The Daily Paranoid - Buy a music CD, destroy your computer.
The Daily Paranoid
Some of you have heard about what Sony Music did to some of their recent CDs - installed spyware and a rootkit that could destroy the user's operating system, all in the name of copy protection.
There are two good summaries of the issues that you really should read, if you care at all about big companies doing illegal things to your computer. The first from the WashingtonPost:
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/16/AR2005111602242.html (and also follow the link to the Security fix blog: http://blogs.washingtonpost.com/securityfix/2005/11/this_post_is_ge.html)
and the next from Bruce Schneier, a noted crypography expert:
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
The list of CDs which has this software on it is really quite frightening: including music by The Dead 60s, Neil Diamond, Ricky Marti, Celene Dion and Shel Silverstein. My Mom bought one of these. Mom is pretty tech savvy for someone of her generation. Do you think she knows what a rootkit is?
To make things worse, major news outlets are editing their stories to protect big companies, without making a note of the edits. Note these differences in a C|Net article.
The original, from the Google Cache , says:
The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content protection in ways that have been simple in similar products, the company said.
(emphasis mine)
Here's what the article says NOW:
The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk. The company's team has worked regularly with big antivirus companies to ensure the safety of its software, and to make sure it is not picked up as a virus, he said.
Notice the difference?
(The article now: http://news.com.com/Sony+CD+protection+sparks+security+concerns/2100-7355_3-5926657.html?tag=nefd.lede
The google cache of it:
http://72.14.203.104/search?q=cache:NR0uu92bowcJ:news.com.com/Sony%2BCD%2Bprotection%2Bsparks%2Bsecurity%2Bconcerns/2100-7355_3-5926657.html+%22creator+of+the+copy-protection+software%22+symantec&hl=en)
[Edited to add]
Sony has posted what it claims is a complete list of the compromised CDs here:
http://cp.sonybmg.com/xcp/english/titles.html
The Ricky Martin CD has the XCP label, but doesn't actually have the software on it (!).
Some of you have heard about what Sony Music did to some of their recent CDs - installed spyware and a rootkit that could destroy the user's operating system, all in the name of copy protection.
There are two good summaries of the issues that you really should read, if you care at all about big companies doing illegal things to your computer. The first from the WashingtonPost:
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/16/AR2005111602242.html (and also follow the link to the Security fix blog: http://blogs.washingtonpost.com/securityfix/2005/11/this_post_is_ge.html)
and the next from Bruce Schneier, a noted crypography expert:
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
The list of CDs which has this software on it is really quite frightening: including music by The Dead 60s, Neil Diamond, Ricky Marti, Celene Dion and Shel Silverstein. My Mom bought one of these. Mom is pretty tech savvy for someone of her generation. Do you think she knows what a rootkit is?
To make things worse, major news outlets are editing their stories to protect big companies, without making a note of the edits. Note these differences in a C|Net article.
The original, from the Google Cache , says:
The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content protection in ways that have been simple in similar products, the company said.
(emphasis mine)
Here's what the article says NOW:
The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk. The company's team has worked regularly with big antivirus companies to ensure the safety of its software, and to make sure it is not picked up as a virus, he said.
Notice the difference?
(The article now: http://news.com.com/Sony+CD+protection+sparks+security+concerns/2100-7355_3-5926657.html?tag=nefd.lede
The google cache of it:
http://72.14.203.104/search?q=cache:NR0uu92bowcJ:news.com.com/Sony%2BCD%2Bprotection%2Bsparks%2Bsecurity%2Bconcerns/2100-7355_3-5926657.html+%22creator+of+the+copy-protection+software%22+symantec&hl=en)
[Edited to add]
Sony has posted what it claims is a complete list of the compromised CDs here:
http://cp.sonybmg.com/xcp/english/titles.html
The Ricky Martin CD has the XCP label, but doesn't actually have the software on it (!).