Trojan horse
Patch could actually cause the security problem it was supposed to block

Sony BMG admits to new CD bug

Latest fix 'makes matters worse'

Ken Young

vnunet.com, 08 Dec 2005

Sony BMG has admitted to a new security problem affecting nearly six million of its CDs, after the detection of vulnerability with the MediaMax patch it supplied on 6 December.

According to watchdog group the Electronic Frontier Foundation (EFF) the most recent CD software "could allow malicious third parties … to gain control over a consumer's computer running the Windows operating system".

Advertisement

The EFF hired security firm Information Security Partners to analyse MediaMax. The company found a new vulnerability with the software that could allow unauthorised users to take full control of the computer's operations.

Sony BMG issued a patch but this was also flawed and could actually cause the security problem it was supposed to block.

Sony BMG stated that it is working on the problem and will release a modified patch if necessary. The problem only applies to CDs issued in the US and Canada.

The problems began last month when Sony BMG began shipping many of its music discs with a program called XCP.

The program had no effect on standard CD players, but installed itself on computers running Windows when a CD owner tries to play the disc on the computer.

It also proved very difficult to remove and was flagged by antivirus vendors as a vulnerability. To compound the problem XCP secretly sent information about users' listening habits over the internet to Sony BMG.

Sony began to withdraw about 4.7 million affected discs from stores, and set up an exchange programme for consumers who had bought about 2.1 million discs.

Meanwhile Sony BMG kept on using a different anti-piracy program called MediaMax, produced by SunnComm.

The EFF filed a lawsuit against Sony BMG's use of both XCP and MediaMax, claiming that the SunnComm program was also flawed.

The EFF cited research by J Alex Halderman, a student at Princeton University, who claimed that MediaMax sends information about users over the internet without their permission.

Halderman also claimed that MediaMax installs itself even if the user clicks a button that is supposed to stop the installation.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Trojan horse

Computer Associates blacklists Sony DRM

Pressure mounts on Sony to abandon insecure technology

Trojan horse

Virus writers exploit Sony DRM

Sony doomsday scenario becomes reality

Sony rootkit accused of licence violation

Nightmare darkens for troubled record label

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation