iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Sony’s Rootkit Row Off To Court
Search:
[ insider_reports_insider ]

Sony’s Rootkit Row Off To Court



John Stith
Staff Writer
2005-11-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


Technology giant Sony is heading to court for lawsuits filed after the company distributed spyware in the form of rootkits in a number of their music CDs. Sony's attempts to protect their music rights through Digital Rights Management (DRM) and then adding the rootkit has created tremendous problems for Sony, including possible criminal actions.

Sony Heads to the Courthouse?
Sony Heads to the Courthouse

All this comes from research completed by SysInternals and F-Security separately that discovered the rootkits on 20 of Sony BMG's music CDs. These rootkits left potential access points for various malicious hackers with a virus to turn loose. While Sony put up fixes on their site, including workarounds and patches, some of the patches actually crashed Windows and resulted in data losses.

To top it all off, they blew off consumers and privacy pundits saying harm wasn't their intention and essentially, most people didn't know about it so they don't care. They felt this was a sufficient response. Some people in California didn't feel the same way.

The suit filed in Los Angeles seeks to stop Sony BMG from selling CDs with the anti-copying software on it. The lawyers also are pushing for damages for people who bought any of the CDs protected in this manner.

The Washington Post reported the L.A lawsuit charges Sony BMG broke three California laws dealing with malicious software distribution. Apparently, a New York attorney is considering a class action suit as well.

Then there are big national suits. The Electronic Frontier Foundation is putting information together for a large lawsuit. Electronic Frontiers Italy has the Italian government looking into legal proceedings as well.

Here's the list of 20 music CDs with the offending spyware:

Trey Anastasio, Shine (Columbia)

Celine Dion, On ne Change Pas (Epic)

Neil Diamond, 12 Songs (Columbia)

Our Lady Peace, Healthy in Paranoid Times (Columbia)

Chris Botti, To Love Again (Columbia)

Van Zant, Get Right with the Man (Columbia)

Switchfoot, Nothing is Sound (Columbia)

The Coral, The Invisible Invasion (Columbia)

Acceptance, Phantoms (Columbia)

Susie Suh, Susie Suh (Epic)

Amerie, Touch (Columbia)

Life of Agony, Broken Valley (Epic)

Horace Silver Quintet, Silver's Blue (Epic Legacy)

Gerry Mulligan, Jeru (Columbia Legacy)

Dexter Gordon, Manhattan Symphonie (Columbia Legacy)

The Bad Plus, Suspicious Activity (Columbia)

The Dead 60s, The Dead 60s (Epic)

Dion, The Essential Dion (Columbia Legacy)

Natasha Bedingfield, Unwritten (Epic)

Ricky Martin, Life (Columbia)

There could be more although Sony only admits to 20. They also won't release an official list. EFF says on their website consumers can identify the tainted discs by examining them closely for the label XCP. They said the back of the CD also has these in fine print. The best way to handle this is that if you don't want your Windows computer infected, at the very least, don't purchase these Sony BMG CDs. Keep in mind there could be others.

Sony has said they are dropping this particular method of protection from their CDs, it's still no less repugnant to know a major company like Sony is distributing spyware. Keep in mind too they've not refuted what SysInternals and F-Secure found, they just say it isn't as serious as they make it out to be. Heck, these songs won't even play on iTunes without the fix.

If this situation were caused some hacker working out of his mom's basement in Jersey, the FBI and the DHC would be having conversations with him. This is legitimate cyber crime that should be investigated and possibly prosecuted.

The other point is one that's been mentioned before. The young generation of teenagers coming up now has no qualms about downloading music, whether it's illegal or not and they think it's unreasonable to expect people not to download the music since it's available. They know it's illegal and they don't really care. It's tough to prosecute millions of teenagers when they don't feel they've done anything wrong. Companies like Sony BMG need to find a new way to protect or distribute their product. Distributing spyware just isn't the way to do it.





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds