|
Adequate
Location: In my angry-dome.
|
The last couple days have been interesting. The damage to Sony customers from XCP keeps looking worse, be it from the original code, viruses taking advantage, or new vulnerabilities from the pseudo-uninstaller. Everyone saw the broad scale of the problem from the DNS traffic mentioned above. Then the recall. But the mainstream coverage has been extremely light as Cynthetiq noted. Just this morning NYTimes ran an article. Probably the most complete, most up-to-date version of the saga from any large outlet. It vanished to the bylines within an hour.
I can just feel my paranoid bones quivering at the thought of mad phone calls between media management.
Quote:
CD's Recalled for Posing Risk to PC's (signin required so posted in full below)
By TOM ZELLER Jr.
Published: November 16, 2005
The global music giant Sony BMG yesterday announced plans to recall millions of CD's by at least 20 artists - from the crooners Celine Dion and Neil Diamond to the country-rock act Van Zant - because they contain copy restriction software that poses risks to the computers of consumers.
The move, more commonly associated with collapsing baby strollers, exploding batteries, or cars with faulty brakes, is expected to cost the company tens of millions of dollars. Sony BMG said that all CD's containing the software would be removed from retail outlets and that exchanges would be offered to consumers who had bought any of them.
A toll-free number and e-mail message inquiry system will also be set up on the Sony BMG Web site, sonybmg.com.
"We deeply regret any inconvenience this may cause our customers," the company said in a letter that it said it would post on its Web site, "and are committed to making this situation right." Neither representatives of Sony BMG nor the British company First 4 Internet, which developed the copy protection software, would comment further.
Sony BMG estimated last week that about five million discs - some 49 different titles - had been shipped with the problematic software, and about two million had been sold.
Market research from 2004 has shown that about 30 percent of consumers report obtaining music through the copying and sharing of tracks among friends from legitimately purchased CD's. But the fallout from the aggressive copy protection effort has raised serious questions about how far companies should be permitted to go in seeking to prevent digital piracy.
The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies. The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.
Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.
Several security and antivirus companies, including Computer Associates, F-Secure and Symantec, quickly classified the software on the CD's, as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. The problems were known to affect only users of the Windows operating system.
On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.
Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.
Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.
David Maynor, a researcher with the X-force division of Internet Security Systems, which analyzes potential network vulnerabilities, said the copy-protection feature was particularly pernicious because it was nearly impossible for typical computer users to remove on their own.
"At what point do you think it is a good thing to surreptitiously put Trojans on people's machines?" Mr. Maynor said. "The only thing you're guaranteeing is that they won't be customers anymore."
Some early estimates indicate that the problem could affect half a million or more computers around the globe.
Data collected in September by the market research firm NPD Group indicated that roughly 36 percent of consumers report that they listen to music CD's on a computer. If that percentage held true for people who bought the Sony BMG CD's, that would amount to about 720,000 computers - although only those running Windows would be affected. (Consumers who listen to CD's on stereo systems and other noncomputer players, as well as users of Apple computers, would not be at risk.)
Dan Kaminsky, a prominent independent computer security researcher, conducted a more precise analysis of the number of PC's affected by scanning the Internet traffic generated by the Sony BMG copy-protection software, which, once installed, quietly tries to connect to one of two Sony servers if an Internet connection is present.
Mr. Kaminsky estimated that about 568,000 unique Domain Name System - or D.N.S. - servers, which help direct Internet traffic, had been contacted by at least one computer seeking to reach those Sony servers. Given that many D.N.S. servers field queries from more than one computer, the number of actual machines affected is almost certainly higher, Mr. Kaminsky said.
Although antivirus companies have indicated since late last week that virus writers were trying to take advantage of the vulnerabilities, it is not known if any of these viruses have actually found their way onto PC's embedded with the Sony BMG copy protection software.
Mr. Kaminsky and other security and digital rights advocates say that does not matter. "There may be millions of hosts that are now vulnerable to something that they weren't vulnerable to before," Mr. Kaminsky said.
For some critics, the recall will not be enough.
"This is only one of the many things Sony must do to be accountable for the damage it's inflicted on its customers," said Jason Schultz, a lawyer with the Electronic Frontier Foundation, a digital rights group in California.
On Monday, the foundation issued an open letter to Sony BMG executives demanding, among other things, refunds for customers who bought the CD's and did not wish to make an exchange, and compensation for time spent removing the software and any potential damage to computers.
The group, which has been involved in lawsuits over the protection of digital rights, gave the company, which is jointly owned by the Sony Corporation and Bertelsmann, a deadline of Friday morning to respond with some indication that it was "in the process of implementing these measures."
Mr. Schultz said: "People paid Sony for music, not an invasion of their computers. Sony must right the wrong it has committed. Recalling the CD's is a beginning step in the process, but there is a whole lot more mess to clean up."
|
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
|