How Sony Could Tell Users About the Rootkit, Recall, and Trade-In

[David Farber <dave () farber net>]

-------- Original Message --------
Subject:        How Sony Could Tell Users About the Rootkit, Recall, and Trade-In
Date:   Mon, 21 Nov 2005 17:35:01 -0500
From:   Ben Edelman <edelman () law harvard edu>
To:     'David Farber' <dave () farber net>



Dave,

Given your great coverage of Sony DRM issues, I thought you might be
interested in an article I posted earlier today.  

Building on prior reports of Sony's "phone home" feature, I managed to
obtain the format of the answer Sony's servers can send in response to the
player's phone-home inquiries.  At present the Sony's servers almost always
reply "nobanner" when a player checks in.  But Sony can instead send back a
small XML file -- giving a URL to an image and a URL to be loaded if a user
clicks the image.

Sony probably intended to use this feature to notify customers about new
releases, tour dates, or the like.  But given the current state of affairs,
Sony can use this feature to spread the word about its improper installation
of rootkit and other software on users' PCs, about users' right to remove
such software (and the procedure for doing so), and about users' right to
replacement discs.

I give an explanation of the format -- the XML syntax at issue.  And I show
a demonstration of what such a notification might look like, based on a
mock-up performed on a test machine in my lab.

 Cleaning Up Sony's Rootkit Mess
 <http://www.benedelman.org/news/112105-1.html>



Ben



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/