[18963] in cryptography@c2.net mail archive
[Clips] Sony DRM infection removal vulnerability uncovered
daemon@ATHENA.MIT.EDU (R. A. Hettinga)
Wed Nov 16 14:03:18 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Nov 2005 12:56:22 -0500
To: cryptography@metzdowd.com
From: "R. A. Hettinga" <rah@shipwright.com>
--- begin forwarded text
Delivered-To: clips@philodox.com
Date: Wed, 16 Nov 2005 12:55:50 -0500
To: Philodox Clips List <clips@philodox.com>
From: "R. A. Hettinga" <rah@shipwright.com>
Subject: [Clips] Sony DRM infection removal vulnerability uncovered
Reply-To: rah@philodox.com
Sender: clips-bounces@philodox.com
<http://www.theinquirer.net/print.aspx?article=27714&print=1>
The Inquirer
Sony DRM infection removal vulnerability uncovered
Tool is worse than original infection
By: Charlie Demerjian Tuesday 15 November 2005, 20:45
SONY PULLS OFF ANOTHER blatant stupidity in the 'cure is worse than the
disease' category. No, not the DRM infection itself, not the security
compromising removal agreement, but the removal tool itself. Yes, this one
appears to put you in MORE danger than the original rootkit. Silly Sony, no
cookie.
According to Freedon To Tinker, the web based installer is a worse
vulnerability than the original rootkit. More on the story here, FTT goes
into detail. It seems the 'cure' from Sony involves downloading an ActiveX
control called CodeSupport. This is a signed control that lets just about
anyone download, install and execute arbitrary code on your machine.
See a problem? See a big problem? To make matters even funnier, the
uninstaller, supposedly anyway, leaves this control on your machine. So,
the Sony uninstaller is not a total uninstaller, it leaves a hole you can
drive a truck through on your system, silently of course.
The more disturbing part is that it appears the control is signed. I
wonder who at MS approved this, and how this blatant security hole got
through the barest minimum of QC? Moral, if you bought Sony products, you
are screwed. If it causes you problems, you are screwed more. If you
uninstall, you are screwed yet harder. If you uninstall it yourself, you
are a criminal under the DMCA. If you use an antivirus program to uninstall
it, you spent money to fix Sony's problems, and you are still a criminal.
That's what you get for buying music.µ
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips@philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
