funsec mailing list archives
RE: And another Sony DRM Rootkit question
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 17 Nov 2005 13:30:10 -0500
I just found an e-mail in which I asked Mark Russinovich about this (sorry I missed it first time). He said that neither the rootkit nor music player would work, which he took as further evidence of how badly the software was written. I'd still like to know exactly what the error looks like, and I think Mark's out of town. But I think I have enough information to write with now. As for firewalls and such, I doubt any of them found anything. Mark found it using their RootkitRevealer tool which is, after all, designed to find rootkits. I believe Mikko from F-Secure said that their Blacklight tool finds it, and another vendor (Tenebril? I think it's ex-Zone Labs people) told me they find "all rootkits". Once again, I haven't tested it (I really ought to buy one if it's still possible), but there is a class of product that looks generically for threats (see the excellent review at http://www.pcmag.com/article2/0,1895,1880015,00.asp) that might have blocked them. I have no specific information. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: Pierre Vandevenne [mailto:pierre () datarescue com] Sent: Thursday, November 17, 2005 1:18 PM To: Larry Seltzer Cc: funsec () linuxbox org Subject: Re: [funsec] And another Sony DRM Rootkit question Good Day, LS> I don't actually have any of the evil CDs, so I can't test this. LS> Does anyone know? I was actually thinking about getting some, they'll soon be collector's items. Unless they start protecting chamber music CDs I fell I'll always be a step behind in that race ;^) And I was also wondering about the reactions of third party firewalls such as Zone Alarm, etc... Did they, in practice, warn the normal users that something wierd was going on. -- Best regards, Pierre mailto:pierre () datarescue com www.datarescue.com - home of the IDA Pro Disassembler. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sony DRM Rootkit (again) and questions about its disclosure... Fergie (Nov 17)
- And another Sony DRM Rootkit question Larry Seltzer (Nov 17)
- Re: And another Sony DRM Rootkit question Pierre Vandevenne (Nov 17)
- RE: And another Sony DRM Rootkit question Larry Seltzer (Nov 17)
- Re: And another Sony DRM Rootkit question Mary Landesman (Nov 17)
- Re: And another Sony DRM Rootkit question Pierre Vandevenne (Nov 17)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Pierre Vandevenne (Nov 17)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Blue Boar (Nov 17)
- Re[2]: Sony DRM Rootkit (again) and questions about its disclosure... Pierre Vandevenne (Nov 17)
- Sony DRM Rootkit samples Jochen (Nov 21)
- RE: Sony DRM Rootkit samples Larry Seltzer (Nov 21)
- Re: Sony DRM Rootkit samples Jeff Kell (Nov 21)
- RE: Sony DRM Rootkit samples Larry Seltzer (Nov 21)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Blue Boar (Nov 17)
- And another Sony DRM Rootkit question Larry Seltzer (Nov 17)