[ insider_reports_insider ]
Sony BMG Fixing Another Problem
John Stith
Staff Writer
2005-12-07
 Insider Reports RSS Feed
The Electronic Frontier Foundation (EFF) announced they reached an agreement with Sony BMG to fix the MediaMax Version 5 content protection software on some of their CDs. The two groups made a joint announcement saying the software developer; SunnComm is making a patch available to correct security vulnerability issues.
 | | Sony BMG Fixing CD Problems |  |
"We're pleased that SONY BMG responded quickly and responsibly when we drew their attention to this security problem," said EFF staff attorney Kurt Opsahl. "Consumers should take immediate steps to protect their computers."
"We're grateful to EFF and iSEC for bringing this to our attention," said Thomas Hesse, president, Global Digital Business, SONY BMG. "We believe that the availability of the update coupled with our campaign to notify customers will appropriately address the CDs with MediaMax Version 5 in the market."
SunnComm as well as independent software security firm NGS Software have determined that the security vulnerability is fully addressed by the update. NGS Director Robert Horton said, "After carefully researching the security vulnerability presented to us by SONY BMG, we have determined that it is not uncommon and, importantly, it is easily fixed by applying a software update."
The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm's and Sony BMG's websites.
The security issue involves a file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer's computer running the Windows operating system. SONY BMG will notify consumers about this vulnerability and the update through the banner functionality included on the player, as well as through an Internet-based advertising campaign.
The update is also being provided to major software and Internet security companies. EFF and SONY BMG urge all consumers who receive notice to download and install the patch immediately. In accordance with standard information security practices, EFF and iSEC delayed public disclosure of the details of the exploit to provide SunnComm the opportunity to develop an update.
This is a decent move on behalf of Sony BMG to clean up the public relations nightmare they suffered after the nefarious rootkit row. The problem in many ways is just as serious although not hidden away, as with the XCP rootkit. While this vulnerability isn't necessarily hidden, unless the user looked for it, they would never know it's there.
At this point, Sony is still in the doghouse over their disc dilemma. It's cost them sales, some of the artists were less than enthusiastic, and both government and private groups including Texas and the aforementioned EFF are suing them. Whether or not anything will happen with the EFF after this cooperative situation remains to be seen. In any event, this nightmare isn't over yet and probably won't subside much until they release the PS3.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
