Forgot your password?
typodupeerror
Sony Privacy Security Software

Bad Day To Be Sony 812

Posted by Zonk
from the who-needs-customer-loyalty dept.
Not only is Sony no longer selling the RootKit CDs, Arend writes "According to a USAToday article, Sony is to pull their controversial rootkit CDs from store shelves." A nice gesture, but a little late. bos writes "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks, according to an article by Quinn Norton for Wired News. Dan has even put together some pretty pictures of the breadth of the infection." With so many people infected, it's unfortunate that wiredog writes "From The Washington Post comes the news that serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit. The article says: 'Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes.'" Oops. Even Microsoft is getting into the act. ares284 writes "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."
This discussion has been archived. No new comments can be posted.

Bad Day To Be Sony

Comments Filter:
  • How to boycott? (Score:5, Interesting)

    by dada21 (163177) * <adam.dada@gmail.com> on Tuesday November 15, 2005 @03:53PM (#14037254) Homepage Journal
    I'm not a "boycott!!!" kind of guy. When I was younger I used to be, but no one ever stuck to it. This "error in judgement" is definitely something that I am adding to my (really small) short list of company-groups I won't buy from. I already won't buy CDs without the "CD" logo. I won't buy Sony TVs or receivers for the last 4 years because of their terrible support policies. I won't buy anything from Menard's either. And now Sony music CDs are permanently out.

    How do those who are active boycotters stick to it? Do you actively pursue telling others, or is it just a "one person, one dollar, one vote" kind of life lead?

    I could care less if other people want to support Sony artists or Sony products. All mercantilistic (using government to acquire wealth) corporations are bad, but that doesn't mean that every business is bad. Sony has actually been one of the least mercantilistic corporation I've tracked over the years, but their releasing of items without proper quality control is what kills them time and again.

    And I believe that is the problem with this rootkit. Sony didn't test it properly. If they had tested it properly and kept it within its own little world on a customer's PC, I don't think the fallout would have been so excessive. They didn't test the product, they relied on the customers to do so. Luckily for Sony, the customers weren't happy and were vocal about it.

    That is the free market at work. People unhappy about a company or a product have much more of a voice with the web being so readily available. The more the Internet allows billions of citizens to align on different issues, the more we'll see that a free market "democracy" is better than a democracy built around the use of force.

    Vote with your dollars.
  • Wow... (Score:2, Interesting)

    by Premo_Maggot (864012) <nessnoop@gmail.com> on Tuesday November 15, 2005 @03:56PM (#14037295) Homepage
    the virus writers have done something good for us!
  • Get 'em good (Score:4, Interesting)

    by Anonymous Coward on Tuesday November 15, 2005 @03:59PM (#14037335)
    Go to http://cp.sonybmg.com/xcp/ [sonybmg.com] or http://cp.sonybmg.com/xcp/english/form14.html [sonybmg.com]

    Where it asks for the Artists name type in some diatribe

    Where it asks for the Album Title, type in more diatribe

    Where it asks for Store Name, type in yet even more diatribe

    Where it asks for email address try something that will cause them trouble such as uce@ftc.gov or some chronic antispammer advocate.

    This will hopefully force Sony to make the "patch directly downloadable." ...since Sony says over 2 million disks containing the rootkit have been sold, that puts them under the gun for roughly U.S. $150 billion in damages :)

    Perhaps the copyright owners could offer to settle: have Sony repay all of the people who have been extorted for money because of filesharing (double for damages), and promise to stop all such activities in the future. That would only run them about $100 million, so it would be quite a deal.
  • by dada21 (163177) * <adam.dada@gmail.com> on Tuesday November 15, 2005 @04:00PM (#14037342) Homepage Journal
    I use a PDA Phone to browser /. and type everything into MS's PDA version of Notepad. Then I copy and paste it into /. so I don't lose my comment from one of the billion reasons I have in the past.

    I subscribe because it allows me to read the articles before they're /.d by the mass onslaught of others when the article goes live. The $10 a month or whatever I pay is well worth the consideration I receive from other regulars here, and has been very helpful in composing my views and thoughts on certain subjects. Yeah, the signal to noise ratio gets worse and worse here every day, but /. has probably increased my online reading rate at least 300% over the years, so it balances itself out :)
  • NOt to change your mind or anything, I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other.
    So the same people who make decisions for the music products are not the same people who make decisions at the playstation divisions .

    From what I hear, there is some pretty intense inside fighting going on between the people who make mop3 players, and the music division.

  • by Zocalo (252965) on Tuesday November 15, 2005 @04:03PM (#14037378) Homepage
    When the say "remove the rootkit CDs from the shelves" they mean just that; "rootkit CDs" specifically meaning those with "XCP-Aurora" installed and not with any other kind of DRM they are currently shipping. I wouldn't be at all surprised if they are even going to extend that to the specific version of "XCP-Aurora" people are complaining about on those CDs already known to contain it.

    What a shame that Scott Adams' "Weasel Awards" [dilbert.com] for 2005 have already been awarded. There's always 2006 I suppose, but this will probably have been long since done and dusted by then... unless it's still churning though legal systems in the US and elsewhere of course.

  • Silver Lining (Score:3, Interesting)

    by happymedium (861907) on Tuesday November 15, 2005 @04:04PM (#14037393)
    DRM is poised to intrude on our lives even more in the form of the HD-DVD/Blu-ray copy protection, Windows Vista, and the digital TV broadcast flag... isn't it about time Slashdot's least favorite acronym (besides SCO perhaps) got some bad mainstream press?

    This Sony incident could help convince consumers and businesses alike that intrusive DRM is a bad idea.
  • by the eric conspiracy (20178) on Tuesday November 15, 2005 @04:04PM (#14037398)
    "Paging Eliot Spitzer, Paging Eliot Spitzer, Mr. Spitzer white courtesy phone..."

    To me the biggest surprise in this saga is that he hasn't been all over this.

  • Re:Bad Day for Sony? (Score:1, Interesting)

    by ^me^ (129402) <`michael.joseph. ... `at' `gmail.com'> on Tuesday November 15, 2005 @04:04PM (#14037403) Homepage
    good? their minidisc stuff was terrible. Their computers are gimmicky. memory stick was just a year early of every other freaking memory card onthe planet. ATRAC3? yeah ok, that's trash. the last time they did anything truly useful was the walkman.
  • by Daniel Dvorkin (106857) * on Tuesday November 15, 2005 @04:05PM (#14037406) Homepage Journal
    ... for a political maneuver where you first propose something so outrageous that it's sure to get shot down, and then withdraw the proposal and advance something only slightly less outrageous? Like, let's say Senator Boughtandpaidfor introduces a bill requiring the death penalty for anyone who cracks a copy-protected CD, and when that gets the desired uproar, he says, "Oh, okay, let's compromise and make it fifty years in prison instead" -- and that bill passes because it's more "reasonable."

    Which makes me wonder what Sony's got coming next.
  • by dada21 (163177) * <adam.dada@gmail.com> on Tuesday November 15, 2005 @04:08PM (#14037441) Homepage Journal
    I'm not Marxist, in fact, as an AnCap I am the opposite of an Marxist.

    I'm not young (31) and have been writing from a pro-market anarchism persepective for over 8 years.

    Roads, bridges and schools can be much better built, maintained and managed by the free market of competition than by the force/coercion market created by government and the cronies of government.

    Lincoln's War Between States was fought to create a mercantilistic country out of a free market country (not slavery as many people believe). Since the War, our country has slid into a really bad Warfare-Welfare State, focused on disposing the middle class workers of their income and giving it to the wealthy elite in control of the monopolistic use of force.

    I study at last 40 hours a week the various documents that help me reinforce the views I hold dear to me. Slashdot is a great outlet for finding other people with similar beliefs who just don't know it, as well as getting a great peer review system that helps me find my mistakes. Even those on my "Foe" list give me some amazing insight into mistakes I make in my rants and recommendations.

    If you're interested in why government is bad for roads, bridges and schools send me an e-mail.
  • Re:How to boycott? (Score:5, Interesting)

    by enraged78 (931288) on Tuesday November 15, 2005 @04:12PM (#14037492)
    I myself have been boycotting CD's produced by the any label associated with the RIAA for the last three years. I have not purchased any CD's for myself, or as gifts for others. I do not plan to do so until three conditions are met. First, artists are properly compensated for their music. By properly compensated, I mean more than a nickel a disc, which works out to less than that due to 'questionable' accounting practices. Second, that that RIAA ceases all current lawsuits against users who "illegally" downloaded music, and returns all moneys garnered from users who "settled" with the racketeering, um, I mean consortium. Third, that the RIAA cease to destroy both public domain, and fair use policy. In order for the public to respect the RIAA's property, the RIAA needs to stop illegally extending copyright by purchasing politicians. Oddly enough, all this purchasing power seems to stem from the 12-18 year old market. That same market does not possess the ability to vote, and I find it rather strange that all their hard earned dollars are being redirected towards buying our public officials for the highest dollar. Sony products in general will no longer be purchased by me until these and many other wrongs are rectified. Their policies are criminal, their once good hardware products are now sub-par, and their greed is insurmountable. This is no longer a free market question. This is now a corporation buying legal power to function as a makeshift mob. I for one will not stand for it by purchasing thier products.
  • by Anonymous Coward on Tuesday November 15, 2005 @04:12PM (#14037496)
    If practically every kid who cracks into some network gets jail time; how about some criminal charges against whomever the idiot in Sony that approved this.


    Seriously - if some company hires a hitman to do illegal stuff they get in trouble. Why can Sony hack my network without any repercusions.

  • by Anonymous Coward on Tuesday November 15, 2005 @04:16PM (#14037531)
    From TFA: "Microsoft said it would remove ... copy-protection software


    That's a clear DMCA violation.

    If DVD John gets in trouble for less, surely whomever at Microsoft decided to do this should suffer the same.

  • Re:How to boycott? (Score:5, Interesting)

    by SoCalChris (573049) on Tuesday November 15, 2005 @04:17PM (#14037542) Journal
    I quit buying Sony crap over a decade ago. I used to buy their products more often than other brands, because they used to be higher quality. Then, I had a string of high end Sony items go bad (Usually within about a month of the warranty expiring).

    I had a Sony cell phone (This was when cell phones were first starting to come out, and were about the size of a brick). It was several hundred dollars. I went through 7 of them before the warranty expired, and I finally replaced it with another brand. I had a laser disc player whose drive motor kept dying. I had a boom box whose tape drive never worked right, even after sending it in for work several times. Then I had a Sony AV receiver, that one day decided not to turn on, unless you picked it up a few inches and dropped it. After that string of bad products, that Sony wouldn't stand behind, it was easy for me to stop buying their crap.

    I don't actively try to dissuade people from buying Sony stuff, but if asked my opinion, I will gladly tell people about my experience with them.
  • Re:Hey Dan (Score:3, Interesting)

    by ryanr (30917) * <ryan@thievco.com> on Tuesday November 15, 2005 @04:17PM (#14037544) Homepage Journal
    Yup, I thought I had finished reading the article, but I had gotten distracted and didn't read that far. My fault.

    I was hoping that Dan had done some remote scanning. When I looked at the rootkit, I noticed that it registered a named pipe, which ought to be remotely reachable, and probably exploitable.
  • by threaded (89367) on Tuesday November 15, 2005 @04:30PM (#14037682) Homepage
    Was not the software used by Sony written by a UK limited company? Is not the commissioning and construction of such software illegal under UK law? (Computer Misuse Act 1990)
  • by Rude Turnip (49495) <valuation@gmail. c o m> on Tuesday November 15, 2005 @04:31PM (#14037692)
    Let's look at this from the stockholder's point of view, as well as the customer's. If that type of conflict of interest exists between Sony's divisions, then that is telling me that management is *not* maximising shareholder value because the music division is harming the Playstation division by reducing the utility of the Playstation console.

    That tells me that the only way to increase shareholder value is to break Sony into at least two companies: the entertainment division and the electronics division. Each division will then float on its own merits without impeding the other.

    In a nutshell, we can add Sony's own *shareholders* to the list of people that are getting screwed by the management. My prediction? Look for a shareholder suit against the Board of Directors within 3 years to break Sony into two companies.
  • by Daedala (819156) on Tuesday November 15, 2005 @04:31PM (#14037695)
    These CDs have been out since mid-2004, according to Sony. Why hasn't this been noticed? Were they all bought off?

    This is what really disturbs me. Not "What was Sony thinking?" -- businesses can be really stupid. Not "How could they do this?" -- businesses can be really evil. Shit happens. Get over it. Bad security happens, whatever.

    However, I did have some trust (not much, but some) for the anti-malware establishment. I'm in infosec; I believe that even in the biggest and stupidest infosec company, there will be people with the hackerish instincts (i.e. lower-than-average sense of self-preservation) to blow the whistle. However, the failure of all the big anti-whatever companies to notice and/or do anything about this, with full year of lead time, demonstrates that they are incompetent at best, unethical at worst.

    I don't care, personally; I use a Mac. It's not a security panacea but it's a pretty darn good line of defense. Professionally, however, I feel downright ill.

    Kudos to F-Secure and Sysinternals. Where the hell were the rest of them?
     
  • Re:How to boycott? (Score:1, Interesting)

    by Anonymous Coward on Tuesday November 15, 2005 @04:32PM (#14037705)
    Why is utilizing government to acquire wealth bad?

    Because it has to come at someone else's expense. Government really is a zero-sum game, something that's not true of markets in general.

    To bring this wildly-veering thread back on-topic, a great example of mercantilism would be the DMCA. Corporations such as Sony can't compete in a fair market where consumers are informed and capable of actually making full, fair use of the products they purchase... so they lobby the US (and other) governments for laws that extend the limited monopoly of copyright into the effectively-unlimited realm of usage rights.
  • by Anonymous Coward on Tuesday November 15, 2005 @04:33PM (#14037715)
    I expect ANY program that runs in MY computer to follow specific rules when I allow it to live and run on my system.

    I don't mind copy protected software or CD's as long as it don't "plant nasty eggs" in my system, or violate my security by forking "root" access. I will NEVER allow any program to run at that level, except when it's a store bought program and needs root to install. But to hear a CD, and allow that CD to "root" by system is going way too far... SHAME ON SONY... SHAME ON ANY COMPANY THAT SECRETLY ROOTS MY MACHINE WITHOUT MY PERMISSION...

    I Think we all should by boycott sony... I live here in the heart of the entertainment industry (LA area), and am "exposed" to a lot of entertainment types from all levels, and even they have totally condemed SONY for their greedy practices.

    j
  • by anthonyclark (17109) on Tuesday November 15, 2005 @04:35PM (#14037723)
    I used to work at Sony back in the UK. The divisions are set up semi-autonomously, the thinking being that competition is good for innovation. Problem is, anything you think of that slightly invades the 'territory' of a more politically powerful division will be denied funding or just cancelled without explanation.

    Bitter? Why yes I am, thank you for asking.

    I worked project support for a great team of engineers who had some amazing ideas way ahead of their time. Can they use PS2 hardware? Write DVD related software? Other video related stuff? Nope. All because of inter-division competition. (I was intentionally vague on the those project descriptions) Then there's the snobby attitude towards software; once a project I worked on was forced to use a very expensive piece of hardware to do something they were already doing in software. Quelle Suprise, Sony couldn't sell the software and eventually the project was canned.

    I really can't believe Sony has survived into the 21st century.
  • by hpulley (587866) <hpulley4@yaho o . com> on Tuesday November 15, 2005 @04:37PM (#14037748) Homepage

    Why reserve jail for just script kiddies?

    Luckily my tastes in music do not run parallel to the crap Sony pushes these days. I ran the rootkit remover and was pleased to see there was nothing to uninstall. But can I trust it? Hmm....

  • by Fnkmaster (89084) on Tuesday November 15, 2005 @04:42PM (#14037800)
    It seems related to a behavioral finance effect calling anchoring, which I believe was part of Kahneman and Tversky's Nobel-winning work. From Wikipedia:

    As a second example, according to Daniel Kahneman if an audience is asked firstly to memorise the last 4 digits of their social security number and then to estimate the number of physicians in New York the correlation between the two numbers is around 0.4--far beyond what would be expected by chance. The simple act of thinking of the first number strongly influences the second, even though there is no logical connection between them.

    Basically, people often don't have any absolute framework for judging what is reasonable in a particular situation, so their mind subconsciously focuses or anchors on the first number they see, even if there is no rational basis or relationship between the number presented and the judgment call being asked for.
  • by anandamide (86527) on Tuesday November 15, 2005 @04:43PM (#14037811)
    Did anyone look at some of the titles they chose to infect with this thing?

    Bob Brookmeyer - Bob Brookmeyer & Friends
    Horace Silver - Silver?s Blue
    Dexter Gordon - Manhattan Symphonie
    Ahmed Jamal - The Legendary Okeh and Epic Recordings

    Bob Brookmeyer???? Was Sony afraid of the cadre of L33t h4xx0r d00dz pirating their catalog of elderly jazz trombonists?
  • Re:buy second hand? (Score:2, Interesting)

    by forkazoo (138186) <(wrosecrans) (at) (gmail.com)> on Tuesday November 15, 2005 @04:43PM (#14037818) Homepage
    Except that by supporting the second hard market, you encourage others to buy first hand, because they will be able to get a more significant amount of cash when they move the product to the second hand market. You reduce the net cost of others to buy RIAA supported CD's. I haven't bought an RIAA CD in several years, now. I've bought a few local indie CD's.

    Either choose that pop-music is really important to you, or choose that it is wrong to support the RIAA. Trying to justify yourself by buying second hand is really just a way to make somebody else get their hands dirty on your behalf.

    I'm not trying to be a jerk, and I'm not saying you are a bad person. If you really do derive a lot of satisfaction from major commercial music, then that's your choice. I'm just saying that it doesn't make a lot of sense to try and convince yourself that you are really doing a good thing, just because you are only acting as an accessory to something which some consider bad.
  • by Jherek Carnelian (831679) on Tuesday November 15, 2005 @04:51PM (#14037871)
    All I can say is I am in the know with regard to such matters and you are so amazingly wrong it is unbelieveable. There may be EXTREMELY isolated cases of such Machiavellian security measures, but it has been my experience that music CDs are always making it into secured areas and being played on secure machines.

    This guy is NOT a troll. He is far more correct than the GP is.
  • A little harsh (Score:2, Interesting)

    by alanbs (784491) on Tuesday November 15, 2005 @04:55PM (#14037912)
    I have kept up with this saga of the Sony "root kit" and I think that the Slashdot-esque communities are reacting a little harshly to Sony.

    I think that once people started referring to the software as a root kit, it really crossed the line to some degree because even though technically it might have been, it was not exactly malicious in the way other root kits are. Once tech zealots got up in arms about this, news media covered it and adopted the same terminology. Of course all readers of this media are not tech junkies so they require definitions for terminology, and I think that reporters who themselves are not techies cannot do justice to the situation when defining technical things.

    Maybe this bit of trickery was deliberate, and well, I bet it was... I mean, not only is using a misleading discourse awesome, but it is also a blast to describe how to exploit systems with this "rootkit" and then even code up a proof of concept worm and let it free! After all, this is 1984 style, which is just wrong, so the end justifies the means, right guys, ... right?
  • by softcoder (252233) on Tuesday November 15, 2005 @04:59PM (#14037950)
    It's all very well for the biggies to hop on the 'We will remove it' bandwagon now, but why weren't they the ones to discover it in the first place?
    Groklaw has a nice essay on this, which reveals that these guys ALREADY KNEW what Sony was doing 8 months ago and turned a blind eye.
    In fact the maker of the rootkit (UK company) is on record as saying they consulted with Symantec to make sure that their rootkit would not be classified as a virus.
    The moral? The current PC/entertainment/gaming/recording industry is a scratch-my-back oligopoly.
    Go for FREE(as in dom) SOFTWARE while you still have a choice.
  • by Surt (22457) on Tuesday November 15, 2005 @05:00PM (#14037959) Homepage Journal
    Only if the copyright holder objects. Do you expect sony to object given the publicity in this case?

    There will be no DMCA challenge of the titans based on this incident, unfortunately.
  • by harl (84412) on Tuesday November 15, 2005 @05:01PM (#14037972)
    The rootkit modifies Microsoft's product so that it no longer performs as they wrote it. Does the DMCA prevents them from changing their own product back to how they shipped it? That's seriously fucked up. This is a battle I'd love to see in court.
  • Record Yet? (Score:3, Interesting)

    by Nom du Keyboard (633989) on Tuesday November 15, 2005 @05:03PM (#14037990)
    Are we at the record yet for most stories on consecutive days trashing the same company for the same beyond stupid bonehead move?

    Or are we simply waiting for their current management to fall on their sword when the post bad-will boycott sales figures arrive?

    My hope is that this will force companies to actually tell you what they've been able to hide behind the scenes and lawyers up to now.

  • Even better (Score:3, Interesting)

    by upside (574799) on Tuesday November 15, 2005 @05:06PM (#14038025) Journal
    Don't just wait for something like this to happen, make it so. I think the Sony rootkit debacle has produced enough media coverage to get support for some countermeasures. It's time to start putting through laws along the lines of:

    - Ban proactive DRM measures on content media. Permit encryption of data but ban executables on media that are supposed to be plain content.

    - DRM measures, either hardware or software, on general purpose playback systems (home computers, DVD players etc) may not hinder the playback of non-DRM content.

    - Create a labelling scheme, either mandatory or otherwise, for digital content that clearly tells the customer if the product
    1) Is encrypted or DRM'd
    2) Contains executables
    3) Requires registration
    4) Requires an Internet connection
    5) Requires payment beyond the purchase price
    6) Calls home, and what it does

    Comments welcome.
  • by StarsAreAlsoFire (738726) on Tuesday November 15, 2005 @05:07PM (#14038037)
    acronyms like DRM

    Digital Restrictions Managment.
  • Re:buy second hand? (Score:4, Interesting)

    by Anonymous Coward on Tuesday November 15, 2005 @05:07PM (#14038041)

    Personally I buy as straight from the artist as I can.

    Buy your music from allofmp3.com, then send an envelope with three or four dollars in it to the band. Join the fan club or whatever. Can there be a better way? Look at all of the benefits:

    1. Price. The net price will be far below what you'd pay for the CD. And if you decide the music sucks, just delete it and don't bother paying the band. You're only out ~$2.
    2. Convenience. Buy music at 2 am in your underwear, listen to it in minutes.
    3. Flexibility. No DRM and the music is already encoded in your choice of format at your choice of bitrate (including FLAC lossless, if you want).
    4. Artists get paid. More than if you bought the CD, actually.
    5. Labels don't get paid. Well, they do, but not much. Almost nothing, actually, and I think what they do get is a flat license fee that is independent of how much stuff allofmp3.com sells.

    Really, the only downside is the possibility that you're supporting criminals in Russia. But the other alternatives are supporting criminals in LA, or not buying music at all. And the Russian criminals in question seem to be very fair businessmen. I was impressed to see that when they tell you you're paying two cents per MB, they in fact charge you exactly $.02 for every 1,048,576 (2^20) bytes, and they calculate it to the tenth of a penny and don't deduct it until you've successfully completed the download.

  • Blame it on MSFT (Score:2, Interesting)

    by n6kuy (172098) on Tuesday November 15, 2005 @05:12PM (#14038088)
    for making it possible for Sony to do this in the first place.

    How do these "CD"s play in a normal CD player, or do they?

    I was pissed off at first when my SysAdmin disabled autorun on my new XP box, but now I am enlightened.

  • by DigitalJeremy (907237) on Tuesday November 15, 2005 @05:17PM (#14038128)
    ...and I don't trust Sony anymore...that's for sure.

    Now...with all the DRM crap etc about...why should I buy music from a big retailer such as Sony/BMG? I mean, OTHER than to support the artist(s).

    I want my money to support the artist's music I buy...but not like this. I don't want to support Sony or any other recording industry giant's "protective" measures.

    This is the digital age...we are all equals here. Meaning, it's relatively easy (at least in recent history) to DUPLICATE those zeros and ones on a CD (or DVD for that matter). Yet Microsoft befuddles the issue with DRM, and Sony causes worldwide loss of faith with a rootkit.

    Trust? /me doesn't.

    I'm not advocating piracy...I'm just saying it's far EASIER (and now...safer) to find and play that MP3 than any of the "legit" *cough cough* alternatives.

    I truly would like to see a less corporate model, in which the artist gets paid more fairly, and where artist and fan have a better relationship.
  • by AKAJack (31058) on Tuesday November 15, 2005 @05:18PM (#14038138)
    or blah, blah, blah.

    It's been over ten years since i've been in that business, but i'd be seriously surprised if there were locally mountable devices, or even ports (USB, etc) on TS machines. We had no floppy drives and removable hard drives in our Secret machines, plus they were all tempest hardened, plus in lockable cabinets (those who know, know what i mean). We only had a few areas where we could even work on TS docs, much less create them from scratch. Having a CD drive (even read only) seems like something a security officer would have jumped on as a "duh" very early on in any project. If you needed a CD it would be mounted as a share to a server in the "vault" and you would be granted access to it for the time you needed it. No personal electrical devices were allowed in any way, shape, or form so no radios, CD players, etc.

    I suppose if a contractor was lax this could all take place, someone could use the document blender to make margaritas, but in my experience there was no way to just pop in some disk or attach a device. I mean we didn't even have printers! They were locked up in the vault also and you had to sign for the number of pages you printed! This was just a SECRET rated facility (o.k., Secret with SAR, I'll give you that much). So be realistic. I could take CDs in all day long but they were only good as drink coasters.
  • by Anonymous Coward on Tuesday November 15, 2005 @05:19PM (#14038143)
    Warp records [warprecords.com] of aphex twin, squarepusher etc. fame have the right idea.. they sell DRM free high quality MP3s at cheap prices on their bleep [bleep.com] service, I wish the big record companies would just follow their example. If the big record companies can't give the public what they want, sooner or later they will cease to exist.
  • by paj1234 (234750) on Tuesday November 15, 2005 @05:19PM (#14038150)
    It's an even worse day to be Sony, in the UK. Today's newspapers have headlines like "Sony accused of Internet rip-off" and "End to online bargains as Sony forces prices higher".

    According to The Times, "the practice of charging different prices to Internet retailers and high street stockists -- known as dual pricing -- was started by Sony and has been followed by other manufacturers." Here's the article:

    http://www.timesonline.co.uk/article/0,,2-1872549, 00.html [timesonline.co.uk]
  • I love it.. (Score:2, Interesting)

    by bmantz65 (642864) on Tuesday November 15, 2005 @05:21PM (#14038174) Journal
    In order to circumvent piracy, they try to be sneaky and put this rootkit garbage on people's PC's whenever they PAY for the CD. Now they just got in a bigger mess and the result is that if you wanted to the "right" thing and buy a CD, you're at bigger risk if you wanted to download it. Hilarious.
  • Not just Van Zants (Score:4, Interesting)

    by whitehatlurker (867714) on Tuesday November 15, 2005 @05:22PM (#14038187) Journal
    The random sampling of copy protected CDs I just did on amazon shows a large number of similar messages. The word is getting out.

    I wonder if the backlash will be enough for all artists to do what the Flecktones did:
    "Frustrated when he bought a copy-protected Dave Matthews release and couldn't copy it to his Apple iPod, Fleck insisted that Sony not release his new album with such restrictions"

  • by Tsiangkun (746511) on Tuesday November 15, 2005 @05:23PM (#14038189) Homepage
    People infected with a rootkit should be re-imbursed from Sony Music for the cost of the removal service, provided by whom ever the person chooses to use to remove the kit.

      Rootkits are designed to avoid detection, and only an idiot would trust a company destributing rootkits to provide them with software to remove the rootkit. For all I know, they just changed the cloaking mechanism, and left the machine vulnerable to attacks, still running the rootkit.

      Shouldn't Sony pay the cost of having machines backed up, wiping and formating of the drives, re-install of the OS, re-install of the software, re-configure the software, and reimbursement for the time and productivity lost in the process.

      Right now the whole thing is being treated like a childish goof up and a big oops. Sony has installed rootkits, on personal machines and corporate equipment, and they should be paying for the equipment to be restored as deemed necessary by the owner. Simply giving a link to a download that claims to remove the rootkit is entirely insufficient.
  • by swillden (191260) <shawn-ds@willden.org> on Tuesday November 15, 2005 @05:23PM (#14038198) Homepage Journal

    I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other.

    Irrelevant.

    Not that the people working in the other divisions, who didn't make such stupid decisions, deserve to be punished, but the way to stop companies from doing crap like this is to hit them where it will hurt the top-level decisionmakers: their stock price. To do that, you have to damage their profits, and the best way to do *that* is to decrease their revenues by not buying their stuff. If Sony's stock takes a 20% drop as a result of some decisions by the entertainment division, the C-level execs will take action, and if they don't then the board of directors will, and if *they* don't, the stockholders will. If it gets nasty enough, no one in Sony will ever again dare to do something that has even the remotest possibility of bringing that sort of shitstorm down on their heads.

    Not that I believe a lot of "boycott Sony" shouting and posturing on slashdot will really affect their revenues noticeably, much less their stock price. But still, the theory is sound, even if follow-through is insufficiently widespread to make any difference.

  • Re:How to boycott? (Score:1, Interesting)

    by Anonymous Coward on Tuesday November 15, 2005 @05:24PM (#14038201)
    You live quite close to Dallas, see what a simple url can tell about you? I wonder if this will get worse as more of our personal information is shared in online transactions.
  • by TheLinuxSRC (683475) <slashdot@@@pagewash...com> on Tuesday November 15, 2005 @05:27PM (#14038241) Homepage
    Actually, I believe if you read the articles closely, you will see that MS is not removing the DRM functionality of the software. A subtle but important distinction.
  • by loose_cannon_gamer (857933) on Tuesday November 15, 2005 @05:30PM (#14038263)
    Just had to jump on here for a minute... Many of the posts today are what we, the 'enraged geeks of society' should do about Sony's practices. Might I suggest one -- post on slashdot.

    You laugh, but I call a recent article on Tom's Hardware into witness. The reason that the graphics card companies (nVidia, ATI) go so intensely after that performance crown is that the people who care deeply about it tend to be influencers -- I think the article claimed something like those graphics card companies can be assured of 20 mainstream target purchases due to the influence of one high-end customer.

    Point being, people here care, and deeply, about the stuff Sony has been up to, and in many of these markets, *we* are the influencers.

    If your company gets bad press on Slashdot, and you do technology, that's not just bad, that's very very bad, because for every post and every reader, there may well be 20 or more people who are going to stop doing business with you. And if you get repeated bad articles, over and over again, well, golly. This is only worse when there is a choice in the market, and for almost everything Sony makes, somebody else makes something like it.

  • Re:How to boycott? (Score:2, Interesting)

    by poopdeville (841677) on Tuesday November 15, 2005 @05:47PM (#14038412)
    It's a real shame that you've had bad experiences with them. This is one (relatively minor) reason why conglomerates are bad for the consumer. Sony owns something like five audio equipment firms, most of which are crappy. Their boutique audio firm is actually really good. But they all get a bad rap since they can't differentiate themselves. The same thing goes on in the video market.

    OK, that's not exactly right. Their plain old consumer line used to be decent, but quality has slipped in the last 10 years. Basically, if your AV receiver has a useless LCD interface or other gimmicky shit that appeals to upwardly mobile young people, you're gonna get reamed. Their lines get progressively better until you hit the Broadcast line of equipment, and finally their Boutique line. But you do pay a premium since these things are produced on a much smaller scale (and with better components)
  • by CharimanMeow (931331) on Tuesday November 15, 2005 @06:19PM (#14038722)
    I've had a Vaio for years and loved it. I may be a rare breed in this regard. Because of my experiance with this computer, I've bought a lot of other Sony products. No more. They lost me. The next laptop I get will not be a Sony, the same goes for cameras, music, etc. Man, it seemed like they were just beginnnig to get their act together...then this.
  • by aztektum (170569) on Tuesday November 15, 2005 @06:23PM (#14038763)
    Last I checked the PS3 is going to ship with Blu-Ray which is filled with its own DRM restrictions, so essentially his "broad generalization" is fairly accurate IMO.
  • by PagosaSam (884523) on Tuesday November 15, 2005 @06:30PM (#14038821)
    I just sent this comment to Amazon...

    This product violates Amazon.com's policies.

    "Items that infringe upon an individual's privacy. Amazon.com holds personal privacy in the highest regard. Therefore, items that infringe upon, or have potential to infringe upon, an individual's privacy are prohibited. Additionally, the sale of marketing lists (bulk e-mail lists, direct-mail marketing lists, etc.) is prohibited."

    Sony'd DRM rootkit violates my privacy by "phoning home" to report on my computer's usage. These products should be banned from further sale, imediately!
  • by Dragoonmac (929292) <Dragoonmac.gmail@com> on Tuesday November 15, 2005 @06:49PM (#14039024) Journal
    3 words
    HD-DVD vs. Blue-Ray

    Why else would Microsoft violate copyright law when they're already in Anti-trust hot water? Because it makes them look like friggen Angels when compared to Sony. With people boycotting sony product, and two different data formats pending, HD-DVD, from the company that doesn't put a rootkit on your PC is going to be a much more appealing bet.
  • by Sycraft-fu (314770) on Tuesday November 15, 2005 @07:11PM (#14039251)
    I'm sure there are people who post on Slashdot who really have worked in facilities doing classified work. Hell the guy who sits across from me at work was cleard TS/SCI when he was in teh Ariforce years ago, and one of our student employees actually has active secret clearence for his internship.

    However, for every person on here who legitmately knwos what they are talking about, you have someone who's just making shit up. They want to appear "in the know" and believe they really know how it is, because they heard a story somewhere or something like that. However in the retelling, they pretend like it was them, because of course it makes them seem to be more knowledgable on the topic.

    I've had lots of people tell me how things work in regards to secret data, however most of the people doing the telling, I know for a fact have never worked in such a facility. So what they are saying may be based entirely on fiction.

    As always, take what you hear on Slashdot with a grain of salt.
  • by seabreezemm (577723) on Tuesday November 15, 2005 @07:28PM (#14039411)
    This type of tactic that was used with this virus ware is nothing new for Sony. It wasn't a simple mistake or an accident or simple bad judgment. Sony has a long history of this type of strong arm tactics in almost every branch of the company. Another example in particular is the SOE entertainment branch that runs Everquest and Everquest 2. Throughout the game of Everquest Sony placed spyware on machines in a form that captured user specifics about their computers, connections, and names, credit card information and other personal data. When confronted about this collection of information on the Everquest players they quickly turned tail and ran into the legal jungle of vague response and said it was needed to properly manage the game environment and accounts. This of course was complete garbage. It was a campaign to collect, sell and profit from this data. To this day that data collection continues according to the very EULA they force you to agree too in order to play any of the games they now operate. Not only did Sony collect data and lie about its purpose but they also actively engaged tactics to force players into huge fees to simply be able to allow the players to be able to sell the very software they had already purchased. This is just one of more then 20 easy to find examples of Sony's business model that exploits abuses and damages the public's security, welfare and privacy.
  • by Seraphnote (655201) on Tuesday November 15, 2005 @07:35PM (#14039466)
    Have they publicly acknowledged they did wrong?
    Have they fired the executive who approved this idiocy?

    Sony will need to do this if they ever want my business, my family's business, or my employer's business again. And this includes EVERYTHING SONY.

    Why should a corporation who does this to their customers, have customers?

  • by Anonymous Coward on Tuesday November 15, 2005 @07:52PM (#14039615)
    I, for one, have written the USDOJ and upon a little research have found someone that I will vote against in the next appropriate election: Orin Hatch. I live in Utah, and I hate to admit, I'm one of the people that voted for him last time but that was before I read this: http://www.wired.com/news/politics/0,1283,59305,00 .html [wired.com]

    Yes, it is an old story, but he seems to be advocating what Sony has done. I only stumbled upon the article because I googled "Orin Hatch contact" to send a letter to him like I sent to the DOJ, but now I won't bother. As sick as I feel for voting for him in the first place, I a) will not make that mistake again and b) will tell everyone who will listen (especially those in Utah) how I feel about it.

    Below is my letter to the DOJ. I urge others to write letters to whomever they feel would be appropriate. I hope this gets modded up enough for people to notice it and learn about Mr Hatch and his evil ideology.

    JazzLad
    (PS - Sorry I'm not logged in!)

    **** Letter to DOJ follows ****

    Dear Sir or Ma'am,

    Thank you for taking the time to read my email. I know you are busy, so I will keep it brief. I am not a lawyer, politician, or any other important person, I am just a common ordinary American with a concern. I am concerned about the recent actions of Sony BMG. I do not feel that any corporation, regardless of their size, should be allowed to install 'back door' programs on my computer. I also believe that persons or corporations that do so should be sufficiently punished so as to deter them from attempting the practice in the future. I am not after any money, I am merely maintaining my privacy. Further, this particular case frightens me to the extent that terrorists can use the back door (http://antivirus.about.com/od/virusdescriptions/p /sonystinx.htm [about.com]) to use my computer (and other computers) to plan attacks, communicate and other things that I honestly do not want to think about. I am a careful computer user. I do not download email attachments. I do everything in my power to not have software installed on my computer that could be bad. I thought I could trust a company as large as Sony.

    Please help a powerless citizen send a message. Please use your power to keep my computer safe. I am but one person, but my situation is shared by millions of fellow Americans.

    I sincerely thank you for your time.

    [signed with my name, address and phone number]
  • DMCA anyone? (Score:3, Interesting)

    by cryogenix (811497) on Tuesday November 15, 2005 @08:01PM (#14039691)
    I'm all for MS removing the rootkit, but doesn't Sony now have grounds to go after anyone that makes a tool to remove this under the DMCA? I suppose they could waive rights to it or such... I'm kind of hoping they do so that DMCA proponents can watch in horror as the worst of all possibilities come to fruition. Perhaps we can then look at getting rid of that legislative piece of trash.
  • by mckennage (875295) on Tuesday November 15, 2005 @08:32PM (#14039888) Homepage
    I hope Sony feels the pain on this one. Maximum damage.

    Here are a few ideas:
    1. Spread the word: tell friends, post in your blog, etc.
    2. Boycott Sony products: no PS3, no PSP.
    3. Legal retribution: file criminal charges, lawsuits, etc.
    4. Warn customers and vendors: rate Amazon products, notify the BBB, etc.
    5. Warn the artists: tell them they are losing your purchase and why
    6. Notify Sony: call, write, and email to complain

    I've written up more details at http://henage.net/dan/security/sony-rootkit.html [henage.net]
  • by Anonymous Coward on Tuesday November 15, 2005 @08:47PM (#14039997)
    I called, it was just an answering service. they said to go to the web site: http://cp.sonybmg.com/xcp/ [sonybmg.com] (don't bother, there isn't any information there). I asked if they would repair my computer. she said i could try sony repairs at 800 222 7669.
  • by Kenrod (188428) on Tuesday November 15, 2005 @09:24PM (#14040216)

    Spitzer's usual tactic is to threaten corporations with civil or criminal suits, then agree to drop/reduce charges if the corporation will pay large fines/reparations, admit some form of wrongdoing, and/or make some significant public contribution. Guilty or not, most corporations will settle out of court rather than suffer the bad publicity, spend millions on lawyers in court, and possibly be found guilty anyway by a jury that has to weigh enormously complex law vs a big Evil Corporation.

    It's very telling that when Spitzer does get someone in court, he usually loses. He is much less interested in correctly prosecuting the law than in generating PR for himself.

    If Spitzer were truly interested in making corporations pay, he would refuse to settle the big cases, drag companies into court, and really make them pay (and establish good legal precedent so other corporations would shape up).

  • by romerom (151264) on Tuesday November 15, 2005 @10:10PM (#14040442) Homepage
    Why shoudln't the same rules applied to black hat hackers who compromise and exploit the security of systems be applied towards sony executives? They should really make an example out of these guys so that other corporations and even spyware makers won't attempt anything like this EVER AGAIN.
  • by Schemat1c (464768) on Tuesday November 15, 2005 @11:31PM (#14040853) Homepage
    Capitalism - in it's true form that dada is trying to distinguish - is one that leads to life.

    Or maybe just a slower form of death. Capitalism seems good to us in the western world but spreads poverty and hopelessness to the third world countries that get exploited because if it. In the long run I believe it is unsustainable. It's like an organism feeding off of it's own body, eventually the entire body will die. I wish I had an alternative system to offer but due to the greed and selfishness of most humans I don't think any system has a snowballs chance in hell of working.
  • by Anonymous Coward on Wednesday November 16, 2005 @01:01AM (#14041238)
    Seeing as how Sony has been so forthcoming and apologetic about this whole fiasco, I'm sure that an amicable call to customer service will be a great help.

    Seriously, the DRM is so bad that Switchfoot, one of their own bands, posted instructions on a Sony music forum on how to use CDEX to circumvent it.
    Somehow, that post disappeared.
    Somehow, the Google cache of that post disappeared.
    Somehow, a CNN article citing that post disappeared!
    Strange things are afoot at the Circle K.

    The only way to remedy this heavy handed behavior is criminal prosecution. Sony is getting sued for distributing this software and they can't even try to mitigate the damage to their image? A company that clueless won't respond to anything more subtle.
  • by Kaenneth (82978) on Wednesday November 16, 2005 @03:24AM (#14041743) Homepage Journal
    I worked in a county office as a sysadmin, and while I didn't have detailed schematics for stealth bombers, I handled payroll/personnel data for jail guards, judges, prosecutors... I brought in my own music CD player even though I could have polayed them my machines CD-Rom, because I believed in keeping personal things out of government equipment. Now, thinking of other departments... Bus Schedules, you could phone in an listen to recorded bus schedules, something that messes with audio could hose that. The county hospital, people have died from bugs in radiology software, as well as patient records. Court records, crime Victim/witness information. Computer controlled sewage equipment...

Brain fried -- Core dumped

Working...