Sony has recently promoted CD restriction schemes that allow vendors
to limit the number of times someone can play a CD. Until recently, most viewed this as a relatively benign technology.However, security software author Mark Russinovich was recently testing some of his Sysinternals freeware programs and encountered some disturbing results. After considerable work, he discovered that the SonyBMG-produced CD he recently purchased on Amazon.com restricted access by planting a rootkit on his computer.
While cynics out there might be suspicious that Russinovich manufactured the story to promote his RootkitRevealer, SonyBMG has acknowledged that the rootkit code does exist. However, the company has published information on its Web site that explains how to remove what some people are referring to as spyware. Since you need to register with SonyBMG to view the page, I wasn't able to determine how readily available the fix is or how easy it is to remove.
Russinovich's blog contains reports from several people who — like myself — were unable to locate any clue in the end-user licence agreement that playing the music CD would plant code on computers, which turns out to be extremely difficult to remove. Although the SonyBMG software is probably harmless, the mere fact of its presence is certain to spark more complaints about digital rights management tools and spur more P2P file sharing.
At the minimum, no security specialist wants any surprise rootkit code installed on servers or workstations he or she is responsible for. Even if it is completely harmless (and there's no way to know that for certain), its mere presence can trigger security warnings. In addition, it can take a lot of work to determine what is there, not to mention figuring out how to remove it without disabling your optical drive completely.
I am not recommending the Sysinternals freeware security tools simply because I am not sufficiently familiar with them. However, Russinovich has written for Microsoft, including an article about rootkits in the June issue of Windows IT Pro Magazine, so his software is legitimate and certainly worth checking out to see if you should add it to your arsenal.
New threats
FrSIRT has reported a critical vulnerability
in the Cisco IOS that can allow either a remote or local attacker to
compromise the system by executing arbitrary code or — at the minimum —
trigger a denial of service event. Related to the infamous exploit disclosed at July's Black Hat security conference, this vulnerability affects Cisco IOS versions 12.0 through 12.4.
To protect against this vulnerability, update to the latest release of the appropriate version. For more information, see Cisco Security Advisory: IOS Heap-based Overflow Vulnerability in System Timers. Note that some of the updates won't be available until later this month.
In addition, eEye Digital Security has identified a critical vulnerability that involves a remotely exploitable arbitrary command...
For more, click here...
Talkback
Sure, update the CMA. And before you know it someone goes to jail because his malfunctioning network card caused something a laywer might explain as a DDoS attack on some ISP router or whatever else that can go wrong in this free-from-liability IT world.
How about updating the CMA so that companies can no longer hide their underfunded and poor security (partially subset of availability) company policies behind laws written by the technical clueless of real-life problems?
Security 101: "anything not explicitly allowed is explicitly forbidden".
Is it allowed to flood the company mail server? No? Then put some technology to use and make it impossible to flood the mail server because that's more likely to happen then a fire breaking out and since you do have a fire insurance why don't you have a mail flood insurance? If your mail server isn't protected against mail floods then either you're missing something, you made the wrong choice or YOU are taking risks.
Is it allowed to flood the company Internet router? No? Can it be expected? Yes. Could it happen by criminal intent? Yes. Could it happen by some failure somewhere? Yes. Then what's keeping you from preventing it becoming a (big) problem once it happens in the first place?
I am hoping to receive a bit more reactions on my comments since I do think they do concern matters that need to be discussed in the open. So, what's your point of view?