<p>/herez a good piece to feast on...<br></p><p>Sony has released a <a href="http://cp.sonybmg.com/xcp/">patch</a> for a
music CD anti piracy technology after security experts warned that it forms a
potential security risk.</p>
<p>The copyright protection software would automatically install when a consumer
inserted a music CD with the XCP digital rights management technology in their
computers. The software is designed to limit the number of copies that users can
make of the CD and restrict ripping of the disk.</p>
<p>Software developer
<a href="http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html">Mark
Russinovich of Sysinternals</a> on Monday reported that he had detected that
Sony secretly had installed a rootkit on his system. He traced the software back
to Sony and the XCP technology from
<a href="http://www.first4internet.com/">First 4 Internet</a>, an English
software developer.</p>
<p>The rootkit served to hide the digital rights management technology from the
user as well as the system itself, including anti virus software. When
Russinovich tried to remove the application, he found that his CD drive was
disabled.</p>
<p>Sony uses the rootkit to prevent the user from removing the copyright
protection technology and violating Sony's copyright. But worm authors too could
abuse this feature to hide malicious applications.</p>
<p>The patch will remove the cloaking capability of the software to enable users
to remove the Sony tool. This will however render their systems incapable of
playing the music CDs.</p>
<p>"Sony's motives are reasonable from their point of view, but it's a terrible
security hole," said Roger Thompson, chief executive of security provider
<a href="http://www.wormradar.com/">Worm Radar</a>.</p>
<p>"The risk is that [worms] now have a place to hide things where anti virus
programmes can't see them. They can tug themselves in under the protection of
that rootkit," he told <a href="http://www.vnunet.com/">vnunet.com</a>.</p>
<p>Sony denies that the technology is malicious or compromises a security risk.
</p>
<p>Rootkits are best known as hacker tools that allow them to hide malicious
software and build a back door into a system. Botnet operators are increasingly
using rootkits to prevent detection of their malware, which has given rise to a
<a href="http://msn.vnunet.com/vnunet/news/2144149/rootkits-turn-professional">commercial
industry</a> to build and update these tools in the constant game of cat and
mouse between malware creators and anti-virus companies.</p>
<p>While acknowledging the potential risks involved with the Sony rootkit, David
Perry, global director of education with Trend Micro, said that the practical
threat is very small.</p>
<p>"The only time when we see people use these vulnerability is when [the tool]
reaches a substantial percentage of the public," Perry told
<a href="http://www.vnunet.com/">vnunet.com</a>. "As of yet this has a very small
impact."</p>
<p>He added that the association of the Sony technology with rootkits probably
caused the most outrage because the software is associated with hacker tools.
</p>---<br>hope is the quintessential human illusion... simultaneously the source of your greatest strength and your greatest weakness<br><br><div><span class="gmail_quote">On 11/2/05, <b class="gmail_sendername">Daniel V
</b> <<a href="mailto:cloudlakedreamer@yahoo.com">cloudlakedreamer@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Wait till you hear what Sony is up to...<br><a href="http://www.securitypronews.com/insiderreports/insider/spn-49-20051102SonyDistributingSpyware.html">http://www.securitypronews.com/insiderreports/insider/spn-49-20051102SonyDistributingSpyware.html
</a><br><br>--- Josh Johnson <<a href="mailto:joshj@linuxmail.org">joshj@linuxmail.org</a>> wrote:<br>><br>On Wed, 2 Nov 2005, JJ Neff wrote:<br>He has a bit of a point though. I've been trying to<br>get a legally purchased CD to play on any PC Linux or
<br>Windows - without installing software from the CD. I<br>cannot play a Shakira CD I bought on my PC at all.<br>><br>...<br><br><br><br>__________________________________<br>Yahoo! FareChase: Search multiple travel sites in one
<br>click.<br><a href="http://farechase.yahoo.com">http://farechase.yahoo.com</a><br><br><br><br>__________________________________<br>Yahoo! FareChase: Search multiple travel sites in one click.<br><a href="http://farechase.yahoo.com">
http://farechase.yahoo.com</a><br>_______________________________________________<br>nflug mailing list<br><a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br><a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug
</a><br></blockquote></div><br>