Feeds

Sony Rootkit: electronic Black Death

DRM pandemic rattles readers

  • alert
  • submit to reddit

Security for virtualized datacentres

Letters First up today from the Vulture Central mailbag is this, pointing out a shocking howler in this week's Chip and PIN story:

quote: ...coincides with the increased roll-out of the Chip and PIN scheme which requires card users to use a three-digit identification number... endquote:

Shurely shome mishtake? Four digits required. Three digits is the security code on the back of the card.

Yes, we're very sorry. The person responsible is, as is the local custom, now cleaning out the El Reg toilets with an old toothbrush.


Be afraid; be very afraid - the curse of the Sony BMG Rootkit continues to menace civilisation:

No surprise to me: the local big-box electronic store here, [name supplied], was/is still selling the Sony/BMG rootkit CDs. I asked the manager-on-duty/'associate' why they were still selling them, after telling him about the lawsuits, the risks to the law-abiding customers, the fact that on Sony Canada's website they had a list of CDs to be returned to the store for a refund, etc. "We didn't get a memo from our head-office" and "I'll ask the Sony rep. the next time he's here" were his replies. So I replied that, as per their policy, I'd be better off, security-wise, to D/L music off the net, than to buy music... Sigh.

Jeepers, I hope they don't wonder why I won't buy music there anymore, eh?

Interestingly, at the Sony Store, in the same shopping mall, a salesman told me that THEY had pulled all the rootkit CDs from their shelf (though, to be fair, music CDs weren't a major part of their displays).

Paul Renault


I work in a call centre on a technical helpdesk supporting customers of an ISP. If you so much as put in a CD, diskette, or any other storage medium, you will face at least disciplinary (if not dismissal) for potentially compromising the security of the network.

How the hell did this software get on military networks?

Francisco


'The global scope is the big mystery here'

You do know that amazon has webshops in europe, that these shops have marketplace access, and that the euro/dollar change makes US silver discs attractive nowadays?

Nicolas Mailhot


From the article - "The global scope is the big mystery here," he said. "It is fairly likely that a lot of the discs were pirated."

All I can say is: Stab, twist. Repeat. :D

Simon Green


Uh, excuse me, but weren't those CDs supposed to be "protected" ? So, not only did Sony release a malware-infested rootkit CD, but it's so-called DRM did not keep the CD from being copied. Sounds to me like a pretty bad reference for whichever incompetent nitwit did that failure of a job. And I expect with great anticipation the obituary of First 4 Internet. I do not see how that "company" can possibly survive the fallout. It may not be entirely their fault (after all, who knows what the contract specified exactly, and what was intended to be made in the first place), but I have heard no good comments on them since their name appeared alongside Sony's. Learning that their DRM is copyable does not make things better for them.

Pascal Monett


"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

So... increasing the risk of compromisation for a few hojillion government machines is perfectly all right, whereas tacking /../.. onto the end of a URL is considered evil computer terrorism which must be stamped on immediately lest it ever spread. My but what a world we do live in...

Richard


I thought you'd find it amusing that Sony comes up with ZERO hits when searching for rootkit on its site.

http://www.sony.com/SonySearch/Search.jsp?doSearch=true

so it's not easy to get the patch , they have come up with!!

:-)

Nathan


Blimey, it's like a zombie film. Only way to kill them is too shoot off the head.

Jules Lawton

Actually, that last one is not about Sony, but rather software patents, another long-running tale of woe...

Since there is no easy way to revoke patent grant rights en-mass, will the harmonisation be to reduce the scope to the most restricted regime? A patent right not granted is easier to give than take away, after all.

Mark Hackett


Never, ever email a job reference. That's the word from the UK's Information Commissioner's Office. Solid advice, too, apparently:

Well, at least the laws make more sense than here in Canada. Apparently, the courts here ruled that when you ask a (current or former) employer for a reference, you imply that you're asking for a good reference. If your boss gives you a bad reference, then the boss can be sued if you didn't get the job! Again, "apperently" -- this is about eighth-hand information...

Jason McKenna


Your article reminded me of a different approach to the same issue that was recommended by the university attorneys back in the olden days when I was an professor. These learned lawyers advised the faculty that if they had agreed to write a letter of "recommendation" (for a student or other employee), then it should not contain any criticism of the person being "recommended". The lawyers went on to say that if the faculty member was unable to abide by this limitation, then they needed written permission from the requestor to write a letter of "reference" or "evaluation", rather than a letter of "recommendation".

As I was on my way out of academia at the time, I found it worth a chuckle. At least in the business world people are honest about lying to you. ;-)

John D. McCalpin, Ph.D


Last Friday was the 13th. A bad day for walking under ladders, but a good day for Greenpeace to issue a nuclear power station terrorist apocalypse warning:

You said; "Oh yes, and they're safe as long as someone doesn't deliberately crash an airliner fully loaded with fuel into them while screaming children hit the pebbled beaches of Cumbria."

Take a look at; http://www.nmcco.com/education/facts/security/crash_analysis.htm

Also, all PWR (Pressurised Water Reactors) like Sizewell B are designed to withstand an impact from a commercial jet at full speed with a full load of fuel. Many of the UK's ageing Magnox reactors are not though, so perhaps we should be shutting down our outdated designs and using something a little more modern than a 1950's design. ;-)

Either that or we can all go back to the 17th Century like all these so called "Greens" seem to want us to do. Back to a life expectancy of maybe 45 years, back to dying of smallpox, back to living your life out no more than a few miles from where you were born. Nah, it'll never happen. Most of them couldn't live without their i-Pods and environmentalist sloganed T-shirts. <LOL>

George Garratt


Is it not also worth pointing out that someone crashing a jumbo jet full of radioactive waste *and* kerosene into pretty much any mildly populated area would have precisely the same effect, and that the stuff isn't really hard to get hold of?

Rob Moss


To wrap this up - the shocking news that Jesus would certainly pack his iPod with Christian Rock:

Jesus would not need an IPOD because being God who walked on earth He is the author of life and music.

Daniel Kinsman


You sure that was "Christian Rock", and not "Chris Rock"?

Steve Shockley

Yes, we're pretty sure about that.


Equally unsurprising was the absence of "Black Metal" and "Death Metal" and "Melodic Black Death Metal" from both your article and the poll it discussed. What's become of Christians these days?

Matthew Roche


"For the record, today's survey on Beliefnet asks: "Would you use prayer to ward off bird flu?" Nope, we'd use Tamiflu to ward of bird flu, and prayer to ward off Christian Rock. So now you know."

To which I say, "Hells yes!"

Cheers,

Jason Milwaukee, Wisconsin USA


I believe you are quite incorrect here, as even the most devout of Christians have no defense against a Christian Rock pandemic, and would in fact pray to get bird flu if such a travesty did infect their iPods.

Andy Bright


Why would you ward off Christian Rock with prayer? I can assure you this, if you ever have a chance to see the Newsboys or Audio Adrenaline live, you may change your mind about Christian Rock. The Message is there, and the concerts are awesome. Every knee will bow and every tongue will confess that Jesus Christ is Lord. This includes you.

Ron V

Thanks, Ron - I look forward to it. More silliness Friday. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Are you a fat boy? Get to university NOW, you PENNILESS SLACKER
Rotund types paid nearly 20% less than people who didn't eat all the pies
Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
... said an anon coward who we really wish hadn't posted on our website
Japan develops robot CHEERLEADERS which RIDE on BALLS
'Will put smiles on faces worldwide', predicts corporate PR chief
Bruges Booze tubes to pump LOVELY BEER underneath city
Belgian booze pumped from underground
Let it go, Steve: Ballmer bans iPads from his LA Clippers b-ball team
Can you imagine the scene? 'Hey guys, it's your new owner – WTF is that on your desk?'
Amazon: Wish in one hand, Twit in the other – see which one fills first
#AmazonWishList A year's supply of Arran scotch, ta
SLOSH! Cops dethrone suspect - by tipping over portaloo with him inside
Talk about raising a stink and soiling your career
Ingredient found in TASTY BEER is GOOD for your BRAIN
You only have to drink 2k litres a day to see the effect...
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.