Posted on 11/15/2005 1:43:21 PM PST by dickmc
My bad. It's using Sony's uninstaller that opens you up to infection, from Freedom to Tinker :
Over the weekend a Finnish researcher named Muzzy noticed a potential vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. We took a detailed look at the software and discovered that it is indeed possible for an attacker to exploit this weakness. For affected users, this represents a far greater security risk than even the original Sony rootkit.As long as you don't use their brain-damaged uninstall software, all you have to worry about are viruses who make use of the cloaking feature to render themselves invisible to your anti-virus softwareThe consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get
The root of the problem is a serious design flaw in Sony’s web-based uninstaller. When you first fill out Sony’s form to request a copy of the uninstaller, the request form downloads and installs a program – an ActiveX control created by the DRM vendor, First4Internet – called CodeSupport. CodeSupport remains on your system after you leave Sony’s site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn’t verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user’s permission.
A malicious web site author can write an evil program, package up that program appropriately, put the packaged code at some URL, and then write a web page that causes CodeSupport to download and run code from that URL. If you visit that web page with Internet Explorer, and you have previously requested Sony’s uninstaller, then the evil program will be downloaded, installed, and run on your computer, immediately and automatically. Your goose will be cooked.
We have constructed a demonstration code package and web page that exploits this design flaw to install unwanted files on a target computer. The exploit does not actually harm the computer, but it demonstrates that hostile code can be run on a target computer, and that the hostile code can perform operations that should be forbidden. At present we are not releasing the demonstration exploit to the public
A computer which has the DRM vandalism undone will be no more capable of performing any copyright-infringing action than before it was before the DRM vandals struck. Should backup/restore software be forbidden because it allows users to remove DRM garbage from their computer?
The legality of EULAs is still in question; the DMCA, unfortunately, has the force of law even if it lacks the sanity that law should have.
Imagine that Sony decided to implement a "DRM" program that rendered a computer incapable of copying CDs because it installed a program that would deliberately make the computer crash on bootup and be totally useless (unless booted from flopyy). Would it be unlawful for a person to bypass such a program?
What separates Sony's bevahior from that of the program described, aside from the fact that its software only crashes sometimes instead of all the time?
And what if Sony's DRM happens to cause very frequent crashes on a computer, rendering it essentially useless. Is the user just supposed to shrug and say "Oh well" and buy a new computer?
Even though judges today practically put clothespins on jurors' noses, I still think any jury involved in a prosecution against a user who was trying to restore his system to proper functionality would recognize that something stinks.
Kaminsky discovered that each of these requests leaves a trace that he could follow and track through the internet's domain name system, or DNS. While this couldn't directly give him the number of computers compromised by Sony, it provided him the number and location (both on the net and in the physical world) of networks that contained compromised computers. That is a number guaranteed to be smaller than the total of machines running XCP.His research technique is called DNS cache snooping, a method of nondestructively examining patterns of DNS use. Luis Grangeia invented the technique, and Kaminsky became famous in the security community for refining it.
Kaminsky asked more than 3 million DNS servers across the net whether they knew the addresses associated with the Sony rootkit -- connected.sonymusic.com, updates.xcp-aurora.com and license.suncom2.com. He uses a "non-recursive DNS query" that allows him to peek into a server's cache and find out if anyone else has asked that particular machine for those addresses recently.
If the DNS server said yes, it had a cached copy of the address, which means that at least one of its client computers had used it to look up Sony's digital-rights-management site. If the DNS server said no, then Kaminsky knew for sure that no Sony-compromised machines existed behind it.
The results have surprised Kaminsky himself: 568,200 DNS servers knew about the Sony addresses. With no other reason for people to visit them, that points to one or more computers behind those DNS servers that are Sony-compromised. That's one in six DNS servers, across a statistical sampling of a third of the 9 million DNS servers Kaminsky estimates are on the net.
The damage spans 165 countries, with the top five countries being Spain, the Netherlands, Great Britain, the United States and Japan, which, with more than 217,000 DNS servers reporting knowledge of Sony-related addresses, takes the top spot. Could the traffic be from human visitors? Kaminsky doesn't think so. "Having First 4 Internet at the scale of 700,000 or 800,000 name servers knowing about it -- it's just not that popular a site."
I sort of freaked out when I realized that the CD I just purchased was a Sony CD, but it's copyrighted 2001... "Heartland, An Appalaichian Anthology." It doesn't seem to have the software, and I've never actually "played" it on my system, just ripped it right to MP3s. It's a really wonderful CD.
Mark
"A strange game. The only winning move is not to play."
Thanks, that's a fascinating account.
That matters not at all; the law isn't written to protect copyright; it is written to prevent circumvention or disabling of a "copyright protection system". The way the DMCA is written, it doesn't even have to actually be protecting any copyrighted material for the law to be violated.
Imagine that Sony decided to implement a "DRM" program that rendered a computer incapable of copying CDs because it installed a program that would deliberately make the computer crash on bootup and be totally useless (unless booted from flopyy). Would it be unlawful for a person to bypass such a program?
Yes, it would. It is stupid to the point of insanity, but that is the law.
What separates Sony's bevahior from that of the program described, aside from the fact that its software only crashes sometimes instead of all the time?
Not much at all.
And what if Sony's DRM happens to cause very frequent crashes on a computer, rendering it essentially useless. Is the user just supposed to shrug and say "Oh well" and buy a new computer?
That is the easiest choice legally available. It was pointed out before and during passage of the DMCA that it would make a variety of otherwise legal "repairs" such as this illegal. Congress did not care and passed it anyway.
Even though judges today practically put clothespins on jurors' noses, I still think any jury involved in a prosecution against a user who was trying to restore his system to proper functionality would recognize that something stinks.
One would hope so, but if Congress can be so incompetent to pass such vile legislation in the first place (that the judicial system can be this incompetent is a given), there is nothing to prevent a jury from being equally incompetent, especially with the recent practice of "shopping" for favorable juries.
Can you read the text in the previous post? (It says "$sys$new".) If not, you're infected. Get help!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.