Thread: > Sony Just Can't Stop Fucking Consumers, Rootkit REMOVER fucks computers worse than
View Single Post
  (#1) Old
redWOOD is Offline
midas netal
redWOOD is on a distinguished road
 
redWOOD's Avatar
 
Posts: 704
Gallery: 0
Comments: 0
Join Date: Oct 2005
Location: brazilia
Zodiac Sign: Gemini
Rating: Not Rated
Credits: 13,864
   
> Sony Just Can't Stop Fucking Consumers, Rootkit REMOVER fucks computers worse than - 11-15-05
permalink
http://www.boingboing.net/2005/11/15/sonys...are_remove.html


Start lining up for Blu Ray, you fucking tards. DRM pwns u.


Tuesday, November 15, 2005
Sony's spyware "remover" creates huge security hole
Princeton's Ed Felten and Alex Halderman have published new research into a grave security vulnerability opened up if you run the "uninstaller" that Sony supplies to rid your PC of its malicious rootkit software, which it installs when you insert an audio CD into your PC, as a means of restricting your use of the music on the CD.

The new vulnerability is as grave as a security vulnerability can be. If you run the uninstaller, your computer can be utterly compromised by an attacker who can reach it via the Web. Your computer can be made to run any code and surrender your data. It can be enlisted to act as a "zombie" for sending spam or attacking sites that are being shaken down in protection rackets.

Ed and Alex have written a demo to show that this danger is real. They've also supplied instructions for removing this dangerous software from your PC.

The music industry often warns against the use of P2P systems because they claim that P2P software can contain sneaky, malicious software that compromises your PC. Well, it appears that legitimately purchased CDs are deliberately corrupted with the same dangerous software.

If you buy CDs, you risk your PC, you risk having your personal information stolen by crooks, and you risk having your equipment used to break the law.

The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.

The root of the problem is a serious design flaw in Sony's web-based uninstaller. When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.

REDWOOD SPEAK ONLY REGULATED IN THE LOGIC ,AND GROWNDED IN THE REASON
 I am they Alpha and Omega, beginning and the ending. who is am who was and who am to come. i am almighty redWOOD and have spoken
  
Reply With Quote
 
X vBulletin 3.6.8 Debug Information
  • Page Generation 0.49382 seconds
  • Memory Usage 7,589KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)iprof_zodiac_sign
  • (4)option
  • (1)postbit_legacy
  • (1)postbit_onlinestatus
  • (1)postbit_reputation
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)welcome_headers 
Phrase Groups Available:
  • global
  • photoplog
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./vbseo.php
  • ./includes/functions_vbseo.php
  • ./includes/functions_vbseo_pre.php
  • ./includes/config_vbseo.php
  • ./includes/functions_vbseo_url.php
  • ./includes/functions_vbseo_createurl.php
  • ./includes/functions_vbseo_db.php
  • ./includes/functions_vbseo_vb.php
  • ./includes/functions_vbseo_seo.php
  • ./includes/functions_vbseo_misc.php
  • ./includes/functions_vbseo_crr.php
  • ./includes/functions_vbseo_cache.php
  • ./includes/functions_vbseo_hook.php
  • ./includes/functions_vbseo_startup.php
  • ./includes/config.php
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/vblogetin_config.php
  • ./blogs/plugins/init_startup.php
  • ./blogs/plugins/style_fetch.php
  • ./geek/gars/includes/gars_ignition.php
  • ./blogs/plugins/cache_templates.php
  • ./blogs/plugins/global_start.php
  • ./blogs/backend/functions_blog.php
  • ./blogs/backend/functions_seo.php
  • ./blogs/backend/class_blog.php
  • ./blogs/backend/class_siradrian.php
  • ./blogs/datastore/blogstatistics.php
  • ./blogs/datastore/categories.php
  • ./blogs/datastore/blogcustomfields.php
  • ./blogs/backend/class_permissionCheck.php
  • ./blogs/backend/class_permissionCheckCore.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_misc.php 
Hooks Called:
  • init_startup
  • fetch_postinfo
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • gars_ignition_start
  • gars_ignition_end
  • global_start
  • blog_permissions_start
  • blog_permissions_process
  • blog_permissions_complete
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • fetch_musername
  • reputation_image
  • bbcode_parse_start
  • postbit_imicons
  • bbcode_parse_complete
  • postbit_display_complete
  • error_fetch
  • showpost_complete

Action Status Required Cached
canViewBlogs true false false
blog true false false
blogPosts false false false
createBlog false false false
modifyBlog false false false
manageEntries false false false