Sony's SunnComm DRM Patch a Security Risk 218
Spad writes "The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless."
Eat me, Sony. (Score:5, Insightful)
Sony will get to write off the bad CDs as defective at the end of the fiscal year. You or I accidentally burn something on the stove and we absorb the cost.
The publishers are just middlemen (middle-management?) scrambling to keep their distribution means relevant: cut them out like a cancer.
a) Freely download
b) Buy what you like (second hand if possible)
c) Pay to see the artists live
Virii, worms and DRM ... (Score:3, Insightful)
This could be a good thing: (Score:4, Insightful)
Why was the EFF involved in this? (Score:5, Insightful)
The EFF should have pointed out the vulnerabilities to Sony and left it at that, there was no need for the EFF to lend its name to Sony's fix for the problem.
Big surprise (Score:5, Insightful)
There will be an updated patch eventually that actually does a half decent job of removing the worst of the security holes - they'll have to if they don't want a blanket removal of all their spyware from AV companies as a security measure. Not even a giant of Sony's stature can last too long being seen actively attacking and damaging all of their customers.
Then, after the news outlets have had their fill of the story, 6 months or so down the line they won't be wanting to run the same thing over again. Sony will then be free to come out with the next wave of evil but slightly less dangerous malware. That's how it goes. The next round will be a bit less dangerous, a LOT more secretive, but with the same anti-consumer schemes.
That's my opinion, anyway.
conspiracy teory (Score:5, Insightful)
2. sum up the recall of the cds and drm development into "loses due to pirates"
3. lots of news: "p2p makes music company loose money!"
4. ?
5. PROFIT!
This is a good thing, in the long run (Score:3, Insightful)
Re:great way to keep kids away from britney... (Score:2, Insightful)
I work in an IT company. We develop software for the masses. Yet two of my colleagues did not know the term "rootkit" or have heard about the Sony goof-up. These were not office clerks or marketing people. They were 30-ish and both had developer background.
That served as a reality check for me. This case has hardly been touched by the mainstream media.
What's worse, now scores of naive users will try out rootkit detectors with no understanding of using them properly. False alarms will ensue, like claims of Firefox running 10 rootkits. Yeah, right! There will be lots of noise in the blogs, and little mention in the mainstream media. Joe Public will not be enlightened by this.
Re:The music gene pool is self correcting (Score:2, Insightful)
Re:This is a good thing, in the long run (Score:4, Insightful)
I disagree. Even though in theory this should happen, I feel that anyone who understood the nature and purpose of DRM was already against it in every way. I don't think that this fiasco attracted anyone's attention except of those who are already pretty much against DRM. This isn't really a M$ Vs. Linux Vs. Mac debate, where each party has its own arguments. I think that even the people who are against piracy kinda see how pointless these types of measures are, especially those that harm the innocent (i.e. the thing about not being able to copy more than 3 times screwing over iPod users?).
Re:Web 2.0 (Score:2, Insightful)
Please don't use the word 'leverage' again unless you can estimate a value in newton metres. It makes you sound like a PHB.
Rephrasing into sensible English,
sites are able to use Web 2.0 technologies
Re:Eat me, Sony. (Score:3, Insightful)
That really depends on the bands you like to see. I often go to concerts for $10 to $20. I've also seen some pretty popular artists for quite cheap. You just have to be smart about what bands you see. In my eyes, no band is worth the $80 arena ticket so you can see them from 500 ft. away. However, many bands that i may not like so much, are really fun to go and see when you can be within 50 ft. (10 ft. sometimes) of the band, and only pay $15.
Re:Eat me, Sony. (Score:5, Insightful)
Well there is some proof of this (Score:3, Insightful)
They keep hoping that this time the consumers will be ready for it. Someday, they will be right.
Curious... (Score:2, Insightful)
So let me get this right... (Score:5, Insightful)
x virus was written to use rootkit
x lied about it sending info
x licensing was illegal
x contained stolen copyrighted code
x created patch that contained vulnerability
x patch collected info from machine
x another drm contained vulnerability
x created patch with vulnerability
9 strikes. Did I leave anything out?
Re:This could be a good thing: (Score:1, Insightful)
Go back thru the annals of
"We" tolerate it just fine it seems.
they already do charge the artists! (Score:3, Insightful)