From: "Robert Comer" 

Because we're all thieves, don't you know.  It's rather in vogue to think
that these days, the software does it, the music industry does it, the
movie industry does it...

--
Bob Comer


"Mike '/m'"  wrote in message
news:fqfpn1tp8u0giaoj3q12ip28fpnp5jdb0u{at}4ax.com...
> I'll repeat a question I asked on another thread.   Why is Sony
> punishing those who buy the music they sell?
>
> /m
>
>
> On Thu, 17 Nov 2005 06:13:30 -0500, "Geo"
 wrote:
>
>>Well, this makes strike 2..
>>
>>Geo.
>>
>>http://software.silicon.com/security/0,39024655,39154285,00.htm
>>
>>
>>Record label Sony BMG Music Entertainment said on Tuesday that it will
>>recall millions of CDs that, if played in a consumer's PC, will expose the
>>computer to serious security risks.
>>
>>Anyone who has purchased one of the CDs, which include southern rockers
>>Van
>>Zant, Neil Diamond's latest album, and more than 18 others, can exchange
>>the
>>purchase, Sony said. The company added that it would release details of
>>its
>>CD exchange programme "shortly".
>>
>>Sony reported that over the past eight months it shipped more than 4.7
>>million CDs with the so-called XCP copy protection. More than 2.1 million
>>of
>>those discs have been sold.
>>
>>The company said in a statement: "We share the concerns of consumers
>>regarding discs with XCP content-protected software, and, for this reason,
>>we are instituting a consumer exchange programme and removing all unsold
>>CDs
>>with this software from retail outlets. We deeply regret any inconvenience
>>this may cause our customers."
>>
>>The company made the announcement - its second public apology since the
>>CDs'
>>risks came to light last week - just as security researchers found several
>>other potentially dangerous flaws in the software.
>>
>>Princeton University computer science professor Ed Felten yesterday wrote
>>in
>>his blog that he and a fellow researcher had confirmed that Sony's initial
>>web-based uninstall tool - designed to uninstall the copy-protection
>>software deposited by Sony's CDs - actually exposed a critical
>>vulnerability
>>on computers.
>>
>>The tool downloaded a program that causes a user's hard drive to accept
>>instructions from websites. But the program remained active on the user's
>>hard drive after it had been instructed to uninstall the Sony software.
>>The
>>program could then be triggered by almost any code from any website,
>>including malicious instructions, the Princeton researchers said.
>>
>>Felton and fellow researcher J Alex Halderman wrote in their blog: "Any
>>web
>>page can seize control of your computer; then it can do anything it likes.
>>That's about as serious as a security flaw can get."
>>
>>Sony later replaced that web-based uninstall tool with one that downloads
>>a
>>program with its own instructions, as opposed to one that accepts
>>instructions from websites. The researchers said the new program appeared
>>to
>>be safe.
>>
>>For anyone who did use the earlier tool, the researchers' blog has
>>instructions for removing the Sony component.
>>Separately on Tuesday, security company Internet Security Systems released
>>its own new advisory on Sony's software. It warned that flaws in the
>>copy-protection software - not just in the early uninstall tool - could
>>allow an attacker to take control of a user's machine.
>>
>>Previously, security researchers had spotlighted the online release of
>>several Trojan horse viruses that piggybacked on the Sony software to hide
>>their presence on hard drives.
>>
>>The Trojan horse software, once installed, automatically connects to an
>>internet chat network and allows an attacker to take remote control of an
>>infected computer.
>>
>>Although more than two million of the Sony discs have been sold, it's
>>still
>>unclear how many of those were actually played in a Windows-based
>>computer,
>>thus triggering the security risks. Sony notes that the copy-protection
>>software is not activated on an ordinary CD or DVD player, or on a
>>Macintosh
>>computer.
>>
>>Security researcher Dan Kaminsky said he estimated that at least 500,000
>>computers had installed the Sony software.
>>Once installed, the Sony software can relay data, which indicates what CDs
>>are being played, to an outside server. To relay the information, the
>>software has to find its destination by contacting the internet's domain
>>name system address servers, where a publicly available record of that
>>request is left behind.
>>
>>Kaminsky said he counted more than 568,000 separate requests. The method
>>counts any request coming from the same network but only once. So it might
>>not include repeated requests coming from offices or schools, where
>>numerous
>>computers use the same network, he said.
>>
>>Kaminsky said: "The thing that's proved here is not the upper
bound. This
>>is
>>a lower bound. This is a pandemic."
>>Sony's copy-protection software was created by British company First 4
>>Internet. The software is installed on a computer's hard drive when
>>certain
>>Sony compact discs are put in the CD player and the listener accepts a
>>licence agreement.
>>
>>The software then hides itself using a controversial programming tool
>>called
>>a "rootkit", which takes over high-level access to some computing
>>functions.
>>The rootkit blocks all but the most technically savvy users from being
>>able
>>to detect its presence.
>>
>>Sony has worked with antivirus companies to help their products pierce
>>this
>>veil of invisibility, and has posted a patch on its website that will
>>uncloak the hidden software. It also said it would temporarily stop
>>manufacturing discs using the First 4 Internet tools.
>>
>>Lawsuits have been filed against the record label in California and New
>>York, and others are expected.
>>

--- BBBS/NT v4.01 Flag-5