 |
| Top
Security News |
IM
Worm Slithered From Middle East
FaceTime Communications said a
group in the Middle East controlled
an instant messenger rootkit worm
tied to the WorldWide Bot Network...
Texas
Versus Sony BMG
The independent nation of Texas
declared war on Sony BMG Music
Entertainment on this day, Monday,
November 21, 2005...
Boeing
Bombs On ID Fraud Prevention
Every time you turn around, you
hear another story on ID fraud.
There's another one today. Aircraft
manufacturer Boeing happened to
lose a laptop computer.
Guilty
Pleas From Shadowcrew
When Secret Service nailed credit
card and identity fraudsters associated
with the Shadowcrew.com website...
Corporate Criticism in Sony Rootkit
Row
What defines a good cyber security
company? Is it response to new
threats? Is the customer service
superb? Do they keep your computer
protected? When Sony BMG issued
CDs with malware...
A
Lesson In Smart Counterfeiting
Yes, I know counterfeiting money
is a federal offense. Treasury
Department tends to get rather
irritable when you try and do
their job for them.
Microsoft
Works On Phishing
Microsoft announced they've teamed
up with three new data providers,
Cyota, Internet Identity and MarkMonitor...
Hackers
Raid 5300 Indiana University Students
Students at Indiana University
recently received an unpleasant
notice saying their personal information
had been compromised...
|
|
|
|
|
| Free
Edition of Web CEO: a Complete Software
Toolkit for Search Engine Marketing - Download
Now |
|
|
11.22.05
Beating Sony’s DRM
 By
John Stith
Don't feel like taking back your Sony CD because of their rootkit row? A new method has been found to fix the DRM problem for consumers with minimal effort. The fix requires one basic item: masking tape.
So the rootkit row has been foiled. The researchers
at Gartner (pdf) made the discovery. Essentially all
a consumer must do is to apply a fingernail-sized piece
of the tape to the outer portion of the disc. It blocks
the second session - the one with the XCP DRM software
- from running at all.
What makes the Sony BMG incident even more unfortunate is that the DRM technology can be defeated easily. Gartner has identified one simple technique: The user simply applies a fingernail-sized piece of opaque tape to the outer edge of the disc, rendering session 2 - which contains the self-loading DRM software - unreadable. The PC then treats the CD as an ordinary single-session music CD, and the commonly used CD "rip" programs continue to work as usual. (Note: Gartner does not recommend or endorse this technique.) Moreover, even without the tape, common CD-copying programs readily duplicate the copy-protected disc in its entirety.
Gartner criticizes Sony for creating such problems, saying this hasn't stopped piracy; it's just created problems for the casual uninformed user and become a PR nightmare for Sony.
After more than five years of trying, the recording industry has not yet demonstrated a workable DRM scheme for music CDs. Gartner believes that it will never achieve this goal as long as CDs must be playable by stand-alone CD players. The industry may now refocus its attention on seeking legislation requiring the PC industry to include DRM technology in its products.
Gartner believes the industry would be better-served by efforts to develop solutions that use DRM as an accounting/tracking tool, rather than as a lock. This approach would enable them to move to play-based business models not tied to hardware, and to track their digital assets without complicating users' ability to move legitimately acquired content to whatever devices they choose.
The rootkit row continues to be one of the biggest problems for Sony in recent years. Sony's been in the process of reorganizing and rebuilding in the last few years. This problem couldn't be good for the company and it's definitely going to have to improve the overall image of the company.
There were 52 titles covering 120,000 discs infected with the rootkit and Sony's recalled all the discs. Some people don't feel Sony did anything wrong however. RIAA's chairman recently sang Sony's praises in a recent speech to American students. He said Sony had the right idea in adding the rootkit into their audio CDs.
VNUNet quoted the RIAA's president Cary Sherman, "The problem with the Sony BMG situation is that the technology it used contained a security vulnerability of which it was unaware."
This goes to show you that there's not a lot of remorse for infecting people's computers with malware. The recording industry is clinging to an outdated business model. They feel people steal when they make copies of their music for free and then put the files out their for others to do the same.
The problem will be for them though as the generation coming up now doesn't feel the same way. If the record companies wish to survive relatively intact, something must give. Their current tactics create PR problems of the highest order. It creates legal disputes, causes bad buzz, and damages the property of regular customers. Rootkits are a form of malware, pure and simple. Sony planted them so that makes them a malware distributor. The big question remains on whether or not they learned their lesson. If the RIAA provides any clue, one would have to say no.
About
the Author:
John Stith is a technology writer with SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
