More insecure CDs from Sony BMG

Sony BMG, which was caught up in a Digital Rights Management (DRM) mess for the last month over the XCP copy protection has today announced, along with the Electronic Frontier Foundation that SunnComm has released a security update for its MediaMax Version 5 copy protection software, which ships on "certain Sony BMG CDs". The vulnerability discovered could allow an attacker to hijack a user's PC if the MediaMax software has been installed.

The EFF said the vulnerability centers around a file folder installed by the MediaMax software "that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer�s computer running the Windows operating system." This time around, Sony wasted no time in bringing this to consumer attention after being criticised for how badly it handled the XCP "rootkit DRM" situation.

Even besides the vulnerability, the EFF has pointed out other major problems with the DRM technology including "undisclosed communications with servers Sony controls� undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD." So there are some obvious privacy concerns with this DRM too.

However this time it is not just Sony using the DRM, over 30 other labels also use it according to the EFF, which is investigating whether any of those labels' CDs include the same vulnerability. A link to the patch, a list of infected titles and more important information can be found at the EFF's website.

Sources:
The Register
Electronic Frontier Foundation

Written by: James Delahunty @ 7 Dec 2005 9:56

Advertisement - News comments available below the ad

27 comments

nonoitall

Looks like despite all the recording industry's work to keep it quiet, DRM is under a very uncomfortable microscope. Forget copyright infringement - their own greedy copy-protection is what's going to be their downfall.

7.12.2005 11:44 #1

McKeva

I am just glad that I don't have any of these albums which have the DRM on. This one isn't as bad as the rootkit at least...

7.12.2005 13:12 #2

warigra

This things are as easy to fix... don�t buy any Sony BMG Cds any more... Them wil soon realize something.

7.12.2005 13:29 #3

chesty

Here's another option.

If it gets to the point the recording industry does not get it and read the handwriting on the wall and get it through their thick heads drm is bad and it will cost them dearly for their own blatant greed then stop buying cds altogether and find other means of leisure and recreation.

Even if people did not listen to another cd again i'm quite sure their lives would go on.

I have over 1000 cds at home in my collection but i'm always at work making a living and i just don't have the time i would like to have to enjoy listening to my music collection.

The only time i listen to cds or internet radio is when i'm piddling on my computer.

7.12.2005 15:47 #4

StanH1000

Does AnyDVD running in the background protect against this nonsense?

7.12.2005 16:15 #5

djscoop

as much as I love sony for their techinical innovations, and great electronic components/equipment, they really need to re-think their stance on the DRM crap...many artists will start boycotting major record labels because they don't want their music with DRM protection anymore than comsumers.

7.12.2005 16:57 #6

cufu

Hi to all....AnyDVD running in the backround, protects any pc with it's windows xp operating system.So copy protected cd's won't affect cd copying, as long you have AnyDVD running. For more info go to the slysoft.com website....cheers!

7.12.2005 17:00 #7

llongtheD

Don't hold your breath on the musicians boycotting them djscoop. Think of it this way: young upstart band living off of peanut butter sandwiches and wiskey for the last five years and finally getting a record deal. I doubt they will be too concerned about DRM when they sign their contract. I love music as well, but it seems like most musicians really don't get business minded about their music...until they have a couple million in the bank.

If your fish seems sick, put it back in the water.

7.12.2005 17:20 #8

djscoop

that is true, however there have already been a few news articles about already established bands who are complaining about their Cds being released with DRM protection. The latest one was Trapt's new CD, as the band got tons of email complaints to their website, because their fans couldn't rip the CDs they bought to itunes and play in their ipods.

"I count to four and repeat...I'm a drummer." - Tre Cool of Green Day

"I have no particular talent. I am merely inquisitive" - Albert Einstein

7.12.2005 17:25 #9

llongtheD

How many of them have seriously tried to get out of their contract? How many have actually started an effort to boycott? Its all about the money. When some of these bands actually start to take action, and not just send emails or letters, I'll start to believe. Of course they will send letters discouraging this DRM practice, but they know where their bread is buttered.

If your fish seems sick, put it back in the water.

7.12.2005 17:53 #10

djscoop

I'm not saying its at the point that tons of bands are striking or anything like that. My only point was that artists as well as consumers are pissed off with Sony's choices for DRM protection, so hopefully pressure from both sides will help Sony make better choices, thats all...

"I count to four and repeat...I'm a drummer." - Tre Cool of Green Day

"I have no particular talent. I am merely inquisitive" - Albert Einstein

7.12.2005 19:01 #11

SithVader

Let's not forget holding down the shift key.

8.12.2005 07:37 #12

StanH1000

What does holding down the shift key do?

8.12.2005 08:08 #13

Dela

kills autorun

8.12.2005 09:00 #14

mystic

so lets sue them all burn them to the ground that stands between us and them and then stomp out the fire or piss on them till they smolder .... other then that its more up to the courts to provide us the consumer with safeguards to keep us from being used by companies like sony who explote the laws for their own financhal gain.... as I said SUE THEM ALL... but hey thats just my opion.....

8.12.2005 09:18 #15

ireland

just info for those that don't know..

Enable/Disable Autorun

How To Enable/Disable Autorun (Windows 95/98/Me)
Access the System Properties Dialog. Using Control Panel: My Computer: Properties or Explorer: My Computer: Properties.

Select the Device Manager tab.

Select the CD-ROM folder.

Select the entry for your CD-ROM drive.

Select Properties.

Select the Settings tab.

Turn on or off the Auto insert notification option.

Select OK.

Select OK

How To Enable/Disable Autorun (Windows NT/2000)
Start RegEdit (regedt32.exe).

Go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom.

Edit the Autorun value to '1' to enable autorn, and '0' to disable autorun.

Close RegEdit

How To Enable/Disable Autorun (Windows XP)
Open Windows Explorer by pressing the Windows + "e" key.

Right-click the desired CD-ROM and select Properties from the menu.

Select the AutoPlay tab.

Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.

Select OK.

8.12.2005 10:07 #16

runner121

Hopefully they will see that is was thier greed that got them into this.

8.12.2005 13:20 #17

nonoitall

Not likely.

8.12.2005 22:09 #18

syeberman

Now this may sound silly and illogical, but if Sony is so concerned about piracy. Why are they making the burning media and hardware for people to copy their music?

9.12.2005 03:15 #19

runner121

Well I don't believe Im buying anything Sony for a while.They arent going to recall all of those discs
with rootkits.They'd just assume we buy them and patch the crap.(which I won't do.)

9.12.2005 03:18 #20

runner121

good question syeberman.I would have to say they're
dillusional to think they can do that and be fighting
piracy,copying or whatever.

9.12.2005 03:21 #21

kaskibla

Ireland, I was told to hold down the "shift" + "spacebar" keys when loading discs to avoid the protection code from being loaded. Does this actually work or is it a myth?
Thanks.

9.12.2005 05:24 #22

runner121

Is this binary visible on the disc when is inserted? or embedded in an installer?

9.12.2005 06:05 #23

nonoitall

@kaskibla:
Holding the Shift key on a Windows computer (or Windows XP at least - I haven't checked others) disables auto-run, which, in the case of most CD "protection", is what installs the software that cripples the system's ability to copy the disc. I just tested it out on a game that normally opens up a splash screen when the CD is inserted and the screen did not come up, so apparently this works.

9.12.2005 15:09 #24

Sledge13

Looks like Sony is targeting mainly Blacks music. Well, Sony is racist. Or is it that Sony recognises the truth. Blacks steal. That Blacks pirate more music than whites now. Or that Blacks are way behind Whites in the digital age and are just now getting up to speed on copying CDs? Or perhaps Sony thinks that Blacks won't squawk as much about this, as their more likely to not understand the significance of the software and the invasion of privacy and would allow them to get the proverbial foot in the door easier than if they had initiated this on White music. Whichever it is, Sony has targeted one racial groups music for this invasion of privacy. Racist!!!

13.12.2005 13:19 #25

djscoop

are you sh*tting me? You have got to be the dumbest person in the world...someone please ban him!

13.12.2005 19:09 #26

indo310

Sledge 13

Has got to be one of the dumbest f***ers I have ever heard. And I am in total agreeance with DJScoop. This fool shoud just be banned to the wood shed out back and not let out until he has caught up with reality.

Indo310

18.1.2006 18:32 #27

AfterDawn: News