Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] New Sony CD security risk found

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] New Sony CD security risk found
Date: Wed, 7 Dec 2005 00:17:01 -0600 (CST) 
http://news.zdnet.com/2100-1009_22-5984764.html

By John Borland 
ZDNet News
December 6, 2005

Sony BMG Music Entertainment and the Electronic Frontier Foundation
digital rights group jointly announced Tuesday that they had found,
and fixed, a new computer security risk associated with some of the
record label's CDs.

The danger is associated with copy-protection software included on
some Sony discs created by a company called SunnComm Technologies. The
vulnerability could allow malicious programmers to gain control of
computers that have run the software, which is typically installed
automatically when a disc is put in a computer's CD drive.

The issue affects a different set of CDs than the ones involved in the
copy-protection gaffe that led Sony to recall 4.7 million CDs last
month, and which has triggered several lawsuits against the record
label.

"We're pleased that Sony BMG responded quickly and responsibly when we
drew their attention to this security problem," EFF staff attorney
Kurt Opsahl said in a statement. "Consumers should take immediate
steps to protect their computers."

The announcement is the latest result of the detailed scrutiny applied
by the technical community to Sony's copy-protected discs, after a
string of serious security issues were found to be associated with the
label's antipiracy efforts.

The record label's copy-protected discs have been on the market for
more than eight months. But in late October, blogger Mark Russinovich
discovered that they surreptitiously installed a "rootkit" programming
tool. Rootkit tools are typically used by hackers to hide viruses on
hard drives, so Sony's move opened up a potentially serious security
hole.

The controversy escalated as other researchers discovered new security
flaws associated with the copy-protected CDs, which used technology
from British company First 4 Internet. Virus writers began
distributing malicious code that took advantage of the holes. The
label recalled all the discs with the First 4 Internet technology
installed, offering an exchange program for consumers who had
purchased any of the 52 CDs affected.

Following those revelations, the EFF asked computer security company
iSec Partners to study the SunnComm copy protection technology, which
Sony said has been distributed with 27 of its CDs in the United
States. iSec found the hole announced Tuesday and notified Sony, but
news of the risk was not released until SunnComm had created a patch.

Sony said another security company, NGS Software, has tested the patch
and certified that it addresses the vulnerability.

The patch can be downloaded from Sony's site. A list of the CDs
affected in the United States, and a slightly different list in
Canada, is also posted on the site.

Sony said it will notify customers though a banner advertisement
directly in the SunnComm software, as well as through an Internet
advertising campaign.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] New Sony CD security risk found, InfoSec News <=
Previous by Date:  [ISN] A gift list from 'Security Claus', InfoSec News
Next by Date:  [ISN] 9/11 panel faults government on cybersecurity, InfoSec News
Previous by Thread:  [ISN] A gift list from 'Security Claus', InfoSec News
Next by Thread:  [ISN] 9/11 panel faults government on cybersecurity, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]