Trojan horse
Patch could actually cause the security problem it was supposed to block

Sony BMG admits to new CD bug

Latest fix 'makes matters worse'

Written by Ken Young

vnunet.com, 08 Dec 2005

Sony BMG has admitted to a new security problem affecting nearly six million of its CDs, after the detection of vulnerability with the MediaMax patch it supplied on 6 December.

According to watchdog group the Electronic Frontier Foundation (EFF) the most recent CD software "could allow malicious third parties … to gain control over a consumer's computer running the Windows operating system".

The EFF hired security firm Information Security Partners to analyse MediaMax. The company found a new vulnerability with the software that could allow unauthorised users to take full control of the computer's operations.

Sony BMG issued a patch but this was also flawed and could actually cause the security problem it was supposed to block.

Sony BMG stated that it is working on the problem and will release a modified patch if necessary. The problem only applies to CDs issued in the US and Canada.

The problems began last month when Sony BMG began shipping many of its music discs with a program called XCP.

The program had no effect on standard CD players, but installed itself on computers running Windows when a CD owner tries to play the disc on the computer.

It also proved very difficult to remove and was flagged by antivirus vendors as a vulnerability. To compound the problem XCP secretly sent information about users' listening habits over the internet to Sony BMG.

Sony began to withdraw about 4.7 million affected discs from stores, and set up an exchange programme for consumers who had bought about 2.1 million discs.

Meanwhile Sony BMG kept on using a different anti-piracy program called MediaMax, produced by SunnComm.

The EFF filed a lawsuit against Sony BMG's use of both XCP and MediaMax, claiming that the SunnComm program was also flawed.

The EFF cited research by J Alex Halderman, a student at Princeton University, who claimed that MediaMax sends information about users over the internet without their permission.

Halderman also claimed that MediaMax installs itself even if the user clicks a button that is supposed to stop the installation.

  • Have your say
  • Send to a friend
  • Print this
  • Share

Tags:

reader comments

related articles

Trojan horse

Computer Associates blacklists Sony DRM

Pressure mounts on Sony to abandon insecure technology 10 Nov 2005

 

Virus writers exploit Sony DRM

Sony doomsday scenario becomes reality 10 Nov 2005

Sony rootkit accused of licence violation

Nightmare darkens for troubled record label 18 Nov 2005

Security

Black Hat: App Genome Project to root out mobile security threats

Database will examine how apps access personal data 28 Jul 2010

Security

A week in security: Microsoft details Patch Tuesday

V3.co.uk rounds up the week's top security stories 10 Jul 2010

Communications

Top 10 technologies to beat tyranny

Tools for staying under the radar 23 Jan 2010

related white papers

today's top stories

Management

Financial IT job market recovery continues

Recruitment growth suggests IT budgets are increasing 30 Jul 2010

Communications

Satellite broadband touted as digital divide clincher

KA-SAT launch promises 10Mbit/s service for hard-to-reach locations 29 Jul 2010

Communications

Ofcom slams ISPs for exaggerated broadband speed claims

New code of practice for ISPs planned by the regulator 27 Jul 2010

Communications

Aerohive offers traffic light Wi-Fi monitoring

Firm promises simple 'red, yellow or green' system with Client Health Score tool 27 Jul 2010

Communications

Flaw in top wireless security protocol WPA2 uncovered

Disgruntled insiders could hack corporate wireless LAN 26 Jul 2010

> More news

Advertisement

Subscribe

How to achieve business and financial-system implementation success
A look at how organisations - regardless of size - can work towards successful business software installations and factors that determine the outcome.

Case study: Specsavers put customer care into focus
How Specsavers captured customer feedback at point of sale and incorporated the results into its CRM system.

Advertisement

Citrix

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you thousands of white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

Latest poll

ICO to lean more heavily on public sector bodies

ICO to lean more heavily on public sector bodies

The ICO has said it will lean more heavily on public sector bodies to secure timely FOI responses, do you think this is:

View poll results

> More polls

Latest audio and video articles

picture of Jason HartVideo

Ethical hacker reveals the security secrets behind cloud computing

Jason Hart, Senior VP at Cryptocard, shows Computing just how easy it is to illegally gain access to corporate cloud services to wreak havoc and steal money. 29 Jun 2010

gartner logoVideo

Part 1: 2010 trends in SOA and Application Development and Integration

Gartner analyst Paolo Malinverno explores trends in SOA 29 Jun 2010

> More audio and video

Latest in-depth articles

Map of 3G coverageComment

The risks of selling off the 800MHz radio spectrum at the wrong price

It's a choice between revenue now or universal broadband later 30 Jul 2010

Luton Borough Council officesAnalysis

Local authority leads the way in digital backup technology

Luton Borough Council tells of the benefits of early adopter of VTL, data deduplication and virtualisation 27 Jul 2010

> More in depth articles

Primary Navigation