[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

Benjamin M.A. Robson ben at robson.ph
Tue Nov 1 15:49:34 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I did a small commentary on this on my website (http://www.robson.ph)
today.

I attempted, in my write-up, to make two key points.

The first of these is, what is the difference between what Sony BMG
has allegedly done here and if a someone breached Sony's systems?  In
my eyes, nothing.  Sony has illegally accessed individual and
organisation's computer systems and as such should be accountable to
the same laws as anyone else committing this act.  Even if some sort
of EULA exists with the music player, that you have to accept before
using it, surely know judge is going to consider it reasonable that a
consumer is required to agree to an agreement that takes longer to
read than it does to listen to the music it is "protecting".

The second point goes to the impact on this in the government sector.
I wonder how many of these "protected" CDs made their way in to
government networks.  Of course (I hope) in the more highly sensitive
government areas such applications could not be executed.  However I
am sure there are plenty of mid-tier and below government agencies and
NGO's that do allow such applications to be run.  Now Sony has
introduced a Root Kit in to government systems.

I strongly believe that ANY organisation who chooses to knowingly
install applications on to a consumers personal computer without their
explicit and knowledgeable (knowledgeable as to the ramifications of
the installation) authorisation, should be prosecuted under the
criminal justice system.  This is an immoral act and must be an
illegal act.

Anyway, those are my thoughts.

BenR
Security Consultant


Fergie wrote:

>I'd like to direct your attention to an issue that NEEDS to
>addressed, and I'm glad that SysInternals and F-Secure have
>gone public with it.
>
>This is, indeed, DRM (Digital Rights Management,or Digital
>Restrictions Management, depending on how you look at it) gone
>way, way too far.
>
>Mark Russinovich writes in the the SysInternals blog:
>
>[snip]
>
>Last week when I was testing the latest version of
>RootkitRevealer (RKR) I ran a scan on one of my systems
>and was shocked to see evidence of a rootkit. Rootkits
>are cloaking technologies that hide files, Registry keys,
>and other system objects from diagnostic and security software,
>and they are usually employed by malware attempting to keep
>their implementation hidden.
>
>[snip]
>
>
>Even more shocking, Mark came to find out that the "rootkit"
>in question was installed by a music CD DRM player/installer.
>
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>
>As Mikko writes in the F-Secure "News from tha Lab" blog:
>
>[snip]
>
>There's been some recent developments in digital rights
>management systems (DRM) that have security implications.
>Some DRM systems have started to use rootkit technology.
>Rootkits are normally associated with malware but in this
>case a rootkit is used to enforce the copy control policies
>of audio CDs!
>
>[snip]
>
>http://www.f-secure.com/weblog/archives/archive-112005.html#00000691
>
>See also F-Secure's encyclopedic entry for XCP DRM Software:
>
>http://www.f-secure.com/v-descs/xcp_drm.shtml
>
>I think a message needs to be sent to Sony, and any other
>company that uses stealth software installed on a user's
>system without their knowledge, to STOP! In my mind, this
>verges on the criminal.
>
>Eliot Spitzer: Are you listening? ;-)
>
>$.02,
>
>- ferg
>
>--
>"Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg at netzero.net or fergdawg at sbcglobal.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
>
>_________________________________________
>Using .Net? Need to know more about .Net Security?
>http://isc.sans.org/banner_count.php?dest=dotnet
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iD8DBQFDZ46Ot1/NwZxKyjsRAkbaAJ9seOKIs+Kkr9jNi6pSkmosZ2X0dgCeK5dz
JyUfKo6MTA/tlogfDlKm4ok=
=1SzQ
-----END PGP SIGNATURE-----



More information about the list mailing list