Sony BMG is replacing a patch for its CD copy-restriction software after Princeton University researchers found a security flaw in the update.
Sony announced on Tuesday that a new risk had been found with a batch of 27 of its CDs, which automatically install DRM software on hard drives when put into a computer's disc drive. Along with the Electronic Frontier Foundation, a digital rights group, the record label released a patch aimed at fixing that flaw.
However, Princeton computer science professor Ed Felten wrote in his blog on Wednesday that the patch itself could open computers to attack by hackers.
Sony executives said Thursday that they are working as closely as possible with security professionals to address the issues identified by Felten, and would have a new patch available by midday that day.
"The security space is a dynamic one, as we have learned," said Thomas Hesse, president of Sony's global digital businesses. "Our goal is to be diligent and swift, and we have gone to experts to handle this issue."
Sony's ongoing troubles with DRM software highlight the delicate line that record labels and other content companies are walking in trying to protect their products from widespread duplication.
The labels' technological attempts to create a copy-restricted CD that retains compatibility with millions of old CD players have opened them up to the unfamiliar hazards of software development. Several of Sony's attempts to patch security holes in its DRM software over the past weeks have turned out to raise their own new problems, instead of quelling concerns.
The current security flaw in Sony's discs is related to software produced by SunnComm Technologies and affects 27 titles that remain on the market.
It's separate from an earlier vulnerability that affected 52 other titles and that related to DRM software written by another company, First 4 Internet. Those titles have been recalled from store shelves.
The flaw found by Felten could allow Sony's original patch to trigger malicious software on a computer, if that software was already in place when the patch was installed.
Talkback
You should know that
1:
Sony has not recalled anything, at least as that term is understood in general commercial use... it's only a "voluntary exchange", and millions of malware-infected CDs are being deliberately left on store shelves where they can infect as many customers as possible over the Christmas shopping season.
And...
2:
When Sony went looking for malware to install on PCs the people they went to who wrote the secretly-installed spyware did not just stop with Sony as a client. F4I's XCP was new, custom built to Sony specifications, but the Sunncomm Mediamax spyware has an installed base of non-Sony titles that don't carry any warning that they are infected with the Mediamax malware.
http://www.eff.org/IP/DRM/Sony-BMG/mediamaxlist.php
Sunncomm has infected the disks, has them listed on their tech support site in case people ask why their PCs are screwed up, but no warning is given on the CDs themselves.
http://www.sunncomm.com/support/askthetech.asp
Sunncomm and Mediamax, two supposedly separate penny stocks that share the same office space, have been busy peddling their malware and its "Perfect Placement" spyware to anyone they could BS into carrying it... even children's organizations:
http://www.signal42.com/mediamax_technology_partners_with_child_safety_network_to_create_dynamic_multimedia_safety_education_gdb.aspx
Just thought you should know.
The biggest thing here is that Sony is hurting the artist that it was trying to protect. As the dig their grave deeper and deeper, the general public is becoming less trusting of Sony. People are more reluctant to purchase a Sony CD and so the artist loses, not Sony. And while Sony has badly hurt their own reputation, people WILL return. But by that time these artists may have already left Sony in pursuit of something better.
The whole copy protection is pointless anyway. As long as copy protection exists, so will ways to defeat that copy protection. I'm reminded of a story not that long ago about it being defeated with a felt tipped pen. This just goes to show the ingenuity of the public. This will not change either. As more and more efforts go into copy protection, I'm realizing just how futile it really is...
Why would anyone in their right mind EVER buy another Sony CD Label? The company clearly can't be trusted. If someone wants to listen to one of their trapped artists, download a safe and secure MP3.
At the time of this writing, SONY is still offering the faulty patch for download with *zero* warning to consumers.
See the last four paras, here:
http://news.zdnet.co.uk/internet/security/0,39020375,39240592,00.htm
I was all set to purchase a 50 inch plasma TV for my new house - I had chosen the Sony - I have just ordered a Hitachi instead. Even if Sony has technical superiority, I will now wait for a competitive brand.
Trouble is, they probably do not care. They are afraid of their customers rather than trying to embrace them. What a sad state for Sony - You would think that they would have learned from the Betamax, they had superior technology, but lost the battle over greedy licensing.