Sony pulls rootkit DRM CDs
Print storyExchange program to follow
Posted in Music and Media, 16th November 2005 05:25 GMT
See what The Register's experts have to say on application security
Sony has bowed to consumer pressure and will withdraw all CDs encumbered with its notorious 'rootkit' DRM, XCP. Sony says around 4m XCP CDs have been manufactured. For the 2.1m CDs already sold, Sony will institute an exchange program, with details to follow later in the week.
Sony remains committed to releasing all CDs next year with some form of copy restriction measures.
How many people have been infected with XCP? DNS hacker Don Kaminsky investigated by querying DNS servers with the address XCP uses to 'phone home', and found traces on over half a million servers.
Of these 217,296 were from Japan, 130,519 from the USA, and 44,421 from the United Kingdom. And one from Afghanistan.
The figure represents a minimum, as some domains, such as AOL, will have millions of users, but will register with a domain name server just once in a give time frame.
Sony's first 'fix' for XCP potentially opens the door for websites to take control of a PC, a Finnish researcher Muzzy has noticed. An ActiveX control installed by First4Internet Ltd, the British company that devised XCP, allows remote systems full access. First4Internet has since scrapped this method of delivery and now downloads an executable without this particular vulnerability. Princeton academic Ed Felten has a test page, here, where you can test if the CodeSupport ActiveX control is present on your system. ®
The future of SaaS and IT infrastructure management
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter