Saturday, November 12, 2005

Urgent Warning about Sony music CDs

Urgent Warning re Sony BMG

NOTE: This is an exact replica of an article I published at Vaspers the Grate.


Sony has been forced by Blogospheric Wrath, and other forces, to temporarily stop this sleazy policy.

NEW: Fox news provides an Associated Press report, dated Nov. ll, 2005, on how Sony is "temporarily" suspending production of this "anti-piracy" scheme:

"Sony to Stop Controversial CD Software"


Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the [DRM brand] technology as a precautionary measure.

"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players.

Some other music players, which recognize Microsoft's proprietary music format, would work.

Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection.

Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.


Please notice how Sony stupidly says they have "goals of security and ease of consumer use".

This is outright bullshit, people.

Their number one goal is profit, not network security or consumer happiness. If they gave a flipping fig about corporate network security, they would have never moved forward with a rootkit installation approach to DRM (digital rights management).

Every IT guy or gal knows this is a wrong-headed, supremely selfish strategy.

Thanks, Sony assholes, for opening vulnerabilities in corporate networks, so all the hacker cracker cyber-vandal bullies can slip right in.

Guess how long it will take for cyber criminals to exploit these security holes now blasted wide open.

I sure hope your company doesn't allow employees to listen to music CDs on the company computers as they work.

See the recent Google SE results on Sony CD DRM:

Make the scumbags feel our WRATH!



List of infected Sony CDs

Trey Anastasio - "Shine"
Celine Dion - "On ne Change Pas"
Neil Diamond - "12 Songs"
Our Lady Peace - "Healthy in Paranoid Times"
Chris Botti - "To Love Again"
Van Zant - 'Get Right with the Man"
Switchfoot - "Nothing is Sound"
The Coral - "The Invisible Invasion"
Acceptance - "Phantoms"
Susie Suh - "Susie Suh"
Amerie - "Touch"
Life of Agony - "Broken Valley"
Horace Silver Quintet - "Silver's Blue"
Gerry Mulligan - "Jeru"
Dexter Gordon - "Manhattan Symphonie"
The Bad Plus - "Suspicious Activity"
The Dead 60s - "The Dead 60s"
Dion - "The Essential Dion"
Natasha Bedingfield - "Unwritten"
Ricky Martin - "Life"

DO NOT BUY, or play on your computer, any of these CDs!


Listen up, for your own good.

Protect yourself from evil psycho-capitalistic schemes.

Boycott Sony BMG. Look closely at any music CD you buy. Make sure it's not on the Sony BMG label. A Sony BMG compact disk is bad news for your computer.

Get fired up with real aggressive hate, and take your rage out on Sony BMG. Scumbags.

blogosphere = blogs-of-fear

Blogs causing fear and dread, with massive financial loss, in deserving targets.

Boycott Sony BMG. Never buy any Sony BMG musical artist products. To buy any Sony CDs may pose serious threats to your computer and network. Scumbags.

Warn everyone you know about Sony BMG, their music products on compact discs, and their selfish, destructive, anti-consumer policy regarding DRM (digital rights management/manipulation).

Here's a follow-up to my original warning, "Are Sony CDs evil?" The answer is a resounding "Yes, they're evil alright."

I'll let John Borland at CNet explain it again to you.

"Sony CD protection sparks security concerns"
By John Borland
Staff Writer, CNET
Published: November 1, 2005, 2:15 PM PST


Mark Russinovich was doing a routine test this week of computer security software he'd co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC's guts.

It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he'd bought and played on his computer.

The SonyBMG-produced Van Zant album had been advertised as copy-protected when he'd bought it on, and he'd clicked through an installation agreement when he put the disc in his computer. What he later found is that the software had used a sophisticated cloaking technique that involves a "rootkit"--something not dangerous in itself, but a tool often used by virus writers to hide all traces of their work on a computer.

What's new:

Copy-protection software on CDs produced by SonyBMG is cloaked by a technique that involves a "rootkit," which is designed to hide and protect the software on the user's computer.

Bottom line:

Rootkit tools often are used by virus writers to hide malicious software, and security experts say rootkit mechanisms used by recording companies could be misused by others. That threat is only theoretical so far, but the debate continues between consumers and record companies about what copy-protection technologies are necessary and appropriate.

"We're still trying to find a line between fair use and digital rights management, and it is going to take issues like this, with discussions between lawmakers and industry, to come up with what's fair and honest," Russinovich said. "But I think this has gone too far."

Russinovich posted a detailed step-by-step account of his findings on his blog, drawing immediate criticism of SonyBMG's technology from some inside the security software community.

The passionate response underlines the power copy protection retains to inflame emotions and spark bitter debate, despite the growing string of chart-topping albums that have been released over the past year with the protections included.

A handful of security companies weighed in on the issue, saying the rootkit could present a possible--if still theoretical--risk to computers.

The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content protection in ways that have been simple in similar products, the company said.

In any case, First 4 has moved away from the techniques used on the Van Zant album to new ways of cloaking files on a hard drive, said Mathew Gilliat-Smith, the company's CEO.

"I think this is slightly old news," Gilliat-Smith said. "For the eight months that these CDs have been out, we haven't had any comments about malware (malicious software) at all."

A SonyBMG representative said the software could be easily uninstalled, by contacting the company's customer support service for instructions. Those instructions are not specifically available on the Web site that answers questions about the company's copy protection tools.

Rootkit realities

Rootkit software has been around for over a decade but has recently come to increased prominence as more writers of viruses and the like adopt it for their purposes. Essentially, rootkits are tools for digging deep into a computer's operating system to hide the fact that certain software files exist or that the computer is performing certain functions.

Unlike other, less-powerful means of hiding files on a hard drive, rootkits are created to be extraordinarily difficult to uninstall without specific instructions, rooting themselves in an operating systems' deepest recesses in order to prevent their deletion.

In the case of the SonyBMG software, trying to remove it manually could shut off access to the computer's CD player, researchers said.

Security researchers note that simply hiding something doesn't make it a threat, and the SonyBMG software is designed to hide the digital rights management tools that prevent unauthorized copies of the CD from being made.

However, it does remain active in the background of a computer, taking up a small amount of memory, even when the CD is not being played. Thus the rootkit software does have the potential to be misused by others, according to some researchers.

The First 4 Internet software's technique for hiding files is broad enough that it could be adopted by virus writers, allowing them to hide their own tools on computers that have run the software from the CD, say some security experts.


Now, please go read the entire article. Then Google the phrase: "Sony CD", and see what more you can discover. Expect butt-kissers to rise up to defend Sony, and to moan about "music pirates", and other ignorant greedy whinings.

This really stinks, for any company to go this far to protect, not artists, not consumers, but their bloated compensations and profits.

It's all about squeezing the maximum amount of hard earned cash from unsuspecting consumers.

Do something important with your life. Here are five (5) simple tasks you should consider performing...

5 Basic Ways to Fight Back

(1) Research: investigate the matter via Google or other search engine probes, using various keywords and phrases.

(2) Non-comply: Never agree to any Install Agreement dialog box that appears unexpectedly with any product that normally requires no special installations, like a music CD.

(3) Boycott: refuse to buy any further products from a company that has such a piss poor attitude toward customer service and consumer relations.

(4) Protest: email complaints and hatred to the CEO of any offending company. How dare these scumbags be so brazen in using malware type cloaking to secretly invade your computer, and to introduce potential vulnerabilities into your network.

(5) Revolt: post warnings and advice on your blog, regarding such dangerous, arrogant, and counter-productive corporate behavior. Send emails to friends, associates, other bloggers about this problem. Tell others at work, at church, in the mall, on the street, everywhere, about the dangers and risks associated with such products.

Information without transformation is useless.

[signed] Steven Streight aka Vaspers the Grate

No comments: