Sony Rootkit: electronic Black Death

DRM pandemic rattles readers

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Letters First up today from the Vulture Central mailbag is this, pointing out a shocking howler in this week's Chip and PIN story:

quote: ...coincides with the increased roll-out of the Chip and PIN scheme which requires card users to use a three-digit identification number... endquote:

Shurely shome mishtake? Four digits required. Three digits is the security code on the back of the card.

Yes, we're very sorry. The person responsible is, as is the local custom, now cleaning out the El Reg toilets with an old toothbrush.

Be afraid; be very afraid - the curse of the Sony BMG Rootkit continues to menace civilisation:

No surprise to me: the local big-box electronic store here, [name supplied], was/is still selling the Sony/BMG rootkit CDs. I asked the manager-on-duty/'associate' why they were still selling them, after telling him about the lawsuits, the risks to the law-abiding customers, the fact that on Sony Canada's website they had a list of CDs to be returned to the store for a refund, etc. "We didn't get a memo from our head-office" and "I'll ask the Sony rep. the next time he's here" were his replies. So I replied that, as per their policy, I'd be better off, security-wise, to D/L music off the net, than to buy music... Sigh.

Jeepers, I hope they don't wonder why I won't buy music there anymore, eh?

Interestingly, at the Sony Store, in the same shopping mall, a salesman told me that THEY had pulled all the rootkit CDs from their shelf (though, to be fair, music CDs weren't a major part of their displays).

Paul Renault

I work in a call centre on a technical helpdesk supporting customers of an ISP. If you so much as put in a CD, diskette, or any other storage medium, you will face at least disciplinary (if not dismissal) for potentially compromising the security of the network.

How the hell did this software get on military networks?


'The global scope is the big mystery here'

You do know that amazon has webshops in europe, that these shops have marketplace access, and that the euro/dollar change makes US silver discs attractive nowadays?

Nicolas Mailhot

From the article - "The global scope is the big mystery here," he said. "It is fairly likely that a lot of the discs were pirated."

All I can say is: Stab, twist. Repeat. :D

Simon Green

Uh, excuse me, but weren't those CDs supposed to be "protected" ? So, not only did Sony release a malware-infested rootkit CD, but it's so-called DRM did not keep the CD from being copied. Sounds to me like a pretty bad reference for whichever incompetent nitwit did that failure of a job. And I expect with great anticipation the obituary of First 4 Internet. I do not see how that "company" can possibly survive the fallout. It may not be entirely their fault (after all, who knows what the contract specified exactly, and what was intended to be made in the first place), but I have heard no good comments on them since their name appeared alongside Sony's. Learning that their DRM is copyable does not make things better for them.

Pascal Monett

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

So... increasing the risk of compromisation for a few hojillion government machines is perfectly all right, whereas tacking /../.. onto the end of a URL is considered evil computer terrorism which must be stamped on immediately lest it ever spread. My but what a world we do live in...


I thought you'd find it amusing that Sony comes up with ZERO hits when searching for rootkit on its site.


so it's not easy to get the patch , they have come up with!!



Blimey, it's like a zombie film. Only way to kill them is too shoot off the head.

Jules Lawton

Actually, that last one is not about Sony, but rather software patents, another long-running tale of woe...

Since there is no easy way to revoke patent grant rights en-mass, will the harmonisation be to reduce the scope to the most restricted regime? A patent right not granted is easier to give than take away, after all.

Mark Hackett

Never, ever email a job reference. That's the word from the UK's Information Commissioner's Office. Solid advice, too, apparently:

Well, at least the laws make more sense than here in Canada. Apparently, the courts here ruled that when you ask a (current or former) employer for a reference, you imply that you're asking for a good reference. If your boss gives you a bad reference, then the boss can be sued if you didn't get the job! Again, "apperently" -- this is about eighth-hand information...

Jason McKenna

Your article reminded me of a different approach to the same issue that was recommended by the university attorneys back in the olden days when I was an professor. These learned lawyers advised the faculty that if they had agreed to write a letter of "recommendation" (for a student or other employee), then it should not contain any criticism of the person being "recommended". The lawyers went on to say that if the faculty member was unable to abide by this limitation, then they needed written permission from the requestor to write a letter of "reference" or "evaluation", rather than a letter of "recommendation".

As I was on my way out of academia at the time, I found it worth a chuckle. At least in the business world people are honest about lying to you. ;-)

John D. McCalpin, Ph.D

Last Friday was the 13th. A bad day for walking under ladders, but a good day for Greenpeace to issue a nuclear power station terrorist apocalypse warning:

You said; "Oh yes, and they're safe as long as someone doesn't deliberately crash an airliner fully loaded with fuel into them while screaming children hit the pebbled beaches of Cumbria."

Take a look at; http://www.nmcco.com/education/facts/security/crash_analysis.htm

Also, all PWR (Pressurised Water Reactors) like Sizewell B are designed to withstand an impact from a commercial jet at full speed with a full load of fuel. Many of the UK's ageing Magnox reactors are not though, so perhaps we should be shutting down our outdated designs and using something a little more modern than a 1950's design. ;-)

Either that or we can all go back to the 17th Century like all these so called "Greens" seem to want us to do. Back to a life expectancy of maybe 45 years, back to dying of smallpox, back to living your life out no more than a few miles from where you were born. Nah, it'll never happen. Most of them couldn't live without their i-Pods and environmentalist sloganed T-shirts. <LOL>

George Garratt

Is it not also worth pointing out that someone crashing a jumbo jet full of radioactive waste *and* kerosene into pretty much any mildly populated area would have precisely the same effect, and that the stuff isn't really hard to get hold of?

Rob Moss

To wrap this up - the shocking news that Jesus would certainly pack his iPod with Christian Rock:

Jesus would not need an IPOD because being God who walked on earth He is the author of life and music.

Daniel Kinsman

You sure that was "Christian Rock", and not "Chris Rock"?

Steve Shockley

Yes, we're pretty sure about that.

Equally unsurprising was the absence of "Black Metal" and "Death Metal" and "Melodic Black Death Metal" from both your article and the poll it discussed. What's become of Christians these days?

Matthew Roche

"For the record, today's survey on Beliefnet asks: "Would you use prayer to ward off bird flu?" Nope, we'd use Tamiflu to ward of bird flu, and prayer to ward off Christian Rock. So now you know."

To which I say, "Hells yes!"


Jason Milwaukee, Wisconsin USA

I believe you are quite incorrect here, as even the most devout of Christians have no defense against a Christian Rock pandemic, and would in fact pray to get bird flu if such a travesty did infect their iPods.

Andy Bright

Why would you ward off Christian Rock with prayer? I can assure you this, if you ever have a chance to see the Newsboys or Audio Adrenaline live, you may change your mind about Christian Rock. The Message is there, and the concerts are awesome. Every knee will bow and every tongue will confess that Jesus Christ is Lord. This includes you.

Ron V

Thanks, Ron - I look forward to it. More silliness Friday. ®

3 Big data security analytics techniques

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.