Sony BMG DRM on military nets
p2p news / p2pnet: "Hundreds of thousands of networks across the globe, including many military and government networks, appear to still contain PCs with the controversial copy-protection software installed by music discs sold by media giant Sony BMG," says SecurityFocus, quoting security expert Dan Kaminsky.
Sony BMG was caught red-handed using Digital-Restrictions Management (DRM) MediaMax software from SunnComm and First 4 Internet’s Extended Copy Protection (XCP) rootkit program. It hid the DRM on music CDs. When users played them, the spyware was installed without their knowledge.
Sony BMG is now being sued in a number of class actions and has also been forced to offer cash and product replacements to victims. The fall-out continues despite Sony boss Howard Stringer’s efforts to downplay the PR catastrophe.
During an initial survey in mid-November last year, Kaminsky found 568,000 DNS servers had previously been asked to look up three different server addresses used by the XCP software, says SecurityFocus. "Another 350,000 servers had to be thrown out from the data set because they did not obey commands to only look in their cache, and instead asked for information from other servers on the Internet."
Between December 15 and December 23, another survey found 350,000 servers had the unique address in their caches, the story says, going on, "While other factors may increase or decrease the number, Kaminsky continues to stress that the experiment is about finding out the magnitude of the impact of Sony BMG’s software.
"The data shows [sic] that this is most likely a hundreds-of-thousands to millions of victims issue," Kaminsky stated, also saying, "The global scope is the big mystery here. It is fairly likely that a lot of the discs were pirated."
Given that the Sony BMG DRM has affected US government and military computers, will the Department of Justice now become involved?
Not likely, SecurityFocus quotes Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School, as saying: "I don’t see the federal government suing a big company like Sony. The fact that military networks have likely been affected by this won’t change that."
Also See:
SecurityFocus – Researcher: Sony BMG "rootkit" still widespread, January 16, 2006
downplay – Sony boss on DRM spyware mess, January 9, 2006
January 16th, 2006 at 10:44 pm
“I don’t see the federal government suing a big company like Sony…”
The bush administration suing Sony? That is not going to happen on curious george’s watch. Today’s US gvmnt suing any of the high profile multi-national media companys? Not likely. Bush and his cronies may not know how to manage responding to a natural disaster, but they do know what side of their bread is buttered.
January 17th, 2006 at 8:59 am
“It is fairly likely that a lot of the discs were pirated”
So malware DRM designed to combat copying is spread by copying and ends up turning a US disaster into a global disaster.
The irony here is almost unbearable. And leads to the next question. What is Sony going to do about it on a global scale?
January 17th, 2006 at 3:36 pm
“The irony here is almost unbearable. And leads to the next question. What is Sony going to do about it on a global scale?”
Ignore it and hope they get away with it
January 17th, 2006 at 3:38 pm
Anyone heard if anything is being done in Canada?
How about any of the other countries they sold the virus infected cd’s in?
Hmmm guess they arn’t actually cd now are they? What should they be called?
January 17th, 2006 at 4:09 pm
Allegedly the Not-A-CDs were not available outside the USA. However, until the story broke Amazon at least were selling them in the UK as imports. Since then they’ve been removed from Amazon’s catalogues outside Amazon.com. This has neatly absolved Amazon from offering replacements and Sony doing anything about the worldwide problem.
So they want the problem to disappear and go away? Well we need to make sure that doesn’t happen.
January 17th, 2006 at 4:39 pm
So they want the problem to disappear and go away?
No, I want SONY to go away and disappear.
January 18th, 2006 at 1:54 am
The irony is that the military copies Sony recordings into their computers without Sony’s authorization. The military or maybe even Bush (collectively Uncle Sam) is the equivalent of the sued mothers who should have (per RIAA’s criminilize everyone theories) known what their children did. The soldiers or employees that copied the cd’s are the children of Uncle Sam, analogous to the accused downloader children of Santangelo and other similar RIAA victims.
So, we have to be on the lookout to see if Sony sues partner Uncle Sam. If Sony does not sue partner Uncle Sam then they discriminate against ordinary people and protect or fear the government. Bad, no matter how you look at it.
If Sony does not sue Uncle Sam, it only proves what was suspected, RIAA goes only after wounded and weak prey.
On the other hand, the justice Department should also investigate Uncle Sam so no one says that they discriminate against the people and describe them as criminal for doing the same thing as Uncle Sam does. After all copyright infringement is a Crime per the Justice Department and their FBI do need to be taken seriously, for a change.
Of course, the Justice Department is part of Uncle Sam, so they must inhibit themselves. Perhaps a good candidate to investigate Uncle Sam’s criminal copyright infringement of Sony’s records is Congress, if it were not for the lobby scandal.
So, the victim of Sony’s DRM is also the criminal infringer, which makes Sony both a criminal and a victim of an infringement which the DMR was designed to prevent.
A good thing that people still have a sense of humor and can laugh at at another copyright mess!
Rafael Venegas
http://www.gvenegas.com
January 18th, 2006 at 2:39 am
Sounds like the lesson for the day is NEVER buy cd’s. Not from anyone.