AfterDawn: Tech news

More insecure CDs from Sony BMG

Written by James Delahunty @ 07 Dec 2005 9:56 User comments (27)

More insecure CDs from Sony BMG Sony BMG, which was caught up in a Digital Rights Management (DRM) mess for the last month over the XCP copy protection has today announced, along with the Electronic Frontier Foundation that SunnComm has released a security update for its MediaMax Version 5 copy protection software, which ships on "certain Sony BMG CDs". The vulnerability discovered could allow an attacker to hijack a user's PC if the MediaMax software has been installed.
The EFF said the vulnerability centers around a file folder installed by the MediaMax software "that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer’s computer running the Windows operating system." This time around, Sony wasted no time in bringing this to consumer attention after being criticised for how badly it handled the XCP "rootkit DRM" situation.



Even besides the vulnerability, the EFF has pointed out other major problems with the DRM technology including "undisclosed communications with servers Sony controls… undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD." So there are some obvious privacy concerns with this DRM too.

However this time it is not just Sony using the DRM, over 30 other labels also use it according to the EFF, which is investigating whether any of those labels' CDs include the same vulnerability. A link to the patch, a list of infected titles and more important information can be found at the EFF's website.

Sources:
The Register
Electronic Frontier Foundation

Previous Next  

27 user comments

17.12.2005 11:44

Looks like despite all the recording industry's work to keep it quiet, DRM is under a very uncomfortable microscope. Forget copyright infringement - their own greedy copy-protection is what's going to be their downfall.

27.12.2005 13:12

I am just glad that I don't have any of these albums which have the DRM on. This one isn't as bad as the rootkit at least...

37.12.2005 13:29

This things are as easy to fix... don´t buy any Sony BMG Cds any more... Them wil soon realize something.

47.12.2005 15:47
chesty
Inactive

Here's another option. If it gets to the point the recording industry does not get it and read the handwriting on the wall and get it through their thick heads drm is bad and it will cost them dearly for their own blatant greed then stop buying cds altogether and find other means of leisure and recreation. Even if people did not listen to another cd again i'm quite sure their lives would go on. I have over 1000 cds at home in my collection but i'm always at work making a living and i just don't have the time i would like to have to enjoy listening to my music collection. The only time i listen to cds or internet radio is when i'm piddling on my computer.

57.12.2005 16:15

Does AnyDVD running in the background protect against this nonsense?

67.12.2005 16:57

as much as I love sony for their techinical innovations, and great electronic components/equipment, they really need to re-think their stance on the DRM crap...many artists will start boycotting major record labels because they don't want their music with DRM protection anymore than comsumers.

77.12.2005 17:00

Hi to all....AnyDVD running in the backround, protects any pc with it's windows xp operating system.So copy protected cd's won't affect cd copying, as long you have AnyDVD running. For more info go to the slysoft.com website....cheers!

87.12.2005 17:20
llongtheD
Inactive

Don't hold your breath on the musicians boycotting them djscoop. Think of it this way: young upstart band living off of peanut butter sandwiches and wiskey for the last five years and finally getting a record deal. I doubt they will be too concerned about DRM when they sign their contract. I love music as well, but it seems like most musicians really don't get business minded about their music...until they have a couple million in the bank.

97.12.2005 17:25

that is true, however there have already been a few news articles about already established bands who are complaining about their Cds being released with DRM protection. The latest one was Trapt's new CD, as the band got tons of email complaints to their website, because their fans couldn't rip the CDs they bought to itunes and play in their ipods.

This message has been edited since its posting. Latest edit was made on 07 Dec 2005 @ 5:26

107.12.2005 17:53
llongtheD
Inactive

How many of them have seriously tried to get out of their contract? How many have actually started an effort to boycott? Its all about the money. When some of these bands actually start to take action, and not just send emails or letters, I'll start to believe. Of course they will send letters discouraging this DRM practice, but they know where their bread is buttered.

117.12.2005 19:01

I'm not saying its at the point that tons of bands are striking or anything like that. My only point was that artists as well as consumers are pissed off with Sony's choices for DRM protection, so hopefully pressure from both sides will help Sony make better choices, thats all...

128.12.2005 07:37

Let's not forget holding down the shift key.

138.12.2005 08:08

What does holding down the shift key do?

148.12.2005 09:00

kills autorun

158.12.2005 09:18

so lets sue them all burn them to the ground that stands between us and them and then stomp out the fire or piss on them till they smolder .... other then that its more up to the courts to provide us the consumer with safeguards to keep us from being used by companies like sony who explote the laws for their own financhal gain.... as I said SUE THEM ALL... but hey thats just my opion.....

168.12.2005 10:07

just info for those that don't know.. Enable/Disable Autorun How To Enable/Disable Autorun (Windows 95/98/Me) Access the System Properties Dialog. Using Control Panel: My Computer: Properties or Explorer: My Computer: Properties. Select the Device Manager tab. Select the CD-ROM folder. Select the entry for your CD-ROM drive. Select Properties. Select the Settings tab. Turn on or off the Auto insert notification option. Select OK. Select OK How To Enable/Disable Autorun (Windows NT/2000) Start RegEdit (regedt32.exe). Go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom. Edit the Autorun value to '1' to enable autorn, and '0' to disable autorun. Close RegEdit How To Enable/Disable Autorun (Windows XP) Open Windows Explorer by pressing the Windows + "e" key. Right-click the desired CD-ROM and select Properties from the menu. Select the AutoPlay tab. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun. Select OK.

178.12.2005 13:20
runner121
Inactive

Hopefully they will see that is was thier greed that got them into this.

This message has been edited since its posting. Latest edit was made on 08 Dec 2005 @ 1:22

188.12.2005 22:09

Not likely.

199.12.2005 03:15

Now this may sound silly and illogical, but if Sony is so concerned about piracy. Why are they making the burning media and hardware for people to copy their music?

209.12.2005 03:18
runner121
Inactive

Well I don't believe Im buying anything Sony for a while.They arent going to recall all of those discs with rootkits.They'd just assume we buy them and patch the crap.(which I won't do.)

219.12.2005 03:21
runner121
Inactive

good question syeberman.I would have to say they're dillusional to think they can do that and be fighting piracy,copying or whatever.

229.12.2005 05:24

Ireland, I was told to hold down the "shift" + "spacebar" keys when loading discs to avoid the protection code from being loaded. Does this actually work or is it a myth? Thanks.

239.12.2005 06:05
runner121
Inactive

Is this binary visible on the disc when is inserted? or embedded in an installer?

249.12.2005 15:09

@kaskibla: Holding the Shift key on a Windows computer (or Windows XP at least - I haven't checked others) disables auto-run, which, in the case of most CD "protection", is what installs the software that cripples the system's ability to copy the disc. I just tested it out on a game that normally opens up a splash screen when the CD is inserted and the screen did not come up, so apparently this works.

2513.12.2005 13:19
Sledge13
Inactive

Looks like Sony is targeting mainly Blacks music. Well, Sony is racist. Or is it that Sony recognises the truth. Blacks steal. That Blacks pirate more music than whites now. Or that Blacks are way behind Whites in the digital age and are just now getting up to speed on copying CDs? Or perhaps Sony thinks that Blacks won't squawk as much about this, as their more likely to not understand the significance of the software and the invasion of privacy and would allow them to get the proverbial foot in the door easier than if they had initiated this on White music. Whichever it is, Sony has targeted one racial groups music for this invasion of privacy. Racist!!!

2613.12.2005 19:09

are you sh*tting me? You have got to be the dumbest person in the world...someone please ban him!

2718.1.2006 18:32
indo310
Inactive

Sledge 13 Has got to be one of the dumbest f***ers I have ever heard. And I am in total agreeance with DJScoop. This fool shoud just be banned to the wood shed out back and not let out until he has caught up with reality. Indo310

Comments have been disabled for this article.

News archive