Void's Forums

[ZiaTioN]

Have you guys heard of this? It appears Sony's new DRM software contains a "rootkit". I wrote up a detailed post about it on my site's forum. It was discovered yesterday I believe and has already been reported on by hundreds of sites. Sony has released a comment saying something about releasing a patch for this rootkit, not to remove it but to simply make it's files visible.

This could be the making of a large lawsuit. Mark Russinovich, who discovered this rootkit, even states that it could leave your system open to other attackers giving them a way in to your system by masking their own root kits inside the Sony DRM root kit. What is this world coming too!!

[Ice9]

What did I say just yesterday?

Actually we had a pretty lenghty discussion about this at work today and even my colleague who handles all the entertainment stuff was kinda shocked!
This should be motivation enough to boycott Sony completely.

[ZiaTioN]

LOL.. Funny!!

[Basher52]

thigs Ive seen:

1st;
In what's set to be 2005's hottest story yet Sony have been found to install illegal Trojan horse-based digital restrictions management (DRM) technology that installs itself as a rootkit on Windows PCs.

Users who purchase certain Sony Music CDs from online stores like Amazon are subject to this rootkit being installed on their machines. According to Sysinternals' Mark Russinovich the kit installs itself in hidden directories and attempts to mask its existence as "Essential System Tools".

What's more fun is that attempting to remove the rootkit with common tools that perform a RKR scan will render a Windows XP machine useslesss. "Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," Mark wrote in an online blog entry yesterday.

So what exactly is Sony playing at? Installing rootkit software that's not identified in its EULA and rendering machines useless if users try to remove the software! This is taking the RIAA effort a little too far.

hxxp://www.neowin.net/comments.php?id=3 ... egory=main
[The link doesnt work anymore ]


2nd;
World of Warcraft hackers using Sony BMG rootkit
Rootkit beets spyware
By SecurityFocus
Published Friday 4th November 2005 10:23 GMT

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software - deemed a "rootkit" by many security experts - is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.

=) =)

[worker201]

Security through obscurity - it never works. This reminds me of the Xbox story. In order to prevent their machines from being modded, MS installed a fake BIOS where the BIOS was supposed to be, and hid the real one in a restricted area of the graphics chip. An EE at MIT figured it out in just a few months. Once the word got out that the Xbox security had been compromised, MS released a new version with different security. It took a group of hackers only a couple days to crack the newer one, thanks to the collaboration and cooperation of the Internet.

Why does an Xbox need security? Presumably to level the playing field for Xbox Live, the networked gaming system. Little kids don't want to play against cheaters, do they? Sad excuse, but whatever.

Now Sony, their security method is unsound. And for what? To force people to buy CDs? I don't think piracy is a big enough problem yet in the US to make such atrocities necessary. People still buy CDs, and they buy a lot of them. The thing they should be more afraid of is the radio/single system. If I hear a song I like on the radio, I am much more likely to copy it or download it, or buy it from an online vendor like iTunes. Album purchases are for when I care enough to own the whole album.

Well, the whole thing is just stupid. If Sony didn't want to lose money to piracy, it shouldn't have relied on limited access to their product as an economic base. Which gets back to that whole capitalist thing, and that's where I say good night.

[Void Main]

Heh heh, yet another thing that doesn't effect me in the least. :) I still don't understand why anyone would run Windows. And I wish they would quit calling it a "root kit". It's an "Administrator kit".

[Ice9]

I wish they would quit calling it a "root kit". It's an "Administrator kit".

LOL

[ZiaTioN]

I still don't understand why anyone would run Windows.

There is no understanding it because it is a decision that does not make since. I use it along with Linux, Unix, Mac, etc. because in my careerfield it is good to know ALL platforms but it is definately my least favorite.

Also I would never run any serious server application from a windows machine. I run a plethera of server apps (HTTP, SSH, DNS, SMTP, NTP, MySQL, etc.) on my FC4 box and would never trust a Windows machine to handle it as easily as my FC4 box does.

[Basher52]

Sony sued over rootkits

Italy kicks it off

By Charlie Demerjian: Monday 07 November 2005, 14:50
SONY IS FINALLY GOING to HAVE to answer the tough questions, it is being sued. According to the press release here, and the complaint here, the Italian group ALCEI is suing Sony over the rootkitting DRM infection. Since I don't speak Italian(1), I will have to take the word of readers that they are doing things right.

It seems that ALCEI hired a noted Italian security researched names Stefano Zanero to dot all the I's and cross all the T's. This one will be great fun to watch, and hopefully will set the right precedents. µ


http://www.alcei.org/index.php/archives/106

[worker201]

Sony, even though they are wrong, has money and powerful backing. I'm sure the MPAA, the RIAA, and other DRM slimes will come to their aid. If this trial goes anywhere, don't expect a shining victory for truth and justice.

[aside]
Man, what kind of world do we live in where the courts don't hold any real power over the corporations? And more to the point, why do I automatically assume that Sony is going to come out of this looking good, no matter what the verdict?
[/aside]

[worker201]

This just in - the state of Texas is sueing Sony for violating the state's anti-spyware law.
Read all about it here.

I didn't even know we had a state anti-spyware law.

The Texas spyware law allows the state to recover damages of up to $100,000 in damages for each violation.

[State Attorney General]Abbott said there were thousands of violations, and that any money would go to the state.

[Void Main]

I just picked up a few clients in Snort on our corporate that are infected with it. I also have an application sniffer running and I see we have around 8 machines phoning home over the last month. That's actually a lot fewer than I thought I would find. "player.exe" is the name of the executable that phones home. Here's the payload from the Snort alert:

Code: Select all

 length = 250

000 : 47 45 54 20 2F 74 6F 63 2F 43 6F 6E 6E 65 63 74   GET /toc/Connect
010 : 3F 74 79 70 65 3D 72 65 64 69 72 65 63 74 26 75   ?type=redirect&u
020 : 49 64 3D 38 38 35 20 48 54 54 50 2F 31 2E 31 0D   Id=885 HTTP/1.1.
030 : 0A 41 63 63 65 70 74 3A 20 61 70 70 6C 69 63 61   .Accept: applica
040 : 74 69 6F 6E 2F 2A 2C 20 61 75 64 69 6F 2F 2A 2C   tion/*, audio/*,
050 : 20 69 6D 61 67 65 2F 2A 2C 20 6D 65 73 73 61 67    image/*, messag
060 : 65 2F 2A 2C 20 6D 6F 64 65 6C 2F 2A 2C 20 6D 75   e/*, model/*, mu
070 : 6C 74 69 70 61 72 74 2F 2A 2C 20 74 65 78 74 2F   ltipart/*, text/
080 : 2A 2C 20 76 69 64 65 6F 2F 2A 0D 0A 55 73 65 72   *, video/*..User
090 : 2D 41 67 65 6E 74 3A 20 53 65 63 75 72 65 4E 65   -Agent: SecureNe
0a0 : 74 20 58 74 72 61 0D 0A 48 6F 73 74 3A 20 63 6F   t Xtra..Host: co
0b0 : 6E 6E 65 63 74 65 64 2E 73 6F 6E 79 6D 75 73 69   nnected.sonymusi
0c0 : 63 2E 63 6F 6D 0D 0A 43 6F 6E 6E 65 63 74 69 6F   c.com..Connectio
0d0 : 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43   n: Keep-Alive..C
0e0 : 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 6E 6F   ache-Control: no
0f0 : 2D 63 61 63 68 65 0D 0A 0D 0A                     -cache....


The address that it contacts is 64.14.39.158 (connected.sonymusic.com) on port 80. It also contacts 64.14.39.200 (www.sonymusic.com).

[dishawjp]

And here's the saddest part:

http://www.theregister.com/2005/11/22/analysis/

Sony hasn't been hurt a bit by their actions. The windroids of the world just don't know or care enough to be incensed by Sony's actions.

Kind of makes you wonder sometimes if there's any hope at all. They go out and buy Windows machines, don't know or care enough to use a secure operating system or even try to secure the piece of crap they're using.

Jeeze....

Anyway, Happy Thanksgiving to all on this list who celebrate it!

Jim

[ZiaTioN]

MMMM MMMMM....

I love me some turkey day!!