Friday, November 04, 2005

Sony software compromises security

I was reading this page on the Sony website.
http://cp.sonybmg.com/xcp/english/updates.html

Quote
November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security.
End quote

They claim that the secretly installed software does not compromise security.
This is an absolute lie.

The software they install causes any file, folder, registry key or process that is prefaced with $SYS$ to be hidden from view. What do you call that. Of course it is a compromise.

I just drop executables onto a machine that has played a Sony CD, that are name $SYS$malicious.exe and you and your AV software will never be aware of it's presence.

Every hacker and script kiddie in the world knows about it. Therefore any system with Sony DRM is susceptible to attack from this vector.

Wake up Sony.

2 Comments:

At 5:14 AM, Blogger Riky said...

Your blog is outstanding! Here's what a lot of people are searching for: scommesse calcio . Just scommesse calcio

 
At 5:16 AM, Blogger Rod said...

I was just browsing and found your blog. Very Nice! I
have a deer hunting equipment site. You can find everything about deer hunting equipment as well as info hunting rifles, scopes, bows, feeders, stands and more. Please visit, check it out and enjoy!
Rod

 

Post a Comment

Links to this post:

Create a Link

<< Home