Jump to content

Sony: Copy-Protection terrorists

neveronfriday

By neveronfriday
in Miscellaneous Music

 Share

Recommended Posts

  • Replies 83
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

neveronfriday Rookie

neveronfriday

Posted
  • Author
Posted

You thought Sony’s “rootkit” copy-protection was bad? You probably haven’t read the 3,000 word (!) End User License Agreement that comes with it, yet:

  1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That’s because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

  2. You can’t keep your music on any computers at work. The EULA only gives you the right to put copies on a “personal home computer system owned by you."

  3. If you move out of the country, you have to delete all your music. The EULA specifically forbids “export” outside the country where you reside.

  4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

  5. Sony-BMG can install and use backdoors in the copy protection software or media player to “enforce their rights” against you, at any time, without notice. And Sony-BMG disclaims any liability if this “self help” crashes your computer, exposes you to security risks, or any other harm.

  6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That’s right, no matter what happens, you can’t even get back what you paid for the CD.

  7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

  8. You have no right to transfer the music on your computer, even along with the original CD.

  9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

Link to comment
Share on other sites
medjuck Rising Star

medjuck

Posted
Posted

[

From this article "The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players."

I am listening to Silver's Blue as I type this, no malfunction, no software installation on my Mac

Maybe, maybe not.

By Michael Santo

Contributing Writer, RealTechNews

Let’s face it, Mac users consider themselves pretty safe from spyware or malware … not completely safe, but very safe. Evidently, Sony BMG’s DRM, which some antivirus vendors are calling spyware, is a little too much for even the Mac OS.

A poster at Macintouch comments on the discovery of apparent Sony BMG copy protection software running continuously in his Macintosh as a kernel extension. The software was apparently installed via a new Imogen Heap CD called “Speak for Yourself”. This is an RCA Victor release, but with distribution credited to Sony BMG, so the reader did some checking, and found the software. Unlike the issue with Windows Sony DRM, the EULA for this software states it will be installing copy protection software, and the files are not hidden.

Darren Dittrich followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style “root kit” on their computers via audio CDs:

I recently purchased Imogen Heap’s new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there’s a smaller extra partition for “enhanced” content. I was surprised to find a “Start.app” Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.

Personally, I’m not a big fan of anyone installing kernel extensions on my Mac. In Sony’s defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site. Source: Macintouch, but you have to search for it because of the way the site works. Search for “malware-style”.

We Say: It appears, despite the fact that Sony BMG believes that no one knows what a rootkit is, enough smart people around the Internet do know and continue to add more fuel to the fire.

# Permalink  Posted at 10:11 am

On Nov 12, 2005, at 9:28 AM, Hoefsmit wrote:

Link to comment
Share on other sites
gslade Newbie

gslade

Posted
Posted

[

From this article "The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players."

I am listening to Silver's Blue as I type this, no malfunction, no software installation on my Mac

Maybe, maybe not.

By Michael Santo

Contributing Writer, RealTechNews

Let’s face it, Mac users consider themselves pretty safe from spyware or malware … not completely safe, but very safe. Evidently, Sony BMG’s DRM, which some antivirus vendors are calling spyware, is a little too much for even the Mac OS.

A poster at Macintouch comments on the discovery of apparent Sony BMG copy protection software running continuously in his Macintosh as a kernel extension. The software was apparently installed via a new Imogen Heap CD called “Speak for Yourself”. This is an RCA Victor release, but with distribution credited to Sony BMG, so the reader did some checking, and found the software. Unlike the issue with Windows Sony DRM, the EULA for this software states it will be installing copy protection software, and the files are not hidden.

Darren Dittrich followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style “root kit” on their computers via audio CDs:

I recently purchased Imogen Heap’s new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there’s a smaller extra partition for “enhanced” content. I was surprised to find a “Start.app” Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.

Personally, I’m not a big fan of anyone installing kernel extensions on my Mac. In Sony’s defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site. Source: Macintouch, but you have to search for it because of the way the site works. Search for “malware-style”.

We Say: It appears, despite the fact that Sony BMG believes that no one knows what a rootkit is, enough smart people around the Internet do know and continue to add more fuel to the fire.

# Permalink  Posted at 10:11 am

On Nov 12, 2005, at 9:28 AM, Hoefsmit wrote:

Silver's Blue

contains the following autorun (files for installation)(cnf, exe, ico and inf) however one must go into the disc and click on these files to do the installation.

By no means do I endorse what sony is doing or am I saying that it is completely safe

all I was commenting on was that I ripped the cd and can play it on my Ipod without intalling software (I guess I should say that I know of)

Link to comment
Share on other sites
Fer Urbina Rookie

Fer Urbina

Posted
Posted

Just out on the BBC Website

Microsoft to remove Sony CD code

Sony's controversial anti-piracy CD software has been labelled as spyware by Microsoft.

The software giant said the XCP copy protection system counted as malicious software under the rules it uses to define what Windows should be protected against.

It is planning to include detection and removal tools for XCP in its weekly update to its anti-spyware software.

The news came as Sony BMG suspended production of CDs that use XCP.

Tool kit

Microsoft's decision to label the XCP system spyware was revealed on the corporate blog maintained by the software maker's anti-malware team.

Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems

Jason Garms, Microsoft 

Malware is the generic term for malicious software and includes viruses, spyware and any other program designed to hijack or harm a computer.

Writing in the blog, Jason Garms, one of the senior managers in the anti-malware team, said the XCP software qualified as spyware under the "objective criteria" Microsoft uses to assess potentially malicious programs.

The XCP system is controversial because it uses techniques more often seen in computer viruses to hide itself on users' machines.

Specifically XCP uses a "root-kit" to conceal itself deep inside the Windows operating system.

"Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems," said Mr Garms in the blog entry.

As a result Microsoft will put utilities to find and remove the XCP system in the next update of its anti-spyware software.

The same utilities will also go in to the December update for Microsoft's malicious software removal tool.

Bad publicity

The row about XCP blew up following an expose by Windows programming expert Mark Russinovich.

It led to widespread criticism of Song BMG and several class action lawsuits have been started against the record label over XCP. The stealthy software is intended to stop illegal copies being made of Sony CDs.

Mr Russinovich's discovery led to a string of bad publicity for Sony, which culminated in the news that virus writers were starting to use XCP to hide their own malicious programs.

In response Sony BMG suspended use of XCP as a "precautionary measure". The XCP software was only used on CDs sold in the US.

Speaking about the suspension Mr Russinovich said: "This is a step they should have taken immediately."

F

Link to comment
Share on other sites
Brownian Motion Newbie

Brownian Motion

Posted
Posted

The New York Times

November 14, 2005

The Ghost in the CD

By TOM ZELLER Jr.

The latest album from Johnny and Donnie Van Zant, "Get Right With the Man," delivers "anthems with the sort of conviction that will inevitably inspire raised fists and chorus sing-a-longs," says Amazon.com's official music reviewer.

Fists are raised all right, but not in the way the Van Zants would have hoped.

After years of battling users of free peer-to-peer file-sharing networks (and the software companies that support them), the recording industry now identifies "casual piracy" - the simple copying and sharing of CD's with friends - as the biggest threat to its bottom line.

And in one company's haste to limit the ripping and burning of CD's, a hornet's nest has been stirred. By the end of last week, that company, Sony BMG, which had embedded aggressive copy-protection software on the Van Zant CD and at least 19 others, suspended the use of that software after security companies classified it as malicious.

At least two Internet-borne worms were discovered attempting to take advantage of the program, which the CD's transferred to computers that played them. And the company was facing lawsuits accusing it of fraud and computer tampering in its efforts at digital rights management, or D.R.M.

"Look, what we do is write music; we make music," said Donnie Van Zant, who like most artists had no had no idea what sort of security features, if any, his label would place on the album. "I really don't even know what D.R.M. means, to be honest with you."

The entertainment industry has complained that in the digital world, wanton piracy can bleed revenues. Along with lawsuits and legislative lobbying, infusing digital media with tricked-out code to limit how, when and by whom it is used is one way copyright holders have sought to keep control of their products.

It is not foolproof (for every lock, a pick), and tight controls are not what customers want. But it is something they might tolerate - so long as it does not go too far.

"I think they've set the whole D.R.M. thing back at least a year or two," Todd Chanko, a television and entertainment industry analyst with Jupiter Research in New York, said of the Sony BMG situation.

One angry "customer reviewer" of Van Zant's album put it another way on Amazon.com: "Boycott Sony! It looks like it's now safer to download pirated copies than to buy CD's!"

For its part, Sony BMG, along with First 4 Internet, the British software company that developed the D.R.M. code, issued a software patch to address the security concerns. It also publicized a convoluted "uninstall" process for the software that requires users to provide their e-mail addresses and make multiple visits to a Sony BMG Web site - a move that further angered consumers.

On Friday, Sony BMG, a joint venture of Sony of Japan and Bertelsmann of Germany, announced that it would suspend manufacture of CD's containing First 4 Internet's software and that it would re-examine its content-protection initiatives. The company said about 4.7 million CD's containing the software had been shipped, and about 2.1 million had been sold.

"The consumer experience is our primary concern, and our one and only goal is to help bring our artists' music to as broad an audience as possible," John McKay, a Sony BMG spokesman, said late last week. "As a result, we're constantly identifying new ways to meet consumers' demand for flexibility in how they listen to music, while at the same time protecting the rights of artists."

But the industry's mad dash to protect artists - or more accurately, its profits - may have led Sony BMG to move so aggressively, and disastrously, on the D.R.M. front.

In a PowerPoint presentation before the National Association of Recording Merchandisers in San Diego in August, Mitch Bainwol, the chief executive of the Recording Industry Association of America, underlined the urgency: "Key point: Burning and ripping are becoming a greater threat than P2P," a reference to peer-to-peer file sharing.

That assertion was predicated on numbers compiled by the market research firm NPD Group. They showed that in 2004, only about 55 percent of consumers acquired their music by legal means: either buying a CD (51 percent) or downloading it from a paid online music site (4 percent). About 16 percent acquired music from peer-to-peer networks, according to the survey. And the remainder - 29 percent - reported acquiring their music either on CD's burned by friends or family, or by borrowing legally purchased CD's and "ripping" the tracks to their computers.

Copy-protection technology, Mr. Bainwol told The Associated Press at the August conference, "is an answer to the problem that clearly the marketplace is going to see more of."

In fact, record labels have been cautiously experimenting with such technology for some time - mostly in the European and Asian markets, and on a more limited basis in the United States, with mixed results. Early copy-protection schemes developed by companies like SunnComm International of Phoenix and Macrovision of Santa Clara, Calif., were often too restrictive, intermittently buggy and sometimes embarrassingly easy to circumvent - despite the outlawing of such circumventions by the Digital Millennium Copyright Act of 1998.

Fans quickly found, for instance, that the copy protection on Celine Dion's 2002 Sony release "A New Day Has Come" could be overcome by inking the edges of the disc with a black felt-tip pen.

A year later, BMG deployed technology from SunnComm on an album by the soul artist Anthony Hamilton. Within days a Princeton student discovered that simply holding the shift key while inserting the disc foiled the restrictions.

"I think we're still waiting for the development of D.R.M. that finds ways to satisfy both consumers' needs and producers' needs," said David Sohn, general counsel with the Center for Democracy and Technology in Washington.

Some claim it is a fool's errand.

"It's abundantly clear by now that no D.R.M. system can stop serious pirates," wrote Edward W. Felten, a professor of computer science and public policy at Princeton University, on his blog, Freedom-To-Tinker.com. "A D.R.M. system that stops serious pirates, and simultaneously gives broad leeway to ordinary users, is even harder to imagine."

Still, from the Microsoft Corporation's own Windows Media D.R.M. and Apple Computer's proprietary FairPlay technology to next-generation disc protection schemes like Macrovision's Total Play, SunnComm's MediaMax and even Sony's own DADC technology, a forest of overlapping and sometimes conflicting copy-protection and rights-management systems now attempt to govern the digital media experience.

Many technologies that allow limited CD ripping do not permit the creation of the popular MP3 file format, prompting some artists, including Switchfoot and Dave Matthews, to begin publishing instructions for circumventing their albums' copy protections on the Web, so that fans can move tracks that are nominally incompatible with Apple's FairPlay, onto the popular iPod music player.

Even Sony BMG, which is not licensed to distribute FairPlay-compatible tracks on its discs, posts such instructions on its Web site.

Of course, that is the kind of flexibility that fans want, Mr. Chanko of Jupiter Research said, and the challenge of digital rights management, he added, "is to engage the consumer in a way that makes them an ally."

Sony BMG seems to have failed that test when, in seeking to limit consumers to making three copies of its CD's, it embedded the First 4 Internet software, which penetrates deeply into the PC's of users with a program that introduced a real, if minor, security risk.

It all began unraveling early last month, after an American customer notified F-Secure, a Finnish antivirus company, of some files attempting to hide themselves on his computer. F-Secure deduced that the Van Zant CD had deposited a program that looked a lot like a "rootkit" - typically a dirty word in computer security circles because it describes software tools used to hack the deepest level of a computer system and hide the footprints of an intruder.

That might have been bad enough, said Mikko H. Hypponen, the chief research officer of F-Secure, but the rootkit also proved capable not just of hiding itself, but any file, folder or process on the computer that used a five-character string as part of its name.

No other file on a typical computer would have that string in its name. But if an enterprising virus writer managed to figure out the system, named his bug appropriately, and somehow got it onto the machine of a consumer whose only real sin was listening to Celine Dion's "On ne Change Pas" on his PC, Sony BMG's copy-protection software would cloak the worm.

In computer security terms, it is a tiny vulnerability, but as of last week it was clear that at least a few virus writers were attempting to exploit it.

"It was designed to be speed-bump technology," said Mathew Gilliat-Smith, the chief executive of First 4 Internet, meaning it would slow down those seeking to circumvent the copy restrictions.

F-secure quietly contacted Sony BMG and First 4 Internet with its concerns, but on Oct. 31, Mark Russinovich, a security expert at SysInternals.com, published his own discovery of the rootkit on his blog. Public outrage followed on the Internet as the program was further examined, the end user license agreement deconstructed, and Sony BMG's response scrutinized.

"We deeply regret any possible inconvenience this may cause," the company said in a statement on Friday. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists."

Unfortunately, the artists are suffering the fallout, too.

"Take your rootkit and shove it," was one angry message that Ross Schilling, the Van Zant manager, said was left on his voicemail.

"The Internet, downloading, file-sharing - it's a whole new Wild West for the music business," a somewhat weary Mr. Schilling said, adding that while he supports the idea of protecting content, he regrets that Van Zant has become the poster child for bad D.R.M. schemes.

"To some degree the labels have been slow to embrace things, and are now playing catch-up," he said. "They'll continue to tweak these systems, and everyone will have to pay attention more closely."

* Copyright 2005 The New York Times Company

* Home

* Privacy Policy

* Search

* Corrections

* XML

* Help

* Contact Us

* Work for Us

* Site Map

* Back to Top

Link to comment
Share on other sites
Tjazz Newbie

Tjazz

Posted
Posted

November 12, 2005

latimes.com : Business

E-mail story Print Most E-mailed Small Text SizeSmall Text Size Regular Text SizeRegular Text Size Large Text SizeLarge Text Size Change text size

Sony BMG Pulls CD Anti-Piracy Software

From Associated Press

WASHINGTON — Stung by continuing criticism, Sony BMG Music Entertainment promised Friday to temporarily suspend making music CDs with anti-piracy technology that could leave computers vulnerable to hackers.

The world's second-largest music label defended its right to prevent customers from illegally copying music but said it would halt manufacturing CDs with the "XCP" technology as a precautionary measure.

"We also intend to reexamine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," Sony said in a statement.

The anti-piracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and from loading the CD's songs onto Apple Computer Inc.'s iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.

Sony's announcement came one day after security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the anti-piracy technology's ability to avoid detection. Hackers discovered that they could effectively render their programs invisible by using names for computer files similar to the ones cloaked by the Sony technology.

A senior official for the Department of Homeland Security cautioned entertainment companies against discouraging piracy in ways that also made computers vulnerable. Stewart Baker, the department's assistant secretary for policy, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

"It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."

Sony's program is included on about 20 music titles, including releases by Van Zant and the Bad Plus.

Security researchers have described Sony's technology as "spyware," saying that it is difficult to remove and that it transmits without warning details about what music is playing. They also say Sony's notice to consumers about the technology is inadequate. Sony executives have rejected the description of their technology as spyware.

Some leading anti-virus companies updated their protective software this week to detect Sony's anti-piracy program, disable it and prevent it from reinstalling.

Link to comment
Share on other sites
king ubu Apprentice

king ubu

Posted
Posted

The main problem are the musicians, but thank God lables such as Hat or Leo or whatever labels are active in creative music do not even think of shitte such as copy protection.

I'd like to know what makes you think this because other than the infamous Metallica/Napster debacle, I don't think the majority of musicians/artists support copy-protection at all. This seems to be the doing of the labels in order to "protect" their investment.

Besides, if the musicians were really clamoring for copy-protection, do you think the majors would actually spend all this money to develop it? When do they ever give a shit what the musicians want?

couw got me right here (thanks!) - sorry for posting and then not being able to answer to any reactions. I do like to support musicians, small labels, and the like, and I do spend money on a good product. And I'm getting more and more pissed by the majors' behaviour.

One general question: if I buy any of the recent Sony releases (Woody Shaw, Ahmad Jamal, Dexter,...) - is there a safe way to see if the disc is infected by this sh*tte or not? Can I see this from looking at the cover and/or tray?

(My guess of course is: no - My rant then goes on: wtf! They don't even have to declare their sh*tte? No such law that they have to declare any software that is on their disc and may or may not install itself and may or may not do harm to any of your technical devices? This is all so stupid!)

Link to comment
Share on other sites
mgraham333 Newbie

mgraham333

Posted
Posted

Fallout from Sony CD flap getting worse

Researchers says software removal scheme aggravates security hole

BOSTON - The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony’s suggested method for removing the program actually widens the security hole the original software created, researchers say.

Sony apparently has moved to recall the discs in question, but music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.

“This is a surprisingly bad design from a security standpoint,” said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, J. Alex Halderman. “It endangers users in several ways.”

The “XCP” copy-protection program was included on at least 20 CDs, including releases by Van Zant, The Bad Plus, Neil Diamond and Celine Dion.

When the discs were put into a PC — a necessary step for transferring music to iPods and other portable music players — the CD automatically installed a program that restricted how many times the discs’ tracks could be copied, and made it extremely inconvenient to transfer songs into the format used by iPods.

That antipiracy software — which works only on Windows PCs — came with a cloaking feature that allowed it to hide files on users’ computers. Security researchers classified the program as “spyware,” saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC’s CD drive.

The program also gave virus writers an easy tool for hiding their malicious software. Last week, virus-like “Trojan horse” programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said. Trojans are typically used to steal personal information, launch attacks on other computers and send spam.

Stung by the controversy, Sony BMG and the company that developed the antipiracy software, First 4 Internet Ltd. of Oxfordshire, United Kingdom, released a program that uninstalls XCP.

But the uninstaller has created a new set of problems.

To get the uninstall program, users have to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.

According to the Princeton analysis, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.

“The consequences of the flaw are severe,” Felten and Halderman wrote in a blog posting Tuesday. “It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.”

Sony BMG spokesman John McKay did not return calls seeking comment. First 4 Internet was not making any comment, according to Lynette Riley, the office manager who answered the company’s phone Tuesday evening in England.

Mark Russinovich, the security researcher who first discovered the hidden Sony software, is advising users who played one of the CDs on their computer to wait for the companies to release a stand-alone uninstall program that doesn’t require filling out the online form.

“There’s absolutely no excuse for Sony not to make one immediately available,” he wrote in an e-mail Tuesday.

Other programs that knock out the original software are also likely to emerge. Microsoft Corp. says the next version of its tool for removing malicious software, which is automatically sent to PCs via Windows Update each month, will yank the cloaking feature in XCP.

Sony BMG said Friday it would halt production of CDs with XCP technology and pledged to “re-examine all aspects of our content protection initiative.” On Monday night, USA Today’s Web site reported that Sony BMG would recall the CDs in question.

Sony BMG CDs with XCP software

— Trey Anastasio, Shine (Columbia)

— Celine Dion, On ne Change Pas (Epic)

— Neil Diamond, 12 Songs (Columbia)

— Our Lady Peace, Healthy in Paranoid Times (Columbia)

— Chris Botti, To Love Again (Columbia)

— Van Zant, Get Right with the Man (Columbia)

— Switchfoot, Nothing is Sound (Columbia)

— The Coral, The Invisible Invasion (Columbia)

— Acceptance, Phantoms (Columbia)

— Susie Suh, Susie Suh (Epic)

— Amerie, Touch (Columbia)

— Life of Agony, Broken Valley (Epic)

— Horace Silver Quintet, Silver's Blue (Epic Legacy)

— Gerry Mulligan, Jeru (Columbia Legacy)

— Dexter Gordon, Manhattan Symphonie (Columbia Legacy)

— The Bad Plus, Suspicious Activity (Columbia)

— The Dead 60s, The Dead 60s (Epic)

— Dion, The Essential Dion (Columbia Legacy)

— Natasha Bedingfield, Unwritten (Epic)

— Ricky Martin, Life (Columbia)

Source: MSNBC

Link to comment
Share on other sites
Spontooneous Apprentice

Spontooneous

Posted
Posted

According to The New York Times:

SONY BMG RECALLS CDs FOR GLITCH

By TOM ZELLER Jr.

c.2005 New York Times News Service

The global music giant Sony BMG announced Tuesday that it planned to recall millions of CDs by at least 20 artists — from crooners Celine Dion and Neil Diamond to the country-rock act Van Zant — because they contain copy restriction software that poses risks to the computers of consumers.

The move — more commonly associated with collapsing baby strollers, exploding batteries, or cars with faulty brakes — is expected to cost the company tens of millions of dollars. The company said it would remove all unsold CDs containing the software from retail outlets and offer exchanges to consumers who had bought any of the CDs involved.

A toll-free number and e-mail message inquiry system will also be set up on the Sony BMG Web site (sonybmg.com).

“We deeply regret any inconvenience this may cause our customers and are committed to making this situation right,” the company said in a letter that it said it would post on its Web site.

Neither representatives of Sony BMG nor the British company First 4 Internet, which developed the copy protection software, would comment further.

Sony BMG estimated last week that about 5 million discs — some 49 different titles — had been shipped with the problematic software, and about 2 million had been sold.

Market research from 2004 has shown that about 30 percent of consumers report obtaining music through the copying and sharing of tracks among friends from legitimately purchased CDs.

But the fallout from the aggressive copy protection scheme has raised serious questions about how far companies should be permitted to go in seeking to prevent digital piracy. The recall and exchange program, first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CDs contained software designed to limit users to making only three copies of the music, but which also altered the deepest levels of the computer systems of consumers and created vulnerabilities that Internet virus writers could exploit.

Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.

Several security and anti-virus companies, including Computer Associates, F-Secure and Symantec, quickly classified the software on the CDs, which is known only to affect users of the Windows operating system, as malicious because, among other things, it attempted to hide itself on the machines of users and communicated remotely with Sony servers once installed.

On Saturday, a Microsoft engineering team indicated that it would be updating the company's own security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.

Researchers at Princeton University revealed Tuesday that early versions of the “uninstall” process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.

Security analysts at Internet Security Systems, based in Atlanta, also issued an alert Tuesday indicating that the copy-protection software itself, which was installed on certain CDs beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.

David Maynor, a researcher with the X-force division of Internet Security Systems, which analyzes potential network vulnerabilities, said the copy-protection scheme was particularly pernicious because it was nearly impossible for typical computer users to remove on their own.

“At what point do you think it is a good thing to surreptitiously put Trojans on people's machines?” Maynor said. “The only thing you're guaranteeing is that they won't be customers anymore.”

Some early estimates indicate that the problem could affect half a million or more computers around the world.

Data collected in September by the market research firm NPD Group indicated that roughly 36 percent of consumers reported that they listened to music CDs on a computer. If that percentage held true for people who bought the Sony BMG CDs, that would amount to about 720,000 computers — although only those running Windows would be affected. (Consumers who listen to CDs on stereo systems and other noncomputer players, as well as users of Apple computers, would not be at risk.)

Dan Kaminsky, a prominent independent computer security researcher, conducted a more precise analysis of the number of PCs affected by scanning the Internet traffic generated by the Sony BMG copy-protection software, which, once installed, quietly attempts to connect to one of two Sony servers if an Internet connection is present.

Kaminsky estimated that about 568,000 unique Domain Name System — or DNS — servers, which help direct Internet traffic, had been contacted by at least one computer seeking to reach those Sony servers. Given that many DNS servers field queries from more than one computer, the number of actual machines affected is almost certainly higher, Kaminsky said.

Although antivirus companies have indicated since late last week that virus writers were trying to take advantage of the vulnerabilities, it is not known if any of these viruses have actually found their way onto PCs embedded with the Sony BMG copy protection software.

Kaminsky and other security and digital rights advocates say that does not matter. “There may be millions of hosts that are now vulnerable to something that they weren't vulnerable to before,” Kaminsky said.

For some critics, the recall will not be enough.

“This is only one of the many things Sony must do to be accountable for the damage it's inflicted on its customers,” said Jason Schultz, an attorney with the Electronic Frontier Foundation, a digital rights group in California.

On Monday, the foundation issued an open letter to Sony BMG executives demanding, among other things, refunds for customers who bought the CDs and do not wish to make an exchange, and compensation for time spent removing the software and any potential damage to computers. Sony BMG is jointly owned by the Sony Corp. and Bertelsmann.

The group, which has been involved in lawsuits over the protection of digital rights, gave the company a deadline of Friday morning to respond with some indication that it was “in the process of implementing these measures.”

“People paid Sony for music, not an invasion of their computers,” Schultz said. “Sony must right the wrong it has committed. Recalling the CDs is a beginning step in the process, but there is a whole lot more mess to clean up.”

Link to comment
Share on other sites
ejp626 Collaborator

ejp626

Posted
Posted

I'm pretty sure Drum Suite needs to be on there as well. As obnoxious as this whole thing is, I am glad Sony is getting it with both barrels right in the ass. This recall will surely cost them more than the "casual pirating" they are so concerned about. One commentator said that this will set back DRM by at least a couple of years, so I am certainly glad of that.

On a side note, the NYT has some really annoying habits, particularly for sticking up for the NY property owners above citizens and apparently being uncritical on these digital rights stories. If you compare the coverage in the NYT vs. Wash Post, not only does NYT completely drop the ball, they then uncritically accept Sony's side (in an earlier article) and even now that this has blown up, they keep claiming it is a "minor security risk." Fuck that -- they need to fire whoever writes on technology issues and hire somebody like the Wash Post guy, who's really on the ball.

Now some questions about this recall. What about people who imported these to Europe -- am I going to be able to somehow replace the CD? Or what about people who bought these used? Do we just send in the CD? Lots of kinks to work out. (I know I was going to boycott Sony (other than the Cellar Door), but I got a great deal on Blakey's Drum Suite (used) and I thought this was as good an opportunity as any to install Linux and break the CD.)

Link to comment
Share on other sites
Claude Newbie

Claude

Posted
Posted

Sony's 'Rootkit' Is on 500,000 Systems, Expert Says

More than 200,000 copies of the program are installed on computers in Japan, with around 130,000 running on computers in the United States. The United Kingdom has about 44,000 copies of the program installed, Kaminsky's research shows.

Netherlands and Spain both have more than 27,000 copies of the program running, followed by Korea, Peru, France, Australia and Switzerland with between 12,000 and 8,000 installations.

Interesting how this figures were estimated:

Kaminsky, who is known for his novel security research on core Internet components like the TCP/IP communications protocol, identified systems running the copy protection software from First 4 Internet using a technique called "DNS cache sniffing." Kaminsky searched through the saved (or "cached") DNS requests submitted to a large number of the world's publicly accessible DNS servers and looked for requests for domains associated with the XCP software, such as update.xcp-aurora.com and connected.sonymusic.com.

DNS is a network of computer servers that match up Internet user requests for Internet domains, like eweek.com, with IP addresses that machines recognize.

Kaminsky used a database of around three million DNS name servers he had compiled for unrelated research into security vulnerabilities in the DNS system.

The search turned up almost one million references to the XCP and Sony domains. Kaminsky weeded out duplicate or forwarded requests from that number and narrowed the list down to 568,000 requests from unique IP addresses on the Internet.

He used geolocation software to associate the IP address of the machine running the XCP software to particular countries, he said.

Link to comment
Share on other sites
king ubu Apprentice

king ubu

Posted
Posted

Thanks Claude! So I must not be afraid that if I buy a usual-looking Sony/Legacy disc I end up having this programme on it? Why then is Switzerland being mentioned, too? The jazz releases did not have any of the info printed on their covers, as shown above!

Still confused and waiting a bit, I assume...

Link to comment
Share on other sites
ejp626 Collaborator

ejp626

Posted
Posted

Thanks Claude! So I must not be afraid that if I buy a usual-looking Sony/Legacy disc I end up having this programme on it? Why then is Switzerland being mentioned, too? The jazz releases did not have any of the info printed on their covers, as shown above!

Still confused and waiting a bit, I assume...

I suspect Switzerland and other countries show up because people ("music terrorists") get impatient and import XCRs from the US.

Same way people try to circumvent DVD regional coding. Interestingly the new blue-ray DVDs or whatever they are calling them are supposed to be locked down much tighter with some reports claiming that the players themselves will have a backdoor to let companies know if you try to change regional coding. Not surprising that Sony is involved in this as well. Definitely something I will avoid and I may simply stop buying DVDs a few years down the road if this comes to pass. At this point, I probably have enough DVDs to rest me the rest of my life anyway.

On a side note, I did see one blog mention that Sony BMG UK is defiantly going to stick with XCR technology, but I just can't believe this is anything but bluster. The UK/EU laws for fucking with people's computers are much stronger than in the US and some poorly written EULA just is not going to cover them. So I hope the blogger was misinformed.

Link to comment
Share on other sites
ejp626 Collaborator

ejp626

Posted
Posted (edited)

I'm currently trying to access the FAQ about the CD recall, but there must be tens of thousands of people trying to access it all at once. (Sony BMG - ever heard of a mirror site - these guys need to stick to entertainment and get out of the technology business!). If I ever get it, I'll post it here.

Update: The current FAQ on the XCP is useless - don't bother. They haven't yet updated the site to deal with the recall, other than to say it will happen. Probably won't be updated for some time. I bet there are a lot of Sony execs staying up late, trying to figure this out. And somebody had better lose their job over this, since they just cost Sony a few millions dollars.

Edited by ejp626
Link to comment
Share on other sites
Claude Newbie

Claude

Posted
Posted

Thanks Claude! So I must not be afraid that if I buy a usual-looking Sony/Legacy disc I end up having this programme on it? Why then is Switzerland being mentioned, too? The jazz releases did not have any of the info printed on their covers, as shown above!

Still confused and waiting a bit, I assume...

AFAIK, there were no SonyBMG XCP releases in Europe so far. Sony had planned to introduce them in 2006, but has now abandonned these plans.

Given the controversy over copyprotection in general, I don't think any label can put protected CDs on the market without informing the buyer.

Link to comment
Share on other sites
Claude Newbie

Claude

Posted
Posted (edited)

http://cp.sonybmg.com/xcp/

November 16, 2005

To Our Valued Customers:

You may be aware of the recent attention given to the XCP content protection software included on some SONY BMG CDs. This software was provided to us by a third-party vendor, First4Internet. Discussion has centered on security concerns raised about the use of CDs containing this software.

We share the concerns of consumers regarding these discs, and we are instituting a program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection. We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory. We will make further details of this program available shortly.

We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right. It is important to note that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players.

Our new initiatives follow the measures we have already taken, including last week’s voluntary suspension of the manufacture of CDs with the XCP software. In addition, to address security concerns, we provided to major software and anti-virus companies a software update, which also may be downloaded at http://cp.sonybmg.com/xcp/english/updates.html. We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer.

Ultimately, the experience of consumers is our primary concern, and our goal is to help bring our artists’ music to as broad an audience as possible. Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music.

The heck, just release normal CDs like you have been doing for 20 years, discs that can be played in every CD player, on the PC, and that can be converted to MP3s to listen to on portable players. That's all the flexibility the consumer needs.

Edited by Claude
Link to comment
Share on other sites
David Ayers Newbie

David Ayers

Posted
Posted

Why does it only dawn on these people too late that consumer confidence is their biggest asset? The whole advantage of buying a CD for many people is that they have a safe, hard copy, and can make burns or mp3s if they want them for personal use. Or maybe they just want to listen to the CD on their PC (you know, you're sitting at your PC, you put in a CD and listen to it - it can happen, believe it or not). If the CD is going to mess with your computer the manufacturers become no better than the virus spreaders, who are hated by everyone. After Sony hit people like this, some people will look to hit Sony back, and the way these things work they may have lost a lifetime of trust among some consumers. Just stupid.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...