[IP] Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole
-------- Original Message --------
Subject: Not Again! Uninstaller for Other Sony DRM Also Opens Huge
Security Hole
Date: Sat, 19 Nov 2005 14:57:30 -0500
From: Monty Solomon <monty@xxxxxxxxxx>
To: undisclosed-recipient:;
Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole
Thursday November 17, 2005 by J. Alex Halderman
I have good news and bad news about Sony's other CD DRM technology,
the SunnComm MediaMax system. (For those keeping score at home, Ed
and I have written a lot recently about Sony's XCP copy protection
technology, but this post is about a separate system that Sony ships
on other CDs.)
I wrote last weekend about SunnComm's spyware-like behavior. Sony CDs
protected with their technology automatically install several
megabytes of files without any meaningful notice or consent, silently
phone home every time you play a protected album, and fail to include
any uninstall option.
Here's the good news: As several readers have pointed out, SunnComm
will provide a tool to uninstall their software if users pester them
enough. Typically this requires at least two rounds of emails with
the company's support staff.
Now the bad news: It turns out that the web-based uninstaller
SunnComm provides opens up a major security hole very similar to the
one created by the web-based uninstaller for Sony's other DRM, XCP,
that we announced a few days ago. I have verified that it is possible
for a malicious web site to use the SunnComm hole to take control of
PCs where the uninstaller has been used. In fact, the the SunnComm
problem is easier to exploit than the XCP uninstaller flaw.
...
http://www.freedom-to-tinker.com/?p=931
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/