• On BNET: 24 killer apps for a flash drive

November 18, 2005 5:25 PM PST

New Sony CD risk identified

Computer researchers uncovered a new security risk Friday related to Sony BMG Music Entertainment copy-protected CDs, which could expose several hundred computers to attack.

This security flaw dealt with different technology than that which has sparked controversy for nearly three weeks, however.

Recent criticism has focused on Sony's release of discs containing copy-protection software created by British company First 4 Internet, which opened listener's computers to hackers' attack. The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases.

Sony said in a statement Friday that SunnComm had removed the uninstall program from the Web, and was in the process of contacting 223 consumers who had downloaded it while it was available.

The security hole in the uninstall program was similar to one discovered with First 4 Internet's uninstall program several days ago.

In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' Web sites, but would also respond to malicious instructions from other Web sites.

In its statement, Sony said that SunnComm was developing a new uninstall program for its copy-protection software, and that Felten had agreed to review it before it was posted online.

The SunnComm security risk discovered by Felten and Halderman is limited to the uninstall program, which was distributed separately from the CDs themselves.

See more CNET content tagged:
SunnComm Technologies, First 4 Internet Ltd., copy protection, Sony Corp., Sony BMG Music Entertainment

Add a Comment (Log in or register) 17 comments
ohh... WOW!
by pariank November 18, 2005 7:08 PM PST
When will this fiasco end?
Reply to this comment
What's all the fuss, this technology was known a year ago???
by RockyFromWA November 18, 2005 7:29 PM PST
Am I the only one mystified by all of the fuss about this Sony CD rootkit stuff. This "technology" from First 4 Internet (F4i) and SunnComm has been well documented in the trade mags and Internet sites starting over a year ago. What is disappointing is the fact that even the supposed technical mags missed asking F4i how their "technology" really worked. No wonder F4i and Sony thought the "technology" was wonderful, even the computer mags seemed to like it. Foolish. F4i's technology was obviously going to install software on systems when the user put the CD into a computer, nothing mysterious about that. For proof of the reporting by the media about this great technology, look at: http://news.zdnet.com/2100-9588_22-5492395.html, http://news.zdnet.com/2100-3513_22-5238208.html, and even Slashdot, http://slashdot.org/article.pl?sid=04/12/18/189224&from=rss. At least the Slashdot users saw some of the potential issues. For even more articles, just look at the Press section at the First 4 Internet site: http://www.xcp-aurora.com/press_related.aspx.
Reply to this comment View reply
I think I used it
by wazzledoozle November 18, 2005 7:58 PM PST
As soon as the story was posted about the uninstaller being available, I ran it.

How do I remove it?
Reply to this comment
boycott sony!!!
by digitallysick November 19, 2005 3:38 AM PST
this is what they get for going crazy over the whole copying music thing, now sony and the artist will loose money because no one will buy the cds anymore, i think people are fed up with sonys actions
Reply to this comment View reply
Amazing!
by Brucenote November 19, 2005 5:17 AM PST
Sony needs a new Technical Director
AND a new PR firm!

They've botched this whole thing about as
badly as possible....
Reply to this comment
Think Apple, Sink Sony
by SqlserverCode November 19, 2005 4:26 PM PST
What a backlash in the making, I know I won't be buying any Sony products. What's next? Maybe the Memorysticks have a rootkit on them too? I mean do you trust those sticks now?

http://work-out.blogspot.com/
Reply to this comment
MUST BOYCOTT SONY
by Stan Johnson November 19, 2005 6:30 PM PST
Consumers must stop this greed ridden company from doing any further damage.

Sony's gotta go!
Reply to this comment View reply
Classic Sony
by November 20, 2005 1:34 AM PST
My first wakeup call with Sony was the day my friends all turned out with Playstation 2s. There was this fancy little logo on their memory cards called "Magic Gate". After a bit of research, it became clear to me that Sony was trying to do something I didn't approve of.
After purchasing a MiniDisc player ages ago - surprise - there was Magic Gate, offering to "protect" ME.

From what? I don't own or condone the use of Mini Disc players anymore. The questionable and slow software that Sony forces on people cripples any appeal they once had.

Now, a year or two down the road, after going anti-sony, I'm not surprised about any of this. This is just the classic behaviour I've come to expect from them.

Get smart and stop purchasing Sony products. There are much better alternatives out there for so many good reasons.
Reply to this comment
Valuable information right here - note: sarcasm
by XedOut CreationZ November 21, 2005 9:31 AM PST
"programs responded to commands from their creators' Web
sites, but would also respond to malicious instructions from
other Web sites."

So this is pretty much the topic? It's been my understanding that
this kind of thing has been around for a long time. You forgot to
mention that the commands sent by the website are
preprogramed and so the security risk only exist if those
commands did something potentially harmful to the computer
or it's user. Otherwise it could be as basic as the "mailto:" link
protocol in a browser, which generally opens the computer's
default mail program with a new message addressed to the
email address after the "mailto:" potocol.
Reply to this comment View reply
This is a good thing!
by Mister C November 21, 2005 11:08 AM PST
The light of day has a definite antibiotic effect. Once the smoke clears we may all be better off because of Sony's greed and stupidity. In the mean time I sure am glad I haven't put any new Sony CD's on my machine (3 cheers for blind dumb luck).
Reply to this comment
Sony is over...
by imperialgatekeeper November 21, 2005 11:47 AM PST
I have to admit, their camera products are good.

Their audio products lack user-friendliness because of the DRM software they use. All their electronics have proprietary parts, and they hate technical users of their products... Their customer service and driver support is good for nothing because new products are always cheaper than repairs and drivers do not work.

On top of that, they are hiding their horrible financial standing.

I give them 2 years to burn through their cash..
Reply to this comment
Sink SONY!
by heystoopid April 25, 2008 5:30 PM PDT
Time has come to sink SONY, in a sea of class action law suits for consumer restitution for this malware/trojan(current and future incantations of this virus transmitted software)/including illegal use of open source software/recording artists if forced to pay restitution from all royalty payments for the replacement consumer cd's on issue/restitution to all users forced to disinfect and remove rootkit from all computers, with hardrive wipe, clean and reinstall of uninfected OS!/legal action from FTC for false advertising and deliberate breach of business and ethics regulations(all) and from the redoubtable NEW YORK AG Eliot Spitzer for 568,000 cases of illegal felony trespass of personal and federal property! Finally , a total consumer boycott of all that is SONY! Me, I will never trust SONY to do the right thing ever, for once bitten twice shy!
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right