Info on Sony/Bmg cd's.....a must read

[hooked 0]

I thought I would pass along this info I found on another site.

_________________________________

1. Editor's Note: Sony Is Just As Bad As Music Pirates

Sony's latest response to the threat of music piracy is to engage in behavior every bit as bad as the pirates it's trying to protect itself from.

Sony BMG Music Entertainment decided that the threat of piracy was so severe that it needed to protect itself by installing on customers' PCs hacker tools that exposed those systems to massive security
vulnerabilities.

Sony included hacker technology called a "rootkit" in the copy-protection software distributed along with one of its music titles. A rootkit is technology used by computer criminals to permit them to break into target
systems. The rootkit is such a hairball to remove that security researchers recommended users not try to remove it themselves, but rather contact Sony to get instructions.


Sony countered by saying that the copy-protection software is harmless and issuing a patch. Hackers, meanwhile, are making a mockery of Sony's claims by distributing code that they claim takes advantage of security holes opened by Sony's DRM.

And, as revealed Monday, the patch presents problems of its own; it can crash Windows.

The Sony software is, plain and simple, spyware, by any reasonable standard of the word. It installs itself without users' knowledge, it runs in stealth mode, it damages the user's system, and it resists removal.

Sony's tactic isn't just a problem for consumers; it's also a problem for business network managers. Employees often enjoy listening to music while at work, and an employee who innocently brings in a CD that's infected with Sony's copy protection can open a security hole to the entire network.

Sony had no excuse for its behavior. The fact that some of its customers pirate music does not legitimize Sony's hacking into all its customers' computers and exposing them to security holes. Sony needs to recall the infected media, confess it did wrong, apologize to customers, and make amends. Meanwhile, law-enforcement authorities need to investigate whether Sony is in violation of civil and criminal laws against computer piracy.

--------------------------------------
Sometimes we're just being Humans.....But we're always Human Beings.

[Slappie 9]

So you bought a Sony/BMG Cd with this software.. Let's look under the hood of the EULA (end users license agreement) <-- very interesting link.

The following was copied from EFF's website Red story here

This is pretty serious stuff to you iPod users, and anyone who buys CDs and wants to make digital copies to be used in their personal mp3 players or just played from a file on their home or work PC.

Now the Legalese Rootkit: Sony-BMG's EULA
November 09, 2005
If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.

First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.

Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:

If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."


If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.


You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.


Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.


The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.


If you file for bankruptcy, you have to delete all the music on your computer. Seriously.


You have no right to transfer the music on your computer, even along with the original CD.


Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.

"Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them."

[popsjumper 2]

Thanks...now I know what NOT to buy.

My reality and yours are quite different.
I think we're all Bozos on this bus.
Falcon5232, SCS8170, SCSA353, POPS9398, DS239

[Slappie 9]

Sweet looks like the Italian goverment is investigating whether criminal charges can be applied to Sony.

http://www.pcworld.com/resource/article/0,aid,123454,pg,1,RSS,RSS,00.asp

"Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them."

[Slappie 9]

Here come the BOTS

A first wave of malicious software written to piggyback on Sony BMG Music Entertainment CD copy protection tools has been spotted online, computer security companies said Thursday.

Sony's software, installed when playing one of the record label's recent copy-protected CDs in a computer, hides itself on hard drives using a powerful programming tool called a "rootkit." But the tool leaves the door open behind it, allowing other software--including viruses--to be deeply hidden behind the rootkit cloak.

The first version of a Trojan horse spotted early Thursday, which aims to give an attacker complete remote control over an infected computer, didn't work well. But over the course of the day, several others emerged that apparently fixed early flaws.

"This is no longer a theoretical vulnerability, it is a real vulnerability," said Sam Curry, vice president of Computer Associates' eTrust Security Management division. "This is no longer about digital rights management or content protection, this is about people having their PCs taken over."

Sony's use of the rootkit software has sparked a firestorm of criticism online and off over the company's techniques, highlighting concerns that remain over record labels' increasingly ambitious attempts to control the ways consumers can use purchased music.

Last week, plaintiffs' attorney Alan Himmelfarb filed a class action suit against Sony BMG in Los Angeles federal court, asserting that the company had violated state and federal statues on unauthorized computer tampering. The company's actions also constituted fraud, trespass and false advertising, the suit contends.

Other attorneys say they are considering other suits. Several Italian consumer groups also have said they are looking into the prospect of taking legal action against Sony, although the relevant discs were distributed by the record label's U.S. division and not intended for overseas sale.

Sony's use of the rootkit stems from record companies' growing concerns that unrestricted music copying is undermining their sales, and they have been looking for a technological way to limit the number of copies that people can make of each CD they buy.

Sony BMG has experimented with several different ways to do this. The current controversy focuses on just one of those tools, created by a British company called First 4 Internet.

The First 4 Internet software is included on a handful of CDs, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the albums are put in a computer's CD drive, they ask a listener to click through a consent form, and then install the rootkit copy-protection software on the hard drive.

A rootkit is a tool that takes a high level of control over a computer, potentially even preventing the original computer user from performing certain tasks. In this case, the First 4 Internet hides itself from view in the computer's guts.

One Trojan horse discovered by security companies Thursday is a variant of a pre-existing software distributed by spam e-mail, among other techniques.

One version of the e-mail claims to be from a business publication and says that it is using a photograph of the recipient for a soon-to-be published article, according to security company BitDefender. Clicking on the alleged photograph installs the malicious software, which then connects automatically to the Internet Relay Chat (IRC) chat network, opening up a channel to control the infected computer.

In a new version of the program, the software hides itself using Sony's rootkit tool and then tries to connect to a server on the chat network. The first version of the Trojan was unable to function after hiding itself, security company F-Secure said. However, several other variants have been found that are able to successfully take over control of a computer after hiding under the Sony software.

All virus companies are rating the danger as fairly low so far, since the Trojans seem to be spreading slowly.

Most antivirus companies are releasing versions of their software that identify or remove the Sony software. A patch on the Sony Web site will uncloak the copy protection tools, but computer users must contact Sony's customer service for instructions on removing it altogether.

Neither Himmelfarb nor a Sony BMG spokesman could immediately be reached for comment. A SonyBMG representative contacted last week noted that the software could be easily uninstalled by contacting the company's customer support service for instructions.

"Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them."

[rmaust 0]

"Sophos issues tool to detect and disable 'cloaking' flaw exploited by Trojans"

http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html


It's free and apparently checks for, disables and prevents reinstallation....


------------------------

-----------------------------------------------

[hooked 0]

I found this article as well:


Keep the pressure up folks. Write to Sony AND to your goverment officials. The RIAA and Sony have developed a HUGE security hole. Pandora's box has been opened. A complete re-write of Windows operating system may have to be done.

The arrogance of Sony is incredible: Sony BMG's President said: "Most people, I think, don't even know what a rootkit is, so why should they care about it?".

Sony RootKit Update

Already the first Trojans using Sony's system have appeared:

First Trojan using Sony DRM spotted

My God what a nightmare!!!

If you think you've been infected....join one of the class action suites now. You won't get anything out of it ( Typical class action suites deliver an average of $1.25 settlement ).....but it costs the Plaintiff MILLIONS!! Be sure to write your goverment officials in the US as well....becuase they are the morons that passed Legislation that allowed companies like the RIAA and Sony to develop this garbage. (Mind you, maybe the US Goverment doesn't really care. With the Patriot Act in place...what a dandy way to keep an eye on people. Lord help you all!!! But I digress....sorry)

In the meantime. What can you do to Protect Yourself?

1: Turn off AutoRun on your CD\DVD player now!!

2: If running XP\W2K\NT do NOT log on as an Administrater account. Change your Log-On to a Limited account. This will enable you to still play CD's and DVD's......but it will NOT allow the installation of any other software....such as evil DRM\Copywrite software. If you want to load new software, you'll have to switch to an Administrater acoount....which can be a bit of a PITA....but it's better than the alternative!!

3: Download "RootKit Revealer" this is a Program built by Mark Russovanich to search out " RootKits. It won't Remove the problem....but it will let you know if your system has been comprimised. Be aware that, becuase of the nature in how RootKits are detected, this is program may reveal some things that may be OK. Things like Firewall's and Virus Scanners are constantly changing Data. So don't be surprised if your system comes up with a few lines of info. What you are looking for is suspicious entries from unexpected programs. Click on the "Help" button to assist you in finding more information. You can also Highlight the suspect entry, then Copy and Paste to " Google" . This is an easy way to find out iff the suspect line is OK or not.


I would doubt that Sony will be releasing any more DRM protected CD's in the next while....the damage to the whole industry has already been done. Sony in one fell swoop has comprimised the complete Window OS. A complete re-think of Windows may be necessary....and that may be a good thing in the end

Keep Up The Pressure Folks!!!

--------------------------------------
Sometimes we're just being Humans.....But we're always Human Beings.