 |
| Top
Security News |
2
New AntiSpyware Products from McAfee
McAfee announced the offering of two new anti-spyware products today: McAfee AntiSpyware
Enterprise and McAfee Managed VirusScan plus AntiSpyware....
Consumers
Want Online Security
Microsoft continues to have problems with their monthly patch updates... Microsoft
continues to have problems with their monthly patch updates...
TrendMicro
Backtracks On Trojan For MS
Security company TrendMicro backtracked on a new Trojan they said they discovered
last week that played upon new vulnerabilities in Windows. Microsoft announced
the graphics vulnerabilities during...
Tsunami
Hacker Got A Real Job
Recently convicted Daniel Cuthbert got a job slightly better than most convicts.
The convicted stemmed from his hacking into a Tsunami...
Enternet
Media Raided By FTC, Shut Down
Accused spyware distributor Enternet faces charges after a federal judge shut
them down on Thursday. The Federal Trade Commission (FTC) filed a lawsuit and
was subsequently granted the court...
Los
Angeles Virus Spreader Gets Inoculated
A Los Angeles man is being held without bond after being charged with spreading
electronic viruses in order to get control over computers...charged with spreading...
Yahoo
IM Hit With Big Phish
A new phishing scam is trying to phlounder Yahoo's instant messenger (YIM). IMlogic
discovered the piscine pest is being broadcast...
Flash
Player Vulnerability Corrected with Latest Version
A security flaw was discovered in Macromedia Flash Player versions 7. Macromedia
and others have classified the flaw as highly critical.Macromedia and others have
classified the flaw as highly critical.
Trojan Circulating For Windows Vulnerability
Microsoft released their latest security patch on Tuesday. A Trojan exploiting
the vulnerabilities was there on Wednesday. TrendMicro spotted the little nasty
on Wednesday and rated...
Phishing
In Bermuda
Customers of the Bank of Bermuda need to keep an eye out for the latest phishing
scam because it's coming for them. The attack, launched from Lawrenceburg, Tennessee
sent spam emails in an attempt to get people to turn over their banking information...
Oracle
Patch Problems
It seems like everyone is having patch problems. On Tuesday, NGSResearchers discovered
problems in Oracle's most recent Critical Patch Update. The biggest problem stems
from the patch's...
|
|
|
|
|
Sony BMG continues to have problems over their rootkit distribution problems in
what has turned into public relations nightmare. It seems like they've done everything
wrong in this situation and they continue to make it worse. Now, it's been discovered
the cure is actually worse than the disease.
Editor's Note
Think Sony needs to be punished or do you think they were justified in their
measures fo protect their copyrighted material? Check it out at the Security Forum
on WebProWorld.
A quick recap is in order. Several months ago, Sony BMG began distributing Digital
Rights Management (DRM) software on their music CDs to prevent people from making
multiple copies of their discs for piracy purposes. On 20 of those CDs distributed
through their various labels, they included software called a rootkit. It was
not mentioned in the End User License Agreement (EULA).
The rootkit is a program that masks certain activities, particularly those of
individuals trying to root around for information in one's computer. Rootkits
are most commonly used by malware distributors to dig around and scan one's computer
and in some cases do some ugly things in there. Yes, big time music distributor
Sony BMG put this on your music CD.
Enter F Secure and Mark Russinovich
of SysInternals. They picked up
some of the infected CDs and installed them on their computers. They did some
digging around after the fact and found this program, the rootkit. They ran some
tests to verify what it was. Then they tried to uninstall it. It made their disc
drive disappear. They also said this rootkit was a great way for hackers to get
into one's computer and cause all kinds of problems. They published their results
on their blogs and the tech world went crazy.
Sony put up a fix from their website. The fix wasn't all that though. First, you
had to fill out a form for it. Then when it was installed, some reported it crashed
their computer and removed some data files. The uninstaller gets even better though.
The Freedom To Tinker blog
reported a Finnish research named Muzzy came upon a potential vulnerability in
the web-based uninstaller for the First4Internet XCP copy protection software.
Freedom to Tinker said this vulnerability represents a greater risk than the original
rootkit. Thanks Sony!
Did I mention viruses were floating around? A Romanian security firm called BitDefender
discovered Trojan variants this past Thursday and fixes have already been developed.
Microsoft said they were including a fix in their December patch release as well.
Next would be the lawsuits. Lawyers in California have already filed suit, claiming
Sony's broken multiple laws with this rootkit row. There's also been talk of lawsuits
in New York and from other groups.
The Electronic
Frontier Foundation, who's also gauging a potential lawsuit, recently posted
an open letter to executives at Sony for everyone to read. They made a few suggestions
for Sony BMG they think could help the situation:
· Recall all CDs
that contain the XCP and SunnComm MediaMax technology. The recall must include
removing all infected CDs from store shelves as well as halting all online sales
of the affected merchandise. We understand from a recent New York Times article
that well over 2 million infected CDs with the XCP technology are in the marketplace
and have yet to be sold.
· Remove from all current and future marketing materials statements like that
on http://cp.sonybmg.com/xcp/english/updates.html that say the cloaking software
"is not malicious and does not compromise security."
· Widely publicize the potential security and other risks associated with the
XCP and SunnComm MediaMax technology to allow the 2.1 million consumers who have
already purchased the CDs to make informed decisions regarding their use of those
CDs. The publicity campaign should include, at a minimum, issuing a public statement
describing the risks and listing every Sony CD, DVD or other product that contains
XCP or SunnComm MediaMax. The publicity campaign should be advertised in a manner
reasonably calculated to reach all consumers who have purchased the products,
in all markets where the CDs have been sold.
· Cooperate fully with any interested manufacturer of anti-virus, anti-spyware,
or similar computer security tools to facilitate the identification and complete
removal of XCP and SunnComm MediaMax from the computers of those infected. In
particular, Sony should publicly waive any claims it may have for investigation
or removal of these tools under the Digital Millennium Copyright Act (DMCA) and
any similar laws.
· Offer to refund the purchase price of infected CDs or, at the consumer's election,
provide a replacement CD that does not contain the XCP or SunnComm technology.
For those consumers who choose to retain infected CDs, develop and make widely
available a software update that will allow consumers to easily uninstall the
technology without losing the ability to play the CD on their computers. In addition,
consumers should not be required to reveal any personally identifying information
to Sony in order to access the update, as Sony is currently requiring.
· Compensate consumers for any damage to their computers caused by the infected
products, including the time, effort, and expenditure required to remedy the damage
or verify that their computer systems or networks were or were not altered or
damaged by XCP or SunnComm MediaMax products.
· Prior to releasing
any future product containing DRM technology, thoroughly test the software to
determine the existence of any security risks or other possible damages the technology
might cause to any user's computer.
Read
the rest of the article.
About
the Author:
John Stith is a technology writer with SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
