Original URL: https://www.theregister.co.uk/2006/01/18/letters/

Sony Rootkit: electronic Black Death

DRM pandemic rattles readers

By Lester Haines

Posted in Bootnotes, 18th January 2006 13:34 GMT

Letters First up today from the Vulture Central mailbag is this, pointing out a shocking howler in this week's Chip and PIN story:

quote: ...coincides with the increased roll-out of the Chip and PIN scheme which requires card users to use a three-digit identification number... endquote:

Shurely shome mishtake? Four digits required. Three digits is the security code on the back of the card.

Yes, we're very sorry. The person responsible is, as is the local custom, now cleaning out the El Reg toilets with an old toothbrush.

Be afraid; be very afraid - the curse of the Sony BMG Rootkit continues to menace civilisation:

No surprise to me: the local big-box electronic store here, [name supplied], was/is still selling the Sony/BMG rootkit CDs. I asked the manager-on-duty/'associate' why they were still selling them, after telling him about the lawsuits, the risks to the law-abiding customers, the fact that on Sony Canada's website they had a list of CDs to be returned to the store for a refund, etc. "We didn't get a memo from our head-office" and "I'll ask the Sony rep. the next time he's here" were his replies. So I replied that, as per their policy, I'd be better off, security-wise, to D/L music off the net, than to buy music... Sigh.

Jeepers, I hope they don't wonder why I won't buy music there anymore, eh?

Interestingly, at the Sony Store, in the same shopping mall, a salesman told me that THEY had pulled all the rootkit CDs from their shelf (though, to be fair, music CDs weren't a major part of their displays).

Paul Renault

I work in a call centre on a technical helpdesk supporting customers of an ISP. If you so much as put in a CD, diskette, or any other storage medium, you will face at least disciplinary (if not dismissal) for potentially compromising the security of the network.

How the hell did this software get on military networks?


'The global scope is the big mystery here'

You do know that amazon has webshops in europe, that these shops have marketplace access, and that the euro/dollar change makes US silver discs attractive nowadays?

Nicolas Mailhot

From the article - "The global scope is the big mystery here," he said. "It is fairly likely that a lot of the discs were pirated."

All I can say is: Stab, twist. Repeat. :D

Simon Green

Uh, excuse me, but weren't those CDs supposed to be "protected" ? So, not only did Sony release a malware-infested rootkit CD, but it's so-called DRM did not keep the CD from being copied. Sounds to me like a pretty bad reference for whichever incompetent nitwit did that failure of a job. And I expect with great anticipation the obituary of First 4 Internet. I do not see how that "company" can possibly survive the fallout. It may not be entirely their fault (after all, who knows what the contract specified exactly, and what was intended to be made in the first place), but I have heard no good comments on them since their name appeared alongside Sony's. Learning that their DRM is copyable does not make things better for them.

Pascal Monett

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

So... increasing the risk of compromisation for a few hojillion government machines is perfectly all right, whereas tacking /../.. onto the end of a URL is considered evil computer terrorism which must be stamped on immediately lest it ever spread. My but what a world we do live in...


I thought you'd find it amusing that Sony comes up with ZERO hits when searching for rootkit on its site.


so it's not easy to get the patch , they have come up with!!



Blimey, it's like a zombie film. Only way to kill them is too shoot off the head.

Jules Lawton

Actually, that last one is not about Sony, but rather software patents, another long-running tale of woe...

Since there is no easy way to revoke patent grant rights en-mass, will the harmonisation be to reduce the scope to the most restricted regime? A patent right not granted is easier to give than take away, after all.

Mark Hackett

Never, ever email a job reference. That's the word from the UK's Information Commissioner's Office. Solid advice, too, apparently:

Well, at least the laws make more sense than here in Canada. Apparently, the courts here ruled that when you ask a (current or former) employer for a reference, you imply that you're asking for a good reference. If your boss gives you a bad reference, then the boss can be sued if you didn't get the job! Again, "apperently" -- this is about eighth-hand information...

Jason McKenna

Your article reminded me of a different approach to the same issue that was recommended by the university attorneys back in the olden days when I was an professor. These learned lawyers advised the faculty that if they had agreed to write a letter of "recommendation" (for a student or other employee), then it should not contain any criticism of the person being "recommended". The lawyers went on to say that if the faculty member was unable to abide by this limitation, then they needed written permission from the requestor to write a letter of "reference" or "evaluation", rather than a letter of "recommendation".

As I was on my way out of academia at the time, I found it worth a chuckle. At least in the business world people are honest about lying to you. ;-)

John D. McCalpin, Ph.D

Last Friday was the 13th. A bad day for walking under ladders, but a good day for Greenpeace to issue a nuclear power station terrorist apocalypse warning:

You said; "Oh yes, and they're safe as long as someone doesn't deliberately crash an airliner fully loaded with fuel into them while screaming children hit the pebbled beaches of Cumbria."

Take a look at; http://www.nmcco.com/education/facts/security/crash_analysis.htm

Also, all PWR (Pressurised Water Reactors) like Sizewell B are designed to withstand an impact from a commercial jet at full speed with a full load of fuel. Many of the UK's ageing Magnox reactors are not though, so perhaps we should be shutting down our outdated designs and using something a little more modern than a 1950's design. ;-)

Either that or we can all go back to the 17th Century like all these so called "Greens" seem to want us to do. Back to a life expectancy of maybe 45 years, back to dying of smallpox, back to living your life out no more than a few miles from where you were born. Nah, it'll never happen. Most of them couldn't live without their i-Pods and environmentalist sloganed T-shirts. <LOL>

George Garratt

Is it not also worth pointing out that someone crashing a jumbo jet full of radioactive waste *and* kerosene into pretty much any mildly populated area would have precisely the same effect, and that the stuff isn't really hard to get hold of?

Rob Moss

To wrap this up - the shocking news that Jesus would certainly pack his iPod with Christian Rock:

Jesus would not need an IPOD because being God who walked on earth He is the author of life and music.

Daniel Kinsman

You sure that was "Christian Rock", and not "Chris Rock"?

Steve Shockley

Yes, we're pretty sure about that.

Equally unsurprising was the absence of "Black Metal" and "Death Metal" and "Melodic Black Death Metal" from both your article and the poll it discussed. What's become of Christians these days?

Matthew Roche

"For the record, today's survey on Beliefnet asks: "Would you use prayer to ward off bird flu?" Nope, we'd use Tamiflu to ward of bird flu, and prayer to ward off Christian Rock. So now you know."

To which I say, "Hells yes!"


Jason Milwaukee, Wisconsin USA

I believe you are quite incorrect here, as even the most devout of Christians have no defense against a Christian Rock pandemic, and would in fact pray to get bird flu if such a travesty did infect their iPods.

Andy Bright

Why would you ward off Christian Rock with prayer? I can assure you this, if you ever have a chance to see the Newsboys or Audio Adrenaline live, you may change your mind about Christian Rock. The Message is there, and the concerts are awesome. Every knee will bow and every tongue will confess that Jesus Christ is Lord. This includes you.

Ron V

Thanks, Ron - I look forward to it. More silliness Friday. ®