Announcement

Collapse
No announcement yet.

The EFF cannot save us now

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The EFF cannot save us now

    Sony BMG Hacking Into CD Buyers' Computers

    What is your opinion on this?
    Did Everquest teach you that?

  • #2
    Yet another reason to buy vinyl instead of CDs
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

    Comment


    • #3
      Waiting for the first worm to exploit this and the wave of lawsuits against sony for the damages
      Never drink anything larger than your head!





      Comment


      • #4
        Originally posted by renderman
        Waiting for the first worm to exploit this and the wave of lawsuits against sony for the damages
        If enough big businesses do this, we have the potential for a legal DDoS against Sony.

        Is there secondary confirmation on this story yet?

        Comment


        • #5
          Originally posted by TheCotMan
          If enough big businesses do this, we have the potential for a legal DDoS against Sony.

          Is there secondary confirmation on this story yet?
          The story has been all over the place, and the source doesn't seem to an unreliable one. The guy is one of the programmers for sysinternals. The original article can be found here:
          http://www.sysinternals.com/blog/200...al-rights.html

          -zac
          %54%68%69%73%20%69%73%20%6E%6F%74%20%68%65%78

          Comment


          • #6
            i waver in my opinion on this, but at the moment i feel that anybody careless enough to allow a mere audio CD to auto-run code or execute anything from a data session track without their say-so deserves whatever havoc they get.

            it's NOT HARD to bypass ALL on-disc protections, people. for a CD to be playable in all units it has to have data on it that is red book compliant.* that alone gives you the ability to pop it into ANY computer and (with proper settings) just view the audio data tracks.

            no matter how advanced a protection is, you still have to execute a binary file for it to be loaded on a computer. this is like saying "there's a new pizza security device that will chop off the hands of anyone who didn't tip their delivery driver" and it amounts to a bear trap that comes in a second box, on top of the box with the pizza you ordered. sure, the jaws can be strong steel and the teeth sharp and the spring bar amazingly powerful... but you still have to open that second box and start fucking around with the contents for it to get you. any sane person would simply throw the top box aside, open the bottom one and help themself to a slice. Any introduction of the bear-trap security into the actual pie itself would make it no longer a pizza. Audio CD protections work the same way.

            feel free to point out where i am wrong in my thoughts and/or how silly or delicious you found my analogy.

            * i know that certain manufacturers were shipping discs a while back that were not, technically, red book compliant audio CDs. don't recall if they got slapped by the standards board (there was talk that they shouldn't be allowed to mark the discs with the "Compact Disc Digital Audio" logo) but i think this technique disappeared since the discs weren't playable in a wide variety of units
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #7
              Update: I called Sony of American Music Division yesterday and first off asked for this conversation to be recorded then be given a reference number for future reference. I then requested to speak to someone in management that would have knowledge of Music Content and Packaging features. Kudos to Sony reps as I spoke with someone who not only spoke English but also was able to direct me to the right person the first time. My question to the manager (I was directed to) was whether or not that Sony Music was aware of the implications of packaging root kits in their music. The manager who was polite the entire time responded that it was in the best interest of Sony Music to do so and when queried about the potential to install hazardous code which could harm the machine She said she did not know enough about the subject to accurately give me Sony's position on the matter however she did say she would put in a customer complaint to their tech department about the matter. I asked her as a final question whether or not they had received many calls about this and after a sec she said yes. I then thanked her for her time and hung up.

              Now I am wondering when the first lawsuit from this comes around will Sony claim Plausible Deniability or that their actions were in fact justified.
              Did Everquest teach you that?

              Comment


              • #8
                Maybe their CDs need to list minimum system standards required before we place them into our PCs. Usually software vendors so this so we won't whine when Server 2003 won't load with 4MB of RAM. I would very much like to know what software this may conflict with.

                Comment


                • #9
                  /. has a collection of responses posted where there appears to be a Sony-provided uninstaller for this:

                  By publishing an uninstaller, they may be partly admitting their software to be a problem, or they may be helping to build a legal defense. ...
                  (hypotheical)
                  "We can't be blamed. The EULA requires they use it, and we have an uninstaller if they decide they don't want it. They get to decide if they really want our product,"

                  Comment


                  • #10
                    http://www.securityfocus.com/brief/34

                    WoW users have confirmed that by using the rootkit capability of Sony's DRM, they can bypass "The Warden" features on WoW.

                    Dance puppets, dance!
                    Aut disce aut discede

                    Comment


                    • #11
                      Originally posted by AlxRogan
                      http://www.securityfocus.com/brief/34

                      WoW users have confirmed that by using the rootkit capability of Sony's DRM, they can bypass "The Warden" features on WoW.

                      Dance puppets, dance!
                      The irony in that would be if Sony owns Blizzard who makes Warcraft.
                      Did Everquest teach you that?

                      Comment


                      • #12
                        This is like many securities: it will stop the people who wouldn't/didn't have the ability to abuse the original product- but not stop the people who would have abused the product anyway (to a certain extent anyway)-

                        I don't think you'll see *that much* of a net change in the copying/piracy/LEGAL BACKUP of your own stuff from this type of approach to the technology.

                        LosT

                        Comment


                        • #13
                          Originally posted by Deviant Ollam
                          i waver in my opinion on this, but at the moment i feel that anybody careless enough to allow a mere audio CD to auto-run code or execute anything from a data session track without their say-so deserves whatever havoc they get.

                          it's NOT HARD to bypass ALL on-disc protections, people. for a CD to be playable in all units it has to have data on it that is red book compliant.* that alone gives you the ability to pop it into ANY computer and (with proper settings) just view the audio data tracks.

                          no matter how advanced a protection is, you still have to execute a binary file for it to be loaded on a computer. this is like saying "there's a new pizza security device that will chop off the hands of anyone who didn't tip their delivery driver" and it amounts to a bear trap that comes in a second box, on top of the box with the pizza you ordered. sure, the jaws can be strong steel and the teeth sharp and the spring bar amazingly powerful... but you still have to open that second box and start fucking around with the contents for it to get you. any sane person would simply throw the top box aside, open the bottom one and help themself to a slice. Any introduction of the bear-trap security into the actual pie itself would make it no longer a pizza. Audio CD protections work the same way.

                          feel free to point out where i am wrong in my thoughts and/or how silly or delicious you found my analogy.

                          * i know that certain manufacturers were shipping discs a while back that were not, technically, red book compliant audio CDs. don't recall if they got slapped by the standards board (there was talk that they shouldn't be allowed to mark the discs with the "Compact Disc Digital Audio" logo) but i think this technique disappeared since the discs weren't playable in a wide variety of units
                          You are correct in this, my friend.. but remember.. grandma does not know to do this, nor does the average computer user. I can see how they would fall into this trap. Either way.. the fact that a company is installing sofware to 0wn someone's computer is outrageous..
                          Happiness is a belt-fed weapon.

                          Comment


                          • #14
                            Originally posted by che
                            You are correct in this, my friend.. but remember.. grandma does not know to do this, nor does the average computer user. I can see how they would fall into this trap.
                            That depends on whom they are attempting to curtail. If you consider the "enemy" to be the people who share their music collection with the entire world via the Internet, then Deviant is correct and this technology is impotent. If you consider the "enemy" to be the people who burn a copy or two for their friends and family members, then the technology is likely to be extremely effective. (Note that I ignore the fact that in the long view such technology ultimately drives people to seek a better product such as the free, burnable songs available from the first crowd.)

                            Comment


                            • #15
                              Originally posted by TheCotMan
                              /. has a collection of responses posted where there appears to be a Sony-provided uninstaller for this:

                              By publishing an uninstaller, they may be partly admitting their software to be a problem, or they may be helping to build a legal defense. ...
                              (hypotheical)
                              "We can't be blamed. The EULA requires they use it, and we have an uninstaller if they decide they don't want it. They get to decide if they really want our product,"
                              (If I remember correctly) It wasn't actually an uninstaller, it just makes the hidden files visable again, which doesn't fix the "break your computer if you remove them" problem.

                              From http://www.betanews.com/article/Sony...it/1130965475:
                              The patch will be made available for download from Sony BMG's Web site, with another offered directly to antivirus vendors. The DRM software will not be removed, however, only uncovered; that means users will still be unable to delete it without risk of rendering their CD drive inoperable.
                              -zac
                              Last edited by pr0zac0x2a; November 3, 2005, 23:53.
                              %54%68%69%73%20%69%73%20%6E%6F%74%20%68%65%78

                              Comment

                              Working...
                              X