Network News

X My Profile
View More Activity

SunnComm Patches Flaw in Its Sony Software

SunnComm Technologies, a company whose software was bundled with several million Sony BMG music CDs in a bid to keep them from being duplicated, has issued a software update to fix a dangerous security hole in roughly 6 million CDs.

Last month, security researchers discovered that anti-piracy software installed by at least 52 Sony BMG music CD titles contained security flaws that could let attackers infiltrate computers running the software, which was installed automatically when users inserted the CDs into their Windows PCs.

Sony later issued a software patch to fix the problem, but it soon became apparent that the patch itself visited even more serious security problems on affected machines.

Researchers at ISEC Partners, working with the Electronic Frontier Foundation (which has since filed a class-action lawsuit against Sony), found that the SunnComm software also contained a worrying security hole.

The past evening, SunnComm issued a software update engineered to help users rid themselves of the SunnComm software altogether. The uninstall tool can be downloaded from this link. One can only hope that SunnComm and Sony haven't managed to introduce new problems. EFF has posted more information on this whole problem here.

It's worth noting that neither Sony nor the British company whose flawed software sparked this whole debacle -- -- have issued an update that lets customers undo the damage wrought by the tool the companies issued to remove the flawed software.

It's also worth noting that it's not yet clear whether this latest patch addresses a flaw raised by researchers at Princeton University, who found a serious security hole in a previous uninstall tool issued by SunnComm.

Update, 8:30 a.m. ET:A reader correctly noted that this flaw patched this week by SunnComm addresses an issue discovered by ISEC Partners, not by the Princeton researchers. The above text has been corrected.

By Brian Krebs  |  December 7, 2005; 12:10 AM ET
Categories:  Piracy  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Document Security 101
Next: Latest Sober Worm to Spawn Nazi Hate E-Mails



I believe the link you posted to the NEW Sunncomm vulnerability is incorrect. This issue was not discovered by the Princeton researchers, but by a security firm called iSEC Partners working with the EFF. The proper address for the vulnerability information is here:

Posted by: MusicFan | December 7, 2005 1:52 AM | Report abuse

Thanks MusicFan. The blog has been corrected to reflect that. Jeez, it's getting difficult to keep these Sony anti-piracy flaws straight.

Posted by: Bk | December 7, 2005 8:56 AM | Report abuse

I'm trying to uninstall so I can listen to DMB's Stand Up but when I click the link to the MediaMax REmoval Tool, the screen says: "Please wait for a message box to pop up and let you know the uninstall has completed, before closing this browser window.

If you receive an error message, please contact SunnComm Tech Support with the message you received." Nothing is happening. Is the link incorrect?

Posted by: Daedalus | December 7, 2005 10:44 AM | Report abuse

Are there different version of the MediaMax software in use? Seeing there are several more titles like Dave Matthew's Band and the Foo Fighters on SunnComm's own list of CDs on thier tech support page. Because I thought that list Sony is publishing a bit short.

Posted by: kosmo vinyl | December 7, 2005 3:10 PM | Report abuse

When Sony announced they were halting production of CDs with copy protection, did this include the use of both the MediaMax and XCP software?

As I was wondering if writers an any responsibility to consider whether a CD has copy protection on it when doing album reviews or year end lists. Seeing as the My Morning Jacket CD "Z" is getting such rave reviews, it will surely land on a number of best of lists. Appearence on such lists may stir sales which then potentially expose unsuspecting buyers to the MediaMax DRM software on it. Should an album be excluded from a list if it is copy protected, or a latest a disclaim attached to it by the author? Or is this unfair to the artists who have DRM software added out of their control.

Posted by: kosmo vinyl | December 7, 2005 5:08 PM | Report abuse

This is precisely why I do not buy music from companies like this. Music on the market today for the most part is so inferior to what used to be out there, I have no desire to even tune into stations playing new stuff. I am not convinced the best artists are moving to the top on their merits. Companies like Clear Channel, Sony and many others promote what they want to promote the consumer be damned.

I will not risk experimental anti-piracy software, and I will not check out artists that come to us via modern day payola.

Posted by: Annica | December 7, 2005 11:47 PM | Report abuse

One can only hope that an end has been reached and that future fiascos can be avoided because of this ill planned software. Consumer backlash is well founded over this issue. As a computer owner, my rights to my property (namely my computer) must outweigh the profit scenario of corporate middlemen.

Posted by: Ken D | December 8, 2005 1:02 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company