sony's trojan remover does more damage then the trjoan does!!!

THRiLL KiLL · 15-November-05, 04:07 PM

oh god this is painfull =) take it on the way in... and take it on the way out....

http://blogs.washingtonpost.com/secu...ninstall_.html

Quote:


	Researchers: Sony Patch Opens Huge Security Hole As Security Fix warned in a post late last night, researchers have found new flaws in a program designed to remove portions of an anti-piracy software included in an unknown number of Sony BMG music CDs. A patch that Sony issued a week ago when virus writers began taking advantage of the software's file-hiding capabilities actually introduces serious new security risks onto the user's machine, according to research released today by Princeton University computer science professor Edward Felten. The Sony Web page where users can download the removal patch installs a program that remains on the user's PC even after removal tool has done its job, Felten said. And because of the way the tool is configured, he said, it allows any Web page that the user subsequently visits to download, install and run any code that it likes. I was speechless when I read this news, and had roughly the same thoughts as Felten expressed in his blog: "ThatÃ‚â€™s about as serious as a security flaw can get." According to Felten (whose research was informed by a discovery from a Finnish researcher known as "Muzzy"), "the root of the problem is a serious design flaw in SonyÃ‚â€™s web-based uninstaller. When you first fill out SonyÃ‚â€™s form to request a copy of the uninstaller, the request form downloads and installs a program -- an ActiveX control created by the [digital rights management software] vendor, First4Internet -- called CodeSupport. "CodeSupport remains on your system after you leave SonyÃ‚â€™s site, and it is marked as safe for scripting, so any Web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. "Unfortunately, CodeSupport doesnÃ‚â€™t verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the userÃ‚â€™s permission." If you've visited Sony's site and downloaded this removal tool, Felten's site has instructions on how to get rid of it -- although "it may not prevent the software from installing again, but itÃ‚â€™s better than nothing. WeÃ‚â€™ll have to wait for First4Internet to develop a complete patch." If you have Sony's anti-piracy software on your computer but haven't downloaded this removal tool yet, then good. Don't download it. In related news, USA Today reports that Sony will recall the CDs with the flawed anti-piracy software on them. Furthermore, the story notes that discs in the supply chain will not be sold, and customers who have already bought discs will be able to exchange them. Sony will announce details of the recall plan later in the week. As security researcher Don Kennedy (aka "Zoverlord") pointed out to me this morning, this means that Sony's security woes now extend beyond those who actually bought and used one of these copy-protected CDs on their computer. I'm betting that quite a few people frightened by all of this rootkit hubbub went and installed Sony's removal tool even though they weren't sure whether the anti-piracy software was even on their PC in the first place. Now, even those users have something new to worry about.

Foe · 15-November-05, 04:10 PM

Sony to Offer Exchanges of Rootkit CDs

Quote:


	Facing further pressure from unhappy consumers and now artists who are upset that their music has been tarnished by the invasive copy-protection added to certain CDs, Sony BMG now says it will pull the albums off store shelves entirely. The record label is also offering to exchange the CDs for non-DRM versions. The news follows an announcement last week in which Sony said it would suspend the manufacture of CDs with the software rootkit, known as XCP. "Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience," the company said in a follow-up statement.

News Source: BEtaNews.com

Nerdz · 15-November-05, 04:42 PM

Yea but how can we ever trust sony again?

Good move on the removing them from shelves, but what about peoples computers that have the root kit? How will sony fix that? Guess its time to reformat for those people who have it...

and time to microwave those CD's!

Pharaoh · 15-November-05, 07:25 PM

Quote:

Originally Posted by Nerdz


	Yea but how can we ever trust sony again?

I agree. The first envasion of putting that f'd up software on the disk was unforgivable and
now the fix is an even bigger boondoggle.

OFF with their heads!

Nerdz · 15-November-05, 07:32 PM

Boycott Sony!

Sign the petition
http://www.petitiononline.com/bcsony/petition.html
And heres a list of Cds that have the root kits:

http://www.idiotabroad.com/?p=58

and the blog:http://www.boycottsony.us/

NCXCStud · 15-November-05, 07:50 PM

Couple with this:

http://www.theinquirer.net/?article=27568

And Sony is #1 on many people's **** list right now...

man, and we though Microsoft made some bad moves...

Quote:


	No pre-owned games to be allowed for Playstation 3 That's the speculation, anyroadmap By: Marc McEntegart: Wednesday 09 November 2005, 11:11 A PATENT may allow Sony to ensure that no game would be playable from any console other than the one in which it was first read. Joystiq is reporting that this patent is the source of the many rumours that will mean as much to gamers as DRM is for music fans. The technology would allow an authentication code to be read and then rendered unreadable, making the software unplayable on any machine but the one which first read it. But this has caused considerable backlash from the gaming community. While many are aware of the double profit companies make on pre-owned games, this would ensure the death of trading games between friends and even going to a friend's house to play a little multiplayer. No less than Ken Kataguri himself is listed among the inventors, which makes it look like this is a move that came from very high up. It has already been pointed out that many Playstation users have had to replace their console, surely this would leave us high and dry in that event. While the PS3 hasn't been expressly mentioned in the patent in English or Japanese it would be the obvious place to employ this new technology, regardless of how little gamers will appreciate it. Between this and the DRM scandal, Sony could be looking at a serious drop in interest in the PS3. You can be sure you'll see more on this as it develops. As gamers, we can only hope that modern technology won't undermine the tried and tested barter system. Ã‚Âµ

Nerdz · 15-November-05, 07:52 PM

Whats with the ads?

NCXCStud · 15-November-05, 07:53 PM

I removed them...lol. I copied the text straight from the inquier...stupid ads came with it...had to go to IE to remove them...Firefox 1.5RC2 kept crashing

godfoot · 15-November-05, 08:38 PM

Quote:

Originally Posted by Nerdz


	Yea but how can we ever trust sony again?

Well, I haven't trusted them since around '98 or '99 when the very same division of Sony (Sony BMG) attempted to steal music that an acquaintance of mine produced (another DJ in Chicago).
Furthermore, I have been on a personal boycott ever since and they keep giving me more reasons to justify it. Sad thing is they have made some excellent products in the past (I used to have a Sony XEC1000 car audio crossover than kicked major arse) and they are just stepping on their own "members".

THRiLL KiLL · 16-November-05, 12:30 PM

more then 1/2 million networks were effected....

http://wired.com/news/technology/0,1...=wn_tophead_2#

link has pics that show howmany users were effected and where they are located

Nerdz · 16-November-05, 02:11 PM

Sony is in deep $hit now...Can you say bankruptcy? And they sacrifised half the world to stop priacy just because they were losing out on money...well guess what, they have taken on more of a loss. They should have stfu'd about the whole thing and taken it like other companys, but nope, they had to be greedy..

Now whos to say other music doesnt have this kind of stuff in it? Made by other companys?

THRiLL KiLL · 16-November-05, 03:10 PM

lol... microsoft is saving sony a$$

they announced that ther spyware removal tool will safely remove sonys trojan....

Nerdz · 16-November-05, 03:25 PM

But theres no sure way to be sure. The only sure way is too (gulp) do a low level Format.

EDIT: I think I have this thing..I just relized that one of my favorite bands (SOAD) is put out by Sony BMG...(hey I never said I bought it) But wait a sec...it was a leak....

wait a sec..its supposed to protect the CD...then how the hell...Lol Oh never mind then...SOAD probably leaked it on purpose.

godfoot · 16-November-05, 11:18 PM

I do remember hearing an interview with one of the guys from SOAD denouncing what Sony intended to do. Wouldn't surprise me to find out they had it leaked on purpose either.

16-November-05, 03:25 PM		#13 (permalink)
Nerdz Sir Knight of Spamalot	But theres no sure way to be sure. The only sure way is too (gulp) do a low level Format. EDIT: I think I have this thing..I just relized that one of my favorite bands (SOAD) is put out by Sony BMG...(hey I never said I bought it) But wait a sec...it was a leak.... wait a sec..its supposed to protect the CD...then how the hell...Lol Oh never mind then...SOAD probably leaked it on purpose. Last edited by Nerdz; 16-November-05 at 08:10 PM..

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
duplicate file remover???	GLO	Anything Goes	7	30-December-05 09:20 PM
FrozenCPU // ConnectRightÂ™ Male Molex Pin Remover	Gizmo	Vendor News RSS	0	13-August-05 03:36 AM
FrozenCPU // ConnectRightÂ™ Female Molex Pin Remover	Gizmo	Vendor News RSS	0	13-August-05 03:36 AM
Duplicate file remover?	r00t	General OS Tweaks	4	02-June-05 07:07 PM
FrozenCPU // Arctic SilverÂ® ArctiCleanÂ™ Thermal Material Remover / Surface Purifier - 60ml Kit	Gizmo	Vendor News RSS	0	12-February-05 11:57 PM

15-November-05, 04:42 PM		#3 (permalink)
Nerdz Sir Knight of Spamalot	Yea but how can we ever trust sony again? Good move on the removing them from shelves, but what about peoples computers that have the root kit? How will sony fix that? Guess its time to reformat for those people who have it... and time to microwave those CD's!

15-November-05, 07:32 PM		#5 (permalink)
Nerdz Sir Knight of Spamalot	Boycott Sony! Sign the petition http://www.petitiononline.com/bcsony/petition.html And heres a list of Cds that have the root kits: http://www.idiotabroad.com/?p=58 and the blog:http://www.boycottsony.us/

15-November-05, 07:52 PM		#7 (permalink)
Nerdz Sir Knight of Spamalot	Whats with the ads?

15-November-05, 07:53 PM		#8 (permalink)
NCXCStud Apex Tech Fanatic Supreme	I removed them...lol. I copied the text straight from the inquier...stupid ads came with it...had to go to IE to remove them...Firefox 1.5RC2 kept crashing

16-November-05, 12:30 PM		#10 (permalink)
THRiLL KiLL PcApEX's PuNK ROckER	more then 1/2 million networks were effected.... http://wired.com/news/technology/0,1...=wn_tophead_2# link has pics that show howmany users were effected and where they are located

16-November-05, 02:11 PM		#11 (permalink)
Nerdz Sir Knight of Spamalot	Sony is in deep $hit now...Can you say bankruptcy? And they sacrifised half the world to stop priacy just because they were losing out on money...well guess what, they have taken on more of a loss. They should have stfu'd about the whole thing and taken it like other companys, but nope, they had to be greedy.. Now whos to say other music doesnt have this kind of stuff in it? Made by other companys?

16-November-05, 03:10 PM		#12 (permalink)
THRiLL KiLL PcApEX's PuNK ROckER	lol... microsoft is saving sony a$$ they announced that ther spyware removal tool will safely remove sonys trojan....

16-November-05, 11:18 PM		#14 (permalink)
godfoot A George Orwell fan...sorta	I do remember hearing an interview with one of the guys from SOAD denouncing what Sony intended to do. Wouldn't surprise me to find out they had it leaked on purpose either.