RE: the "Sony/BMG" virus

["Todd Towles" <toddtowles () brookshires com>]

> I'm not sure what's more scary -- whether they have no idea 
> what the impact of a rootkit is or that they know what a 
> rootkit is and everything has been intentional and damage 
> control-based.  In all honesty, I'm not sure how they could 
> have done what they did without the knowledge of how a 
> rootkit works.  Which, in my mind, leaves only one option...

The PHBs over at Sony have no idea what a rootkits is or what it can do,
I know that. But you would guess the Sony programmers (if they even have
programmers) know what is it and how it works, right? Umm, not sure.

If you are a global billion dollar record company and you need DRM
software for your record..you would go to a company that knows their
stuff to make it for you. Fine, that is fair. So Sony uses
First4Internet in the case of the XCP. Lets just pretend that
First4Internet develops this root-kit hiding technology for the DRM and
names the services in a way that could mislead the normal user.

Would Sony just throw the software on millions of CD and ship them out
without looking over the software first? I believe they WOULD HAVE to
look over the software...as a step to protect their company from danger.
With that in mind, they HAD to know what it does...perhaps they don't
understand the security issues connected to it...but they will soon know
about those all too well...

> Very true, but to be honest... I hope that this triggers a 
> DMCA battle.  
> It will either invalidate a portion of the DMCA or show that 
> the DMCA actually hurts normal people rather than helping 
> them.  We all know that the DMCA is too broad, and until now 
> it's largely only hurt researchers and entrepreneurs.  So I 
> say let's let the whole thing circle the drain.  Let's force 
> the issue.  Let's bring this to its ultimate extent.
>
> Maybe then we can get some real public outcry.  Maybe then, 
> when the vaunted ideal of capitalism, the sanctity of 
> personal property, is being trampled by the corporate sector 
> and the government, people will realize that the man behind 
> the curtain does not have their best intentions in mind.
>
> Until then, I don't think that one can morally accept and go 
> along with the actions of corrupt individuals.  I say that if 
> Sophos' removal tool is struck down, the international nature 
> of the internet must be leveraged to ensure that the removal 
> tools themselves can never disappear.  Treaties only reach so 
> far.  What Sophos has done is honorable and just.  They 
> deserve our support... as does their cause in this case.  It 
> is important for people to control what is within their realm 
> of property.  What's next?  TVs with CCTV cameras in them 
> sitting on a wall in our apartments and only a small nook to 
> hide in ourselves?  

While I may not agree with all your views on socialism, I totally agree
with ya. ;)

They have stepped out of line IMHO and the people has a whole must not
like companies go down this road..

-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/