Sony/BMG Gets Sued - YES!!! - Finally!!! - Tilted Forum Project Discussion Community

Hanxter · 11-11-2005, 07:22 AM

A class action lawsuit filed in a California court against Sony BMG alleges the music publisher included hidden software on a number of music CDs capable of wiping out users’ information and crippling their computers.

The suit, which was filed on Nov. 1 by Alexander William Guevara, claims CDs containing Sony’s new XCP2 anti-piracy program can damage users’ computers. The software, called a “rootkit,” automatically installs on computers with Microsoft’s Windows program and hides deep in the computer where it can monitor activity and cause system crashes.

linkage

rootkit also is known to copy your listening habits and ip addy and report it back to sony... sony can say it's "their" property but i beg to differ... i paid for the damned cd - it's mine!!! (oh wait... i haven't bought a cd in 5 years...

)

related article...

how to get rid of the bugger - if yer lucky...

cyrnel · 11-11-2005, 07:31 AM

Hanx, This was mentioned in the RIAA Insanity thread. There's an Italian EFF suit, the one in NY, another in LA, and EFF U.S. is checking interest for a case here. More to follow I'm sure. I'm betting on the EFF cases to make a difference vs. the usual class action settlements for attorney enrichment. (There's gotta be an acronym in there somewhere.)

cyrnel · 11-11-2005, 08:00 AM

This belongs in a .sig:

"Most people, I think, don’t even know what a rootkit is, so why should they care about it?"
-Thomas Hesse, president of Sony's Global Digital Business, during an NPR interview.

serlindsipity · 11-11-2005, 08:03 AM

Quote:

Originally Posted by cyrnel

"Most people, I think, don’t even know what a rootkit is, so why should they care about it?"
-Thomas Hesse, president of Sony's Global Digital Business, during an NPR interview.

i love when powerful people think the rest of us are ignorant. i love it more when they find out they are very wrong and thus have it thrown financially into their face.

superiorrain · 11-11-2005, 05:15 PM

Quote:

Originally Posted by cyrnel

"Most people, I think, don’t even know what a rootkit is, so why should they care about it?"
-Thomas Hesse, president of Sony's Global Digital Business, during an NPR interview.

I don't care about rootkit, i do care about viruses and things that creep up on my computer with out my knowledge. I hope this burns them bad, whatever it does it should be a PR nightmere.

cyrnel · 11-11-2005, 05:47 PM

I'd love to see insider email from when the story first broke to today when Sony announced they were stopping production of XCP DRM CD's. As noted by the press today, product is still on the shelves (and in customer computers). No recall, no automatic uninstaller. (Not that I'd trust it if they provided one.) Every step has been a mile short. For me this points to execs who are way out of touch with their products.

(Waiting for that 3-stooges "Why you!... *BONK*" sequence.)

jonjon42 · 11-11-2005, 09:44 PM

when I first heard about this I was in complete disbelief until a friend showed me one of the cds. (even using linux I was still rather hesitent as I heard reports of a Mac rootkit too..) I booted up a VMWare and looked at what the cd did...rootkitted...

This is incredibly stupid, I discovered after some probing that the rootkit affects the ENTIRE SYSTEM, meaning that since it's discovery and people finding out about it's inner workings means that any script kiddie could easily exploit the damn thing.
I've heard that it is already started to be used to fool anti-cheat programs. overall this is irresponsible and stupid of Sony.

Willravel · 11-11-2005, 09:56 PM

I kinda hope Sony get's sued again and again. I hope they pay dearly for trying to get waay with this s**t. I get my m usic from iTunes anyway.

Mantus · 11-11-2005, 10:06 PM

Quote:

Originally Posted by willravel

I kinda hope Sony get's sued again and again. I hope they pay dearly for trying to get waay with this s**t. I get my m usic from iTunes anyway.

Seems they might

http://news.bbc.co.uk/2/hi/technology/4427606.stm

Quote:

Viruses use Sony anti-piracy CDs

The CDs affected in the US include Natasha Bedingfield's Unwritten
Virus writers are exploiting Sony's controversial anti-piracy software to hide their malicious creations.
In late October Sony was found to be using stealth techniques to hide software that stopped some of its CDs being illegally copied.

Now three virus variants have been found that use the Sony software to evade detection by anti-virus programs.

Sony has apologised, saying it is working with computer security firms to address the problems.

Dragonknight · 11-11-2005, 11:32 PM

Yeah, I'm totally on the BURN sony bandwagon. This is complete bullshit, I wonder if there going to many invasion of privacy lawsuits. This will hopefully bite them in the butt hard!

Cynthetiq · 11-12-2005, 07:15 AM

my question is why isn't this in more mainstream press????? why is it only online and on techie blogs and news sections??????

cyrnel · 11-12-2005, 07:25 AM

I'm assuming their advertising budget counters quite a few articles, or at least tones them down. Many large outlets started by mentioning the problem, then immediately downplaying it with the Sony PR.

OTOH I was surprised at the amount of coverage I've seen on the google news pages. Many are from alternate, overseas, or geek publications, but people are noticing. There was even a byte about Bush stating "they've gone too far."

trickyy · 11-15-2005, 11:59 AM

welcome to planet sony

Quote:

It now appears that at least 568,200 nameservers have witnessed DNS queries related to the rootkit.

here is a map of infected and vulnerable computers in north america

DEI37 · 11-15-2005, 04:06 PM

And, if that's not bad enough, on the frontpage at www.msn.com they talk about the cure being worse than the original problem!

cyrnel · 11-16-2005, 12:12 PM

The last couple days have been interesting. The damage to Sony customers from XCP keeps looking worse, be it from the original code, viruses taking advantage, or new vulnerabilities from the pseudo-uninstaller. Everyone saw the broad scale of the problem from the DNS traffic mentioned above. Then the recall. But the mainstream coverage has been extremely light as Cynthetiq noted. Just this morning NYTimes ran an article. Probably the most complete, most up-to-date version of the saga from any large outlet. It vanished to the bylines within an hour.

I can just feel my paranoid bones quivering at the thought of mad phone calls between media management.

Quote:

CD's Recalled for Posing Risk to PC's (signin required so posted in full below)

By TOM ZELLER Jr.
Published: November 16, 2005

The global music giant Sony BMG yesterday announced plans to recall millions of CD's by at least 20 artists - from the crooners Celine Dion and Neil Diamond to the country-rock act Van Zant - because they contain copy restriction software that poses risks to the computers of consumers.

The move, more commonly associated with collapsing baby strollers, exploding batteries, or cars with faulty brakes, is expected to cost the company tens of millions of dollars. Sony BMG said that all CD's containing the software would be removed from retail outlets and that exchanges would be offered to consumers who had bought any of them.

A toll-free number and e-mail message inquiry system will also be set up on the Sony BMG Web site, sonybmg.com.

"We deeply regret any inconvenience this may cause our customers," the company said in a letter that it said it would post on its Web site, "and are committed to making this situation right." Neither representatives of Sony BMG nor the British company First 4 Internet, which developed the copy protection software, would comment further.

Sony BMG estimated last week that about five million discs - some 49 different titles - had been shipped with the problematic software, and about two million had been sold.

Market research from 2004 has shown that about 30 percent of consumers report obtaining music through the copying and sharing of tracks among friends from legitimately purchased CD's. But the fallout from the aggressive copy protection effort has raised serious questions about how far companies should be permitted to go in seeking to prevent digital piracy.

The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies. The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.

Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.

Several security and antivirus companies, including Computer Associates, F-Secure and Symantec, quickly classified the software on the CD's, as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. The problems were known to affect only users of the Windows operating system.

On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.

Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.

Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.

David Maynor, a researcher with the X-force division of Internet Security Systems, which analyzes potential network vulnerabilities, said the copy-protection feature was particularly pernicious because it was nearly impossible for typical computer users to remove on their own.

"At what point do you think it is a good thing to surreptitiously put Trojans on people's machines?" Mr. Maynor said. "The only thing you're guaranteeing is that they won't be customers anymore."

Some early estimates indicate that the problem could affect half a million or more computers around the globe.

Data collected in September by the market research firm NPD Group indicated that roughly 36 percent of consumers report that they listen to music CD's on a computer. If that percentage held true for people who bought the Sony BMG CD's, that would amount to about 720,000 computers - although only those running Windows would be affected. (Consumers who listen to CD's on stereo systems and other noncomputer players, as well as users of Apple computers, would not be at risk.)

Dan Kaminsky, a prominent independent computer security researcher, conducted a more precise analysis of the number of PC's affected by scanning the Internet traffic generated by the Sony BMG copy-protection software, which, once installed, quietly tries to connect to one of two Sony servers if an Internet connection is present.

Mr. Kaminsky estimated that about 568,000 unique Domain Name System - or D.N.S. - servers, which help direct Internet traffic, had been contacted by at least one computer seeking to reach those Sony servers. Given that many D.N.S. servers field queries from more than one computer, the number of actual machines affected is almost certainly higher, Mr. Kaminsky said.

Although antivirus companies have indicated since late last week that virus writers were trying to take advantage of the vulnerabilities, it is not known if any of these viruses have actually found their way onto PC's embedded with the Sony BMG copy protection software.

Mr. Kaminsky and other security and digital rights advocates say that does not matter. "There may be millions of hosts that are now vulnerable to something that they weren't vulnerable to before," Mr. Kaminsky said.

For some critics, the recall will not be enough.

"This is only one of the many things Sony must do to be accountable for the damage it's inflicted on its customers," said Jason Schultz, a lawyer with the Electronic Frontier Foundation, a digital rights group in California.

On Monday, the foundation issued an open letter to Sony BMG executives demanding, among other things, refunds for customers who bought the CD's and did not wish to make an exchange, and compensation for time spent removing the software and any potential damage to computers.

The group, which has been involved in lawsuits over the protection of digital rights, gave the company, which is jointly owned by the Sony Corporation and Bertelsmann, a deadline of Friday morning to respond with some indication that it was "in the process of implementing these measures."

Mr. Schultz said: "People paid Sony for music, not an invasion of their computers. Sony must right the wrong it has committed. Recalling the CD's is a beginning step in the process, but there is a whole lot more mess to clean up."

jonjon42 · 11-18-2005, 08:05 AM

what's also really interesting is the response by the anti-virus companies, despite the great danger posed by this product, they have been very sluggish with their response. Only I believe f-secure was very timely about things. Most products still only remove the cloaking and nothing else. kinda crazy.

Hanxter · 11-18-2005, 12:10 PM

now here's the sony hypocracy...

on one side you have the sony / bmg music division trying to stop the transfer of "intellectual property" from one source to another all the while trying to halt the "illegal" burning of cd's

on the other side you have sony vaio coming out with this bad boy...

click the pic

sony blames the copy protected cd's on a "third party vendor" when it's their product to begin with and yet comes out with a new toy that "makes it easy with the ability to copy up to 200 CDs"

now i ask you... does it seem the right hand knows what the left is doing???

Bob Biter · 11-18-2005, 01:00 PM

Hanxter, Sony knows people burn CDs. The company isn't against copying stuff you've LEGALLY BOUGHT for your OWN PERSONAL USE onto your OWN COMPUTER, it's against distributing such stuff for free to others or making it available online. Buying songs off the internet is legal, as long as you leave it on your own hardware. That's why Sony can come up with new burn tech without halting its efforts to stop music/movie piracy. It's a thin line, I know, but there it is.

Hanxter · 11-18-2005, 02:02 PM

bob, what i'm saying is sony wouldn't be happier if we all just bought their musical products, yet they try to prevent it's being shared with this application then come out with a product that allows one to copy the music... i just see a pardox

Cynthetiq · 11-18-2005, 06:37 PM

Quote:

Originally Posted by Hanxter

now here's the sony hypocracy...

on one side you have the sony / bmg music division trying to stop the transfer of "intellectual property" from one source to another all the while trying to halt the "illegal" burning of cd's

on the other side you have sony vaio coming out with this bad boy...

click the pic

sony blames the copy protected cd's on a "third party vendor" when it's their product to begin with and yet comes out with a new toy that "makes it easy with the ability to copy up to 200 CDs"

now i ask you... does it seem the right hand knows what the left is doing???

actually, the company has declined for this very reason. The company is no longer in lockstep working together. You have different divisions working in different directions with different motivators and protections.

Most economists state this as the reason why Sony wasn't able to produce a good MP3 device allowing Apple to take the lead.

cyrnel · 11-18-2005, 06:59 PM

Yep, it took Sony for-flipping-ever to release their first MP3 compatible devices precisely because of their own conflict-of-interest. They've been chasing their own tail ever since.

Were I still a shareholder I would not be comforted. Mr. Digital - Hesse - giving such a clueless interview during this XCP fiasco. They had so many opportunities to calm the waters, yet dropped one ball after another. No matter the motives, it's sad to see anyone flush so much customer goodwill so quickly.

Morita must be turning over in his grave.

Bob Biter · 11-19-2005, 04:57 PM

Quote:

Originally Posted by Hanxter

bob, what i'm saying is sony wouldn't be happier if we all just bought their musical products, yet they try to prevent it's being shared with this application then come out with a product that allows one to copy the music... i just see a pardox

I guess it would indeed be ironic if this new Sony hardware became infected with Sony software. Time will tell on that one.

Hanxter · 12-09-2005, 07:34 AM

they issued a patch to solve the problem but...

Quote:

slashdot

The BBC is reporting that mere days after the EFF and Sony announced a patch to fix the vulnerability in its SunnComm DRM system, security researchers Ed Felten and Alex Halderman have discovered that the patch itself introduces yet more vulnerabilities. They have now asked users not to apply the patch and are urging Sony to recall all of the affected CDs from sale. Sony has said that approximately six million CDs using [SunnComm] MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless

linkage

hey jude, don't make it bad
take a sad song and make it betterererererer
and now a word from our sponsors...

Quote:

The music industry is to extend its copyright war by taking legal action against websites offering unlicensed song scores and lyrics.

linkage

brinkn1 · 12-12-2005, 05:14 PM

I just found out about this. I'm so glad Sony's getting sued for this. I got one of the cds and it's screwed up my media player.

<a href="http://cp.sonybmg.com/xcp/english/home.html">Link to Sony's letter, a FAQ, and a list of titles</a>

11-11-2005, 07:22 AM	#1 (permalink)
Hanxter The Griffin	Sony/BMG Gets Sued - YES!!! - Finally!!! A class action lawsuit filed in a California court against Sony BMG alleges the music publisher included hidden software on a number of music CDs capable of wiping out users’ information and crippling their computers. The suit, which was filed on Nov. 1 by Alexander William Guevara, claims CDs containing Sony’s new XCP2 anti-piracy program can damage users’ computers. The software, called a “rootkit,” automatically installs on computers with Microsoft’s Windows program and hides deep in the computer where it can monitor activity and cause system crashes. linkage rootkit also is known to copy your listening habits and ip addy and report it back to sony... sony can say it's "their" property but i beg to differ... i paid for the damned cd - it's mine!!! (oh wait... i haven't bought a cd in 5 years... ) related article... how to get rid of the bugger - if yer lucky...

11-11-2005, 07:31 AM	#2 (permalink)
cyrnel Adequate Location: In my angry-dome.	Hanx, This was mentioned in the RIAA Insanity thread. There's an Italian EFF suit, the one in NY, another in LA, and EFF U.S. is checking interest for a case here. More to follow I'm sure. I'm betting on the EFF cases to make a difference vs. the usual class action settlements for attorney enrichment. (There's gotta be an acronym in there somewhere.) __________________ There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

11-11-2005, 08:00 AM	#3 (permalink)
cyrnel Adequate Location: In my angry-dome.	This belongs in a .sig: "Most people, I think, don’t even know what a rootkit is, so why should they care about it?" -Thomas Hesse, president of Sony's Global Digital Business, during an NPR interview. __________________ There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

11-11-2005, 05:47 PM	#6 (permalink)
cyrnel Adequate Location: In my angry-dome.	I'd love to see insider email from when the story first broke to today when Sony announced they were stopping production of XCP DRM CD's. As noted by the press today, product is still on the shelves (and in customer computers). No recall, no automatic uninstaller. (Not that I'd trust it if they provided one.) Every step has been a mile short. For me this points to execs who are way out of touch with their products. (Waiting for that 3-stooges "Why you!... BONK" sequence.) __________________ There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

11-11-2005, 09:44 PM	#7 (permalink)
jonjon42 Psycho Location: inside my own mind	when I first heard about this I was in complete disbelief until a friend showed me one of the cds. (even using linux I was still rather hesitent as I heard reports of a Mac rootkit too..) I booted up a VMWare and looked at what the cd did...rootkitted... This is incredibly stupid, I discovered after some probing that the rootkit affects the ENTIRE SYSTEM, meaning that since it's discovery and people finding out about it's inner workings means that any script kiddie could easily exploit the damn thing. I've heard that it is already started to be used to fool anti-cheat programs. overall this is irresponsible and stupid of Sony. __________________ A damn dirty hippie without the dirty part....

11-11-2005, 09:56 PM	#8 (permalink)
Willravel ... a sort of licensed troubleshooter.	I kinda hope Sony get's sued again and again. I hope they pay dearly for trying to get waay with this s**t. I get my m usic from iTunes anyway.

11-11-2005, 11:32 PM	#10 (permalink)
Dragonknight Insane Location: Hawaii	Yeah, I'm totally on the BURN sony bandwagon. This is complete bullshit, I wonder if there going to many invasion of privacy lawsuits. This will hopefully bite them in the butt hard! __________________ Freedom is NOT Free.

11-12-2005, 07:15 AM	#11 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	my question is why isn't this in more mainstream press????? why is it only online and on techie blogs and news sections?????? __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

11-12-2005, 07:25 AM	#12 (permalink)
cyrnel Adequate Location: In my angry-dome.	I'm assuming their advertising budget counters quite a few articles, or at least tones them down. Many large outlets started by mentioning the problem, then immediately downplaying it with the Sony PR. OTOH I was surprised at the amount of coverage I've seen on the google news pages. Many are from alternate, overseas, or geek publications, but people are noticing. There was even a byte about Bush stating "they've gone too far." __________________ There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

11-15-2005, 04:06 PM	#14 (permalink)
DEI37 Go faster! Location: Wisconsin	And, if that's not bad enough, on the frontpage at www.msn.com they talk about the cure being worse than the original problem! __________________ Generally speaking, if you were to get what you really deserve, you might be unpleasantly surprised.

11-18-2005, 08:05 AM	#16 (permalink)
jonjon42 Psycho Location: inside my own mind	what's also really interesting is the response by the anti-virus companies, despite the great danger posed by this product, they have been very sluggish with their response. Only I believe f-secure was very timely about things. Most products still only remove the cloaking and nothing else. kinda crazy. __________________ A damn dirty hippie without the dirty part....

11-18-2005, 12:10 PM	#17 (permalink)
Hanxter The Griffin	now here's the sony hypocracy... on one side you have the sony / bmg music division trying to stop the transfer of "intellectual property" from one source to another all the while trying to halt the "illegal" burning of cd's on the other side you have sony vaio coming out with this bad boy... click the pic sony blames the copy protected cd's on a "third party vendor" when it's their product to begin with and yet comes out with a new toy that "makes it easy with the ability to copy up to 200 CDs" now i ask you... does it seem the right hand knows what the left is doing???

11-18-2005, 01:00 PM	#18 (permalink)
Bob Biter Non-smokers die everyday Location: Montreal	Hanxter, Sony knows people burn CDs. The company isn't against copying stuff you've LEGALLY BOUGHT for your OWN PERSONAL USE onto your OWN COMPUTER, it's against distributing such stuff for free to others or making it available online. Buying songs off the internet is legal, as long as you leave it on your own hardware. That's why Sony can come up with new burn tech without halting its efforts to stop music/movie piracy. It's a thin line, I know, but there it is. __________________ A plan is just a list of things that don't happen. Last edited by Bob Biter; 11-18-2005 at 01:01 PM.. Reason: grammar

11-18-2005, 02:02 PM	#19 (permalink)
Hanxter The Griffin	bob, what i'm saying is sony wouldn't be happier if we all just bought their musical products, yet they try to prevent it's being shared with this application then come out with a product that allows one to copy the music... i just see a pardox

11-18-2005, 06:59 PM	#21 (permalink)
cyrnel Adequate Location: In my angry-dome.	Yep, it took Sony for-flipping-ever to release their first MP3 compatible devices precisely because of their own conflict-of-interest. They've been chasing their own tail ever since. Were I still a shareholder I would not be comforted. Mr. Digital - Hesse - giving such a clueless interview during this XCP fiasco. They had so many opportunities to calm the waters, yet dropped one ball after another. No matter the motives, it's sad to see anyone flush so much customer goodwill so quickly. Morita must be turning over in his grave. __________________ There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

12-12-2005, 05:14 PM	#24 (permalink)
brinkn1 Crazy	I just found out about this. I'm so glad Sony's getting sued for this. I got one of the cds and it's screwed up my media player. <a href="http://cp.sonybmg.com/xcp/english/home.html">Link to Sony's letter, a FAQ, and a list of titles</a> __________________ I'm melting down your 20 inch rims to build 5 foot plates for the shins of my 30 foot android.