RSS
Twitter
Guess What? That Latest Sony BMG Patch? It's Vulnerable Too
from the shut-the-window-open-the-door dept
The incompetency of Sony BMG is reaching previously unfathomable heights. Yesterday we wrote about the latest patch the company had issued to fix a security hole in the SunnComm MediaMax copy-protection software its CDs load onto people's computers. Surprise surprise -- the patch closes one hole and opens another. Ed Felten and Alex Halderman say the supposed fix features the same kind of vulnerability as the one it's intended to remedy, only slightly modified. Again, the CDs featuring this malware copy protection haven't been recalled, unlike the Sony BMGs behind the separate rootkit fiasco. It's hard to have much trust in the company when its fixes are just as bad as the initial problem.
Reader Comments (rss)
(Flattened / Threaded)
Oh Great
Will it ever end?
(reply to this comment) (link to this comment)
Re: Oh Great
you think they would sometime get it right.
(reply to this comment) (link to this comment)
Original SONY letter to consumers
Hey everyone.. I got my hands on a copy of the letter they were originally gonna post on their site (before their lawyers/pr people got a hole of it).. the
To Our Valued Customers:
You’re either living under a rock or suffer from mild retardation if you aren’t aware of the recent attention given to the XCP content protection malware hidden on some SONY BMG CDs (we couldn’t get it on all of them fast enough). This malware was provided to us by a third-party vendor, First4Internet, so it’s really not our fault. Ranting & raving from the blogsphere has centered on security concerns raised about the use of CDs containing this malware, which proves our customers are just a bunch of wining teenagers that nobody listens to anyway.
We could care less about the concerns of consumers regarding these discs, so we are instituting a mail-in program, because it’s the biggest pain-in-the-ass option we could come up with short of having you walk your CD to our branch office in Kalamazoo, that will allow consumers to exchange any CD with XCP malware for the same CD without us snooping on your computer system and receive MP3 files of the same title which we know you’ll immediately begin swapping on file sharing networks. We also have asked our retail partners to remove all unsold CDs with XCP malware from their store shelves and inventory but they won’t do that because it would really be a hassle for them… so suck it and consider yourself warned.
We could also care less if there was any inconvenience this may cause our customers and we are committed to making this situation right for us. It is important to note, if it makes you feel better, that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players (because our bastard customers can’t copy music on those devices).
Our new initiatives follow the measures we have already taken, albeit a day late and a dollar short, including the suspension of the manufacture of CDs with the XCP malware. In addition, to address security concerns, we provided to major software and anti-virus companies a software update, which also may be downloaded at http://cp.sonybmg.com/xcp/english/updates.html. We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer… well, actually we’re just saying that so you all shut the fuck up.
Ultimately, our bottom line and fat wallets are our primary concern, and our goal is to help bring our artists' music to as broad an audience as possible, unless that involves sharing files… cause then we’ll sue you. Going forward, we will continue to identify new, invasive, annoying and moderately unethical ways to meet demands for flexibility in how you and other consumers steal… I mean listen to music.
The revised letter can be found on their site..
(reply to this comment) (link to this comment)
No Subject Given
They are so unatractive right now.
(reply to this comment) (link to this comment)
I could have told you this...
SOE, Sony's online entertainment industry, and publisher of Everquest and Star Wars Galaxies, in gneral represents their company. I've played SWG for two years now, and gone through three "fix-alls" of the game, and it just created new problems each time. so they push out another unpopular change, people get pissed, and leave. last time i buy a sony CD. hello WOW!
(reply to this comment) (link to this comment)
Hey Sony, Here's an Idea
Don't recall the CD's. Just let everyone download free mp3's of the bad disks. That way we never have
to stick the thing into our computers. It will probably be cheaper in the long run, and would be good publicity for a change.
(reply to this comment) (link to this comment)
The solution is simple
FORMAT C: Avoid Sony products Anything else leave crap on the drive your Lord and Master Foamy
(reply to this comment) (link to this comment)
The solution is simple
FORMAT C:
Avoid Sony products
Anything else leaves crap on the drive
Your Lord and Master,
Foamy
(reply to this comment) (link to this comment)
Re: I could have told you this...
What? People are still playing that first-generation MMORPG crap? Serves them right for not getting their head out of the sand and taking a look at all the new games.
Me? I do not buy Sony CD's no matter what, and I sure wouldn't play Eversmack or SWG (ack! and some people think this is a space sim and give up on the genre! Try Eve Online people!)
Friends dont let friends buy Sony... or any other megacorp that tries to shove DRM software onto our systems under any guise!
Boycott the companies who use malware and tell your friends to simply do without any Sony title until all attempts to controlling what we do with our music after we leave the store!
(reply to this comment) (link to this comment)
Re: I could have told you this...
What? People are still playing that first-generation MMORPG crap? Serves them right for not getting their head out of the sand and taking a look at all the new games.
Me? I do not buy Sony CD's no matter what, and I sure wouldn't play Eversmack or SWG (ack! and some people think this is a space sim and give up on the genre! Try Eve Online people!)
Friends dont let friends buy Sony... or any other megacorp that tries to shove DRM software onto our systems under any guise!
Boycott the companies who use malware and tell your friends to simply do without any Sony title until they abandon all attempts to controlling what we do with our music after we leave the store!
(reply to this comment) (link to this comment)
four letter word
My mom told me never to use a four letter word. Guess she was right.
(reply to this comment) (link to this comment)
Re: four letter word
SONY is a four letter word.
tee hee, someone get us some t-shirts!
(reply to this comment) (link to this comment)
Re: Original SONY letter to consumers
What's the address in Kalamazoo? I'll stop by there tonight on my way home.
A West Michigan Resident.
(reply to this comment) (link to this comment)
Re: four letter word
Your wish is granted... Sony is a 4 Letter word Shirts
(reply to this comment) (link to this comment)
Sony's DRM
The incompetance of this company is amazing!
(reply to this comment) (link to this comment)
sony
can't believe this, noobish mistakes and who pays for all this...?!?
(reply to this comment) (link to this comment)
Add Your Comment