All the latest UK technology news, reviews and analysis
|
|
|
08 Dec 2005
Sony BMG has admitted to a new security problem affecting nearly six million of its CDs, after the detection of vulnerability with the MediaMax patch it supplied on 6 December.
According to watchdog group the Electronic Frontier Foundation (EFF) the most recent CD software "could allow malicious third parties … to gain control over a consumer's computer running the Windows operating system".
The EFF hired security firm Information Security Partners to analyse MediaMax. The company found a new vulnerability with the software that could allow unauthorised users to take full control of the computer's operations.
Sony BMG issued a patch but this was also flawed and could actually cause the security problem it was supposed to block.
Sony BMG stated that it is working on the problem and will release a modified patch if necessary. The problem only applies to CDs issued in the US and Canada.
The problems began last month when Sony BMG began shipping many of its music discs with a program called XCP.
The program had no effect on standard CD players, but installed itself on computers running Windows when a CD owner tries to play the disc on the computer.
It also proved very difficult to remove and was flagged by antivirus vendors as a vulnerability. To compound the problem XCP secretly sent information about users' listening habits over the internet to Sony BMG.
Sony began to withdraw about 4.7 million affected discs from stores, and set up an exchange programme for consumers who had bought about 2.1 million discs.
Meanwhile Sony BMG kept on using a different anti-piracy program called MediaMax, produced by SunnComm.
The EFF filed a lawsuit against Sony BMG's use of both XCP and MediaMax, claiming that the SunnComm program was also flawed.
The EFF cited research by J Alex Halderman, a student at Princeton University, who claimed that MediaMax sends information about users over the internet without their permission.
Halderman also claimed that MediaMax installs itself even if the user clicks a button that is supposed to stop the installation.
Latest stories from Law
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Solution Architect / Technical Project Manager / Corporate...
Tier 1 Investment Bank seeks an Administrator with an...
Are you a proven agile test engineer that wants to work...
A leading global organisation seeks a Lead Project Planner...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Enough is enough - boycott them
In my country (Italy) I pay a tax in favour of music/movie publishers even on the price of the CDs I use to save my son's pictures on. If I did against potential infractors of my home the same kind of intelligence RIAA does on me, I'd be jailed. Now SONY jeopardizes my PC, "just in case". Enough is enough. Criminal and civil liabilities must be recognized against these white collar criminals. STOP BUYING THEIR CRAP!
Posted by: Carlo Alberto Ciampi 08 Dec 2005