Sony's "Lame" rootkit uses open source mp3 software

[Specmon]

Sony's flawed effort to protect its rights are violating everyone elses!Elsewhere today I read a report that the method Sony has put forth to remove the rootkit is leaving many thousands of computers open to serious compromise.Then I ran across this article describing Sony's apparent "theft" of LGPL'd open source mp3 software "Lame"Page translated by the authorWhat do the Japanese call the honour saving ceremonial "falling on one's sword"?Heads will roll before this stink dissipates.

[Peachy]

hari kari

[Cluttermagnet]

Sony's flawed effort to protect its rights are violating everyone elses!What do the Japanese call the honour saving ceremonial "falling on one's sword"?Heads will roll before this stink dissipates.

Hmmm-I wish... but I don't think so. "No soup for you!"Sorry, but I don't see any impending hari kari in Tokyo or elsewhere over thisWebb's post in the thread about "Mark's Sysinternals Blog" really nails it. His link to the storyin Wired really says it all: the silence from all the so-called security companies who are supposed to be protecting us- McAffee, Symantec, Microsoft, etc. was just about deafening. Edited November 18, 2005 by Cluttermagnet

[Specmon]

Well, this hasn't finished playing out yet, and the cost of cleaning up the half million or so corporate networks infected by the rootkit will keep this story going through the Christmas season.The bad press Sony is getting now could cost it dearly in lost holiday sales.While DRM junk is probably inevitable, while I still have a choice, no money of mine will go into their coffersIf I'm looking at a product and there is an alternative to a Sony product, Sony's going to lose my sale.I think a lot of other people will feel similarly.McAffee, Symantec, Microsoft, etc. don't buy Sony products at the Best Buy.Next six weeks will tell the tale. Check back.

[teacher]

Well, this hasn't finished playing out yet, and the cost of cleaning up the half million or so corporate networks infected by the rootkit will keep this story going through the Christmas season.The bad press Sony is getting now could cost it dearly in lost holiday sales.While DRM junk is probably inevitable, while I still have a choice, no money of mine will go into their coffersIf I'm looking at a product and there is an alternative to a Sony product, Sony's going to lose my sale.I think a lot of other people will feel similarly.McAffee, Symantec, Microsoft, etc. don't buy Sony products at the Best Buy.Next six weeks will tell the tale. Check back.

The sad thing is that most of the public is not aware or observant. I was discussing the stock market with my students and asked what stock they would buy. I was almosot shouted down with two answers - Microsoft and Sony. All based on game machines coming out on the market. When I brought up this and discussed it with them, they said they would not buy Sony CDs but could not see that it was the same company as the game machine. I'm afraid that is probably right up there with the average uninformed consumer.

[Guest LilBambi]

A friend who is subscribed to Business Week, took one of their surveys about this.Here are the results he saw after voting on the Poll. And this is just by people who are registered Business Week users.

Thanks for voting. Here are the survey results:TECHNOLOGY: Sony is recalling millions of CDs with a copyrightprotection program that leaves PC users prone to viruses. How should consumers respond?Avoid Sony CDs from now on 77.1 % Sony took copyright protection too far. But the company is now doing the right thing 15.5 % Sony should embed copyright protections on its CDs. Now the company just has to make its programs virus-proof 6.1 % Not sure 1.3 %

Speaks volumes, huh?

[Corrine]

Here's Sony's solution: Welcome to the Sony BMG XCP Exchange program for a list of Sony CD's containing the rootkit and instrutions on obtaining a replacement. Not the current "top 10". Think Sony was testing the waters? (Also of interest is Sony, Amazon Detail CD Buyback by Brian Krebs.)Not sure what a rootkit is or what it does? Check out Alex Eckelberry's blog writeup here: Rootkits are NOT acceptable under ANY means.

[Marsden11]

Glad I'm running XP Pro x64... Can't install a rootkit on x64... The OS does not allow hooks to the kernel... period!

Edited November 21, 2005 by Marsden11

[Specmon]

Here's an article from The Inquirer about the implications of Sony "appropriating" Lame's software,"if it's true"

Sony may be hoist by own petard on copyrightComment If it's true, of courseBy Charlie Demerjian: Monday 21 November 2005, 07:07SONY MIGHT HAVE DONE the world more good than bad with its DRM rootkitting high jinx over the last few weeks.Without regurgitating it again, there is one element that has not received nearly enough attention, the allegation that Sony infringed copyright. Since that initial claim, the code has been pored over, and more bits and pieces have emerged, leaving the community salivating.For the sake of this story, we will assume that Sony may have infringed on the copyright as accused, but that may or may not be true. If it is not true, there is little point to any of this, so let's just pretend it did something really bad for the sake of argument.Sony as you well know is a card carrying member of the RIAA, an organisation that stands up to the letter of the law on copyrights, and is known for suing anyone who crosses them, from 12 year olds in welfare funded families to octogenarians. It is the epitome of all things it believes to be right and profitable for its members. In fact, it loves to wave damages of several thousand dollars per alleged copyright infringement. Good for them I say, it sets one **** of a precedent.That is where the nightmare begins. If Sony did indeed distribute millions, some say tens of millions of copies of someone else's copyrighted material, that is bad. The fact that it sold those copies for a profit surely puts it into a whole other class of 'wrongness' than mere distribution, right? At the very least, this has got to be behaviour at least as infringing as distribution over a P2P network.So, what is a company to do? It sets a precedent of a few thousand dollars per 'wrong', and now it has millions of Lexan disks of wrong on the books, and an auditable paper trail. This, if you use their own numbers could add up to billions of dollars owed to the Lame crew and the others alleged to have their virtual toes stepped on.So, this is where the community can step up to the plate and end this silliness once and for all. If the allegations against Sony are true, it has set precedent after precedent that it owes a lot of people billions. If those people are smart, they can ask Sony to decide exactly the worth of each copyright infringement, and pay up that much.Ask for a written, court approved document stating that a single infringement is worth X dollars per infringement. If Sony wants to set that number at $1 per copy, that's fine, write out a cheque for seven or eight figures and be done with it. The problem is, it has just cut the legs out from any future RIAA enforcement efforts.If Sony wants to take the proverbial RIAA hard line, I am sure the Lame crew would love a few billion dollars. If you use the numbers that Sony likes to bandy about, around $150K per infringement, you have a settlement worth more than the entire Sony Corporation. Lame-Sony has a certain ring to it, don't you think?Of course, this all depends on whether it's all true or not. Merciless time will tell. µ

A case of "what's good for the goose being good for the gander"?

[Guest LilBambi]

Gotta love this line:

If Sony wants to take the proverbial RIAA hard line, I am sure the Lame crew would love a few billion dollars. If you use the numbers that Sony likes to bandy about, around $150K per infringement, you have a settlement worth more than the entire Sony Corporation. Lame-Sony has a certain ring to it, don't you think?

That really is a what's good for the goose, is good for the gander. The RIAA had no compunction on going after their customers and it cost folks dearly over it. Even at their 'generous' settlement prices.BTW: The author of The Inquirer article must have loved that line when it was posted as part of a Talk Back on CNET on the 18th. Can't say I blame them, it was priceless. :hysterical:There is more about this at Slashdot:

An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."

(bold emphasis mine)Boy Sony and First 4 Internet have really stepped in it so to speak. I am sure all the folks at the Open Source projects would appreciate some compensation on this to help them further their projects.If it is true, that is. :whistling:NOTE: Please remember to post a link to any quotes to articles. Thanks. Edited November 21, 2005 by LilBambi