[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far
dshield.org at keithbergen.com
Tue Nov 1 18:07:44 GMT 2005
Regarding the installation of the Rootkit. If the person was running as a
limited access user (as I do, and as I have my friends do), would they be
able to install the rootkit and/or listen to the CD on the PC?
Fergie <fergdawg at netzero.net> said:
> I'd like to direct your attention to an issue that NEEDS to
> addressed, and I'm glad that SysInternals and F-Secure have
> gone public with it.
> This is, indeed, DRM (Digital Rights Management,or Digital
> Restrictions Management, depending on how you look at it) gone
> way, way too far.
> Mark Russinovich writes in the the SysInternals blog:
> Last week when I was testing the latest version of
> RootkitRevealer (RKR) I ran a scan on one of my systems
> and was shocked to see evidence of a rootkit. Rootkits
> are cloaking technologies that hide files, Registry keys,
> and other system objects from diagnostic and security software,
> and they are usually employed by malware attempting to keep
> their implementation hidden.
> Even more shocking, Mark came to find out that the "rootkit"
> in question was installed by a music CD DRM player/installer.
> As Mikko writes in the F-Secure "News from tha Lab" blog:
> There's been some recent developments in digital rights
> management systems (DRM) that have security implications.
> Some DRM systems have started to use rootkit technology.
> Rootkits are normally associated with malware but in this
> case a rootkit is used to enforce the copy control policies
> of audio CDs!
> See also F-Secure's encyclopedic entry for XCP DRM Software:
> I think a message needs to be sent to Sony, and any other
> company that uses stealth software installed on a user's
> system without their knowledge, to STOP! In my mind, this
> verges on the criminal.
> Eliot Spitzer: Are you listening? ;-)
> - ferg
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg at netzero.net or fergdawg at sbcglobal.net
> ferg's tech blog: http://fergdawg.blogspot.com/
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
"If you can read this, thank a teacher. If you can read this in english,
thank a soldier."
More information about the list