BMG CD that’s been polluted by First4Internet DRM spyware is enough to render the self-loading application useless.
So says Gartner, quoted by Techtree.
BUT – - – - – you probably won’t want to try it.
“Placing gaffer tape on the edge of a CD may make it unbalanced and could cause damage to the disc or (worse) drive as it spins at high speed,” says The Register.
“A better option, as Reg readers point out, might be to disable Windows autorun.”
And our pictorial representation may be a trifle exaggerated.
(Thanks, catflap and Mila)
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
November 22nd, 2005 at 1:06 am
Ridiculouser and ridiculouser…
November 22nd, 2005 at 2:39 am
http://www.billboard.biz/bb/biz/newsroom/legal_management/article_display.jsp?vnu_content_id=1001525979
Texas Attorney General Greg Abbott filed a civil lawsuit on Monday against Sony BMG Music Entertainment for hiding “spyware” software on its compact discs in a bid to thwart music copying.
According to the lawsuit filed in Travis County, several of the company’s music compact discs require customers to download Sony’s media players if they want to listen to the CDs on a computer.
Software included with that media player “remains hidden and active” after installation, the Attorney General’s office said, and makes users vulnerable to security risks and possible identity theft.
Sony said on its Web site that it had recalled all CDs that were installed with its XCP technology designed to prevent illegal music copying, Abbott said, but Texas investigators were able to purchase several of the CDs at Austin retailers on Sunday.
Texas is seeking civil penalties of $100,000 per violation of the state’s Consumer Protection Against Computer Spyware Act, which was enacted earlier this year.
“Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers,” Abbott said.
Sony announced on Friday that customers could exchange CDs that contained XCP software for new copies without the spyware, and download software designed to fix the security vulnerabilities.
“While we don’t comment on pending litigation we are cooperating fully with the attorney general’s office,” a spokesman said on Monday.
The CDs, from 52 popular artists, including Ray Charles, Frank Sinatra, Louis Armstrong and Celine Dion, prompt a user agreement to appear on consumers’ computer screens.
Users are required to accept the agreement in order to play the CDs on their computer, and Sony’s media player is automatically downloaded to their computers with the hidden files.
Earlier this month, a software virus was detected in a mass email designed to exploit the Sony BMG software and wreak havoc on computers. The “malware” program enables hackers to access computers by bypassing firewall protections.
Separately, the Electronic Frontier Foundation said it had filed a lawsuit in Los Angeles County against Sony BMG to pay for damage caused by XCP and SunnComm MediaMax software it used on as many as 24 million CDs.
The XCP software is extremely difficult to remove, EFF said, “often leaving reformatting the computer’s hard drive as the only solution.”
The MediaMax software also installs files on users’ computers even if they decline to accept SunnComm’s terms in a licensing agreement. That software allows the company to track customers’ listening habits despite denials the company collects such data.
November 22nd, 2005 at 3:27 am
Has anyone tried holding down the shift key while loading a XCP-laden CD? Holding down the ‘Break’ key would seem more appropriate in this case though.
Does this mean that possessing gaffers tape will now be illegal under the DCMA because it is a ‘circumvention’ device (that’s installed about the circumfrence of an optical disk.)
Just what is ‘gaffing’ anyhow. I’ve never seen anyone gaff. What do they use the tape for? I always thought it was best to put over someone’s mouth when they wouldn’t shut up.
–TG
November 22nd, 2005 at 6:59 am
Good on you texas. Sue those arrogant bastards
November 22nd, 2005 at 7:10 am
Sony has claimed to have recalled the infected cds. However, reports coming in from various places indicate that most merchants and retailers aren’t even aware those cds have a problem. They are still out there for sale and it appears that Sony has issued a “recall” without calling it that. It is also apparent that Sony is hoping those cds will sell during the Christmas holidays. Since much of the public doesn’t use the internet or use it intermittantly they hope to continue to gather user data without the users knowledge. Sony doesn’t appear to be very apologetic about the cds nor are they in any hurry to recall them by using national media to get the word out. In fact that also looks like why Sony is using statements like “purchasers CAN swap or trade them in” rather than calling it a recall that would be picked up far and wide by the media. Sony has just gotten a lump of coal in their stockings for Christmas and doesn’t seem to know just how deep the trouble is.
They keep playing at dead possum while dancing around trying not to seem guilty of anything. Finally lamescream is starting to get the idea that there is a news story here and it is on par with some of the worse virus infections to hit the net. One wonders where all the anti-virus companies are in this. After all, you the user pay them to keep your computer clean through subscriptions. On other infections they have been Little Johnny on the spot. I think that fears of violating DMCA have held them back from issuing such fixes and it shows a glaring hole in that law that allows millions of users to be infected, remain infected, and still Sony and a few of the antivirus folks have yet to issue not a decloaker but an actual uninstall that removes this critter. Microsucks finally got around to claiming it spyware and issued a removal tool after a lot of foot dragging. They seem to have known about it for some time and have kept a lid on it. So has F-Protect who was in “secret negotations” with Sony a month before it broke into the news.
Many have made the comment about not having full user rights while running winblows. That limited user rights would protect them from installs. Interestingly, now there is more news on the protection/anticopy scene dealing with this every issue. How about this:
From the EULA of Starforce, a popular protection method for games comes this little tid bit…
“Why does SecuROM install UAService7.exe?
This is a Windows Service which is a module of SecuROM. This module has been developed in order to enable users without Windows administrator rights to access all SecuROM v7 features. Please be assured that this service is installed only for security and convenience purposes. UAServce7.exe does not connect to any server.
http://www.securom.com/support_faq.asp
November 22nd, 2005 at 7:12 am
My kingdom for an edit button, Jon….
From the EULA of Starforce,
The above should be corrected to read:
From the FAQs of Starforce,
November 22nd, 2005 at 3:02 pm
Hehehe….
Just like permanent black marking pens were made illegal because you could blackout the part of the CD that contained the DRM? Oh wait, they aren’t illegal? Hahaha… Just black out the area of the CD and there you have it. It must be at the end of the disc, otherwise it will not play on many standalone players.
The black marker pen fiasco was on a Celine Dion CD if I remember correctly.