p2pnet - rss feed: Sony knew about DRM spyware
p2p news / p2pnet: Anyone who’s following the Sony BMG First 4 Internet XCP DRM spyware scandal - and that’s everyone - could be forgiven for thinking it was all news to Sony BMG. After all, Sony didn’t actually make the stuff. That was down to First 4 Internet, which has since been found to have ripped some of the code off. What’s more, “The company initially rejected the uproar over XCP as technobabble,” said the Associated Press.
And didn’t Sony BMG act with alacrity when its spyware spyware was finally identified as definitely being spyware, opening an “information” spin site where victims could start the process of getting their polluted CDs replaced?
But alas, that wasn’t the case.
Sony BMG was warned that it’s CDs were carrying spyware well before the excreta hit the fan.
Two blogs, one from Mark Russinovich and another from F-Secure, went online within hours of each other.
F-Secure posted on November 1 with, “Sony BMG is currently using a rootkit-based DRM system on some CD records sold in USA. As far as we know, this system has been in use since March 2005. We’ve made some test purchases for Sony BMG records from Amazon.com and can confirm that they contained this technology.”
p2pnet asked F-Sescure research director Mikko Hyppönen if he’d told Sony about his company’s (and, as it also turned out, Russinovich’s) discovery before blogging the “Sony rootkit” report.
“Yes,” he said, “at the beginning of October.
“We didn’t want to disclose this publicly for fear of virus writers exploiting it. After it became public, it took nine days for the first malware to come out that used it.”
Stay tuned.
November 30th, 2005 at 9:32 pm
This is just so sad on so many levels. The consomer gets screwed, the artists get screwed and now the company itself is getting screwed (deservedly so I may add).
I see class action suits, and condemnations coming from all over except from one very important segment of the issue and that is from the artists. Now, I realize that most (if not all) the artists signed away their copyrights to the Labels, and there is something wrong with that as well but thats a story for another time, but I would think I would have heard alot more from them.
“nuff said
November 30th, 2005 at 10:07 pm
Yeap, I agree. The artist had no control over how their works were released. Those same artists are painted with taint that their labels decided was a good idea.
Again we see that the Sony Coverup was just that. Sony’s wiggling and squirming was nothing short of “We got caught” and they didn’t want to own up to it and do something about right at the best sales time of the year. That part of issuing new or repackaged music is very careful ochrastrated so that they will get their bucks during the buying crazy time of the year, that of Christmas.
Sony not only tried to cover up they knew about it, they also tried to gain out of the situtation by getting yet more information out of the user. By requiring personal info to release the uncloaker (not a uninstaller mind you). They could combine the data they got to id an ip number to a person through this excuse of wanting more data. I don’t think I have seen anyone mention that in any of these articles. The information is on the net to find what geographical area one is from by ip. Combine that with an physical address and for unpopulated areas, that gives an almost certainty that folks will be ided. NOt only did they seek this personal data but they did it twice, once with the idea of putting you on their mailing lists by not allowing you to opt out of the agreement while seeking to get your decloaker that no one should be concerned about security with.
Lastly, through the whole process they have purposely dragged their feet on doing anything and only when it would not go away did they even admit issues. After issuing a recall that wasn’t stated as a recall, the product is still on the shelves for people to buy. Many of the laws suits coming up are over this being available after Sony said it was pulling the product but the store owners and merchants knew nothing about it.
Christmas season and money are the reasons. They had to be made to do this. They didn’t do it willingly, nor did they do what a company that was responcible would have done. The corporation displayed guilty in actions and it continues today to display the same attitude.
November 30th, 2005 at 10:34 pm
lol, alacrity. c’mon, you could have just said ‘timely response’. jeesh, what is this a phd dissertation?!?! Use some terms that your demographic will understand, and lets be honest, thats pre-adolescents and teenagers…although if they took the time to look it up, then it may be worthwhile…..hmmmm, although I question if that was your motivation
December 1st, 2005 at 6:38 am
I for one learned a new word… In addition to enlightment on this Sony DRM (Disastrous Rootkit Mistake).
“The mind, once expanded to the dimensions of larger ideas,
never returns to its original size.”
December 1st, 2005 at 8:14 am
It is interesting that SunnComm insiders are claiming the company knew about the problems with First4Internet months ago, but wouldn’t tell Sony about them.
“sahd3g, You are correct, there was knowledge of SEVERE problems with First4 months back, BUT it would not be the best in regards to business relationships telling one of your best clients “Hey dummy - that other stuff you are evaluating has LOTS of problems”. Besides, anyone would feel that it was certainly NOT unbiased.
MediaMax has done a VERY GOOD job at selling, look at the size of their competitors, and this little company is making big headway. IMHO, I feel the “BMG” side of Sony will communicate very well for us.
I EXPECT very good results with Kevin, he will hit the ground running.”
http://www.investorshub.com/boards/read_msg.asp?message_id=8476531
December 2nd, 2005 at 4:46 pm
Has it occured to anyone that Sony may have been using the information sent back to them to marry ip address’s to peoples personal information…. for their lawsuits against their customers?
December 2nd, 2005 at 5:27 pm
Why would Sony want to sue the people actually paying? This DRM, like all DRM, does not affect the activities of those infringing copyright in any way. Most of the software that Rips CDs wouldn’t even know there was a defect in this media, and would rip as normal — and those receiving these unauthorized DRM-free files from someone else would also not even know that the “original” had DRM on it.
What Sony-BMG was doing should be clearly illegal, and their digitally enforced contracts (that is the purpose of DRM — to enforce often hidden contracts) would have been unenforceable if they were made adequately transparent and accountable (as all legitimate contracts must be).
December 2nd, 2005 at 6:26 pm
Hi Russel,
‘Why would Sony want to sue the people actually paying?”
yeah but let’s not forget those who dl music to see if it’s worth buying. The RIAA doesn’t discriminate between these people and people dl with no intent to purchase, they just sue all they can track down.
Here is the scenario I was thinking of. A person has installed the Sony/BMG rootkit/spyware which then calls home to Sony/BMG, sending with it the ip address and personal information. I don’t know if it’s a one time thing or if it calls home on a daily basis, monthly yearly etc. Now the RIAA identifies that particulare ip address as having dl music (to replace a damaged cd, to use in an mp3 player as their drm version doesn’t allow them to, for what ever reason). Now they have the ip address and personal information to marry to it, they would no longer have to go to the ISP to identify that person, saving them lawers fees.
December 2nd, 2005 at 6:27 pm
opps sorry for mis spelling your name Russell
December 3rd, 2005 at 1:32 am
I’ve been following this story, and the calls for a boycott of Sony products, for a while. I had to buy a few pairs of headphones recently and avoided Sony (not easy, they make up about 90% of the headphone aisle) because of their behavior.
I take this very seriously. Sony, and other companies, need to realize that to a heavy computer user, a computer is like a 2nd brain. Any attempt to compromise it’s capabilities or security, or to covertly collect information from it is absolutely unacceptable.