Your name or email adress:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Results 1 to 7 of 7
    1. #1
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow Hackers use Sony BMG to hide on PCs


      0 Not allowed! Not allowed!
      Hackers use Sony BMG to hide on PCs

      Thu Nov 10, 3:35 PM ET

      A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.

      Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

      When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

      "This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

      Later on Thursday, security software firm Symantec Corp. (Nasdaq:SYMC - news) also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

      Sony BMG's spokesman John McKay in New York was not immediately available to comment.

      The music publishing venture of Japanese electronics conglomerate Sony Corp. (6758.T) and Germany's Bertelsmann AG (BERT.UL) is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.

      When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.

      The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.

      Sophos said it would have a tool to disable the copy protection software available later on Thursday.

      Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."

      The patch does not disable the copy protection itself.

      The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.

      http://news.yahoo.com/s/nm/20051110/...hkBHNlYwMxNjk1

      Copyright © 2005 Reuters Limited. All rights reserved.
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    2. #2
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow Sony to Suspend Making Antipiracy CDs


      0 Not allowed! Not allowed!
      Sony to Suspend Making Antipiracy CDs

      By TED BRIDIS,
      Associated Press Writer
      2 hours, 23 minutes ago

      Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

      Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

      The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.

      Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.

      A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

      "It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."

      Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.

      "This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Winternals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.

      Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.

      Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.

      After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.

      ___

      On the Web:

      Sony's XCP Page: http://cp.sonybmg.com/xcp

      Russinovich's Blog: http://www.sysinternals.com/Blog

      Symantec warning:

      http://securityresponse.symantec.com...tyrisk.aries.h tml

      Computer Associates warning:

      http://www3.ca.com/securityadvisor/n....aspx?cid76345

      http://news.yahoo.com/s/ap/20051112/...opy_protection

      Copyright © 2005 The Associated Press.
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    3. #3
      DBlack's Avatar
      DBlack is offline Warrior

      Join Date
      Oct 2004
      Posts
      41
      Thumbs Up/Down
      Received: 0/0
      Given: 0/0
      Rep Power
      0

      0 Not allowed! Not allowed!
      They are in a lot of damage control right now. Microsoft has promised to develop a removal tool, and Sony is taking alot of heat because of this malware. The malware is actually called a rootkit. Rootkits are programs used for anti-piracy security mechanisms and can render your system unstable if removed .

    4. #4
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow


      0 Not allowed! Not allowed!
      Quote Originally Posted by DBlack
      They are in a lot of damage control right now. Microsoft has promised to develop a removal tool, and Sony is taking alot of heat because of this malware. The malware is actually called a rootkit. Rootkits are programs used for anti-piracy security mechanisms and can render your system unstable if removed .

      Greetings DBlack!

      Welcome to the discussion comrade. I appreciate this BlackNificent update that you provided. I also have some more information on this topic which I will post later on. You are correct they are doing major damage control.

      Peace & Blessings!
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    5. #5
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow Sony's 'Rootkit' Is on 500,000 Systems, Expert Says


      0 Not allowed! Not allowed!

      Sony's 'Rootkit' Is on 500,000 Systems, Expert Says



      By Paul F. Roberts


      Sony BMG will have a big job ahead of it as it tries to replace all copies of controversial copy protection software, according to a computer security expert, who says that he has evidence there are more than 500,000 versions of the program installed worldwide.

      Dan Kaminsky, an independent security researcher, discovered evidence that so-called "rootkit" style stealth programs developed by U.K. firm First 4 Internet Ltd. and used by Sony while conducting an audit of the DNS (Domain Name System) infrastructure. Sony BMG has declined past requests to comment on the number of systems that run the software, known as XCP. However, Kaminsky's figures, if true, suggest that the software, which shipped on CDs by just 20 Sony BMG artists, has already been distributed and installed widely around the world.

      Sony BMG said on Tuesday that it would allow customers to exchange CDs with the XCP technology for copies that did not have the copy protection software installed. The company did not respond to e-mail and phone requests for comment on the number of XCP installations. First 4 Internet CEO Mathew Gilliat-Smith said he had no further comment on the controversy over XCP.

      RELATED LINKS

      * Microsoft to Zap Sony DRM 'Rootkit'
      http://www.eweek.com/article2/0,1895,1886122,00.asp
      * Sony Suspends 'Rootkit' DRM Technology
      http://www.eweek.com/article2/0,1895,1885868,00.asp
      * AV Firms Say New Trojan Uses Sony DRM Rootkit
      http://www.eweek.com/article2/0,1895,1885194,00.asp
      * Sony's Second 'Rootkit' DRM Patch Doesn't Hush Critics
      http://www.eweek.com/article2/0,1895,1883820,00.asp
      * Sony to Help Remove Its DRM Rootkit
      http://www.eweek.com/article2/0,1895,1881203,00.asp

      Machines running the XCP copy protection software, which is almost totally invisible to Windows users, can be found in almost every country in the World, from Afghanistan (1) to Zambia (2), though the vast majority are running in just three countries: Japan, the U.S. and the United Kingdom, according to figures provided to eWEEK by Kaminsky.

      More than 200,000 copies of the program are installed on computers in Japan, with around 130,000 running on computers in the United States. The United Kingdom has about 44,000 copies of the program installed, Kaminsky's research shows.

      Netherlands and Spain both have more than 27,000 copies of the program running, followed by Korea, Peru, France, Australia and Switzerland with between 12,000 and 8,000 installations.

      Kaminsky, who is known for his novel security research on core Internet components like the TCP/IP communications protocol, identified systems running the copy protection software from First 4 Internet using a technique called "DNS cache sniffing." Kaminsky searched through the saved (or "cached") DNS requests submitted to a large number of the world's publicly accessible DNS servers and looked for requests for domains associated with the XCP software, such as update.xcp-aurora.com and connected.sonymusic.com.

      DNS is a network of computer servers that match up Internet user requests for Internet domains, like eweek.com, with IP addresses that machines recognize.

      Kaminsky used a database of around three million DNS name servers he had compiled for unrelated research into security vulnerabilities in the DNS system.

      For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

      The search turned up almost one million references to the XCP and Sony domains. Kaminsky weeded out duplicate or forwarded requests from that number and narrowed the list down to 568,000 requests from unique IP addresses on the Internet.

      He used geolocation software to associate the IP address of the machine running the XCP software to particular countries, he said.

      The large number of installations poses a real problem for security experts, because the XCP software is difficult to remove and because it is a form of adware, pulling content from a Sony Web server that is targeted to a particular artist and CD.

      Research by Windows expert Mark Russinovich, of Winternals, suggests that the program could also cause instability on Windows system. That prompted Microsoft to say late Friday that it would alter its Windows Defender antispyware program to find and remove the XCP software and update its free malicious code removal program to do the same.

      Click here to read about Sony's decision to stop distributing its concealed DRM software.

      Also on Friday, Sony said it would temporarily suspend production of CDs with the XCP copy protection program on them. The company's decision followed more than a week of steady criticism of the XCP technology, which manipulates the Windows core processing center, or "kernel" to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as "root kits."

      XCP came to light on Oct. 31, after Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at Sysinternals.com.

      Russinovich showed that the XCP program hid files with a name that began with the characters $sys$, rather than looking for and hiding the specific files used by the media player for copyright enforcement. He speculated that others who gained access to Windows systems with the XCP technology on it could also hide their programs simply by assigning them names that began with $sys$.

      That prediction proved prophetic last week, when antivirus and security software companies began detecting Trojan horse programs and a worm that tried to take advantage of machines running XCP by using names on their malicious files that began with $sys$.

      Russinovich and others have criticized Sony's poor description of the XCP technology in the EULA (end user license agreement) that customers agreed to when installing the media player.

      Sony BMG reacted quickly to the initial criticism, releasing a software patch to disable it and instructions for obtaining a removal program within days of Russinovich's analysis.

      Click here to read commentary about Sony's DRM efforts.

      The XCP program caught security experts like Kaminsky unaware, because it has the backing of a major media and technology company, and because it is installed directly on a machine, rather than slipping on over the Internet or through an e-mail attachment, Kaminsky said.

      If true, Kaminsky's numbers show the breadth of the XCP problem, said Ari Schwartz, associate director for the Center for Democracy and Technology, in Washington, D.C. "This shows exactly why groups like ours expressed concern. This is a major concern and people treated it that way," he said.

      Even with Sony's decision to recall affected CDs, the company's actions show the need for digital rights management technology that respects the rights of consumers, Schwartz said.

      Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

      http://www.eweek.com/article2/0,1895,1881203,00.asp

      Copyright (c) 2005 Ziff Davis Media Inc. All Rights Reserved.
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    6. #6
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow Security Vendors Clueless Over Rootkit Invasion


      0 Not allowed! Not allowed!
      Security Vendors Clueless Over Rootkit Invasion


      By Ryan Naraine
      11/16/2005 11:22:00 AM


      Long before Mark Russinovich blew the whistle on Sony BMG's use of stealthy, rootkit-style techniques to cloak its DRM scheme, spyware researchers recall seeing traces of the controversial XCP technology on infected Windows machines.

      Only one problem—they had no idea what it was.

      "People had stumbled across this rootkit months and months ago, but we just couldn't figure out where it was coming from," said Eric Howes, a regular on the anti-spyware forums. "No one was able to connect the dots that led to Sony."

      In fact, as Russinovich himself explained in a fascinating blow-by-blow account of his findings, the detection of the Sony rootkit was not a straightforward task.

      Russinovich, you could say, wrote the book on rootkit detection. His company, Winternals Software Inc., created the RootkitRevealer tool that initially pinpointed the hidden directory and cloaked drivers associated with Sony's rootkit.

      Yet, even for Russinovich, it required the use of seven utilities, all custom-created, to figure out who the culprits were.

      Today, existing security applications are ill-prepared to deal with the threat from offensive rootkits.

      Finnish anti-virus specialist F-Secure Corp. is the first to add a rootkit detection engine in its security suite, but for other big-name anti-virus vendors—including Symantec Corp., McAfee Inc. and Trend Micro Inc.—true rootkit detection/removal capabilities are nonexistent.

      "You could say the average end user is a sitting duck," said Jamie Butler, director of engineering at HBGary Inc. and author of FU, one of the first proof-of-concept rootkits.

      PointerRead more here about "Shadow Walker," a prototype that pushes the envelope for stealth rootkits.

      "Security has become a risk-management game, and that's unfortunate. People are trying to mitigate the biggest threats, but, sometimes, the small things creep up on you. When I wrote FU more than two years ago, no one was paying an ounce of attention to rootkits. I guess it takes malicious people doing malicious things to get the industry's attention," Butler said in an interview with Ziff Davis Internet News.

      eWEEK.com Special Report:
      The Rise of Rootkits

      Butler isn't surprised that spyware writers have latched onto the value of using rootkits to hide nasty programs on Windows machines. "That has been apparent for a while, but no one seemed to be paying too much attention. Now that rootkits have commercial value to the spyware guys, it will only get worse.

      "We really don't know the extent of rootkit penetration. But it won't surprise me to find out that it's a bigger problem today than we think it is. This will become an even bigger story if a bank or a federal agency discovered that a rootkit has been deeply nested and has been hiding its presence for months. At that point, all hell will break loose," Butler added.

      Dan Kaminsky, a security engineer for DoxPara Research, has already seen evidence of the Sony DRM rootkit installed in places it should not be.

      "There are networks that Sony got into that nobody should get into. I can't say where. But there's evidence that it [the Sony rootkit] got into some places where it doesn't belong. Now you have a real question of the collateral damage it can cause," Kaminsky said in an interview just moments after releasing statistics to show that at least 568,200 nameservers were collecting DNS queries related to the calling-home feature on the Sony.

      PointerRead more here about Kaminsky's research into the Sony DRM rootkit.

      Even more worrying, Kaminsky argued, is the fact that a legitimate company like Sony would attempt to legitimize the use of rootkits.

      "It's no longer about detection and removal when the big companies with the big lawyers get involved. The difference between a good anti-spyware application and a bad one is whether your vendor will stand up to the lawyers. I don't know if we realistically can stand up to Sony's lawyers," Kaminsky said.

      eWEEK Special Report:
      Securing Windows

      "The biggest vulnerability we have with malware has nothing to do with technology. The technology only gets them into the computer. It's terrifying that when they get in, they don't want to get out, even if you want them out of your system.

      "It's the equivalent of a big, bad guy turning up at your door, walking in and plopping down on your couch and refusing to leave. You're asking him to leave, pleading with him, screaming at him, and he just sits there and refuses to move. That's astonishing. It's really terrifying," Kaminsky added.

      Next Page: Microsoft hustles to develop detection and removal capabilities.

      Kaminsky is pleased to see Microsoft Corp. reacting aggressively to the threat from spyware and other malicious software hidden in rootkits.

      "Spyware spooked Microsoft. When they realized how big a problem it had become [for Windows users], they were genuinely spooked into reacting," said Kaminsky, who actively participated in the company's "Blue Hat" events, where hackers talk to Redmond developers about security.

      Microsoft has been paying close attention to rootkits. Lab rats at the company's Strider research unit have shipped a prototype rootkit detection tool, and the consumer-facing security tools—Windows Defender, Windows OneCare, Windows Live Security Center and the malware removal utility—will all have some form of rootkit detection/removal very soon.

      Security experts say it's inevitable that security vendors will follow Microsoft and add easy-to-use rootkit clean-up capabilities into existing anti-virus/anti-spyware applications.

      eWEEK.com Special Report: Securing the Network

      Shane Coursen, a senior technology consultant at Kaspersky Lab's U.S. unit, acknowledged that security vendors are playing catch-up with rootkits, much like the industry was late to react to the spyware scourge.

      "Technically, rootkit technologies are more difficult to understand because it isn't actually the virus or the malware. The rootkit is just the tool to put the malware in a place where it can't be found. It's the logical next step to defeat security software," Coursen said.

      Coursen said the company is in final stages of preparing a significant refresh of the Kaspersky Anti-Virus 6.0 software, an upgrade that will include "true rootkit detection."

      PointerRead more here about Microsoft's plans to remove the Sony DRM rootkit.

      A beta is expected within the month ahead of a full-scale rollout in February 2006.

      "The industry is catching up. The idea is to have true rootkit detection seamlessly integrated into the anti-virus software. The end user has to be able to use it, or it's just meaningless," Coursen added.

      "We'll have the ability to detect the rootkit after it's been installed on a system. Regardless of how it tries to hide itself, we'll be able to find it, either real-time or through on-demand scans," he explained.

      "This isn't some obscure, theoretical threat. This is legitimate. This is the next level the malware writers have gone to defeat existing security systems. We're not there yet in terms of catching up, but we're getting there."

      Eric Howes, a rabid anti-spyware activist who does consulting for Sunbelt Software, agrees it's only a matter of time before anti-malware applications will feature rootkit detection/removal capabilities.

      "It's clear that it's now a very serious threat. We're seeing actual evidence of some nasty forms of spyware hiding in rootkits," he said.

      PointerCheck out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

      http://security.ithub.com/article/Se.../165505_1.aspx

      Copyright © 2005 Ziff Davis Media Inc. All Rights Reserved.
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    7. #7
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow When Legal Strikes—Chaos Theory Meets DRM


      0 Not allowed! Not allowed!
      When Legal Strikes—Chaos Theory
      Meets DRM


      By Jeff Angus

      A recent brouhaha over a bit of spyware Sony BMG included in some CDs to keep buyers from misappropriating the music raises important issues that will likely bleed out into your own development efforts. The backlash would have been avoidable of Sony had gotten its design goals and objectives straight and kept the legal department from meddling with of its Digital Rights Management (DRM) schema. It appears Sony failed to keep Legal from overstepping reasonable precautions, but it's not alone in that; most large organizations maim themselves with repeatedly doing the same thing.

      Legal departments, especially within publicly-traded companies, tend to wield power disproportionate to their duties—duties that are basically janitorial in that they are an overhead service intended to maintain tidiness and hygiene. Sadly, as management gets more cautious about legal repercussions, lawyers get a voice in decisions in which they not only have no expertise (such as IT), but in customer-facing initiatives, as well.

      Sony's aggressive spyware approach to DRM smells to high hell of the kind of good-intentions-turned-cognitive-dirty-bomb so many Legal-inspired projects descend into.

      Sony's objectives started out reasonably enough, propelled by an idea I support unrelentingly: They wanted to protect intellectual property they partially own. Cool. Protect it. But remember that protecting intellectual property doesn't mean ignoring fair use.

      As Redmond, Washington intellectual property attorney Ron Grant says, "The problems arise when the law as written collides with what most of us intuitively know is the difference between right and wrong."

      While there's a certain infantile, self-serving view (common among the information-wants-to-be-free crowd) that just about anything one might want to do with others' intellectual property is covered by fair use, the law bends pretty effectively to codify what Grant says the majority intuitively knows to be right.

      Occasionally, there are practices we intuit as "right" that aren't legal, such as someone with a 33-1/3rd LP recording a copy of select songs to a cassette to play in their car or at work.

      I call that the "one purchase, one concurrent user" standard. I would call that "right" because it conforms to the intent of protecting a creator's rights.

      But it does not conform to a corporate lawyer's idea of what it means to protect a client's interests to the absolute extent of the law. Lawyers rarely get sued for representing their clients' interest too well, but underepresenting client interests can lead to suits.

      So standard practice for lawyers naturally tends to over-shoot what we intuitively know to be right, functional and workable, and fall far into the zone of wrong, risible policy that twists customer relations into Russian Roulette With Six Bullets.

      Page2
      Lesson From Sony: How to Screw the Pooch

      Sony's DRM scheme reached the point of rational self-protection when they put a scheme on clearly labeled music discs that requires XCP, a proprietary music player from First 4 Internet, to make joyful noise on a computer. So far, so fair…use that is.

      The Russian roulette with six bullets trick they accompanied this with was the undisclosed addition of a rootkit-based piece of spyware that includes routines to send information over an Internet connection to a remote server. That rootkit allegedly opens up the client computer up to various breaches including a custom Trojan.

      In Sony's case, the firm's lawyers vigilantly protected the their client's interests (Sony's) while trashing Sony's customers interests and rights and security. This, of course, indirectly corrodes the interests of the client, but not in a way that exposes counsel to criticism.

      Sony's digital rights management (DRM) scheme was guaranteed to far overshoot any definition of reasonable DRM. No matter what your intentions, adding spyware to your product, and delivering it in a form that would compromise unknowing users' security makes your software malware and your good intentions into nefarious plots.

      Sony's lawyers should never have aimed for such a Draconian approach.Is Softer Security Better? As Kevin Fogarty said, Sony should have used "comparatively benign approaches that will protect your property without making customers feel like they're being strip-searched every time they load up a tune."

      I disagree with Fogarty that a scheme that prevents a buyer from duplicating content is Draconian; but I agree that any system that is willing to potentially trash the computers of customers who are using the product legally in order to prevent a small percentage from cheating is the definition of Draconian.

      Sony won't crash and burn because of this foolishness, and I'd bet you all the boycotts and suits won't cost it 5% of its net this year. It's too big to have to do much beyond public relations and wait until people forget.

      You might not have that luxury when your own legal department starts meddling in your software design and development efforts. Excess vigilance without considering the consequences is not a patent Sony holds.

      I know a government agency, not a security or intelligence or law enforcement one, that is busy cutting its budget for delivering its work while ramping up specific hiring for and throwing serious money at shaky technology to track the contents of every e-mail message and web page every employee looks at.

      The department's counsel scared them into doing this because someone who worked in another agency may have surfed adult websites from work. I say "may have" because that agency's back-up software was so ineffective, they lose more logs than they capture. They don't have money to fix their back-up problem.

      I worked with a services business this year that is hemorrhaging income and stuck with a lot of fixed expenses. They still got talked into expending a lot of IT resources on internet nanny utilities and people's time to produce reports on usage. As I've written before, some degree of control is necessary, but efforts beyond the minimum necessary actually degrade control.

      The solution is not to prevent Legal from chiming in. They know a lot of valuable items you need to know to prevent some problems from occurring later. But keep them in their janitorial compartment, and don't let the excessive vigilance they are paid to maintain affect your projects' designs or implementations. They aren't given incentives to think systemically and the pressures they offer up can undermine your projects as often as they improve them.

      Just ask Sony.

      Jeff Angus is a knowledge management and restructuring consultant. His newest book comes out in May from HarperCollins: Management by Baseball: The Official Rules for Winning Management in Any Organization.

      http://security.ithub.com/article/Wh.../166105_1.aspx

      Copyright © 2005 Ziff Davis Media Inc. All Rights Reserved.
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    Thread Information

    Users Browsing this Thread

    There are currently 1 users browsing this thread. (0 members and 1 guests)

    Similar Threads

    1. Tourists Hide Their Faces In Shame For What Theyre About To Do
      By TTDC Bot in forum Afrikan News RSS Feed
      Replies: 0
      Last Post: 09-16-2015, 01:00 AM
    2. Zim has nothing to hide on Ebola
      By TTDC Bot in forum Afrikan News RSS Feed
      Replies: 0
      Last Post: 11-10-2014, 01:02 AM
    3. Tunisia: 'Terrorists' Hide-Out Raided
      By TTDC Bot in forum Afrikan News RSS Feed
      Replies: 0
      Last Post: 10-26-2014, 01:01 AM
    4. Completely Hide Windows Folders
      By Jahness in forum P C Tech Advice & Technology
      Replies: 0
      Last Post: 04-14-2008, 05:07 PM
    5. Quickly Hide All Windows
      By Jahness in forum P C Tech Advice & Technology
      Replies: 3
      Last Post: 02-28-2006, 01:55 PM

    Thread Participants: 1

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  


    About

      Assata Shakur Speaks is an Forum Devoted To Assata Shakur And All Political Prisoners Around The World.
      Assata Shakur Speaks Is An Oasis Of Pan African Information Geared Towards The Liberation Of Afrikan People.

    Follow Us On

    Twitter Facebook youtube Flickr DavianArt Dribbble RSS Feed



    BACK TO TOP