News Blog Comments
lawsuits a-comin'.
You'll not that making system-level changes like these Sony CDs do would be virtually impossible to do as stealthily on Mac OS X, since system-level changes require an administration-level password entry. Sure, you could install something this malicious, but you'd damned well know you had installed it. Most of the people who have plunked this rootkit on their XP PCs aren't even aware that it's there, exposing their computer to yet more security problems. Awfully rude of Sony, really. Sue, XPers, sue!
virtually impossible to do as stealthily on Mac OS X
oh, give me a break.
what do you know about the unix kernel? not much apparently.
Sony is in for MASSIVE LAWSUITS.
hacking peoples computers, is not cool. how many attorneys home computers have been hacked?
for a fucking 40 minutes of music, they fuck with your computer?
It's not even an app.
What the fuck?
My morning Jacket is pissed.
I know plenty about the Unix kernel, and I'm not sure what you're talking about, Hubris. The Sony scheme does nothing on MacOS X, and as Marq says, no installer can run as root on MacOS X unless you type in a password.
According to long-running Mac user website MacInTouch, at least one CD distributed by the major label includes a Mac OS X application that purportedly installs a pair of extensions to the operating system's microkernel.
MacInTouch correspondent Darren Dittrich claims a recently purchased copy of Imogen Heap's Speak for Yourself CD contains an extra disc partition for "enhanced content". Within it sits Start.app, a Mac application that sits alongside the usual Windows files. The CD ships on the RCA label, part of of Sony BMG.
Darren reports that running Start.app presents the user with a licence agreement. Pressing the Continue button pops up a dialogue asking for an administrator's username and password - a warning that something is about to be installed somewhere - to allow the program to copy over two kernel extensions: PhoenixNub1.kext and PhoenixNub12.kext.
The licence agreement states that proceeding will install software on the host machine.
It is not believed that the two extensions incorporate the rootkit that is causing such controversy becuase of its effect on Windows machines. It's a Mac version of SunnComm's DRM software, MediaMax, which Sony BMG uses to copy-protect a range of CDs.
The words 'class' and 'action' come to mind.
Pressing the Continue button pops up a dialogue asking for an administrator's username and password - a warning that something is about to be installed somewhere
It's more than that: it's a warning that something is going to be installed that works on a system level. One of the big differences between administrative privileges on OS X and XP.
One more reason to use Linux. Bwaaah-ha-ha-ha-ha-hah!
One more reason not to buy Sony. Tee-hee.
Stop buying CDs. It's that simple.
Oh and sue the fuckers into tomorrow. It's time to administer the coup de grace to these greedy motherfuckers.
This can help you Cheat in world of Warcraft too. So I expect Blizzard software to sue Sony too.
Seems to me that the four major music companies (Universal, Sony BMG, Warner and EMI), and their lobbying firm the RIAA, have spent more time and money trying to protect their "product" than they do trying to make product that people want to buy. CDs have become too damn expensive these days, and of course they have ony one or two "keeper" tracks owing to the questionable talent of the artists.
File-sharing is only PART of the reason that profits are down. Add to that the fact that people are also buying other things: DVDs, video games, Net access, yada yada yada; not to mention the USA's crummy economy. There's less discretionary income to split between more options.
Note also that the major companies are bitching about lower PROFITS. None of them are operating at a financial loss. They're making money...in their eyes they're just not making a SHITLOAD of money for the boys in the boardroom.
Meanwhile, the consumers have let them know, loud and clear, that a new business model is needed. The music industry must get away from promoting full-length albums, and return to the classic art of making great singles. And stop these outrageous contracts for the stars - great as Springsteen is, is he really worth $100-$160 million? (That contract is a cause of a nasty war inside Sony BMG.)
Finally, EVERY copy-protection scheme has had some sort of problem, and they only halt direct-digital copying - one can just as easily make a dub from the analog outputs of a CD player. Slower, yes, and slightly less quality, but it's doable.
The lesson: don't buy CDs from any company that tries a copy-protection scam, and as others have said, if your system has been infected, drag 'em into court. I want to see Howard Stringer twisting slowly, slowly in the wind.
Sony has apparently wised up :
http://www.gamespot.com/news/613...ws/
6139685.html
(the meat of the article)
Sony BMG halts "rootkit" CDs
Music giant responds to litigation by vowing to halt production of CDs containing controversial
antipiracy technology abused by viruses, World of Warcraft cheaters.
After nearly two weeks of stinging criticism and the filing of at least one class-action lawsuit,
Sony BMG Music Entertainment promised today to temporarily stop making CDs loaded with controversial copy-protection technology.
I've been working in recording studios for over fifteen years. The kind of studios where "name" acts' records are made. It's a dead certainty that among the sessions which my leet (but un-hip now that computers are the only thing in the world that matters) analog electronics skillz have rescued have been some of Sony's.
I have no sympathy at all for file-"sharing" thieves.
But Sony has gone too far. Breaking the computers of people who paid for the fucking CD just in case they might rip off the music is beyond the pale of acceptable or even civilized behavior.
From now on, the name "Sony" on any product of any kind will, for me, translate to "do not buy under any circumstances".
We tech guys exert a lot of influence on equipment buying decisions at work. Sony products aren't going to be making any short lists that I compile at either of the two studios I work at.
And by gum, the next time some overpaid knob-twister is screaming for help and I see that it's a Sony-label session, my I.Q. might suddenly decrease by 50 points.
Stop buying CDs. It's that simple.
i only buy local, or non-riaa affiliated music. if i am unsure, i check riaa radar.
"...software that stopped some of its CDs being ILLEGALLY copied..." Actually, prevents it from being copied in ways that Sony doesn't like, most of which are legal. It IS legal to rip a CD to MPEGs and play it in iTunes or on an iPod. But Sony doesn't get a cut of that, so it tries to cripple your system.
So, is there a list of the 20 Sony CD's already out there with this crap on them?
The hilarious thing is this is just going to accelerate the rush away from CDs and toward iTunes (and/or illegal downloads), the very thing they were hoping to squelch. Why spend $14-$18 to get a silver platter, a cheap jewel case, a poorly-designed paper card with minimal info and some music that might not play on your computer and that you can't make copies of anyway, and that will install malware on your PC, when for ten bucks you can get the same thing on iTunes minus the crap packaging, super-restrictive DRM and virus-inviting software?
Sony fucks with it's costomer's PC's and then wonders why it doesn't have more customers. What fucking humps.
Re:Macs, let me tell you, that the whole "Enter your password" security the MacOS has does absolutly nothing for the majority of Mac users out there. When they're using ANY new program, it asks for that password, pretty much. So they get used to it, and do it automatically.
On the Mac, you could put a similar rootkit in place, then as part of the program put in protections from it being removed, and programs can be programed to be system extensions and prevent being unloaded during a safe boot.
Pretty nasty.
And without Fileharing, the music industry at this point would be almost non-existant because of the lack of promotional channels. The RIAA's goal was to create a world with only "blockbuster" CD releases, but they completly missed how small the upward curve of that market is.
Once all the back-catalog was reissued on CD, releasing "blockbusters" might have been the only strategy that would keep margins high enough to keep everyone in their plush offices in midtown. Too bad it didn't work! Good riddance, I say. If, as Karmakin says, they want to destroy their only promotional channel (now that MTV is basically dead as a promotion vehicle), fuck 'em. The only way I ever find new music now (since I'm not willing to run p2p) is to find it on other people's computers at work using iTunes, but most people have stopped buying new music. Used to be I'd find it on some of the more interesting internet casts, but the interesting ones were RIAA'd out of business. The only label I don't consider "indie" with a clue is Naxos, and they only do classical. Bah, what's wrong with going to the pub and seeing the local guys play, anyway?
The more I read about about this blackdoor stuff, the more it looks like this malware/spyware is worse than previouly thought.
The only answer is to boycott Sony and all of it's subsidiaries for a least until the end of the year and give them a $0.00 Xmas season.
Via the Boycott Sony Blog (http://www.boycottsony.us), here is a list of Sony owned assets:
Sony Pictures Entertainment, including:
Columbia Pictures
TriStar Pictures
Mandalay Entertainment (partial interest)
Phoenix Pictures (partial interest)
Sony Pictures Classics
Sony Pictures Entertainment
Sony Pictures Television
Columbia-Tri Star Home Video
Triumph Films
Metro-Goldwyn-Mayer
United Artists
Screen Gems
Polygram Entertainment
[edit]
Music business
Sony/ATV Music Publishing
Sony BMG Music Entertainment
Columbia Records - popular music
Epic Records - popular music
Legacy Recordings - rare and collectible in many genres
Sony Classical - classical music
Sony Nashville - country music
Sony Wonder - children’s and family entertainment
[edit]
Video and online games
Sony Computer Entertainment - PlayStation, PlayStation Portable
Sony Online Entertainment - Everquest, Star Wars Galaxies
I am so angry I may never buy another Sony product again.
(sigh)
Yet another example of the rapidly escalating copyright arms race. The sooner BOTH (yes, BOTH) sides realize how fucked up they are, the sooner we might get an equitable solution.
That Mac DRM that Sony put on one confirmed title so far isn't the same animal as the Windows XP one, it seems that essentially it prevents ripping the CD into iTunes--if you're dumb enough to OK its installation. And since I've never had a music CD ask for root-level access, I'd definitely say "no" to the little fucker. Then I'd take it back to the store where I got it and ask for a refund or an exchange (different title), since it's useless to me-unless you can rip the tracks after refusing the DRM install.
Amusingly, it might actually be illegal to remove the XCP DRM from a Windows machine once it's installed, due to that skanky DMCA! Jeebus!
Here are a few linkies-first, the list of the known, affected CDs. Next, a bit about Sony's little Mac experiment. And, finally, an overview of the whole situation. Have fun. The list of CDs is rather odd, in that it doesn't seem like stuff they'd be all that worried about people stealing. Has all the hallmarks of a "test."
Note that the page that shows the list of affected CDs also shows how they are labeled, so that you might be able to spot unlisted titles, if any, that are floating around out there. If Sony helpfully labeled them all.
Ha-hah! Get a load of this!
Spyware Sony seems to breach copyright
The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of
copyright law.
The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.
It turns out that the rootkit contains pieces of code that are identical to LAME,
an open source mp3-encoder, and thereby breach the license.
This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.
Sony complied with non of these demands, but delivered just an executable program. A computerexpert, whose name is known by the redaction, discovered that the cd "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be conluded from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".
But the expert has more proof. For example, the executable program go.exe contains a so called array largetbl. This is a part used in the module tables.c of libmp3lame.
This discovery can have far-stretching consequences for the music giant, who claims only to protect copyrights...
One other thing...Sony's XCP prevents users from loading tunes into an iPod. But you can better fucking believe there's no such restriction with Sony's PlayStation Portable.
I think it's time to drop a few more nukes on Sony's home country!!
A simple way to determine whether a CD is free of malware:
Look for the "Compact Disc Digital Audio" logo. If it isn't there, don't buy the CD.
The logo is licensed by Philips, the developer of the CD format. It can only be used on CDs which conform to the Red Book audio CD standard. Philips has determined that CDs containing computer apps along with the music don't meet the standard and can't use the logo.
If the logo is there, the CD contains only standard-compliant music tracks. If it isn't there, you don't know what little "extras" might be there.
I find ALL attempts at copy-protection on CDs a) irritating and b) ineffective. If I bought the damn CD, I should be able to rip the music to my iPod. If I share it illegally that's a different story.
When I go to buy a chef's knife, it doesn't come with a T-bar welded to it to prevent me from plunging it into someone's chest--it doesn't ASSUME I'm going to commit a crime with it.
Commenting by HaloScan
