[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

Keith dshield.org at keithbergen.com
Tue Nov 1 18:07:44 GMT 2005


Regarding the installation of the Rootkit. If the person was running as a 
limited access user (as I do, and as I have my friends do), would they be 
able to install the rootkit and/or listen to the CD on the PC?

Keith.

Fergie <fergdawg at netzero.net> said:

> I'd like to direct your attention to an issue that NEEDS to
> addressed, and I'm glad that SysInternals and F-Secure have
> gone public with it.
> 
> This is, indeed, DRM (Digital Rights Management,or Digital
> Restrictions Management, depending on how you look at it) gone
> way, way too far.
> 
> Mark Russinovich writes in the the SysInternals blog:
> 
> [snip]
> 
> Last week when I was testing the latest version of
> RootkitRevealer (RKR) I ran a scan on one of my systems
> and was shocked to see evidence of a rootkit. Rootkits
> are cloaking technologies that hide files, Registry keys,
> and other system objects from diagnostic and security software,
> and they are usually employed by malware attempting to keep
> their implementation hidden.
> 
> [snip]
> 
> 
> Even more shocking, Mark came to find out that the "rootkit"
> in question was installed by a music CD DRM player/installer.
> 
>  http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-
rights.html
> 
> As Mikko writes in the F-Secure "News from tha Lab" blog:
> 
> [snip]
> 
> There's been some recent developments in digital rights
> management systems (DRM) that have security implications.
> Some DRM systems have started to use rootkit technology.
> Rootkits are normally associated with malware but in this
> case a rootkit is used to enforce the copy control policies
> of audio CDs!
> 
> [snip]
> 
> http://www.f-secure.com/weblog/archives/archive-112005.html#00000691
> 
> See also F-Secure's encyclopedic entry for XCP DRM Software:
> 
> http://www.f-secure.com/v-descs/xcp_drm.shtml
> 
> I think a message needs to be sent to Sony, and any other
> company that uses stealth software installed on a user's
> system without their knowledge, to STOP! In my mind, this
> verges on the criminal.
> 
> Eliot Spitzer: Are you listening? ;-)
> 
> $.02,
> 
> - ferg
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg at netzero.net or fergdawg at sbcglobal.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
> 
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list
> 



-- 
"If you can read this, thank a teacher. If you can read this in english, 
thank a soldier."




More information about the list mailing list