It seems that the global security reaction to Sony's magic tricks was enough to make them stop and think about their actions - for once. In my mind, I see Sony rolling its sleeves up and saying "nothing up my sleeve".
Digital-rights advocates and consumers attorneys are preparing nearly a half dozen legal actions against the music giant. Included in the legal actions are the following -
- Chicago-based law firm Cirignani Heller Harman & Lynch may be filing a class-action law suit.
- San Francisco-based law firm Green Welling will be filing a class-action law suit against Sony to recover damages caused by consumers by the XCP CDs. The lawsuit alleges that Sony BMG has broken three Californian laws.
- Italian digital rights group Associazione per la Libertá nella Comunicazione Elettronica Interattiva (ALCEI) filed a criminal complaint with that nation's Economic and Financial Police Division to investigate whether Italy's consumers were affected by the Sony BMG cloaking technology and, if so, whether the company, and any other music company, violated national laws and should be prosecuted.
- Electronic Frontier Foundation (EFF) is collecting stores from EFF members and supporters who have purchased Sony BMG CDs that contained the XCP technology. They are considering litigation against Sony but have not made a final decision on the issue.
- New York lawyer, Scott Kamber, is planning a class-action lawsuit for all Americans affected.
Antivirus and Anti-Spyware vendors are taking action as well.
- Computer Associates has labeled the XCP1, the patch XCP1 to XCP2 and even XCP2 all as Trojans.
- Kaspersky Labs branded the XCP program spyware.
- Symantec (Norton) has label XCP as a "securityrisk".
- Sophos has released a tool which will detect the existence of the XCP technology and disable the cloaking feature. Sophos released this tool right in the middle of rumors that the unmasking tool itself may violate the DCMA.
There is even an online Sony DRM Boycott petition, if you want to personally express your unhappiness in the public eye.
It is my belief that Sony knew they were going into untouched waters with this rootkit-like technology, but I do also believe that they do not understand the security issues related to releasing a tool of this nature. Within the last two days, several bots have been released that are using the Sony DRM cloaking code to hide and infect users with very evil stuff.
I can only assume that spyware makers and botnet writers will start using Sony's DRM cloaking as soon as possible. They already jump on every new IE exploit like it is gold, why whould this be any different? Did Sony not see this happening? Where were they?
They are busy staring at their bottom line...and it is above to drop... like it's hot.
No comments:
Post a Comment