Sony: It Just Keeps Coming

Dec. 7th, 2005 09:53 am
solarbird: (ORLY)
[personal profile] solarbird
On top of everything else, Sony's DRM software has a privilege-escalation security flaw. Those few Windows users who don't run as administrator are screwed too. Yay!

Sony BMG Urges Security Fix for CDs
By ALEX VEIGA, AP Business Writer Tue Dec 6,11:29 PM ET

http://news.yahoo.com/s/ap/20051207/ap_on_hi_te/sony_copy_protection

LOS ANGELES - Sony BMG Music Entertainment said Tuesday some 5.7 million of its CDs were shipped with anti-piracy technology that requires a new software patch to plug a potential security breach in computers used to play the CDs.

The security vulnerability was discovered by online civil liberty group Electronic Frontier Foundation and brought to the attention of Sony BMG, which has been under fire in recent weeks over security issues with an unrelated CD copy-protection plan.

[...]

"It's a privileged escalation attack," said Kurt Opsahl, an EFF staff attorney. "On Windows you can have users with different privileges, and because of security weakness in the permissions of a folder, it allows a low-ranked user to act as a high-ranked user."

[More at URL]
  • Current Mood: amused
  • Current Music: Nothin' on a SONY label!
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2005-12-07 06:03 pm (UTC)
From: [identity profile] loopback.livejournal.com
totally off the point of this entry, but I am stealing the shit out of that LJ icon you're using for this post.

I just spent 3 days doing the O RLY? YA RLY! dance.

Date: 2005-12-07 06:09 pm (UTC)
solarbird: (Default)
From: [personal profile] solarbird
See my allpics page for origination credit. Also, check out her other icons, they are full of teh lulz.

Date: 2005-12-07 10:12 pm (UTC)
From: [identity profile] cafiorello.livejournal.com
Damn, and here I figured I was safe because I run in limited mode. D'oh! Luckily I haven't bought a Sony CD in a long time. (And it'll be even longer 'til the next time!)

Cathy

Date: 2005-12-07 10:40 pm (UTC)
solarbird: (Default)
From: [personal profile] solarbird
Well, you still have to install it as an admin user. (Say, you stuck in a CD while you were doing some administrative task.) But then if you run in normal-user mode, some exploit could use this accidental security hole to run as admin.

Date: 2005-12-08 05:49 am (UTC)
wrog: (howitzer)
From: [personal profile] wrog
of course, now every time I reboot I get the dialog box asking me if I want autorun turned back on. And there doesn't seem to be any way to disable it. Suck.

Date: 2005-12-08 07:30 am (UTC)
solarbird: (molly-angry)
From: [personal profile] solarbird
bastards!
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

solarbird: (Default)
solarbird
I'm on Mastodon!

Links

January 2026

S M T W T F S
    1 23
4 56 7 8 910
1112 131415 1617
1819202122 2324
25262728293031

Most Popular Tags

Page Summary

Active Entries