Friday, November 18, 2005

Sony rootkit debacle. TImeline and rundown to date. HUGE but necessary post. (modified from BB)


Sony anti-customer technology roundup and time-line

Details about he revelations relating to Sony's DRM systems, which show jaw-dropping contempt for their customers, for copyright law, for fair trading and for the public interest.

Oct 31: Sony DRM uses black-hat rootkits
Mark Russinovich, a security researcher, discovers that Sony has been sneakily installing "rootkit"-based DRM on their customers' computers. Rootkits are black-hat hacker tools used to disguise the workings of their malicious software. Removing Sony's rootkit nukes your Windows installation.

Nov 3: Sony releases de-rootkit-ifier, lies about risks from rootkits
Sony announces a "service pack" for its rootkit DRM. It deceptively downplays the risks the rootkit presented. It turns out that the remover doesn't actually work, either.

Nov 3: Felten on Sony's rootkit-"remover"
Princeton DRM researcher Ed Felten analyzes Sony's rootkit "remover" and concludes that it's a hunk of junk: "they're almost certainly adding things to the system...they're not disclosing what they're doing."

Nov 3: Defeat WoW spyware using Sony's rootkit
Warden, a program used by Blizzard to scour World of Warcraft players' system and report on the contents to the company can be defeated with the Sony rootkit. Blizzard claims that Warden only detects a few programs that facilitate cheating, but researchers have found evidence to the contrary.

Nov 8: Defend against Sony's rootkit with DRM-ripping software
AnyDVD, a DVD-ripping program, advertises that it can also inoculate you against the Sony rootkit.

Nov 9: List of CDs infected with Sony's rootkit DRM
EFF releases a partial list of CDs believed infected to infected with Sony's rootkit. Buyer beware -- you're better off buying music from someone else.

Nov 9: Sony's EULA is worse than their rootkit
EFF attorney Fred von Lohmann analyzes the license agreement that accompanies Sony's rootkit DRM (that's right, a license to listen to an audio CD!). It is unbelievably outrageous, the kind of thing that makes you want to get a torch and a pitchfork and head over to the nearest Sony office.

Nov 9: Wanna sue the pants off Sony?
EFF is looking for people who bought rootkit-infected CDs to join a potential lawsuit against Sony

Nov 10: Sony Music CDs infect Macs, too (It's about halfway down. Starts with the words "Darren Dittrich")
Mac users shouldn't be smug -- Sony's audio CDs also contain an app that patches OS X's kernel with unspecified restriction-software; though Mac users have to take a few more steps before their computers are compromised

Nov 10: Fantastic screed against the coders who wrote the previous Sony DRM junk
This isn't the first time Sony's been caught doing crap like this; the last time around a geek wrote an amazing rant excoriating the coders who helped Sony write its anti-customer malware

Nov 11: Sony will stop shipping infectious CDs -- too little, too late
Twelve days after being caught using rootkits, Sony announces that it will stop shipping rootkit-infected CDs. No recall of the existing rootkits, though -- and Sony doesn't come close to apologizing. Buying Sony CDs is a great way to screw up your PC, but a lousy way to acquire music.

Nov 12: Sony's *other* malicious audio CD trojan
Princeton DRM researcher Alex Halderman reports on the other malicious software found on Sony CDs, a Suncomm product called MediaMax. MediaMax is a vicious little bug, which spies on you and reports on your deeds to the mothership.

Nov 12: New Sony lockware prevents selling or loaning of games
Sony patents a piece of software that can prevent you from playing a game that's been inserted into one console on another console; speculation is that this is destined for the PS3. Kiss game rentals, loaning and re-sale goodbye. Also, if your PS3 breaks or is stolen, you might as well toss out all your games, they're useless without it.

Nov 13: Sony's malware uninstaller leaves your computer vulnerable
A Finnish researcher discovers that the "uninstaller" for Sony's rootkit leaves a ton of crap behind that hackers can exploit -- he can reboot your computer just by getting you to load a web-page

Nov 13: Sony's rootkit infringes on software copyrights
There are strong indications that Sony ripped off a Free Software-based library called the LAME Encoder for its rootkit. The LAME Encoder is licensed under the Lesser GPL (LGPL), which was released for free re-use by public spirited programmers who merely requested that they be acknowledged. In Sony's zeal to protect its copyrights, they had no compunction about clobbering the copyrights of those software authors.

Other stuff:
Sony lied about its rootkit. They said it didn't phone home with information about your deeds. It does. When they were caught in the lie, they said that they didn't pay attention to the information it sent back, so it's OK

Microsoft is building a Sony rootkit-remover into its anti-spyware product
Lawsuits against Sony are already underway in Italy and the US
At least one piece of malicious software that exploits Sony's rootkit has been discovered in the wild

A
call from Dan Goodin over on Wired to boycott all Sony products until they make amends..."

"
This a reference to the NPR interview where Sony BMG Global Digital Business President Thomas Hesse puts his foot in it saying, 'Most people, I think, don't even know what a rootkit is, so why should they care about it?'. The NPR interview aired Nov 4."


Immunize Yourself Against Sony’s Dangerous Uninstaller: Princeton DRM researchers Ed Felten and Alex Halderman explain how to miitgate the security vulnerabilities left behind by Sony's incompetent "uninstaller" program.

List of infected CDs: Sony finally lists the 52 titles infected with the XCP rootkit. Note that Sony initially claimed that fewer than half that number were infected.

US-CERT: Never Install Audio-CD DRM Software. The Department of Homeland Security's Computer Emergency Readiness Team advises that you never install CD DRM: "Do not install software from sources that you do not expect to contain software, such as an audio CD."

Nov 14: EFF to Sony: you broke it, you oughta fix it
EFF publishes an open letter to Sony calling on the company to make amends for its misdeeds -- Sony should disclose the risks of its DRM software, it should give customers uninfected CDs, help anti-spyware companies fix the holes, compensate customers for damage to PCs, and package their CDs will full disclosure of any malware contained within.

Nov 14: Sony's rootkit uninstaller is *really* dangerous
Following on the November 13 research about Sony's rootkit "uninstaller" leaving your computer vulnerable to attacks like rebooting it by inserting malicious code in a web-page, Princeton researchers Ed Felten and Alex Halderman announces that they have discovered far more serious problems with the software and warn against installing it at all, promising prompt full disclosure (they publis this the next day, along with some instructions for defending yourself if you've run the uninstaller)

Nov 15: Sony begins to recall some infected CDs
Sony announces a limited recall of its infected CDs -- they'll take them back from stores, but not from customers (they announce that they'll swap out customers' CDs later in the day)

Nov 15: Sony's spyware "remover" creates huge security hole
Princeton DRM researchers Ed Felten and Alex Haldermen publish detailed analysis of the security vulnerabilities created by the rootkit "uninstaller" Sony that provides. Running this software leaves your machine vulnerable to complete takeover by simply embedding malicious code in a webpage.

Nov 15: Sony infects more than 500k networks, including military and govt
Dan Kaminsky publishes research showing that Sony's DRM has infected over 500,000 computer networks including networks belonging to the military and the government.

Nov 15: Sony disavows lockware patent
Sony issues a statement promising not to use technology that locks videogames to consoles.

Nov 15: Latest Sony news: 100% of CDs with rootkits, mainstream condemnation, retailers angry

Mini-roundup post. Before Sony recanted, they were sending out emails to their customers proudly promising that 100 percent of their CDs would be infected with rootkits by end of 2005. The Globe and Mail's business section denounces Sony. A tipster at a retailer reports that Sony is pressuring the sales channel to downplay the scope of the threat from its rootkit DRM. Sony and other electronics companies get caught jacking up the wholesale price to online stores, so that their retail price will be the same as those in physical stores.

Nov 15: Sory Electronics: Will Sony make amends for infecting our computers?
SORY Electronics -- lovely parody of Sony's logo, reading: "SORY IS THE HARDEST WORD." It's the concept behind a site calling on Sony to really make amends for the infecting of its customers' PCs.

Nov 15: Sony issues non-apology for compromising your PC
Sony promises to send you a non-DRM CD to replace your DRM CD. Still no word on how to effectively uninstall their rootkit, and the company downplays the scope of the damage -- just what we need, infected users with a false sense of security.

Nov 16: Katamari/Sony DRM mashup
Humor break: Joey De Villa creates "Katamari DRM," showing the wonderful videogame transformed into a game where the objective is to overwhelm the planet with rootkit DRM -- he draws on Dan Kaminsky's excellent visualizations of the 500,000+ networks infected with the rootkit.

Nov 16: Sony waits 3 DAYS to withdraw dangerous "uninstaller" for its rootkit
Three days after being notified that its rootkit DRM uninstaller leaves computers in a dangerously insecure state, Sony finally stops advising its customers to use it.

Nov 16: Sony CDs banned in the workplace [Alberta Agriculture Letter] [University of Canberra Letter]
Companies, educational institutions, and government agencies are banning the use of Sony CDs on workplace computers, due to the security risks that arise from the rootkit DRM. Some orgs go so far as banning audio CDs altogether, since there are plenty of malicious bits of anti-security technology in music from many labels.

No comments: