Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Bad day to be Sony
/. ^ | 11-15-2005 | Zonk

Posted on 11/15/2005 4:09:12 PM PST by Amerigomag

Not only is Sony no longer selling the RootKit CDs, .... according to a USAToday article, "Sony is to pull their controversial rootkit CDs from store shelves". A nice gesture, but a little late.

.... "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks". .... Dan has even put together some pretty pictures of the breadth of the infection.... "With so many people infected, it's unfortunate that from the Washington Post comes the news that "serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit". .... "Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes". Oops.

Even Microsoft is getting into the act. .... "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."

(Excerpt) Read more at slashdot.org ...


TOPICS:
KEYWORDS: dod; rootkit; sony; spyware
Navigation: use the links below to view more comments.
first 1-2021-4041-49 next last
What started as a little oops driven by a need to know way too much personal information about its customers, Sony may well compromise countless networks worldwide, including US DOD nets.
1 posted on 11/15/2005 4:09:13 PM PST by Amerigomag
[ Post Reply | Private Reply | View Replies]

To: Amerigomag

Good day to be a class action lawyer.


2 posted on 11/15/2005 4:10:49 PM PST by Defiant (Dar al Salaam will exist when the entire world submits to American leadership.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Amerigomag

On the other hand, DOD computers should be for official use only and people introducing this software by unofficial use should be reprimanded for it.


3 posted on 11/15/2005 4:11:07 PM PST by SoDak (Yes, I'm a SysAdmin)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Amerigomag
Sony may well compromise countless networks worldwide, including US DOD nets.

I'll believe that when I see it. Generally stuff that isn't work related, and anything Sony will be, is discouraged from being loaded.
4 posted on 11/15/2005 4:11:27 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SoDak

beat me by 20 seconds :)


5 posted on 11/15/2005 4:12:01 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Amerigomag

The message from many on this forum for a long long time has been...

Rule number one, corporations are beneficial
Rule number two, corporations can do no wrong
Rule number three, see rules one and two

I've seen a good many things explained away using these rules

There are exceptions to every rule, and Sony's problem makes that clear


6 posted on 11/15/2005 4:14:42 PM PST by DoughtyOne
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikeinIraq
Generally stuff that isn't work related, and anything Sony will be, is discouraged from being loaded.

People are people. They tend to view their desktop as "their own" even if said desktop is Government property.

Almost every place where you have people working who don't have to be on the phone, you see them with their headphones on listening to stuff, frequently music.

7 posted on 11/15/2005 4:15:03 PM PST by freedumb2003 (Let's tear down the observatory so we never get hit by a meteor again!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Amerigomag

Mega-mega big oops! Sony may have just caused a worldwide panic by their bumbling software. It is good they are removing the cd's from the stores, but what about the ones already sold? and what about all the pc's that already infected? Or the pc's that have not been affected today, but might be tomorrow when someone loads the cd onto their pc? and what about the networks that are infected? and the software removal tool, how it opens the door for many future viruses and unauthorized programs to load? Sony is in very deep doo-doo over this. This thing just keeps growing! We have not seen the end of this, I am afraid.


8 posted on 11/15/2005 4:15:28 PM PST by rawhide
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikeinIraq; SoDak
Generally stuff that isn't work related, and anything Sony will be, is discouraged from being loaded.

The thing is, from what I understand, this isn't spyware loaded with software, it's artifacts left behind by simply playing music CDs on the computer, which should have been harmless enough, lots of people play some music while they work.

Am I wrong about this? I'm not geeky enough to really understand this bug.

9 posted on 11/15/2005 4:15:56 PM PST by HairOfTheDog (Join the Hobbit Hole Troop Support - http://freeper.the-hobbit-hole.net/ 1,000 knives and counting!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: SoDak

Playing a cd in your computer is hardley an attempt to install software, that was the big problem with this type of copy protection technology, it didn't let you know what it was doing. you thought you were playing some music while it did the dirty work without you knowing.


10 posted on 11/15/2005 4:16:28 PM PST by tricky_k_1972 (Putting on Tinfoil hat and heading for the bomb shelter.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Amerigomag; All
Infection US photo.

Image hosted by Photobucket.com
with original at http://www.doxpara.com.nyud.net:8090/planetsony_usa.JPG

and for Europe which was not supposed to have any is at
Image hosted by Photobucket.com

11 posted on 11/15/2005 4:18:07 PM PST by backhoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: SoDak
On the other hand, DOD computers should be for official use only and people introducing this software by unofficial use should be reprimanded for it.

Absolutely correct.

With regards to Sony, this was a damaging marketing concept and implementation. Sony is not customer focused here.

12 posted on 11/15/2005 4:19:56 PM PST by afnamvet
[ Post Reply | Private Reply | To 3 | View Replies]

To: freedumb2003
People are people. They tend to view their desktop as "their own" even if said desktop is Government property.

Yep but pretty much every organization has every machine locked down so that a normal user cannot load any software. Matter of fact, it's a requirement these days.
13 posted on 11/15/2005 4:20:29 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 7 | View Replies]

To: HairOfTheDog; SoDak; FreedomPoster

That is what I read it as...

however, most DOD networks enforce GPOs which (supposedly) forbid users from being able to load or modify software on that machine.

That's not to say that an Administrator won't or can't do it, because they can and will, but it won't be me :)


14 posted on 11/15/2005 4:21:56 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 9 | View Replies]

To: MikeinIraq
Yep but pretty much every organization has every machine locked down so that a normal user cannot load any software.

That is the wierd part. From what I am hearing it seems somehow Sony's little spyware seems to have bypassed a lot of anti-virus and system lockouts.

But I could be hearing wrong.

15 posted on 11/15/2005 4:26:38 PM PST by freedumb2003 (Let's tear down the observatory so we never get hit by a meteor again!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: MikeinIraq; Ramius

But that's the thing... I don't know if this stuff announces itself or asks to be installed... and would that kind of network security prevent changes even to the individual's computer? I'd hope the systems designed to keep security would catch them, I just don't know if they do.

For that matter, I haven't actually heard of exactly what harm is caused by these 'rootkits'. It might be a lot of chicken little squaking for all I know. ;~D


16 posted on 11/15/2005 4:26:47 PM PST by HairOfTheDog (Join the Hobbit Hole Troop Support - http://freeper.the-hobbit-hole.net/ 1,000 knives and counting!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: freedumb2003

Well I haven't seen anything indicating that, yet, but I will keep looking.

They haven't pushed anything out yet to possibly fix this from the AFCERT, so I wonder if the AF is looking into it or if it has decided it isn't a threat....


17 posted on 11/15/2005 4:28:23 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 15 | View Replies]

To: HairOfTheDog

it's all about rights and being in certain groups....

it's easier to show than to type it out.....


There can be certain groups built into your baseline load that would enable a certain user to have more power on the computer than any other.


18 posted on 11/15/2005 4:29:55 PM PST by MikefromOhio (We don't give a damn for the WHOLE state of Michigan.....)
[ Post Reply | Private Reply | To 16 | View Replies]

To: SoDak
On the other hand, DOD computers should be for official use only and people introducing this software by unofficial use should be reprimanded for it.

A normal user (or even a fairly knowledgeable user) would not expect the normal operation of playing a music CD to install software. It looks like Sony's rootkit cracked network security.

19 posted on 11/15/2005 4:31:50 PM PST by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 3 | View Replies]

To: MikeinIraq

Your explanation would probably be wasted on me, anyhow. But it's enough for me that you understand it :~D


20 posted on 11/15/2005 4:33:09 PM PST by HairOfTheDog (Join the Hobbit Hole Troop Support - http://freeper.the-hobbit-hole.net/ 1,000 knives and counting!)
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-49 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson