so how does one go about getting an exchange copy?
Those pesky Sony/BMG CDs
don't believe that has been announced yet… will fully monitor the situtation
Sony's Fix for CDs Has Security Problems of Its Own
By Brian Krebs
Special to The Washington Post
Thursday, November 17, 2005; D01
Consumers who used computers to listen to Sony BMG music CDs containing flawed software were still exposed to potentially crippling security breaches yesterday, experts said, as the company continued to try to fix the problem.
Sony BMG Music Entertainment released a software patch earlier in the week, but experts warned that the fix created as many security problems as the original program, and as of yesterday the company had not come up with a new approach.
Sony BMG has recalled nearly 5 million CDs equipped with the flawed anti-piracy software shipped to retailers over the past eight months – including titles by singers Neil Diamond, Celine Dion and Ricky Martin. Roughly two weeks ago, security experts showed that the software automatically installed a program that hid all of its files from users and damaged or crashed computers of customers who tried to remove it.
When played on a home computer running Microsoft Windows, the CDs require users to install a special media player and click "agree" on 3,000-word license agreement. But the agreement makes scant mention of what the software, which is designed to prevent people from making unauthorized copies of the music, will do once installed.
For example, experts showed that the anti-piracy software "phones home" to Sony BMG and to the company that created the software, First 4 Internet Ltd., with details of user's music-listening habits. It also interferes with more than 250 programs that could allow copying of the CD contents to a portable media player or backup disc.
Detailed examination of the license agreement reveals no mention of such activity.
Further testing proved that hackers could use the program's file-hiding capabilities to silently embed computer viruses on PCs, prompting Sony BMG to issue a software update that removes that feature. Days later, unknown attackers sent millions of junk e-mails containing a virus crafted to exploit the flaws and seize control of vulnerable computers.
After the virus outbreaks, Sony BMG – a joint venture of Sony Corp. and Bertelsmann AG – said it would suspend production of new CDs featuring the copy-protection technology. But after nearly two weeks of relentless consumer backlash, Sony BMG said Tuesday that it would recall all CDs equipped with the anti-piracy software and that roughly 2 million customers who have already bought the discs would be able to exchange them.
Sony BMG spokesman John McKay declined to comment beyond the company's written statement, which apologized to customers for any inconvenience caused by the software and promised additional details about the CD exchange program in coming days.
Hours after Sony BMG announced its buyback, researchers at Princeton University found that even the patch the company released to remove the anti-piracy software contains security problems. The patch leaves behind coding that allows any Web page the user visits to download, install and run programs on the computer. Other research, released Tuesday by Atlanta-based Internet Security Systems, showed that the underlying program itself contained security holes that hackers could use to attack Windows computers running the software.
Sony BMG's latest moves have not erased its legal and public relations troubles. Last week, an attorney in California filed a lawsuit seeking damages for residents who bought the defective CDs, and on Monday, a lawyer in New York filed a nationwide class-action case against the company.
Mark Russinovich, chief software architect at Sysinternals, the security expert whose initial research into the anti-piracy program sparked the controversy, welcomed the class-action suits, saying withdrawal of the software wasn't enough.
"What I'm most concerned about is: If nothing serious happens to Sony that's visible to other companies, then we run the risk of this kind of thing becoming standard corporate behavior," Russinovich said.
The incident raises new questions about how far the music industry can go to defend its works from piracy. The industry loses roughly $4.2 billion worldwide to piracy each year, according to the Recording Industry Association of America. The software was the latest effort by entertainment companies to rely on controversial "digital rights management" (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks such as Kazaa and LimeWire.
Microsoft Corp. also waded into the fracas last week when it labeled Sony BMG's software a threat, saying it would let users remove the program through its anti-spyware program. Starting in December, Microsoft said, it will automate the removal of the software through its "malicious software removal tool," a program designed to help users clean up their computers after virus infections.
By Brian Krebs
Special to The Washington Post
Thursday, November 17, 2005; D01
Consumers who used computers to listen to Sony BMG music CDs containing flawed software were still exposed to potentially crippling security breaches yesterday, experts said, as the company continued to try to fix the problem.
Sony BMG Music Entertainment released a software patch earlier in the week, but experts warned that the fix created as many security problems as the original program, and as of yesterday the company had not come up with a new approach.
Sony BMG has recalled nearly 5 million CDs equipped with the flawed anti-piracy software shipped to retailers over the past eight months – including titles by singers Neil Diamond, Celine Dion and Ricky Martin. Roughly two weeks ago, security experts showed that the software automatically installed a program that hid all of its files from users and damaged or crashed computers of customers who tried to remove it.
When played on a home computer running Microsoft Windows, the CDs require users to install a special media player and click "agree" on 3,000-word license agreement. But the agreement makes scant mention of what the software, which is designed to prevent people from making unauthorized copies of the music, will do once installed.
For example, experts showed that the anti-piracy software "phones home" to Sony BMG and to the company that created the software, First 4 Internet Ltd., with details of user's music-listening habits. It also interferes with more than 250 programs that could allow copying of the CD contents to a portable media player or backup disc.
Detailed examination of the license agreement reveals no mention of such activity.
Further testing proved that hackers could use the program's file-hiding capabilities to silently embed computer viruses on PCs, prompting Sony BMG to issue a software update that removes that feature. Days later, unknown attackers sent millions of junk e-mails containing a virus crafted to exploit the flaws and seize control of vulnerable computers.
After the virus outbreaks, Sony BMG – a joint venture of Sony Corp. and Bertelsmann AG – said it would suspend production of new CDs featuring the copy-protection technology. But after nearly two weeks of relentless consumer backlash, Sony BMG said Tuesday that it would recall all CDs equipped with the anti-piracy software and that roughly 2 million customers who have already bought the discs would be able to exchange them.
Sony BMG spokesman John McKay declined to comment beyond the company's written statement, which apologized to customers for any inconvenience caused by the software and promised additional details about the CD exchange program in coming days.
Hours after Sony BMG announced its buyback, researchers at Princeton University found that even the patch the company released to remove the anti-piracy software contains security problems. The patch leaves behind coding that allows any Web page the user visits to download, install and run programs on the computer. Other research, released Tuesday by Atlanta-based Internet Security Systems, showed that the underlying program itself contained security holes that hackers could use to attack Windows computers running the software.
Sony BMG's latest moves have not erased its legal and public relations troubles. Last week, an attorney in California filed a lawsuit seeking damages for residents who bought the defective CDs, and on Monday, a lawyer in New York filed a nationwide class-action case against the company.
Mark Russinovich, chief software architect at Sysinternals, the security expert whose initial research into the anti-piracy program sparked the controversy, welcomed the class-action suits, saying withdrawal of the software wasn't enough.
"What I'm most concerned about is: If nothing serious happens to Sony that's visible to other companies, then we run the risk of this kind of thing becoming standard corporate behavior," Russinovich said.
The incident raises new questions about how far the music industry can go to defend its works from piracy. The industry loses roughly $4.2 billion worldwide to piracy each year, according to the Recording Industry Association of America. The software was the latest effort by entertainment companies to rely on controversial "digital rights management" (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks such as Kazaa and LimeWire.
Microsoft Corp. also waded into the fracas last week when it labeled Sony BMG's software a threat, saying it would let users remove the program through its anti-spyware program. Starting in December, Microsoft said, it will automate the removal of the software through its "malicious software removal tool," a program designed to help users clean up their computers after virus infections.
I am so glad that Sony's taste in music if far different from mine! As much as I tend to like many of their products, I certaintly hope that this hurts their bottom line in a very deep way. In fact, so deep that other companies learn a nasty lesson about this crap.
On the retributive justice side, I bet that when all is said and done, this will end up costing Sony more $$$ than all of the music that they are so convinced they would lose sales on due to copying and/or sharing. It's just a shame that the artists got involved whether they wanted to or not.
What really scares me about this kind of crap is that I generally use my computer to listen to real official CDs. It's one thing getting stung after you've downloaded something on a p2p but should be criminal to fuck up someone's computer or other devices when everything is done on the up and up by the consumer.
Too bad Metallica isn't on Sony.
On the retributive justice side, I bet that when all is said and done, this will end up costing Sony more $$$ than all of the music that they are so convinced they would lose sales on due to copying and/or sharing. It's just a shame that the artists got involved whether they wanted to or not.
What really scares me about this kind of crap is that I generally use my computer to listen to real official CDs. It's one thing getting stung after you've downloaded something on a p2p but should be criminal to fuck up someone's computer or other devices when everything is done on the up and up by the consumer.
Too bad Metallica isn't on Sony.
i would really like to stop buying sony, but i have a fucking PS2 and about 15 games, most of which i still enjoy playing … looks like i'm stuck …
Those pesky CDs can be returned!
Brian Krebs over at the Post is out in front on reporting this one. His Security Fix blog will be one I'll be reading for the time being.
http://blogs.washingtonpost.com/securityfix/2005/11/sony_bmg_has_ju.html
Brian Krebs over at the Post is out in front on reporting this one. His Security Fix blog will be one I'll be reading for the time being.
http://blogs.washingtonpost.com/securityfix/2005/11/sony_bmg_has_ju.html
Originally posted by kosmo vinyl:Sweet. Dropping The Dead 60's in the mail today.
Those pesky CDs can be returned!
Kosmo wrote: "Right or wrong labels serve as filters and have the capability to sell what the people want or think they need. "
The only filter my friends who are signed with major labels see is the filter that sucks up all the profits. Even somewhat successful bands get charged back by their labels for tour expenses, like hotel rooms. Thus, many opening acts you'll see at places like the 930 are still scrimping and looking to crash at friends' houses so they don't get charged back in towns where they have peeps. Nice filtering, right?
The only filter my friends who are signed with major labels see is the filter that sucks up all the profits. Even somewhat successful bands get charged back by their labels for tour expenses, like hotel rooms. Thus, many opening acts you'll see at places like the 930 are still scrimping and looking to crash at friends' houses so they don't get charged back in towns where they have peeps. Nice filtering, right?
Originally posted by kosmo vinyl:It's starting to look more and more like they did.
Its still under investigation but there is evidence that Sony in their attempt to copy protect their own material, infringed on the license that LAME encoding DLL was released under by not properly giving credited for using it within the their program. in the words of Dr. Doom "Fuckers!"
It would appear that Sony's DRM partners can't do anything right. The "uninstaller" for the discs with the SunnComm copy protection also leaves people open for malicious attacks over the internet. And the SunnComm DRM crap is more widely used than the XPC shite. i.e. My Morning Jacket, BRMC, Sloan, etc, etc, Full list in the comments of the this story or at SunnConn's web page
Be aware that the SunnComm crapola appears to be loaded on ones computer before you get a chance to accept the EULA or not. SunnConn is also hard at work at creating DRM software that works on Macs.
Be aware that the SunnComm crapola appears to be loaded on ones computer before you get a chance to accept the EULA or not. SunnConn is also hard at work at creating DRM software that works on Macs.
One of those pesky Sony BMG XCP CDs would make a perfect holiday gift for a pesky co-worker, if you've been appointed as their personal "secret Santa".
i wonder if the promo copies of those cds contained the program.
Originally posted by Venerable Bede:Why, are you starting to get a bit paranoid about that Celine Dion disc you just downloaded?
i wonder if the promo copies of those cds contained the program.
4:1 odds that vansmack owns this infected disc:
<img src="http://images.amazon.com/images/P/B000BKDO8O.01._SCLZZZZZZZ_.jpg" alt=" - " />
<img src="http://images.amazon.com/images/P/B000BKDO8O.01._SCLZZZZZZZ_.jpg" alt=" - " />
Originally posted by ggwâ?¢:Oh no! Please don't tell my wife or I will certainly be an owner by the end of the weekend.
4:1 odds that vansmack owns this infected disc:
Now that the XPC brand of DRM protection has been shown to be problematic and resulted in a product replacement offer. More attention has been focused on the MediaMax software, that comes on lots more CDs. It will in fact load it's software on a computer even if you decline the EULA when inserting the disk. I smell even more trouble for the execs over at Sony/BMG…
http://www.freedom-to-tinker.com/?p=936
http://www.freedom-to-tinker.com/?p=936
Even more problems with the other copy protection software SonyBMG uses… This time at least Sony admitted to the problem up front, there is also a new "fix" for those who installed the XCP crapola on their PCs, although I would wait a day or two before running it, let the experts test it.
SunnConn Crapola story at Cnet
Brian Krebs WaPo Blog entry
Sony hearts Mediamax
The CDs with the MediaMax "copy" protection sw include
Black Rebel Motorcycle Club "Howl"
My Morning Jacket "Z"
David Gray "Life In Slow Motion"
Full List
If you have ever put one these CDs into a computer running Windows you may want to update the software. It has been shown that even if you decline the End User Agreement that appears when loading the CD, the software can still be installed without your consent down the line.
This copy protection SW affect six million sold CD, Sony must be shitting themselves at the thought of having to replace all of those.
New fix info for XCP (i.e. Dead 60's, The Coral)
WaPo Blog
Sony XCP uninstaller
SunnConn Crapola story at Cnet
Brian Krebs WaPo Blog entry
Sony hearts Mediamax
The CDs with the MediaMax "copy" protection sw include
Black Rebel Motorcycle Club "Howl"
My Morning Jacket "Z"
David Gray "Life In Slow Motion"
Full List
If you have ever put one these CDs into a computer running Windows you may want to update the software. It has been shown that even if you decline the End User Agreement that appears when loading the CD, the software can still be installed without your consent down the line.
This copy protection SW affect six million sold CD, Sony must be shitting themselves at the thought of having to replace all of those.
New fix info for XCP (i.e. Dead 60's, The Coral)
WaPo Blog
Sony XCP uninstaller
Well it didn't take long… stay away from the latest "fix" for those MediaMax "protected" CDs.
http://www.freedom-to-tinker.com/?p=942
my recommendation is stay the hell away from the XCP "fix" as well for a bit…
http://www.freedom-to-tinker.com/?p=942
my recommendation is stay the hell away from the XCP "fix" as well for a bit…