While Sony was slow to response to the initial story of the XCP, it seems they are finally putting their money where their mouth should have been all along. This story proves that the blogosphere can make a difference in a very huge way.
Sony have taken several very positive steps in the last few days -
1) Along with an open letter to their customers, Sony has released a list of the CDs that contain the XCP DRM software - all 52 of them.
2) Not only has Sony recalled all these CDs from the stores, but they will also provide customers a free XCP-free replacement.
3) Sony states they will be releasing a complete and "secure" XCP uninstall program in the near future as well.
Sony must not be allowed to sweep their under the "carpet". Dan Kaminsky has produced an extremely striking picture of the geographic extent of rootkit-related DNS traffic. Dan collected this information in a process called DNS Cache Snooping. While these steps should be seen as a positive step in the right direct, the real case is not closed just yet.
The information against Sony keeps coming in and the world keeps fighting. Soon Sony's other DRM software, MediaMax, will be all over the news as well.
J. Alex Halderman released information today on his Freedom-to-tinker blog, that the web-based uninstaller used to remove the MediaMax DRM software opens up a major security hole very similar to the one created by the web-based uninstaller for Sony's XCP. He has verified that it is possible for a malicious web site to use the SunnComm hole to take control of PC where the uninstaller has been used. In fact, he states that the SunnComm problem is easier to exploit than the XCP uninstaller flaw. Secunia has released an advisory on this highly critical vulnerability.
EFF is collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained SunnComm's MediaMax copy protection software. The MediaMax software is somewhat different, but similarly has no true uninstall option and establishes an undisclosed ongoing communication from the users’ computer to SunnComm. CDs with this technology include:
Amici Forever, Defined
David Gray, Life in Slow Motion
Foo Fighters, In Your Honor
My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album
Apple/Mac users that laughed about the XCP story can now join in on the fight against Sony, since MediaMax has been Apple/Mac compatible since 2003.
Right in the middle of this battle, the House Subcommittee on Commerce, Trade, and Consumer Protection heard from witnesses discussing "Fair Use: Its Effect on Consumers and Industry." on Wednesday.
While that the blogs and the stories will fade, it is very important that people know their rights and learn to defend those freedoms even in the face of a corporate giant, like Sony.
No comments:
Post a Comment