boycott-riaa.com - Article: Sony Root-kit Thread

Sony Root-kit Thread

Posted by Mike (Shmoo) on November 20, 2005 at 7:04 PM (printer friendly)

The Sony "rootkit" DRM story is so HUGE at the moment, I ask that you all please put the links/articles/items regarding it HERE for the time being. (Otherwise, the entire Boycott-Riaa site's thread-string would end up with nothing-but ...and, you'd have to scroll back into the archives a dozen pages or more to find something other!)

DON'T post a lenthy rant if you can help it. ONLY give the link to where the article/item can be found and give a short description. (If you write something original about it all, use the "submit button" or another thread and I WILL go to the "front page" if it is something not already covered here!)

Sony got caught red-handed doing something very EVIL and the whole Internet is finally "a-buzz" about the evils of DRM. To give those who are NEW to the story a "head's up" on what is going on, I want to keep this thread very "thin" with any lengthy comments and replies. Let's try to keep it VERY clean and neat!

====================

As of this time and date (about 7pm EST USA, 12 Nov 2005)
the FIRST thing I'd like folks to see about this story is:

It's a good summary to get folks "up-to-speed!"

(Thanks go out to our friend George for writing it at his own site!)

http://azoz.com
=================

Sony's DRM - Why You Should Care
By George Ziemann -- Nov. 11, 2005

"Most people, I think, don't even know what a rootkit is,
so why should they care about it?"
-- Thomas Hesse, Sony's president of Global Digital Business
November 4, 2005

The story begins on Halloween, when Mark Russinovich posted a very detailed description of how Sony's DRM had installed potentially dangerous software in his computer and traces it back to First 4 Internet, a UK partner of Sony. The next day, November 1, a class action suit was filed in Los Angeles Superior Court, asking the court to stop Sony from selling any more CDs containing the DRM and seeking monetary damages for California consumers who already bought any of them.

November 2 -- Sony offers a Service Pack which "removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security." [Emphasis added] Sony and First 4 Internet said the patch was offered as a precaution, not because of any security vulnerability."There should be no concern here."

November 3 -- Edward W. Felten, professor of computer science and public affairs at Princeton University, reports on the Service Pack: "The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they're not just taking away the rootkit-like function - they're almost certainly adding things to the system as well. And once again, they're not disclosing what they're doing."

November 4 -- Russinovich weighs in on Sony's quick fix, concurring most of Felten's observations and also publishes further research showing that the DRM software appears to be in communication with Sony's Web site, something that had not previously been disclosed.

A criminal complaint about Sony's software is filed with the head of Italy's cyber-crime investigation unit.

Thomas Hesse, Sony's president of Global Digital Business, appears on National Public Radio, saying, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

November 7 -- Symantec adds First4DRM to its list of security risks, just as First4Internet offers Service Pack 2, which "includes all fixes from the earlier Service Pack 1 update. In order to ensure a secure installation, Service Pack 2 includes the newest version of all DRM components, hence the large file size for the patch."

November 9 -- Washington Post finds out about the California class action suit, noting that a "second, nationwide class-action lawsuit is expected to be filed against Sony in a New York court, seeking relief for all U.S. consumers who have purchased any of the 20 music CDs in question."

November 10 -- A computer security firm discovers the first virus "that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc." Microsoft is "concerned" ("We are evaluating the current situation to determine if any action from Microsoft is necessary.") but does nothing, while Sony releases a statement "deeply regretting any disruption that this may have caused."

Meanwhile, in a soon-to-be-related story, the U.S. Federal Trade Commission points out that a U.S. court has shut down three Internet companies for secretly bundling malicious "spyware" with ring tones, music programs and other free high-tech goodies.

Payback's a Bitch

First4Internet CEO Matthew Gilliat-Smith told the Christian Science Monitor, "I think this whole issue is about intent. There's no question there was no intent to create a hypothetical security breach here."

First of all, it is no longer hypothetical. If you are a Windows user, naively bought one of the 20 infected CDs and put it in your PC, there's a new computer virus out there and it's aimed right at you, thanks to Sony. They created a very real security breach and seem to think you shouldn't care.

So let's talk about intent. In October 2001, the RIAA tried to get legislation passed which would have immunized them from the consequences of exactly what's happening right now. They've thought about this for a long time.

There's no consideration for intent in the RIAA's lawsuits against consumers. They want to play hardball. They are pointedly suing minor children with no regard to anyone's intent. Their position is that you've done something wrong and you must pay, no matter what your intentions may have been. They don't want to hear your excuses.

Sony should be given exactly the same leeway on intent that they are giving to the targets of their lawsuits -- none whatsoever.

Follow-up -- It's still November 11 and there are a few new events that effect this story. For starters, another version of dangerous Sony DRM has appeared, and this version, which appears to come from software devised by SunnComm, will poison a Mac with OSX. This revelation comes as Sony (who just days ago was saying "Why should you care?") announces that they are temporarily ceasing production of discs containing First4Internet's malware.

Of course, Sony has yet to admit they even have a real problem. This is merely a "precautionary measure," while they check to make sure their DRM "continues to meet our goals of security and ease of consumer use."

Here comes the scary part, in a story I missed yesterday. The Justice Dept. is asking for a bill which "would widen intellectual-property protections to cover those who try but fail to make illicit copies of music, movies, software or other copyrighted material." U.S. Attorney General Alberto Gonzales made the pitch, which he termed "a reflection of the sustained commitment on the part of the Bush Administration, including the Department of Justice, to ensure that we are doing everything we can to combat this problem."

Maybe I've seen too many episodes of 24 or CSI, but so far, I can only come up with two reasonable theories about the motives behind this behavior.

Theory 1 -- Incomprehensible Blind Stupidity

The Justice Dept. wants to jail people "who try but fail to make illicit copies." To be perfectly blunt, why would they bother chasing people who are too stupid to successfully duplicate a CD? That's like only chasing the terrorists who don't know how to build bombs. Or car thieves who look at a car and can't figure out how to steal it. What benefit could this possibly create, even for the record labels?

There had better be a good reason because, theoretically, a printer jam could trigger this offense. So could making a CD of authorized music, if you thought you were making an illicit copy but made a legal one instead. You tried and failed.

Theory 2 -- Even Worse

If the DOJ is not staffed by complete idiots, someone would have asked how in the hell they were going to discern who has tried but failed to make a CD? After all, it would be lunacy to announce that they want to go after people that they have no chance in hell of identifying. What would the evidence be? Not having illicit CDs?

Unless they already knew how Sony's new DRM worked, including the "phone home" features and thought it was a good idea, bringing us back to Theory 1.

User Comments (These do not necessarily reflect the beliefs of this site)


independentm...	Date: November 12, 2005 @ 7:09 PM If YOU are a victem of the Sony DRM, Tell Mama http://www.boycott-riaa.com/article/18681

gfmlcka	Date: November 13, 2005 @ 12:04 AM More bad news. It's not just XCP they use. http://www.freedom-to-tinker.com/?p=925

pinemikey	Date: November 13, 2005 @ 1:02 AM The important thing is this: The music cartel got ahead of P2P by spinning copyright infringement as stealing. Now their own stupidity and greed has effectively created the idea that DRM is poison. The only difference is that copyright infringement=stealing is false and DRM=poison is true.

gfmlcka	Date: November 13, 2005 @ 7:39 AM "The music cartel got ahead of P2P...." Really? How?

Mike2212	Date: November 13, 2005 @ 9:09 AM Although I have disagreed with many posters to the site on many issues in the past. I am in complete agreement on the reaction towards Sony. In addition to making sure that not one dollar of my paycheck goes to Sony after this, I have begun spreading the word to the students I teach at my high school. Imagine the effect, when they stop buying Sony products.

tomsong	Date: November 13, 2005 @ 9:35 AM Richard Menta makes the point: "People will also no longer be able to listen to CDs at work." In the belief that the IT Department will be wary of infecting the entire working environment. I have long awaited the day that the RIAA would fall apart. Bainwol doesn't have the manhood to keep discipline amongst the monstrous egos of Doug Morris, Clive Davis, Sir Howard Stringer, Bronfman, Levy. If Homeland Security and DOJ are at odds over computer security issues, then Glickman and Bainwol are in deep shit. see the link: http://www.mp3newswire.net/stories/5002/admonish.html We've seen this before with the breakup of the NAB. I hope that the other record labels are screaming bloody murder at the stupidity of Sony. This is Armageddon.

JDonahue	Date: November 13, 2005 @ 11:07 AM Sony has violated 2 laws: Computer Fraud Act of 1990 and the Audio Home Recording Act of 1992. Allready, they are at court for this, and I think they should ditch the copy protection, go back to the normal compact discs, and wait until they deliver a copy protection that allows the freeflow of information throughout a consumer's network and being free to modify the songs in the way he/she likes. This is America! America has liberty, and I think it's time for us to deliver a message that fair use rights of purchased works is vital for new fronteers of technology, and that fair use of purchased works must be protected.

Dreddsnik	Date: November 13, 2005 @ 11:25 AM "and wait until they deliver a copy protection that allows the freeflow of information throughout a consumer's network and being free to modify the songs in the way he/she likes. " The only copy protection like this is "no copy protection at all". Any and ALL "copy protection" can and will be circumvented, is by it's very nature a RESTRICTION thus can't be a Freedom, is a waste of industry time and money. It can't work, it won't work. NO DRM is the only DRM.

Dreddsnik	Date: November 13, 2005 @ 11:26 AM "Sony has violated 2 laws: Computer Fraud Act of 1990 and the Audio Home Recording Act of 1992. Allready, they are at court for this, and I think they should ditch the copy protection, " You had me with up to here, right there with you.

shadeswv	Date: November 13, 2005 @ 1:54 PM I agree with the philosphy of !K7 Records, which you can read ">http://www.k7.com/news.pl?id=83"> here . A few of the best quotes from their site are as follows: "Trust is the best copy protection..." "Copy protection kills customer relationship..." "...we can�t afford to use our costumers as guinea pigs, because only a pleased consumer stays a legal consumer. And one thing is clear: DRM does not make happy..." Something does need to happen, and the lawmakers must get on the side of the consumer. The scandal with SonyBMG shows us how out-of-control the situation has become. Of course, there are the pending lawsuits. Contacting our representives is another thing (for whatever good that does). I'm not sure if there is one single TV media outlet that will care, since they are in the RIAA pocket. Any ideas?

gdZiemann	Date: November 13, 2005 @ 2:12 PM "Sony has violated 2 laws: Computer Fraud Act of 1990 and the Audio Home Recording Act of 1992." Since the RIAA now appears to have purchased the Dept of Justice, who is going to charge them with anything?

gdZiemann	Date: November 13, 2005 @ 2:17 PM Microsoft Classifies Sony DRM as Spyware

shadeswv	Date: November 13, 2005 @ 2:20 PM It looks like I did something wrong when I made my link. What did I forget?

gdZiemann	Date: November 13, 2005 @ 2:36 PM The "In the News" thread has link instructions.

TrueAudio	Date: November 13, 2005 @ 4:01 PM http://www.eff.org/deeplinks/archives/004145.php

cobrastrike	Date: November 13, 2005 @ 4:18 PM shadeswv: try this... http://www.k7.com/news.pl?id=83

shadeswv	Date: November 13, 2005 @ 4:40 PM Thanks cobrastrike for reposting the link.

doc-dX	Date: November 13, 2005 @ 7:50 PM Sony DRM violates copyright! http://dewinter.com/modules.php?name=News&file=article&sid=215 The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law. It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

autodidact	Date: November 13, 2005 @ 8:12 PM "Since the RIAA now appears to have purchased the Dept of Justice, who is going to charge them with anything?" Can state AGs bring suit in federal courts?

TotallyFrust...	Date: November 13, 2005 @ 9:43 PM "Can state AGs bring suit in federal courts?" They don't have to...They simply file in their own state, win, and wait for Sony to appeal ;-)

gfmlcka	Date: November 13, 2005 @ 11:55 PM Dept of Jerks is more like it.

Capt-n-Jack	Date: November 14, 2005 @ 2:37 AM Anyone reading this, just don't buy an Sony CDs, they could reformat your hard drive. It's probably best to refrain from buying anything from Sony, there's no telling what they've done with the Sony Vaio Computers too!!!!

leflaw	Date: November 14, 2005 @ 2:40 AM still waiting to hear from an aggreived victim...

gfmlcka	Date: November 14, 2005 @ 6:59 AM More mainstream coverage : http://www.wired.com/news/digiwood/0,1412,69559,00.html?tw=wn_tophead_2

INeedAlover	Date: November 14, 2005 @ 9:25 AM I've been asking where the Department of Justice has been for years. Where are they when the major record labels fix prices? Where are they when the RIAA sues in order to perfect their monopoly on the music business?? Where are they when the RIAA uses mafia style tactics in its lawsuits to win settlements??? I wouldn't expect to see them do ANYTHING about Sony anytime soon. They are still too busy looking over Microsoft's shoulder to give a damn about any illegal malicious software wandering about music CD's. The DOJ needs to be renamed the DOI-Department of Injustice.

cobrastrike	Date: November 14, 2005 @ 12:15 PM shadeswv: new member? WELCOME ABOARD...

MajorTreat	Date: November 14, 2005 @ 1:30 PM "it is becoming increasingly likely that we may be seeing the last days of this once great firm." The Carrier Sony/BMG is on fire! True! They did it to themselves but you helped induce this! Cyber soldiers I am proud of you! Two gone 3 more to go! Keep firing! Now it is time to force the RIAA to return the money they extorted to 3000 innocents people before the go out of business.

TrueAudio	Date: November 14, 2005 @ 1:56 PM Sony XCP Rootkit Breaks LGPL License More troubles for Sony it seems. According to this site, Sony used pieces of code identical to LAME an open source MP3 encoder. If this is true, then by including the code in their software and not disclosing it in the EULA , they are breaking the license for LAME. This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software LAME does has the ability to limit the number of rips of a CD that can be made, so that might be why the code was used from it. Now this violation may not apply directly to Sony, but to the maker of the XCP digital rights management software. I bet that company is about to go broke. Who would want to be known to affiliate with them now? Either way, this particular development is more bad news for Sony. http://malwareremoval.com/plog/index.php?blogId=3

GeneHilbert	Date: November 14, 2005 @ 2:09 PM No Sony for you........

gfmlcka	Date: November 14, 2005 @ 3:21 PM good article roundup at http://boingboing.net/

gfmlcka	Date: November 14, 2005 @ 5:53 PM Open letter to Sony from EFF. http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html Good stuff.

TotallyFrust...	Date: November 14, 2005 @ 7:33 PM I wonder what EFF is considering when Sony just fails to respond (as we know they will based on their actions to date)?

otech	Date: November 14, 2005 @ 7:36 PM Here we go, the "Boycott Sony" website http://www.boycottsony.us/

otech	Date: November 14, 2005 @ 7:42 PM And here's the "Boycott Sony" petition http://www.petitiononline.com/mod_perl/signed.cgi?bcsony&1451

hate9wicket	Date: November 14, 2005 @ 8:37 PM Sony's fix it patch appears to do more damage http://www.computerworld.com/securitytopics/security/story/0,10801,106002,00.html

shadeswv	Date: November 14, 2005 @ 8:45 PM cobrastrike, Yes I am new around here, well as far as posting goes, that is. I have been lurking for a long while now. It looks like the media coverage is spreading. Let's hope something will be done about this.

shadeswv	Date: November 14, 2005 @ 10:49 PM What about the FTC? Could they be of any help? Or are the just like any other part of the government?

TrueAudio	Date: November 14, 2005 @ 11:27 PM http://www.freedom-to-tinker.com/?p=925

gfmlcka	Date: November 15, 2005 @ 3:45 AM Let the pain begin : http://www.usatoday.com/money/industries/technology/2005-11-14-sony-cds_x.htm From the article "Frustrated when he bought a copy-protected Dave Matthews release and couldn't copy it to his Apple iPod, Fleck insisted that Sony not release his new album with such restrictions, Bendett says." So it seems the artist DOES have some say on the matter of DRM. Email your favorite artists and let them know you will not be buying anything with DRM on it. Turn the screw on the labels from both ends.

gfmlcka	Date: November 15, 2005 @ 3:47 AM http://www.freedom-to-tinker.com/?p=926

gfmlcka	Date: November 15, 2005 @ 5:13 AM MS calls Sony rootkit spyware, will issue a removal tool. http://news.bbc.co.uk/1/hi/technology/4434852.stm

gfmlcka	Date: November 15, 2005 @ 5:16 AM More than 20 titles infected. At least 47. http://www.idiotabroad.com/?p=58

independentm...	Date: November 15, 2005 @ 7:36 AM Thanks abunch folks! Keep up the good work! ========================== Now the Legalese Rootkit: Sony-BMG's EULA By Fred von Lohmann - Deep Links Click Here If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs. First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD. Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD: 1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD. 2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you." 3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside. 4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates. 5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm. 6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD. 7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously. 8. You have no right to transfer the music on your computer, even along with the original CD. 9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer. So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.

autodidact	Date: November 15, 2005 @ 7:38 AM The list in the link just provided by gfmlcka is not correct, as far as I know. Some of those 47 listed have a different kind of copy protection, i.e. non-rootkit. For example, the Foo Fighters CD has a MediaMax DRM made by SunnCom. Correct me if I'm wrong. I'm no fan of the other DRM either, but we should strive for accuracy.

gfmlcka	Date: November 15, 2005 @ 8:19 AM Theregister disagrees. http://www.theregister.co.uk/2005/11/15/sony_bmg_bodycount/ It's likely they contain BOTH.

independentm...	Date: November 15, 2005 @ 8:33 AM Boycott-Sony --Wired

independentm...	Date: November 15, 2005 @ 9:26 AM Sony to pull controversial CDs, offer swap --USA Today

independentm...	Date: November 15, 2005 @ 11:45 AM Other Sony evil: Sony in internet 'price-rigging' rumpus --The Register

TrueAudio	Date: November 15, 2005 @ 3:41 PM Go to: http://cp.sonybmg.com/xcp/english/form11.html And also http://cp.sonybmg.com/xcp/english/form14.html Where it asks for the Artists name type in some diatribe Where it asks for the Album Title, type in more diatribe Where it asks for Store Name, type in yet even more diatribe Where it asks for email address try something that will cause them trouble such as uce@ftc.gov or some chronic antispammer advocate. This will hopefully force Sony to make the "patch directly downloadable."

Jazzmary2U	Date: November 15, 2005 @ 6:54 PM Sony is the only one to do this in PUBLLIC! Maybe they are the lead houn'dog to see if it is accepted.. who else is adding this garbage to CD's in secret??

independentm...	Date: November 15, 2005 @ 7:34 PM Actually, ALL of them are just as evil Jazzmary. DRM itself is the root issue in this particular case. We got evidence on Sony that started a brushfire, so we are FANNING the flames on them. I call what is happening now a "purge" ...or, "lance of the boil" (In other words, it's time to KICK ASS!)

otech	Date: November 15, 2005 @ 8:00 PM LAME smoking gun found Latest analysis of the DRM http://www.the-interweb.com/serendipity/index.php?/archives/52-Is-Sony-in-violation-of-the-LGPL-Part-II.html Sony Kiss-of-Death Patent for PS3 Here's a link to the patent at the USPTO. Note the repeated references to prohibiting the exchange or re-sell of "used games." http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=/netahtml/search-adv.htm&r=1&p=1&f=G&l=50&d=ptxt&S1=%28Kutaragi.INZZ.+AND+Sony.ASNM.%29&OS=in/Kutaragi+AND+an/Sony&RS=%28IN/Kutaragi+AND+AN/Sony Can anyone honestly believe that people will flock to buy a game console that will render all of their games worthless except on that one, individual game console? What if your console breaks or is stolen and you have to replace it? What if you want to take your game over to a friend's house and play it on his console? What -- we're not allowed to take our used games to the local gameshop and trade them in anymore? Unbelievable. It's like they're trying to kill their flagship new product before it even hits the shelves. We're witnessing the destruction of the Sony brand. Sony Last Days: Anticipating Bankruptcy DESTRUCTION OF A BRAND We're watching it in progress. http://www.technologypundits.com/index.php?article_id=231 Some choice bits: "Sony hasn�t had a good year and things are about to get much worse. With litigation against the firm proliferating at an impressive pace and the danger of both astronomical penalties and criminal filings increasing it is becoming increasingly likely that we may be seeing the last days of this once great firm." "Sony�s response has been "who cares" http://www.theregister.co.uk making it likely that judges are not going to be kind in either their approach or the level of pain they inflict on the firm. Odds are we will see executive changes shortly." "Regardless, whether you agree with Dan Gillmor and want to make a point or simply want to protect yourself (getting service out of a bankrupt company can be really painful) avoiding Sony products would probably be a good idea right now." FTC cracks down on spyware Widespread abuse of downloadable, computer hijacking malware is finally getting a portion of the focus it deserves. It doesn't matter whether the download is a server attached to the internet or an audio CD from a major corporation. The effect and the offense are the same. http://www.infoworld.com/article/05/11/11/HNftcspyware_1.html?source=NLC-TB2005-11-11

gfmlcka	Date: November 16, 2005 @ 4:09 AM From the horses mouth (or ass if you prefer) : http://cp.sonybmg.com/xcp/ "We have learned that the software includes a feature that may make a user�s computer susceptible to a virus written specifically to target the software." It's not a bug, it's a feature! "We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer." Right , just like the last one that opened more holes than it closed. I'll wait for reports from security firms first if you don't mind, Sony's credibility ia at zero right now. Might as well rename in NOSY. "Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music." First of all whenever you see or hear the phrase "going forward" or "moving forward" it's coming out of the mouth of some marketing douchebag who hasn't a clue. Second of all you do not need to identify new ways for us to listen to music. Adhere to Redbook standards, it has worked just fine for decades. What you need to do is get over your delusion that sharing hurts sales, that every download is a lost sale and that somehow the internet genie can be put back in the bottle and that you can stop 1's and 0's from being copied and shared on the internet. It would also help if you could extricate your collective heads from your asses and realize that suing your customers is stupid and counterproductive. It would really help if you would sell music actually worth buying at a reasonable price. Thirdly, we are Customers NOT Consumers. Your product is not required. Lastly SonyBMG, you can expect a complaint to Elliot Spitzer from me for all the time I have spent cleaning your crap off my systems. And did I say Fuck You? Fuck You.

CynicalGeezer	Date: November 16, 2005 @ 4:50 AM THAT'S gettin' 'em told! Yeah, and Sony's damage control crap isn't going to help them this time; THIS TIME when all the fall-out has finished hitting the fence, it'll be seen they had themselves in deep enough doo-doo that the financial bottom line of their music division will be unprecedentedly traumatic.

gfmlcka	Date: November 16, 2005 @ 4:55 AM autodidact, from SonyBMG FAQ : "The XCP software is included on about 50 CD titles recently issued or reissued by Sony BMG. This content protection technology was provided by a third-party vendor, First4Internet, and is designed to prevent unlimited copying and unauthorized redistribution of the music on the disc." http://cp.sonybmg.com/xcp/english/faq.html I suspect it's alot more than 50 CD's. Add hundreds of thousands of networks and millions of users and this adds up to a HUGE problem for itsec folks and a wetdream for vxers.

Lachatte	Date: November 16, 2005 @ 8:35 AM Otech, I glanced through that long, second link. :nod: This was clear: "By means of the present invention as described above, the following effects are obtained. Since only titles for which legitimate software has actually been purchased and which have been initially registered in the machine table can be used, resale (so-called used software purchase) after purchase by an end-user becomes practically impossible." I have purchased used games for PS2 at reasonable prices from reputable stores in the past. Kids are able to unload older games for the latest versions. The kids are happy, the store makes money, and the customer who shells out $ 9.99 instead of $49.99 is very happy. Sony wants to eliminate this market? I haven't heard any requests from my kids or nephews for PS3. I'd like to keep it that way.

gfmlcka	Date: November 16, 2005 @ 8:57 AM Sony would kill the First Sale and Fair Use Doctrines as soon as it is able. Let's kill them first.

TrueAudio	Date: November 16, 2005 @ 12:56 PM "All the cartel members are playing dead possum hoping this will blow over and leave them unaffected. Naturally Sony isn't going to be able to do this since they got caught with their fingers in the cookie jar. Just because you don't hear anything from them don't think they weren't considering it also. F4I (the maker of the rootkit) has already stated that all the cartel members had purchased the software and were certainly using it in limited editon releases (most probably for critics to try and discover who is letting the cat out of the bag early). Look for some other action to come up to attempt to divert attention from this mess and try to pull Sony's fingers out of the cookie jar. Just keep focused on the real thing. Don't let it slip from public attention. These sort of misdeeds are the best way to get the lawmakers to retract or at least amend the laws that have gone way to far out of balance towards copyright holders. The sole reason for copyright to exist has been really distorted. Without material reaching public domain, there is no reason that any work should be copyrighted. That was the original intention and bargain with the holders to allow them the sole exclusivity. That part of the bargain has been so distorted that nothing reaches public domain. If its time runs out to be in public domain, where are the sources for these works? Mostly when those works economic viability is gone, so is the work. Those holders aren't holding the works for public domain. Once they have gotten their use out the works they chunk it. Odds are that by the time those works are eligiable, there won't be any equipment on the market that will play it back. Copyright lengths should be amended to read that once economic livelyhood is gone, those works are returned to the public as public domain. That would run out far sooner than the present scheme and would also encourage holders to continue to produce new stuff. The present idea that works 30 and 40 years old are as valuable as newer works is nothing short of price fixing. " http://p2pnet.net/index.php?page=comment&story=6992&comment=24541

MajorTreat	Date: November 16, 2005 @ 4:23 PM gfmlcka wrote: "suing your customers is stupid and counterproductive." Not to mention dangerous! Meanwhile I concure with the "Fuck You" while they seem pretty good at "Fucking" themsleves!

jeffmorse752	Date: November 16, 2005 @ 5:47 PM Sony's so called "cure" for their XCP rootkit DRM is almost as bad as the disease. The uninstaller leaves behind an Active-X control called CodeSupport, which opens a serious security hole that allows any subsequent webpages visited by the user to download, install, and run any code it likes: http://blogs.washingtonpost.com/securityfix/2005/11/sony_uninstall_.html And according to a Seattle-based security researcher, as many as half a million networks could be infected by the rootkit DRM: http://wired-vig.wired.com/news/print/0,1294,69573,00.html Although I feel for those who have gotten infected by this, or then used Sony's so called "fix", I have a smug sense of satisfaction in knowing the company could be up to their ears in lawsuits for months, if not years, to come.

gdZiemann	Date: November 16, 2005 @ 7:11 PM One of the Wired.com stories says it's in the military and government computers. Or at least one of each. Didn't someone at the RIAA recently say something stupid like, "All of the bad press is really good press"?

shadeswv	Date: November 16, 2005 @ 8:38 PM Has anyone seen the SonyBMG scandal on the TV media yet? It looks like MSNBC did a brief segment. I have placed a video link below: MSNBC Report

hawk7771	Date: November 17, 2005 @ 3:51 AM CD's Recalled for Posing Risk to PC's By TOM ZELLER Jr. Published: November 16, 2005 The global music giant Sony BMG yesterday announced plans to recall millions of CD's by at least 20 artists - from the crooners Celine Dion and Neil Diamond to the country-rock act Van Zant - because they contain copy restriction software that poses risks to the computers of consumers http://www.nytimes.com/2005/11/16/technology/16sony.html?ore

gfmlcka	Date: November 17, 2005 @ 7:06 AM Bruce Schneier weighs in : http://www.wired.com/news/privacy/0,1848,69601,00.html?tw=wn_tophead_2

gfmlcka	Date: November 17, 2005 @ 7:59 AM XCP infected list from Sony : http://cp.sonybmg.com/xcp/english/titles.html

byteme	Date: November 17, 2005 @ 2:10 PM FYI - Sony XCP CDs, including Van Zant's, haven't moved from any shelves yet, as far as I can tell. I've seen them at Walmart, Target and Best Buy. I've double checked to make sure they weren't replacements and they still had the XCP indicator on the back. I wasn't necessarily expecting retailers to yank them this quickly...just thought you folks would like to know.

Dreddsnik	Date: November 17, 2005 @ 4:49 PM "Bruce Schneier weighs in :" Traffic seems a bit "heavy" there. If you can't access the article there, read Bruce Schneier's blog HERE Bruce Schneier's Blog The entire article is here as well :)

TotallyFrust...	Date: November 17, 2005 @ 6:52 PM Hmmm...Seems the list on Sony's site is a wee bit bigger than the "Rough;y 20" that we have been told. Possibly another case of mistaken facts from Sony??

surfside6	Date: November 17, 2005 @ 7:24 PM Sony site Hacked!!!! see this link http://p2pnet.net/story/7018

wet1	Date: November 18, 2005 @ 3:00 AM Two new F4I license infringements found http://www.the-interweb.com/serendipity/index.php?/archives/20051117.html (including one from DVD John's work with VLC on GPL license) TrueAudio, Thank you for carrying my post here from p2pnet. I am humbled that someone thought it worth rereading elsewhere. :)

gfmlcka	Date: November 18, 2005 @ 10:06 AM It just keeps getting better ....... http://www.theregister.co.uk/2005/11/18/sony_copyright_infringement/

independentm...	Date: November 18, 2005 @ 4:09 PM Rootkit worm linked to hacker group in Middle East --ZDNet This may not be the same as the Sony rootkit.

independentm...	Date: November 18, 2005 @ 4:24 PM A sample of some of the mail we been getting from the INBOX: i hope that word of the sony boycott will somehow reach all the main networks (nbc,abc,cbs,fox,cnn,etc). THIS HIDDEN SOFTWARE IS DANGEROUS STUFF!! EVERYONE WHO HAS A COMPUTER (including banks,finance companies,etc) WILL BE AT RISK FOR FUTURE INVASIONS IF THIS IS NOT MADE ILLIGAL. more companies will think they can "imbed" hidden software if sony gets away with this,with a "slap on the wrist" excuse to offer a "patch" that does not fully work. THIS NEEDS TO STOP NOW. i have been a radio DJ since 1977 and i saw how "payola" worked even way back then.. by the way,wasn't sony just in trouble for that also?? i urge evryone NOT to buy ANY sony product this xmas..

independentm...	Date: November 18, 2005 @ 5:41 PM Sony BMG offers MP3 files and disks for unsafe CDs --The Washington Post ...not good enough Sony. Do away with DRM forever (and stop being evil) ...THEN maybe we'll talk.

shadeswv	Date: November 18, 2005 @ 10:20 PM Sony BMG Canada Statement This link is displayed on the homepage at the top. However, there is no such link on the US site.

independentm...	Date: November 18, 2005 @ 10:34 PM Thanks for this news shadeswv! (Even though we are USA-centric, this IS actually kinda global site.) You ROCK! (And welcome aboard!) Thanks a TON for this MSNBC vid link (...which has been the ONLY mega-media TV news I have seen devoted to this fiasco thus far.)

Dreddsnik	Date: November 19, 2005 @ 9:19 AM One of the reasons Sony is pulling this crap is not so much infringers as it is .. Apple. Sony pisses and moans about iTunes lack of "interoperability". Ths solution is sooo obvious and yet, no label will ever consider it. ipods support plain 'ol MP3's, correct ? Well then, Stop using DRM OF ANY KIND. The paying customer can then take ANY CD, make MP3's, put 'em on their damn iPod. DUH. There's your fucking iPod breaker Sony. Total elimination of DRM.

gfmlcka	Date: November 19, 2005 @ 1:17 PM Would you like DRM with your mp3's? http://www.upsrow.com/sonybmg/ It will be very interesting to find out if these replacement CD's have another flavor of DRM. And I'll eat my hat if those mp3's aren't watermarked somehow. Anyone know if it is possible to detect a watermark if you didn't put it there? (steganography)

gdZiemann	Date: November 19, 2005 @ 2:10 PM Someone watched NUMB3RS last night...

gdZiemann	Date: November 19, 2005 @ 2:11 PM My wife just saw a discussion on CNN about Sony. Evidently one of the anchors had actually bought one and was pissed.

gdZiemann	Date: November 19, 2005 @ 2:14 PM BBC had an article that said Amazon is contacting customers who bought a Sony CD and offering them a refund.

gfmlcka	Date: November 19, 2005 @ 3:10 PM George the only TV programs I watch are the Simpsons, Family Guy and The Daily Show. Ok, and That 70's Show. What was the Numberz plot? And yes both Sony and Amazon are offering replacements/refunds.

shadeswv	Date: November 19, 2005 @ 7:14 PM I was doing some weekend errands today, and I found myself in FYE, Circuit City, and Wal-Mart. I just thought I would check, and several of the XCP titles, such as Swithfoot's Nothing is Sound and Van Zant's Get Right With The Man, were still in stock. I casually asked if they new about the recall. The clerk at each store had no clue about the situation. I was not surprised. The clerks are usually the last to know these things. It is a little interesting that Amazon acted quicker than Wal-Mart, but oh well.

autodidact	Date: November 19, 2005 @ 7:35 PM http://www.nytimes.com/2005/11/19/business/media/19online.html New York Times The Rootkit of All Evil. By DAN MITCHELL Published: November 19, 2005 SONY BMG can take two lessons from its recent wayward attempt to fend off digital piracy: One, in a world of technology-astute bloggers, it's not easy to get away with secretly infecting your customers' computers with potentially malicious code. And two, as many a politician has learned, explaining your own screw-up badly is often worse than the screw-up itself. Or as Wired News put it, "The Cover-Up Is the Crime." It all started on Halloween, when Mark Russinovich, a computer security researcher, discovered that the antipiracy software that a Sony BMG CD had installed on his machine was based on a "rootkit." Rootkits are often used by malicious hackers to disguise spyware, malware and other nasty stuff. Removing one can do damage, even destroying an operating system. Mr. Russinovich posted his tale on his blog, sysinternals.com/blog, and the pile-on commenced. Sony BMG responded by offering a piece of software it said would remove the rootkit, but at the same time said the rootkit was "not malicious and does not compromise security." Thomas Hesse, president of Sony BMG's Global Digital Business, went on National Public Radio to say that "most people, I think, don't even know what a rootkit is, so why should they care about it?" Cory Doctorow on boingboing.net wrote: "What petulant jerks. Look, Sony, you got caught sleazing your customers' computers. Telling us that it wasn't so bad is just infuriating and insulting. An apology would have been better received." Things grew worse for Sony BMG. The company angered many music fans with its complicated uninstall process, which required them to disclose their e-mail addresses and make multiple visits to sonybmg.com. (Several days later, researchers at Princeton asserted that the removal tool itself left computers vulnerable to attack, prompting Sony BMG to remove it temporarily.) Antivirus companies said they had detected malicious software on the Internet that was aimed at the vulnerability created by the rootkit. Dan Goodin, a Wired News columnist, called for a boycott of Sony BMG. This week, Sony BMG relented, somewhat, and announced a recall of all rootkit-containing CD's, in exchange for "clean" ones. Mr. Doctorow, less than impressed, called Sony BMG's statement "a non-apology apology."

gfmlcka	Date: November 20, 2005 @ 5:50 AM World's Biggest Asshole, Cary Sherman, just couldn't keep his yap shut....... http://www.malbela.com/blog/archives/000375.html I don't know where to begin.

gfmlcka	Date: November 20, 2005 @ 6:06 AM "Yet we recognize that there is considerable work still to be done, particularly in regard to addressing the emerging challenges of campus Local Area Networks or LANs as well as unauthorized........" Computers, internet connections and CD burners. For Chrissakes Cary, pull your head out of your ass for a moment and take a breath of fresh air.

gfmlcka	Date: November 20, 2005 @ 6:11 AM �They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?� Seems very responsible to you? And Hitler saying "Oopsie" would be fine by you. WHAT AN ASSHOLE.

gfmlcka	Date: November 20, 2005 @ 6:16 AM �How many burns are you allowed of a movie? None. How many of a videogame? None. You get the idea. Even the CDs with content protection allow consumers to burn 3 copies or so for personal use. The idea is not to inhibit personal use, but to allow personal use but discourage (not prevent, you can never prevent) copying well beyond personal use.� The idiocy of that statement just boggles the mind.

gfmlcka	Date: November 20, 2005 @ 6:21 AM �And for generations, students have spent their hard-earned dollars on the music they love in the local college record store. How many of those stores are left now? Makes you realize just what the impact of illegal downloading can be, and why we've taken the actions we have." Makes you realize what the impact of corrupt, price fixing, clueless corporations peddling shit while suing their customers can be. You've taken the actions you have because you're all douchebags. Rot in hell.

gfmlcka	Date: November 20, 2005 @ 6:26 AM "When you download a song illegally or burn a copy for everyone on your dorm, you are undermining the ability of the music companies to invest in the next great up-and-coming band you have yet to hear about." Every copy you make puts one less line of cocaine on our execs table and one less gallon of gas in their Hummers. Boo fucking Hoo.

gfmlcka	Date: November 20, 2005 @ 6:35 AM Cary Sherman: It's a common misconception that when people spend $15 on a CD, they're simply paying ultra-rich megastars and big record labels. First, a lot of that $15 goes to the record retailer who is trying to make a living by selling music. But more importantly, behind the artist you've heard of, there are countless others who have contributed to that recording or to trying to make that recording a commercial success. Studio musicians and background vocalists, the members of the band, the studio engineers, the producers, the songwriters and publishers, the marketing and promotion people -- you wouldn't believe how many people get involved in the making of a CD from conception to distribution. They make their living by the revenues that are earned from the sale of the product. When people download it without paying for it, or get a burned copy from someone else, there's that much less money for the people who worked to make that recording. And there's also a lot less for record labels to invest in another artist tomorrow." Yeah right, how many artists see even $0.25 of that $15 Cary? Name one asshole. Britney? Backstreet Boys? NSUCK? Try investing in real talent rather than shit du jour. And stop blaming the consequences of your incompetence and greed on downloaders, jerk.

gfmlcka	Date: November 20, 2005 @ 6:43 AM "Cary Sherman: Whatever we do, we know that file-sharing will continue, just as physical piracy will always continue no matter what we do. We all recognize that the most important thing we can do to deal with illegal activity online is give consumers a better alternative -- a legal service that they love. That's what lots of companies are now doing, and we hope that ultimately the legitimate marketplace will outpace the illegal downloads." Why then did you refuse to accept a licensing deal with Napster? Hypocrite.

gfmlcka	Date: November 20, 2005 @ 6:52 AM Sherman has all the credibility Scott McClellan. Whenever he opens his mouth you just know shit is spewing forth.

TotallyFrust...	Date: November 20, 2005 @ 7:32 AM �How many burns are you allowed of a movie? None. How many of a videogame? None. You get the idea. Even the CDs with content protection allow consumers to burn 3 copies or so for personal use. The idea is not to inhibit personal use, but to allow personal use but discourage (not prevent, you can never prevent) copying well beyond personal use.� Just because you see someone else jump off a bridge....Uh...In your case, go ahead, follow them ;-)

TotallyFrust...	Date: November 20, 2005 @ 7:41 AM Here's some questions I would love to see asked in these things: How many big Corps shuffle the books and manipulate the market? How many RIAA members ponied up for payola? How many RIAA members are convicted fellons? As far as your defense of Sony, are you suggesting that all these kids are required to do is simply say "Ooops, sorry..." and you guys won't clean out their college funds and piggy banks? I think Sony should be treated with the same level of consideration Sony has dealt its customers. THey should have eveything they hold taken away....plus a little more. They should not be allowed to slip out of it with a no-cost deal or a self defined penalty. To borrow an idea from old Careless Sherman, we need to educate them on how to treat the property of others by making sure they are completely wiped out. This way the other crooked greedy labels will learn not to do this kind of thing.

TotallyFrust...	Date: November 20, 2005 @ 7:45 AM �How many burns are you allowed of a movie? None...." Wasn't there a thing in Europe (France I think) where this was found to be illegal? I seem to remember a past post that informed us that the MPAA was in violation of French law by not allowing for a backup copy. Can we conclude that this is Cary Sue's way of justifying their illegal business practices? Simply by saying "Well, the other kids were doing it..." Sheesh....That didn't work for me when I was kid and it certainly didn't work for my kids either. Let's spank them and send them to bed with no supper!

CynicalGeezer	Date: November 20, 2005 @ 1:00 PM "I think Sony should be treated with the same level of consideration Sony has dealt its customers. . . They should not be allowed to slip out of it with a no-cost deal or a self defined penalty." Well-phrased.

gdZiemann	Date: November 20, 2005 @ 3:12 PM "What was the Numberz plot?" Using steganography to hide a picture inside another picture.

gdZiemann	Date: November 20, 2005 @ 3:14 PM "How many big Corps shuffle the books and manipulate the market?" All of them How many RIAA members ponied up for payola? All of them How many RIAA members are convicted fellons? Does this include the artists?

gdZiemann	Date: November 20, 2005 @ 3:22 PM "you wouldn't believe how many people get involved in the making of a CD from conception to distribution." And every one of them gets paid before the artists, including A&R reps with a 10% success rate. Lots of dead weight sucking the cash out from under the performers.

SonyFuccedUp	Date: November 20, 2005 @ 4:21 PM I am VERY PISSED! 1. Because I am a victim, 2. Because this shit downloaded to my pc without my knowledge, 3. Because there is no fucking uninstall, 4. Because I called sony and the assholes were very rude to me. After numerous internet searching, reading and finding out what sony was up to I came across the list of cds that are infected. I wonder why sony hasnt included the artist cd and title that infected my pc which is "GINUWINE - Back II Da Basics". They are still being dishonest by not making a complete list of infected cds. I have already contacted a few retail stores and fox news(they have sent this to their problem solvers)...ABC, NBC, CBS will be next. Every friend, family member, co-worker etc will know about this. Michigan Attorney General will know about this. I will visit every message board possible. everyone from my msn to yahoo messenger will know about this...every chat room..every blog...when I see someone in a store pick up a cd I will warn them. I am out for sony blood and I will not stop until I taste it! Sony will lose!!!

wet1	Date: November 20, 2005 @ 5:28 PM DRM is a sow's ear posing as a silk purse. Only the content holders like it. What they can't do is convince the customer that it is worth it. As far as Cary and the reason that mom and pop record stores are drying up, sweetheart deals to the chain stores, allowing them to undersell at a price that mom and pop stores can't meet didn't have anything to do with it, did it? Nor did selling on line. Where are the mom and pop stores selling on line, btw? Cary and cronies are at the end of the feed chain. They feel the heat last. What selling to the chain stores at cut rate did, was limit the shelf space to display the wares. Put out less to offer for sale and what are the results? Cut your output being released to the public and expect more money is the theme they are operating on now. Not much is coming out new that is remotely ear appealing. It seems that the new releases are predominatedly by that great cover group preformer "Greatest Hits". After being offered for the last 40 years, not many folks need a repurchase. DRM has only made it difficult for the customer. Who wants to spend money for products that don't work and requires far more efforts on the purchasers part just to get it to work? There was a purpose to the cd logo. It meant if you bought it and took it home, it would work in your player at home or in the car, or on your portable. Something that no longer seems to be very important to the industry. Sony has shown its true stripes with the rootkit debacle. It has yet to remotely own up to the idea really wasn't a good one and they are on par with everyother virus writer out there. Doing illegal things and hoping not to get caught. Sony has been caught so many times that it is getting to be old hat to them. Trouble is they are like the RIAA. The cartels as a whole hope that Sony takes the heat for what they were considering. F4I already stated that all the majors were customers for their software. So it isn't like the rest were innocent of considering this same method. They just didn't get it out there first. Now that Sony got caught we will have bread and circus shows of well known artists toting the cartel line. Buddy ups with politicians for photo ops, and other "news" to divert attention from this little "oops" Sony made. Watch and see...

CynicalGeezer	Date: November 20, 2005 @ 6:21 PM Sony should be made to suffer for their sorry-assed DRM crap, and not be let off the hook easily.

SonyFuccedUp	Date: November 20, 2005 @ 6:29 PM I will call and make contact with these people EVERYDAY... General SONY BMG: 212-833-8000 SONY BMG Corporate Press: 212-833-5047 Management Department at 800-255-7514; 856-722-8224 in New Jersey 800-282-2848 800-222-7669 sonymusiconline@sonymusic.com

PenisBrain	Date: November 20, 2005 @ 11:13 PM The head sleaze comes out from under his rock to weigh in on the Sony mess.. "RIAA President Downplays Sony Rootkit" Thomas Mennecke Someone must have built a lead shield around the RIAA headquarters in Washington, DC. It's the only way to explain how RIAA president Cary Sherman doesn't see the enormously serious consumer backlash against Sony-BMG. During a university press round table discussion, Cary Sherman spoke with university journalists on various file-sharing issues, including the Sony-BMG fiasco. There are few individuals that would consider Sony-BMG's handling of the rootkit situation a job well done. To hide the copy-protection software, the Sony-BMG rootkit employed techniques typically used by hackers or virus writers. The purpose of a rootkit is to hide files or folders, making them invisible to standard anti-spyware or anti-virus software. Sony-BMG used this very technology in their XCP (Extended Copy Protection) CDs, created by First4Internet. Anti-DRM arguments aside, Sony-BMG found itself in so much hot water was due to several reasons. First, Sony-BMG never mentioned the extent or scope of the XCP technology in the EULA (the 3,000 word End User Licensing Agreement.) It was never mentioned files or folders would be hidden on one's machine. In addition, according to Sysinternals, when playing a CD on Sony-BMG's proprietary media player, it "...establishes a connection with Sony�s site and sends the site an ID associated with the CD." Sony-BMG also never mentioned the potential damage caused when removing the rootkit. When Mark Russinovich, the individual who discovered Sony-BMG's rootkit, removed the clandestine software, the CD drive no longer functioned. On top of all this, Russinovich also pointed out Sony-BMG�s rootkit presented a gapping security hole. Any virus writer could easily create a virus identically named to Sony-BMG's rootkit and take over an untold number of infected machines. But all of this didn't appear to phase Sony-BMG much. Initially Sony-BMG and First4Internet denied there was security problem (until the first viruses started popping up.) Even when Sony-BMG released their web-based uninstaller, which posed even a greater security risk, security vulnerabilities were still denied. You may recall the following from Sony-BMG's November 2nd statement: "This component is not malicious and does not compromise security." Compounding the situation a Sony-BMG president chimed in on the issue. Thomas Hesse, president of Sony-BMG's Global Digital Business, told NPR News "Most people, I think, don't even know what a Rootkit is, so why should they care about it?" Perhaps at that moment, few people knew or cared about rootkits. But that changed in a matter of days. It was obvious within a two weeks that an enormous public backlash had erupted against Sony-BMG, one that may threaten the very existence of DRM. Seemingly downplaying the issue, Cary Sherman responded to a reports question on whether the RIAA condoned the actions of Sony-BMG. "The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?� Although Sony-BMG �shared the concerns� and �deeply regret any inconvenience� its customers may have encountered, it never specifically came out with an apology. Sony-BMG never said �We are sorry for our mistake� and never said �We apologize...� Seems very irresponsible.

captdunsel	Date: November 21, 2005 @ 1:22 AM so does anyone know of a list of cds that are using this crap?

cobrastrike	Date: November 21, 2005 @ 1:37 AM captdunsel - see gfmicka's post above on Nov. 17, 2005 @ 7:59 AM

PenisBrain	Date: November 21, 2005 @ 1:46 AM dunsel, Myself and others also listed cd's that were using this garbage in the news. http://www.boycott-riaa.com/article/18650

CynicalGeezer	Date: November 21, 2005 @ 3:13 AM Gad, nice up-to-date summary (the Mennecke article you posted).

independentm...	Date: November 21, 2005 @ 4:30 AM * Announcement Monday on EFF's Plans re: Sony BMG The Electronic Frontier Foundation (EFF) will have an announcement on Monday about EFF's plans regarding the First4Internet XCP software and the SunnComm MediaMax software that Sony BMG included in 24 million copies of their music CDs. The software has affected the computers of unsuspecting customers when they used their CDs on computers running the Windows operating system. For more on EFF's concerns see: click here

independentm...	Date: November 21, 2005 @ 4:36 AM I saw a thingy on CNN about mid-day yesterday! And it was VERY anti-Sony! :)

gfmlcka	Date: November 21, 2005 @ 11:41 AM "The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware." UNAWARE??????? Just how fucking stupid do you think we are Cary? Writing a kernel level driver like aries.sys takes alot of time and talent. They knew EXACTLY what they were doing. To claim that software that hides ANY file prefixed with $sys$ is not a security risk is absurd. Cary, you are either clueless or lying. Probably both. Cary Sherman, Worlds Biggest Asshole.

gfmlcka	Date: November 21, 2005 @ 12:12 PM Pleading ignorance is no excuse.

gfmlcka	Date: November 21, 2005 @ 12:16 PM Spread the word......... http://www.sonysuit.com/

SonyFuccedUp	Date: November 21, 2005 @ 12:18 PM These assholes at sony claim that they have offered a uninstall but they are STILL LYING. $sys$ is still alive and running in my processes. They havent heard the last of me!

SonyFuccedUp	Date: November 21, 2005 @ 12:47 PM Thanks gfmlcka for that information. I tried speaking with Andrew Lack and his secretary told me he was in a meeting..how convientient! Too bad for her because she will be hearing from me all day...day after day until I get him on the phone. These people care nothing about consumers. Lots of people like myself cant afford to just go out and replace a computer if something goes wrong. All they want to feed us is the bullshit about replacing an infected cd. Well what about the infected pc's..they need to start replacing those as well.

PenisBrain	Date: November 21, 2005 @ 12:48 PM "Does Sony�s Copy Protection Infringe Copyrights?" Ed Felten The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It�s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press: the likelihood that the Sony/First4Internet XCP copy protection software itself infringes several copyrights. (Note to geeks: Slashdot doesn�t qualify as the mainstream press.) http://www.freedom-to-tinker.com/

SonyFuccedUp	Date: November 21, 2005 @ 1:53 PM I have called 9 different stores in 6 different states to ask them have they pulled their recently sony distributed cd's due to malware and only 2 of those retail stores had a clue of what I was talking about and stated that they have pulled their cds. The other 7 people told me that they never heard anything from sony nor have they ever heard of a cd having malware on it. Surprise Surprise!

cobrastrike	Date: November 21, 2005 @ 3:22 PM SonyFuccedUp: Have you signed up at leflaw.com ? Fill out the info on the right sidebar. He might be able to help.

gdZiemann	Date: November 21, 2005 @ 4:06 PM Texas Sues Sony

gdZiemann	Date: November 21, 2005 @ 4:07 PM Reminder from the top of the thread: DON'T post a lenthy rant if you can help it. ONLY give the link to where the article/item can be found and give a short description. (If you write something original about it all, use the "submit button" or another thread and I WILL go to the "front page" if it is something not already covered here!)

gdZiemann	Date: November 21, 2005 @ 4:30 PM Ignorance must be bliss. Piece of Tape Defeats Sony DRM

wet1	Date: November 21, 2005 @ 4:37 PM No problem, knew there was a reason I left here. Laterz.

shadeswv	Date: November 21, 2005 @ 8:24 PM I just saw a brief report (under 15 seconds, probably) on Fox News. I guess it took the Texas case to get the mainstream news media to report anything about SonyBMG on the air.

peatrap	Date: November 21, 2005 @ 9:54 PM State laws on spyware http://www.ncsl.org/programs/lis/spyware05.htm

PhantomGhost	Date: November 21, 2005 @ 10:19 PM EFF joins Texas, sues SONYBMG ------------------------------------- AUSTIN, Texas -- Sony BMG Music Entertainment's troubles over anti-piracy technology on music CDs deepened Monday as Texas' attorney general and a California-based digital rights group said they were suing the music company under new state anti-spyware laws. The Texas lawsuit said the so-called XCP technology that Sony BMG had quietly included on more than 50 CD titles leaves computers vulnerable to hackers. Sony BMG had added the technology to restrict to three the number of times a single disc could be copied, but agreed to recall the discs last week after a storm of criticism. The Electronic Frontier Foundation said Sony BMG needs to further publicize the recall and compensate consumers for costs associated with removing the software, an onerous process. It filed its suit Monday evening in California Superior Court in Los Angeles. ---------------------------------------- http://seattlepi.nwsource.com/business/1700AP_Sony_Copy_Protection.html

PhantomGhost	Date: November 21, 2005 @ 10:28 PM IRONIC: Does Sony�s Copy Protection Infringe Copyrights? http://www.freedom-to-tinker.com/ Monday November 21, 2005 by Ed Felten The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It�s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press: the likelihood that the Sony/First4Internet XCP copy protection software itself infringes several copyrights. (Note to geeks: Slashdot doesn�t qualify as the mainstream press.) Matti Nikki (a.k.a. Muzzy) and Sebastian Porst have done great work unearthing evidence pointing to infringement. They claim that the code file ECDPlayerControl.ocx, which ships as part of XCP, contains code from several copyrighted programs, including LAME, id3lib, mpglib, mpg123, FAAC, and most amusingly, DVD-Jon�s DRMS. These are all open source programs. And of course open source is not the same as public domain. Open source programs are distributed with license agreements. If you copy and redistribute such a program, you�re a copyright infringer, unless you�re complying with the terms of the program�s license. The licenses in question are the Free Software Foundation�s GPL for mpg123 and DRMS, and the LGPL for the other programs. The terms of the GPL would require the companies to distribute the source code of XCP, which they�re certainly not doing. The LGPL requires less, but it still requires the companies to distribute things such as the object code of the relevant module without the LGPL-protected code, which the companies are not doing. So if they�re shipping code from these libraries, they�re infringing copyrights. How strong is the evidence of infringement? For some of the allegedly copied programs, the evidence is very strong indeed.

Capt-n-Jack	Date: November 22, 2005 @ 12:03 AM Just a curious thought, would uninstalling the DRM on your computer be against the DMCA?? I guess since Sony never asked permission to install something there wouldn't be any penalty for removing it. People that know something about computers will be able to resolve this problem, but what about the bulk of the computer users that aren't THAT computer savvy?? This code will be there and they'd never know it, until they start having problems, then they'll be forced to spend money on service...that's bad.

independentm...	Date: November 22, 2005 @ 1:24 AM GadflyDiscourse Date: November 21, 2005 @ 4:27 PM "Texas sues Sony BMG for 'spyware' on CDs" The state of Texas sued Sony BMG, alleging that the company "surreptitiously" installed spyware on personal computers through music CDs with a copy protection program. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," said Texas Attorney General Greg Abbott in a statement after suing under the state's anti-spyware law. "Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime." Sony BMG, one of the world's biggest music companies, said last week it was ending the use of the software provided by a third-party vendor and allowing consumers who purchased CDs to exchange them for similar items without the software. The joint venture of Japan's Sony and German-based BMG recalled the CDs after a firestorm of protests and the threat of legal action over its use of the so-called XCP copy protection software. Experts say that when one of the CDs is inserted into a PC, the copy-protection software can modify computer settings and expose computers to a variety of malicious software programs. --------------- GadflyDiscourse then blurts a rude comment at another forum member... so I edited it out. Gad, you know you are supposed to save that rude crap for the Off-Topic Threads (or better yet, don't be rude at all!) Next time I might just zap your post entirely!!!