Thursday, November 17, 2005

Sony's Brain Fart

Bloggers Break Sony -->Nov. 16, 2005


Sony made an unpopular product decision and got its reputation incinerated by waves of flaming bloggers. That's a lesson for other companies.
By Thomas Claburn
InformationWeek

Sony's decision to withdraw its controversial copy-protected CDs followed weeks of flames by bloggers.

Sony BMG Music Entertainment said Wednesday it will stop selling 50 CD titles with its XCP content protection software. Sony also said it will remove the discs from stores, and offer replacements without copy protection to customers.

Before Sony acted, the company suffered through weeks of angry posts by bloggers who stirred outrage against the company.

It started when security researcher Mark Russinovich first posted to his blog that Sony's music CDs surreptitiously installed digital rights management software based on a "rootkit"--a hacking tool widely considered to be spyware. Following that, bloggers of all stripes, from seasoned security experts to aggrieved consumers, vented about the record company's unethical and possibly illegal behavior.

The day before the NPR interview, Sony attempted to mollify its critics by offering an update that "removes the cloaking technology component" of the XCP DRM software. The update notes claim, "This component is not malicious and does not compromise security."

That's simply not true--the rootkit component allows attackers to take control of target computers. Moreover, another component, the uninstaller Sony provided to remove the XCP software, did compromise security. And once again, it was the blog community that brought this fact to light.

In their Freedom-to-Tinker.com blog, computer researchers J. Alex Halderman and Edward Felten confirmed the findings of a Finnish computer expert that the uninstaller utilizes a poorly coded ActiveX control that allows any Web page a user visits to install and run any code its like on the user's machine.

READ THE COMPLETE ARTICLE

0 Comments:

Post a Comment

<< Home