[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Fa r

DAN MORRILL dan_20407 at msn.com
Tue Nov 1 22:11:20 GMT 2005

Hi folk,

Sorry to say, but any root kit, I don't care who's it is, is deadly on a 
corporate network. Many cases have been thrown out of court because there 
was malware on the box, and no one could assert that there was intent to 
commit a crime. If the happy malware people find a way to co-opt the 
software, if there is a vulnerablity in this, then they have an inbuilt ramp 
to hide other things on the computer, and joe computer user will be none the 
wiser in the longer run.

If I find anything like this on a corporate network, then there is a pile of 
pain and systems wiping that will follow, and time wasted on my forensics 
team because of a sony cd. All the scanners and RKR's will see are altered 
system calls, meaning someone has to go visit the box, meaning I am going to 
consume resources for this task.

There are a lot of issues here. And there could be a lot of wasted time on 
the part of a corporate response team. I wonder if I can send the bill to 
sony for this one?


Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. 
Please resend when you get those, it does not mean that the mail box is bad, 
merely that MSN mail is over worked at the time.

>From: "Fergie" <fergdawg at netzero.net>
>Reply-To: General DShield Discussion List <list at lists.dshield.org>
>To: list at lists.dshield.org
>Subject: Re: [Dshield] Sony,Rootkits and Digital Rights Management Gone Too 
>Fa	r
>Date: Tue, 1 Nov 2005 19:00:02 GMT
>While I agree with you on the points below, I think it
>_is_ reasonable to presume that it _was_ the intent of the
>developer(s) to install it with the users's explicit knowledge,
>irrespective of the EULA.
>Although IANAL, I think most licensors/developers/producers
>understand that End User's don't read and completely understand
>the gravity of the EULA, even if it is spelled out for them.
>Of course, I'm making a couple of assumptions here -- primarily
>one about what _is_ expressly spelled out in the EULA -- I have
>no idea.
>I can say, however, that I won't be buying any Sony DVDs.
>- ferg
>-- "Tim Hollebeek" <tholleb at teknowledge.com> wrote:
>It is always important to remember that with the term "malicious
>code" we are refering to the intent of the writer of the code,
>which is not strictly a property of the code itself.
>By inspecting the code, we may discover certain properties of the
>code that lead us to infer the intent of the writer, and label the
>code "malicious code".  But it is important to realize there is
>an inference process here, and the results will depend on the
>definition of "malicious", which varies substantially depending
>on context, and that due to the limited complexity of such algorithms,
>the inferences will, from time to time, be wrong.  This problem is
>essentially unavoidable for a variety of reasons.  Essentially,
>if you can draw a nice bright line between black and white, you
>have an authorization/access control problem, not a malicious
>code detection problem.
>Tim Hollebeek
>"Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg at netzero.net or fergdawg at sbcglobal.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>Using .Net? Need to know more about .Net Security?
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 

Express yourself instantly with MSN Messenger! Download today - it's FREE! 

More information about the list mailing list