InvestorsHub Logo
Followers 0
Posts 324
Boards Moderated 0
Alias Born 05/02/2005

Re: None

Wednesday, 12/14/2005 5:54:56 PM

Wednesday, December 14, 2005 5:54:56 PM

Post# of 341724
.....don't know if this article has been posted before as I don't bother to get in here on a daily basis any more, so forgive me if its a repeat. .......sounds like we, or at least I, will be bagholders with this stock for quit some time to come:

http://www.wired.com/news/technology/0,1282,69763,00.html

By Quinn Norton | Also by this reporter

02:00 AM Dec. 07, 2005 PT

The ongoing saga of Sony BMG's sneaky, lawsuit-inducing, copy-protection software opened a new chapter Monday when the music company released an uninstaller program to allow customers to remove the offending code from their PCs.

The release was Sony's second attempt at erasing its errors -- its previous push of mea-culpaware last month backfired horribly when 24-year-old Princeton University researcher John "Alex" Halderman found that the uninstaller opened up a security hole even worse than the original digital rights management program. And while the discovery shocked outsiders, and embarrassed Sony, it was a little like déjà vu to Halderman, one of a handful of smart researchers who seem determined to hold the recording industry's feet to the fire.

Story Images
Click thumbnails for full-size image:



See also
Sony Draws Ire With PSP Graffiti
Real Story of the Rogue Rootkit
Boycott Sony
The Cover-Up Is the Crime
Microsoft Flexes Music Muscle
Read more Technology news
Today's Top 5 Stories
The Hydrogen Gold Rush Is On
Can State Ignore Its E-Vote Law?
Fliers Can Brave Delivery Biz
King Kong Is Way Long
Biking the Mississippi
Wired News RSS Feeds
Special Partner Promotion
Rackspace: Get 45 Days of Free Managed Hosting!
Special Partner Promotion
Find local technology jobs. "The same companies keep producing new copy-protection technology, and I keep getting interested in it," says Halderman.

Years before Sony's rootkit scandal made DRM folly a subject of international news, Halderman was already keeping a close eye on the music industry's technological measures. When, in 2003, DRM-maker SunnComm International introduced a new approach to copy protecting audio CDs in its MediaMax software, Halderman checked it out.

His research revealed that the new discs installed software that interfered with the user's ability to copy the audio CD at a kernel level. "It was radically different than anything before; it turned the computer against the user," says Halderman.

The software used a Microsoft Windows feature called AutoRun that executes software on a CD without the user's knowledge or consent. Holding down the Shift key stopped AutoRun and prevented the software from being installed. Halderman wrote about the software, and the "infamous Shift key attack," in an academic paper and posted it online. Within 24 hours, SunnComm was threatening a $10 million lawsuit, and vowing to refer Halderman to authorities for allegedly committing a felony under the controversial Digital Millennium Copyright Act, or DMCA.

By the next day, the company had backed down in the face of public outrage. Looking back, Halderman says, "The whole experience was a whirlwind.... The response was way bigger than (anything I'd) expected."

So Halderman was well prepared when SysInternals security expert Mark Russinovich discovered last October that Sony BMG was using software that works much like SunnComm's MediaMax with an added cloaking technology that could be exploited by more-malicious code.

Halderman and his adviser, Princeton professor Ed Felten, picked up the thread, and began a series of revelatory analyses into the functionality and provenance of the stealthy code, which was called XCP and had been produced by U.K. company First 4 Internet.

His curiosity whetted anew by the affair, Halderman even took a second look at the competing SunnComm system -- still in use -- and found new problems, including the fact that MediaMax secretly installs itself even if the user refuses to click on the license agreement giving it permission to do so.

And when Sony released an uninstaller for the First 4 Internet code, it was Halderman who discovered that it came with an ActiveX control that would make users vulnerable to attack through their web browsers.

Sony recalled the uninstaller and went back to the drawing board.

Halderman's interest in copy-protected CDs began when he was an undergrad, and has continued through grad school under the auspices of Felten. "He likes to do work that is relevant, where he can apply his computer-science knowledge to things that matter to regular people," says Felten.

Felten is no stranger to exposing the foibles of DRM schemes. In 2001, the recording industry briefly suppressed Felten's research into a flawed digital-watermarking technology by threatening to invoke the DMCA.

Unlike the situation in 2003, Halderman doesn't see much possibility of a suit against him for his Sony research, but the risk is never far from his mind. He says his chosen field forces him to learn about more than just security and DRM. "It's difficult to be only a scientist in this field, you have to know about law, public policy and the business world."

Halderman doesn't normally encounter CDs with DRM -- he must actively seek them out for his research. "I mostly listen to opera," he says. "There are very few classical-music discs that are copy protected."

The researcher says he plans to dig into Sony's new uninstaller, but he hopes to find nothing negative to report. On future DRM schemes, however, he's not so optimistic. "Manufacturers adopt new tricks with each revision," he says. "If there are new copy-protection programs for CDs, I'll continue to look at them."