Posted on 12/07/2005 6:04:57 AM PST by ShadowAce
LOS ANGELES (AP) - Sony BMG Music Entertainment said Tuesday some 5.7 million of its CDs were shipped with anti-piracy technology that requires a new software patch to plug a potential security breach in computers used to play the CDs.
The security vulnerability was discovered by online civil liberty group Electronic Frontier Foundation and brought to the attention of Sony BMG, which has been under fire in recent weeks over security issues with an unrelated CD copy-protection plan.
The company said Tuesday it brought the issue up with the MediaMax software maker, SunnComm Technologies Inc., which has developed a software patch to fix the problem.
"It's a security vulnerability and therefore needs to be dealt with," said Thomas Hesse, president of Global Digital Business for Sony BMG.
The MediaMax Version 5 software was loaded on 27 Sony BMG titles, including Alicia Keys'"Unplugged," and Cassidy's "I'm A Hustla."
CD copy-protection software is generally designed to restrict how many times computer users can make duplicate versions of a CD in an effort to stem piracy.
A computer security firm working with EFF discovered the security issue with the MediaMax Version 5 CDs and how it affects computers running Microsoft Corp. (MSFT)'s Windows operating system.
Windows allows for different levels of access to a computer. The copy-protection software installs a file folder in the computer that could allow a guest user to gain unauthorized access to the computer.
"It's a privileged escalation attack," said Kurt Opsahl, an EFF staff attorney. "On Windows you can have users with different privileges, and because of security weakness in the permissions of a folder, it allows a low-ranked user to act as a high-ranked user."
The problem is commonly found on many computer programs, said Robert Horton, director of NGS Software, which tested SunnComm's software fix for the record company.
The MediaMax problem differs from the security hole discovered last month with the so-called XCP technology by First 4 Internet Ltd. of Oxfordshire, United Kingdom, that Sony BMG placed on more than 50 other CD titles. That copy-protection effort was found to leave computers vulnerable to hackers.
"The main distinction is, with XCP, it was hiding itself so you wouldn't know that it was there," Opsahl said.
This one is not hidden, he said, but the average user wouldn't know to look for it unless it was brought to their attention.
Sony BMG recalled the discs with XCP last month and released a way to remove the software from users' computers.
Opsahl said the MediaMax patch addresses the problem, but the EFF, which has a lawsuit pending in California against Sony BMG over its use of copy-protection technology, is continuing to investigate.
"We can't say that the software is now secure," Opsahl said. "We're going to continue to raise these issues with Sony."
Hesse said the company plans to alert consumers to the patch on artist Web sites and via e-mail, among other measures.
"We have learned that we are in the software business to some extent and we should behave like someone in the software business does ... to make sure the users of our product are safe at all times," he said.
Sony BMG is a joint venture of Sony Corp. (SNE) and Bertelsmann AG.
A software patch???? You are kidding me. They are not recalling these SOB's. Sony is doomed.
"requires a new software patch to plug a potential security breach in computers used to play the CDs" - Scumbags, not to remove the software, but to repair the "potential security breach" (kind of sounds like something MS would say)
That will be the last time.
I find it quite interesting that Sony tried two different methods of copy protection and that both f them failed miserably--not only technically, but in a marketing sense as well.
That free publicity will surely cause SONY some serious discomfort.
"Sony is doomed."
I don't know, there are many really stupid people in this country that wouldn't know the difference.
Instead of marketing music on plastic disks in a fixed package why not do away with prerecorded CDs altogether? The technolgy exists for you to go into a store, walk to a computer kiosk, insert your credit card and select whatever songs you want and either download them to portable player, or flash media device or burn your own custom CD. If you keep the price reasonable, say $1 per song, and allow retailers to offer discounts and sales, there will be little incentive to pirate copies. Retailers also benfit because they do not have to maintain large inventories of CDs or invest in expensive shelf space for even a mediocre selection. It's time for the recording industry to stop suing 9 year old kids for a few copied CDs and jamming our computers with crude anti copy protections and give the market what it wants.
Just avoid Sony/BMG and you will be safe, and you will send the ultimate message to them.
Your plan is outstanding on the surface, speaking as a consumer. But companies like Sony like to force us to purchase a 10 song CD in order to get the actual one or two good songs. What would the effect be on the record companies if we only purchased good songs? They would all be gone, based on today's garbage.
The Titanic just 'needed a patch,' too.
The kiosks themselves would have to be large, about the size of a server to hold at least 500,000 - 1,000,000 songs. Only about 3 or 4 of them could fit into a mall storefront.
So the square footage of such a store would have to be department sized, which eliminates the start-up right there.
http://www.sonybmg.com/mediamax/titles.html
EFF article about these latest Sony CDs, with links. http://www.eff.org/news/archives/2005_12.php#004234
The average size of a typical MP3 song is 4.7MB (based on what I've seen). Given the number you gave (1,000,000 songs), the storage would be less than 5 PB. Easily done within a single server-class machine. Double it for bandwidth/backup, and you can fit the entire thing inside a mall kiosk.
Most of the space required would be for displays of what songs are available, cost schedule, listings of services available, multiple burn/DL stations.
I still think you can put something like that into a space smaller than the current size of the average music store.
Seems like the storage could be in a networked device (i.e. back room) with the front end having the other things you mentioned.
Technically, they wouldn't. However, the bandwidth costs (to store them off-site) would probably be more expensive in the long run (over a year), than the cost of housing them on-site.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.