[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

David Taylor ltr at isc.upenn.edu
Tue Nov 1 22:19:53 GMT 2005

Brian Krebs at the Washington Post is blogging about this as well.  Probably
going to be his busiest blog yet.


David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236

SANS - The Twenty Most Critical Internet Security Vulnerabilities 

SANS - Internet Storm Center

irc.freenode.net #dshielders

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Fergie
Sent: Tuesday, November 01, 2005 9:54 AM
To: list at lists.dshield.org
Subject: [Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

I'd like to direct your attention to an issue that NEEDS to
addressed, and I'm glad that SysInternals and F-Secure have
gone public with it.

This is, indeed, DRM (Digital Rights Management,or Digital
Restrictions Management, depending on how you look at it) gone
way, way too far.

Mark Russinovich writes in the the SysInternals blog:


Last week when I was testing the latest version of
RootkitRevealer (RKR) I ran a scan on one of my systems
and was shocked to see evidence of a rootkit. Rootkits
are cloaking technologies that hide files, Registry keys,
and other system objects from diagnostic and security software,
and they are usually employed by malware attempting to keep
their implementation hidden.


Even more shocking, Mark came to find out that the "rootkit"
in question was installed by a music CD DRM player/installer.


As Mikko writes in the F-Secure "News from tha Lab" blog:


There's been some recent developments in digital rights
management systems (DRM) that have security implications.
Some DRM systems have started to use rootkit technology.
Rootkits are normally associated with malware but in this
case a rootkit is used to enforce the copy control policies
of audio CDs!



See also F-Secure's encyclopedic entry for XCP DRM Software:


I think a message needs to be sent to Sony, and any other
company that uses stealth software installed on a user's
system without their knowledge, to STOP! In my mind, this
verges on the criminal.

Eliot Spitzer: Are you listening? ;-)


- ferg

"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Using .Net? Need to know more about .Net Security?

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list