In the case of the U.S.-hosted malicious site, the attacker may have compromised the site without the owner's knowledge, Websense's Hubbard said. The site appears to be associated with Canada's version of the American Idol TV show. Websense also found the following message in the site's malicious code: "Sony DRM Christmas Gift." -- 2005-11-17 (木) 17:42:30
Consumers who used computers to listen to Sony BMG music CDs containing flawed software were still exposed to potentially crippling security breaches yesterday, experts said, as the company continued to try to fix the problem. -- 2005-11-18 (金) 12:44:30
Computer Associates, maker of security software, has announced their anti-spyware program PestPatrol? will detect and remove Sony's rootkit-enabled DRM software -- 2005-11-18 (金) 13:04:31
The consumer-electronics giant has unleashed a firestorm by including a covert program on music CDs that leaves PC users prey to viruses -- 2005-11-18 (金) 14:35:55
Controversial copy-protection code used by music publisher Sony BMG on CDs appears to have tapped an open-source project, raising questions about copyright, software experts said Friday. -- 2005-11-19 (土) 01:00:28
Sony BMG Music Entertainment released details Friday of a virtually unprecedented CD recall program that will allow music buyers to exchange recently purchased CDs with copy protection for new discs and MP3s. -- 2005-11-19 (土) 19:30:29
The record label will recall millions of CDs that, if played in a consumer's PC disc drive, will expose the computer to serious security risks. Anyone who has purchased one of the CDs, which include southern rockers Van Zant, Neil Diamond's latest album and more than 18 others, can exchange the purchase. The company added that it would release details of its CD exchange program "shortly." -- 2005-11-19 (土) 19:35:42
Adding to Sony BMG's ongoing troubles regarding First4Internet's XCP digital rights management package, Texas Attorney General Greg Abbott filed suit against the media giant today, alleging that the XCP package violates state anti-spyware laws. -- 2005-11-22 (火) 11:08:18
Asian consumers of Sony BMG's 'rootkit' CDs may not escape unscathed from malicious hackers looking to exploit the loophole, warn security experts here. -- 2005-11-22 (火) 13:46:08
EFF Sues Sony @ Anti Music -- 2005-11-22 (火) 13:47:09
The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnCommMediaMax software it included on over 24 million music CDs. -- 2005-11-22 (火) 13:48:03
The California suit would allow consumers to collect compensation, citing state laws on consumer protection. The EFF complaint also covered another anti-piracy technology that Sony BMG has used, MediaMax from SunnComm Technologies Inc., which was introduced first in markets outside the United States. -- 2005-11-23 (水) 17:57:15
One person close to EMI said that the company was watching the Sony BMG situation with "quiet relief that it's not happening to them." -- 2005-11-28 (月) 11:21:02
Sony BMG Music Entertainment is getting a lot of unwanted attention for its use of copyright-protection software that left CD users open to computer viruses. It began with the bloggers, who shed light on the matter, and has spread to the scads of consumers who have used the Internet to urge a boycott of Sony BMG CDs. -- 2005-11-29 (火) 18:32:45
For Sony BMG Music Entertainment, it has become a public-relations nightmare -- and it shows no signs of abating. On Oct. 31, computer-systems expert Mark Russinovich posted a message on his blog revealing that Sony BMG had placed anti-piracy software on music CDs that was difficult to detect and that made customers' PCs vulnerable to hacker attacks (see BW Online, 11/17/05, "Sony's Copyright Overreach"). -- 2005-11-29 (火) 19:40:15
New York Attorney General Eliot Spitzer is reportedly looking into the prospect of legal action against record label Sony BMG Music Entertainment, as a result of that company's recent copy-protection fiasco. -- 2005-11-30 (水) 10:31:56
It has already been widely reported how Sony BMG applied rootkit technology to hide and protect DRM components used to prevent disks from being copied. One highly unfortunate effect of Sony's decision to use this rootkit was the possibility that malicious programs might implement the same technology. Kaspersky Lab virus analysts can confirm that this has now happened. -- 2005-11-30 (水) 10:32:32
MediaMax is a different copy protection system that Sony BMG uses in addition to the “rootkit” XCP DRM that has been drawing all the media (and legal) attention. However, MediaMax doesn’t seem to understand the word “No.” -- 2005-11-30 (水) 18:38:49
The consumer-electronics giant has unleashed a firestorm by including a covert program on music CDs that leaves PC users prey to viruses -- 2005-12-01 (木) 00:46:38
The music and film industries are demanding that the European parliament extends the scope of proposed anti-terror laws to help them prosecute illegal downloaders. In an open letter to MEPs, companies including Sony BMG, Disney and EMI have asked to be given access to communications data - records of phone calls, emails and internet surfing - in order to take legal action against pirates and filesharers. Current proposals restrict use of such information to cases of terrorism and organised crime. -- 2005-12-01 (木) 00:48:03
Mark Russinovich of Sysinternals will be joining the legal team led by New York attorney Scott Kamber, who filed a lawsuit earlier this month against Sony BMG and First4Internet, the British company that produced the anti-piracy software. (This may be nothing, but First4Internet's Web site is looking rather Spartan at the moment.) -- 2005-12-01 (木) 10:48:08
マーク・ルシノビッチ氏、ニューヨークで集団訴訟を起こした弁護士に雇われる by 罰金288兆円(理論値) 5大陸目の24氏 -- 2005-12-01 (木) 10:55:35
A class-action lawsuit has been filed on behalf of California consumers who may have been harmed by anti-piracy software installed by some Sony music CDs. A second, nationwide class-action lawsuit is expected to be filed against Sony in a New York court on Wednesday seeking relief for all U.S. consumers who have purchased any of the 20 music CDs in question. -- 2005-11-21 (月) 12:42:16
Foobar of Borg writes "The Associated Press describes how backlash from Sony's Rootkit CDs is causing problems for the music industry. The problem is two-fold: (1) the inherent technological problem of trying to prevent anyone from copying anything and (2) letting lawyers make technical decisions when (from the article) 'Lawyers don't have any better understanding of technology than a cow does algebra.'" More from the article: "'I think they've set back audio CD protection by years,' said Richard M. Smith, an Internet privacy and security consultant. 'Nobody will want to pull a Sony now.' Phil Leigh, analyst for Inside Digital Media, said the debacle shows just how reluctant the labels are to change their business model to reflect the distribution powers -- good and bad -- of the Internet. He believes that rather than adopting technological methods to try to stop unauthorized copying of music, record companies need to do more to remove the incentive for piracy." -- 2005-11-21 (月) 12:45:41
Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". -- 2005-11-22 (火) 11:32:41
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'" -- 2005-11-22 (火) 12:35:17
Greg Abbott, the attorney general for Texas, today filed a lawsuit against Sony BMG Music Entertainment, alleging that its controversial (and now recalled) "XCP" anti-piracy software violates the state's anti-spyware and consumer protection laws -- 2005-11-22 (火) 18:29:18
You knew it was only a matter of time before New York Attorney General (AG) Eliot Spitzer went after Sony for the rootkit row. Spitzer has battled Sony before and won. This malware debacle for Sony BMG continues to haunt them because it's starting to hit them where it counts… in the bottom line. -- 2005-11-30 (水) 10:33:02
Now it seems the company that wrote the XCP rootkit, First4Internet, used some open source code in the mix, specifically code from LAME, an MP3 encoder. Matti Nikki, a Finnish programmer known to friends as Muzzy, writes that the code used to circumvent Apple's DRM system, to keep users from putting the music on their iPods, may also violate the DMCA. " The party just keeps on going," he writes. -- 2005-11-19 (土) 19:38:04
GPLのライセンス違反らしい。An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar." -- 2005-11-18 (金) 00:28:09
GPL違反の検証ブログ Ladies and gentlemen, muzzy and I made what's maybe the most significant progress since we began our little examination of the F4I binaries a few days ago. Thanks to Halvar Flake of Sabre Security who provided us with results from newer versions of BinDiff? than those that were available to us, I was able to positively identify several functions from the mpglib library in the F4I code. What's significantly more important is that muzzy found actual GPL code in the files too! Yes, GPL, not LGPL! This opens up a completely different can of worms. -- 2005-11-18 (金) 01:00:16
Due to the importance of the latest discoveries, here's another update. For the first time I'm updating twice on one day. I'm sure you've already been waiting for some proof about the GPL infringement by F4I. This post contains it in the already well-known form of a comparison between the original C code and an annotated disassembly of the F4I binary. All C code is from the function DoShuffle? from the file drms.c which is part of the VideoLAN project. -- 2005-11-18 (金) 01:44:32
We have analyzed several versions of the rootkit that have been shipped as part of Sony’s XCP software. We are calling the family WinNT/F4IRootkit. -- 2005-11-18 (金) 12:43:11
The Sony DRM rootkit saga just keeps getting better. Sony is infringing the copyright of several open source projects. Matti Nikki who has been doing research into this mailed me to let me know that some of the code Sony has ripped off is the FairPlay? code that I wrote for VLC. -- 2005-11-18 (金) 14:33:53
I have good news and bad news about Sony’s other CD DRM technology, the SunnCommMediaMax system. (For those keeping score at home, Ed and I have written a lot recently about Sony’s XCP copy protection technology, but this post is about a separate system that Sony ships on other CDs.) -- 2005-11-18 (金) 21:53:48
