I always feel like, somebody's watching me....
Paranoia? Maybe, but then again, maybe not? Have you heard what Sony BMG did to everyone who bought a CD recently?
It seems that Sony, in a fit of righteous indignation over all of the vicious music pirates out there put something called XCP on their CDs. It was in theory a piece of copy proctection. Not computer CDs, music Cds. And when you put that CD into your computer to play it Windows being the helpful bit of software that it is installs XCP on your computer. (You Mac, LINUX/Unix guys are safe it seems) XCP is supposed to monitor how many copies you make of the CD and prevent it. IT is also a rootkit. (A Trojan Horse) that writes itself to your system, communicates with Sony's computers about what your computer is doing, and opens big holes in your security that other hackers can then exploit to bust into your computer. There were 52 titles that Sony had released with XCP on it.
This wonderful little bit of spyware was discovered on Halloween by a computer security expert. He recounts this on his blog. sony-rootkits-and-digital-rights
It is a scary tale. This guy is an expert and he had real issues with getting rid of this thing. Turns out if you just delete it (assuming of course you could actually find it) it cripples your CD player.
When he went public Sony said the root kit was "not malicious and does not compromise security." (HAH) Thomas Hesse of Sony went on NPR and said "most people, I think, don't even know what a rootkit is, so why should they care about it?"
Maybe because we don't want our computers telling you every time we play a certain CD? Perhaps because we aren't happy with people sticking unwanted software on our personal computers with no way to get rid of it without our permission?
Sony then put up a bit on it's website that offered a way to remove XCP. Of course to use it you had to give Sony your email address, install and Active X controller on your computer, and it turns out that the uninstall left big holes in your security again.
After a great deal of denying, ranting, etc, Sony has recalled all of the XCP discs and has made a real way to get rid of XCP available. They have not admitted they did anything wrong. There are several lawsuits pending. I look forward to them and hope Sony gets nailed to the wall.
If you have played a recently purchased sony CD on your windows based computer you need to read the blog of the guy who found it because he explains the manual steps you can take to uninstall it without having to depend on Sony. He also goes into a lot more detail than I have oh what happened, how Sony responded, and what the possible problems you could face because of this. (They are substantial!)
the sad thing of course is that all of this would have no effect what so ever on the serious music pirates. They like most hacker types operate in the LINUX/UNIX world and this bit of software would have had no effect at all on their systems.
Remember, your privacy is always at risk. It's not paranoia if they really are out to get you.
For further info
The Rootkit of all Evil (subscription required)
More Questions raised
It seems that Sony, in a fit of righteous indignation over all of the vicious music pirates out there put something called XCP on their CDs. It was in theory a piece of copy proctection. Not computer CDs, music Cds. And when you put that CD into your computer to play it Windows being the helpful bit of software that it is installs XCP on your computer. (You Mac, LINUX/Unix guys are safe it seems) XCP is supposed to monitor how many copies you make of the CD and prevent it. IT is also a rootkit. (A Trojan Horse) that writes itself to your system, communicates with Sony's computers about what your computer is doing, and opens big holes in your security that other hackers can then exploit to bust into your computer. There were 52 titles that Sony had released with XCP on it.
This wonderful little bit of spyware was discovered on Halloween by a computer security expert. He recounts this on his blog. sony-rootkits-and-digital-rights
It is a scary tale. This guy is an expert and he had real issues with getting rid of this thing. Turns out if you just delete it (assuming of course you could actually find it) it cripples your CD player.
When he went public Sony said the root kit was "not malicious and does not compromise security." (HAH) Thomas Hesse of Sony went on NPR and said "most people, I think, don't even know what a rootkit is, so why should they care about it?"
Maybe because we don't want our computers telling you every time we play a certain CD? Perhaps because we aren't happy with people sticking unwanted software on our personal computers with no way to get rid of it without our permission?
Sony then put up a bit on it's website that offered a way to remove XCP. Of course to use it you had to give Sony your email address, install and Active X controller on your computer, and it turns out that the uninstall left big holes in your security again.
After a great deal of denying, ranting, etc, Sony has recalled all of the XCP discs and has made a real way to get rid of XCP available. They have not admitted they did anything wrong. There are several lawsuits pending. I look forward to them and hope Sony gets nailed to the wall.
If you have played a recently purchased sony CD on your windows based computer you need to read the blog of the guy who found it because he explains the manual steps you can take to uninstall it without having to depend on Sony. He also goes into a lot more detail than I have oh what happened, how Sony responded, and what the possible problems you could face because of this. (They are substantial!)
the sad thing of course is that all of this would have no effect what so ever on the serious music pirates. They like most hacker types operate in the LINUX/UNIX world and this bit of software would have had no effect at all on their systems.
Remember, your privacy is always at risk. It's not paranoia if they really are out to get you.
For further info
The Rootkit of all Evil (subscription required)
More Questions raised
posted by exMI | 12:38
65 Comments:
Oughta hang em high.
You Mac, LINUX/Unix guys are safe it seems
Heh. got six machines, all running some flavor of Unix.
11 21 05
Hey Exmi:
I found out about this via the BAy Guardian about a year ago. They did an article about how Sony was gonna release this technology and there was talk that they will connect it to televisions and other devices. Geesh! Where is our privacy these days? Good post. I will hilight it for today. Happy Thxgiving too:)
and that is why I rock a mac!
*shudder*
Mac, Unix guys are safe
Safe from this particular Sony malware, perhaps. It's worth noting that the very word "rootkit" comes from the Unix community, where they've been around for decades.
It's not that Macs and Linux are particularly secure. It's that they're particularly obscure, from the point of view of market share and thus from the point of view of return on investment for developing a rootkit to control CDs on other environments. Were other environments to suddely explode in popularity, then Sony would be owning Macs and Linux boxes and ignored the few remaining Windows holdouts as not worth the effort.
Yes, they are safe from this. But as Linux becomes more popular you will see more of this for you too. Same for Macs. Hackers breathe in UNIX.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
Good job!
Nice Article.
Good job!
Please write anything else!
Nice Article.
Magnific!
Magnific!
Good job!
Nice Article.
The gene pool could use a little chlorine.
Build a watch in 179 easy steps - by C. Forsberg.
Please write anything else!
Give me ambiguity or give me something else.
The gene pool could use a little chlorine.
Lottery: A tax on people who are bad at math.
Nice Article.
Energizer Bunny Arrested! Charged with battery.
Suicidal twin kills sister by mistake!
Good job!
Wonderful blog.
Suicidal twin kills sister by mistake!
All generalizations are false, including this one.
Lottery: A tax on people who are bad at math.
Lottery: A tax on people who are bad at math.
A flashlight is a case for holding dead batteries.
Thanks to author.
If ignorance is bliss, you must be orgasmic.
Give me ambiguity or give me something else.
Change is inevitable, except from a vending machine.
Build a watch in 179 easy steps - by C. Forsberg.
640K ought to be enough for anybody. - Bill Gates 81
What is a free gift ? Aren't all gifts free?
When there's a will, I want to be in it.
Beam me aboard, Scotty..... Sure. Will a 2x10 do?
Clap on! , Clap off! clap@#&$NO CARRIER
Hello all!
Lottery: A tax on people who are bad at math.
What is a free gift ? Aren't all gifts free?
What is a free gift ? Aren't all gifts free?
C++ should have been called B
Build a watch in 179 easy steps - by C. Forsberg.
A flashlight is a case for holding dead batteries.
Lottery: A tax on people who are bad at math.
Lottery: A tax on people who are bad at math.
When there's a will, I want to be in it.
A lot of people mistake a short memory for a clear conscience.
Oops. My brain just hit a bad sector.
What is a free gift ? Aren't all gifts free?
Give me ambiguity or give me something else.
Give me ambiguity or give me something else.
Give me ambiguity or give me something else.
What is a free gift ? Aren't all gifts free?
Hello all!
If ignorance is bliss, you must be orgasmic.
Calvin, we will not have an anatomically correct snowman!
Build a watch in 179 easy steps - by C. Forsberg.
Friends help you move. Real friends help you move bodies
Post a Comment
<< Home