Tempers flared further after November 4, when Russinovich announced in his blog that other software accompanying XCP on the Sony BMG discs "phoned home," contacting Sony BMG over the Internet every time a user played a protected CD. Acting on a tip from a Finnish hacker and computer science student named Matti Nikki, Russinovich used a "network tracing" program to analyze traffic flowing into and out of his computer. He found that during startup, the protected CDs would check with a server at Sony BMG for fresh material for a rotating banner advertisement displayed with the player. This exchange was innocuous enough; but to Russinovich and readers of his blog, the affront was that Sony BMG had not disclosed in the CDs' EULAs that the software would send data to the company or spelled out how that data would be used. "I doubt Sony is doing anything with the data," Russinovich wrote, "but with this type of connection, their servers could record each time a copy-protected CD is played and the IP address [the location on the Internet] of the computer playing it." Security professionals, bloggers, and music fans weren't the only ones who were dismayed. The U.S. Department of Homeland Security criticized Sony BMG for releasing products that undermined antivirus software and exposed both government-owned and privately owned computers to hackers. At a November 10 trade conference on piracy, Stewart Baker, the department's assistant secretary for -policy, chastised big media for its obsession with DRM. "It's very important to remember that it's your intellectual property, [but] it's not your computer," Baker said. Over and over again, people who encountered the rootkit expressed a sense of violation. John Guarino, the computer consultant, offers this analogy: "Say you want to install cable TV in your apartment. You call the cable company. They say someone is going to come and install it. The cable guy makes you sign something before he comes into the apartment. Then you find out he didn't actually leave the apartment when he was done. He is still hiding. And you call the company and say, 'This guy is still here,' and they say, 'But you signed the document.' And you say, 'Yeah, but he still shouldn't be here. Where is he?' and they say, 'We're not going to tell you that.' "And not only is this guy hiding inside your apartment -- he's actually eating from your refrigerator, drinking your water, using the bathroom, and you can't stop him. He could be inviting other friends over and letting them in. And if you try to find him and take him out yourself, he's going to throw bombs, and you'll have to call the construction guys to rebuild your whole apartment. "That's what Sony is doing. The rootkit uses your processor, it uses your memory, your hard disk. You can't take it out easily, because they won't tell you how. If you try to take it out, it actually messes up your computer. The only solution is to reinstall the whole operating system. It's total lawlessness, and it's unacceptable." |
Audio »
Share »
Digg this
Add to del.icio.us
Add to Reddit
Add to Facebook
Slashdot It!
Stumble It!
Add to Newsvine
Add to Connotea
Add to CiteUlike
Add to Furl
Googlize this
Add to Rojo
Add to MyWeb
Favorite
Print
E-mail
Tracking Laptop Thieves Safely
09/30/2008
Massachusetts Institute of Technology
Comments
Guest (potatomasher) on 05/26/2006 at 12:00 AM
1
Guest (tomwayne) on 05/30/2006 at 12:00 AM
1
Guest (Nikon1) on 06/07/2006 at 12:00 AM
1
I'm with Potatomasher - let the judicila system make an example of them, much like the RIAA is making examples of people who have downloaded music files. Let's say a cash penalty against Sony of 10 million dollars per CD title they released! That would get some attention and make them think.
I have not purchased - and will not purchase - a single item (CD / DVD / Gadget / Device) that carries the Sony name since this story broke. I won't even go to a Sony produced movie. Let Sony take their products and stick them up their collective anal openings!
Guest on 06/08/2006 at 12:00 AM
1
Guest (I-Hate-Sony) on 06/16/2006 at 12:00 AM
1
Guest (Kennethclaytonchristensen@yahoo.com) on 06/18/2006 at 12:00 AM
1
Guest (Wade Roush) on 06/23/2006 at 12:00 AM
1
Sony provides information on how to uninstall the XCP copy protection program (which contains the rootkit) at http://cp.sonybmg.com/xcp/english/updates.html.