Hackers Raid Sony's Playbook
Over the weekend, I was contacted by a Security Fix reader who spends a great deal of his time taking apart software applications to find security vulnerabilities (which he occasionally sells to security companies that use them to brag to their customers about how great their security products are, but that's another story altogether).
This young man told me that his current project revolves around the subject of the blog entry I posted last week regarding Sony BMG's anti-piracy program, which uses rootkit technology to hide its components from users and to defy removal from their PCs.
(I've agreed not to name this individual because technically his activities could be construed to run afoul of the twisted anti-circumvention statutes included in the Digital Millennium Copyright Act, violations of which have led to some pretty bizarre legal battles.)
I doubt Sony would be bold enough to invoke that law -- which makes it a crime to circumvent technological measures used to protect copyright works -- in this instance, but this situation illustrates how it can have a chilling effect on security research.
Anyway, this kid was so ticked off over Sony's tactics that he and a friend spent the better part of the last few days deconstructing the program and trying to find remotely exploitable security flaws in it. The guy said he hadn't yet found any, but judging from some of the other news coming out today, it sure looks like he's not the only one taking a closer look at the Sony software.
As I reported last week, Sony issued a "patch" to unhide the files cloaked by its anti-piracy program (and to exert some damage control on a public-relations nightmare). But according to new research by the guy who discovered what the Sony program was up to -- Sysinternals' Mark Russinovich -- Sony's patch can lead to a crashed system and data loss.
The folks at Computer Associates also looked into the patch, and found that "it has a broken uninstall that removes the rootkit in a way that can cause Windows to crash." CA also confirmed Russinovich's latest research, which found that the music player software that ships with the protected CDs "sends the names of the CDs a user is listened to, along with the user's IP address and listening habits back to Sony without permission from the user."
At any rate, this type of swift reaction to corporate malfeasance (perceived or actual) is common in the security research community, and we saw it in action earlier this year when Internet Security Systems and Internet router maker Cisco Systems sued former ISS researcher Mike Lynn to prevent him from disclosing the details of a serious security hole in Cisco's products, which are responsible for routing a large portion of the world's Internet traffic.
Within hours of news that Lynn was fighting a temporary restraining order, many in the security research community went ballistic, with several groups working overtime to try to reproduce Lynn's work and release a program that would allow attackers to exploit the flaw (Cisco finally issued a patch just last week for the flaw Lynn discovered).
On a related note, several news outlets are reporting that Lynn has landed a job with Sunnyvale, Calif.-based Juniper Networks, Cisco's chief rival.
November 7, 2005; 1:35 PM ET
Categories: From the Bunker , Piracy
Save & Share: Previous: Microsoft to Bundle Anti-Spyware App With Windows
Next: Microsoft Patches Windows Image Problem
Posted by: M Henri Day | November 7, 2005 1:59 PM | Report abuse
Posted by: Damian | November 7, 2005 2:14 PM | Report abuse
Posted by: SmartITGuy | November 7, 2005 2:49 PM | Report abuse
Posted by: David B | November 7, 2005 3:47 PM | Report abuse
Posted by: kamal | November 7, 2005 4:27 PM | Report abuse
Posted by: Pittsburgh | November 7, 2005 5:28 PM | Report abuse
Posted by: dfgdf | November 7, 2005 7:58 PM | Report abuse
Posted by: Chris Wysopal | November 8, 2005 10:13 AM | Report abuse
Posted by: Mikko | November 8, 2005 12:58 PM | Report abuse
Posted by: Anon | November 8, 2005 2:33 PM | Report abuse
Posted by: Sowitki | November 8, 2005 3:57 PM | Report abuse
Posted by: Shane | November 9, 2005 3:09 PM | Report abuse
Posted by: Xylo | November 15, 2005 8:42 AM | Report abuse
The comments to this entry are closed.