Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "rootkits"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Nov 21st 2007 5:40pm


Filed Under:
botnets, computers, dan geer, rootkits, security, vulnerabilities



Is It A Good Idea To Violate The Security Of Your Customers If They're Security Ignorant?

from the asking-for-serious-trouble dept

Rich Kulawiec writes in to point out that security expert Dan Geer is suggesting that merchants violate the security of customers they deem as security risks. His argument is, basically, that there are two types of users out there: those who respond "yes" to any request -- and therefore are likely to be infected by multiple types of malware doing all sorts of bad things -- and those who respond "no" to any request, who are more likely to be safe. Thus, Geer says merchants should ask users if they want to connect over an "extra special secure connection," and if they respond "yes," you assume that they respond yes to everything and therefore are probably unsafe. To deal with those people, Geer says, you should effectively hack their computer. It won't be hard, since they're clearly ignorant and open to vulnerabilities -- so you just install a rootkit and "0wn" their machine for the duration of the transaction.

As Kulawiec notes in submitting this: "Maybe he's just kidding, and the sarcasm went right over my (caffeine-starved) brain. I certainly hope so, because otherwise there are so many things wrong with this that I'm struggling to decide which to list first." Indeed. I'm not sure he's kidding either, but the unintended consequences of violating the security of someone's computer, just because you assume they've been violated previously are likely to make things a lot worse. This seems like a suggestion that could have the same sort of negative unintended consequences as the suggestion others have made about creating "good trojans" that go around automatically closing the security holes and stopping malware by using the same techniques employed by the malware. Both are based on the idea that people are too stupid to cure themselves, and somehow "white hat" hackers can help fix things. Now, obviously, plenty of people do get infected -- but using that as an excuse to infect them back, even for noble purposes, is only going to create more problems in the long run. Other vulnerabilities will be created and you're trusting these "good" hackers to do no harm on top of what's been done already, which is unlikely to always be the case. No, security will never be perfect and some people will always be more vulnerable -- but that shouldn't give you a right to violate their security, even if for a good reason.

26 Comments | Leave a Comment..

 
Culture

Culture

by Mike Masnick

Tue, Sep 4th 2007 10:08am


Filed Under:
business model, columbia, music, riaa, rootkits

Companies:
columbia records, riaa, sony



How The Record Labels Are Only Ten Years Behind In Their Thinking About Business Models

from the eventually-they'll-get-there dept

The NY Times Magazine is running an interesting profile of Rick Rubin, the well-known producer who had tremendous success over the past twenty years producing all sorts of successful musical acts -- from the Beastie Boys to Slayer to Johnny Cash -- and who took over as the co-head of Columbia Records back in May. While the story itself is interesting and focused on some of Rubin's peculiarities and his key focus on finding and producing good music -- there are a few other interesting tidbits that come out. The first is how Rubin was completely pissed off at Columbia prior to joining the company because the Sony rootkit debacle hit just as a Neil Diamond album Rubin produced had come out to great fanfare. It was apparently number 4 on the charts -- the highest ever for a Diamond opening. Except, Columbia is a subsidiary of Sony BMG and so the Neil Diamond album was included among those that had the rootkit -- and the furor over that got it pulled from the shelves, and that basically killed its commercial prospects. So, at least we know that Rubin won't be a fan of such things.

However, the article suggests that Rubin and others in the industry are much more interested in setting up some sort of universal subscription system that would allow any subscribers access to any music on any platform. What's most amusing about this is that this is exactly the proposal the EFF suggested many, many years ago, which recording industry executives insisted would never work. What's even funnier is they might be right now, after managing to screw up all sorts of goodwill from customers. Back when the EFF suggested it, it probably still could have worked. However, Rubin is exactly right on where the industry is headed if it doesn't figure out these new business models quickly: "The future technology companies will either wait for the record companies to smarten up, or they'll let them sink until they can buy them for 10 cents on the dollar and own the whole thing." That's why I've always figured that things would work out in the end. If the RIAA members keep shooting themselves in their collective feet, then the problem will eventually take care of itself. Of course, the labels could avoid a lot of the problems if they learned how to actually embrace certain aspects of file sharing. It's not clear that Rubin (or anyone else in the industry) has gone that far yet. They're just still working through the ancient EFF plan they derided when it first came out. In fact, one of Rubin's other questionable ideas is setting up a fake word-of-mouth marketing organization, where Columbia has hired a bunch of young adults to promote their music online on blogs and in forums and such. Hasn't anyone explained to them that word-of-mouth is about people who legitimately enjoy the music -- not those who are paid to promote it? File sharing was legitimate word-of-mouth marketing. Hiring young adults to spam forums is not.

23 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Aug 28th 2007 8:23am


Filed Under:
rootkits, security

Companies:
f-secure, sony



Sony Caught In Yet Another Rootkit Mess?

from the don't-they-know-to-check-for-these-things? dept

Sony is a big company, and various parts and subsidiaries are pretty much totally disconnected from other areas of the company, but given the disastrous PR that Sony had to deal with following the original rootkit debacle (which really was more of a BMG issue than a Sony one) you would think that perhaps someone higher up at Sony corporate would have sent around a memo or something to all the rest of Sony, suggesting that they check around and make sure that none of their products had rootkit-like functionality. Either that didn't happen... or someone didn't get the memo. It appears that a line of USB flash drive sticks that Sony sold have been discovered to install rootkit-like functionality that hides a folder on users' computers. And, of course, just like the original Sony rootkit, this hidden folder is perfect for malware writers to use as hiding places for their malware. While this one probably isn't as big a deal as last time around, let's see if Sony figured out that brushing it off because no one knows what rootkits are isn't exactly the best response to such a discovery. In the meantime, this highlights (once again) how weak many security programs are that they don't automatically look for this type of action in order to prevent it from happening in the first place.

29 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Friday

4:44pm: Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (42)
4:02pm: If Google's Book Scanning Violates Copyright Law, What About The AP's Book Scanning? (21)
3:05pm: iPhone App Developer Backlash Growing (49)
2:14pm: Norwegian Band Told It Can't Post Its Own Music To The Pirate Bay, Even Though It Wants To (24)
1:08pm: If You Only Share A Tiny Bit Of A File Via BitTorrent, Is It Still Copyright Infringement? (79)
12:00pm: UK Digital Economy Bill As Bad As Expected; Digital Britain Minister Flat Out Lies About ISP Support (24)
10:57am: NPR's Daniel Schorr Blames The Internet For Ft. Hood Shootings (36)
9:49am: No, ACTA Secrecy Is Not 'Normal' -- Nor Is It A 'Distraction' (28)
8:33am: Murdoch's The Times Accused Of Blatant Copying, Just As It Tells The World You Should Pay For News (27)
7:15am: Copyright Extension Moves To Japan (24)
5:46am: Canadian Ebook Store Offers 'Free' Public Domain Ebooks -- Claims Copyright Says You Can Only Make 1 Copy (25)
4:01am: There Are Lots Of Ways To Fund Journalism (14)
1:49am: Winner Takes All, Long Tails And The Fractilization Of Culture (10)

Thursday

10:37pm: The Lobbyists' Ability To Control The Message (29)
8:11pm: In Going Free, London Evening Standard Doubles Circulation While Slashing Costs (27)
6:10pm: Senate Exploring Med School Profs Putting Names On Ghostwritten Journal Articles In Favor Of Drugs (22)
4:52pm: What Does It Say When A Comedy Show Does More Fact Checking Than News Programs? (56)
3:33pm: Nordic Music Week: Optimism Galore And Found Songs (11)
2:10pm: Would Top Sites Really Opt-Out Of Google Based On A Microsoft Bribe? (37)
12:57pm: Intel Lawyers Again Go Too Far In Trademark Bullying (24)
11:43am: Mandelson Wants Gov't To Have Sweeping Powers To Protect Copyright Holders (40)
10:47am: Once Again, Walmart Stops People From Printing Family Photos Due To Copyright Law Claims (42)
9:39am: Essayist Writes Popular Essay... Then Sends 'Non-Negotiable' Invoice To Church Who Posts It Online (61)
8:23am: ASCAP, BMI And SESAC Continue To Screw Over Most Songwriters: 'Write A Hit Song If You Want Money' (78)
7:07am: Kicking People Off The Internet Not Enough In South Korea, Copyright Lobbyists Demand More (26)
5:33am: Are The Record Labels Using Bluebeat's Bogus Copyright Defense To Avoid Having To Give Copyrights Back To Artists? (42)
3:53am: Larry Magid Calls For News Tax To Fund Failing Newspapers (29)
1:35am: Judge Says 'There's An Ad For That...' And It's Ok For Now (14)

Wednesday

11:01pm: Oh Look, Some Police Do Know How To Use Craigslist As A Tool (8)
8:43pm: Netherlands The Latest To Propose Mileage Tax That Requires GPS For Tracking Driving (30)
More arrow
Quick Links
Close
E-mail It