Sony releasing malware
- Thread starter LiamC
- Start date
Fushigi
Storage Is My Life
Yes, I thought so as well. While the malware is bad, and many of the reactions to it have been mediocre at best (why doesn't Congress address this vs. athlete's taking steroids?), the largest problem is that the security vendors we trust to protect us from this malware didn't treat it as malware until there was public pressure.
And C|Net now also needs to be taken to task for their 'revisionist history'. :-?
And C|Net now also needs to be taken to task for their 'revisionist history'. :-?
Tannin
Storage? I am Storage!
Fushigi said:
Read it. Pin it on your wall.
Gilbo
Storage is cool
Schneier is one of the best tech commentators out there. His day job is as a Cryptographer and CEO of CounterPane a technology security company. He has a way of cutting through the crap to the heart of the issues --as the above article in Wired demonstrates.
He has a monthly newsletter Crypto-Gram. I can't stress how excellent the content is. If you're interested in more frequent information you can subscribe via RSS to his blog .
Some of my favourite oldies:
The no-fly list.
The special issue on 9/11.
Open Source & Security.
And a classic: Coca-Cola & the NSA. It's a strange world...
One of the best reasons to subscribe to the e-mail newsletter are the Crypto-Gram reprints. Every issue he provides links to older articles. Everytime almost all of them are great reads and still very pertinent.
He has a monthly newsletter Crypto-Gram. I can't stress how excellent the content is. If you're interested in more frequent information you can subscribe via RSS to his blog .
Some of my favourite oldies:
The no-fly list.
The special issue on 9/11.
Open Source & Security.
And a classic: Coca-Cola & the NSA. It's a strange world...
One of the best reasons to subscribe to the e-mail newsletter are the Crypto-Gram reprints. Every issue he provides links to older articles. Everytime almost all of them are great reads and still very pertinent.
Fushigi
Storage Is My Life
Comments continue to be added to Bruce's blog entry. Worthwhile reading as are the updates over at SysInternals.
Gilbo, I have Bruce's blog via RSS on my My Yahoo page. And I get Crypto-Gram every month. Always good stuff.
A fun site that doesn't see as many articles as it probably should is Stupid Security.
I also do US-CERT, eWEEK Security Blog, Computerworld Security, and Yahoo's Computer Security & Viruses. I'm sure it would be easy to do more, but pretty much anything of importance will be noted at one or more of these sites.
Gilbo, I have Bruce's blog via RSS on my My Yahoo page. And I get Crypto-Gram every month. Always good stuff.
A fun site that doesn't see as many articles as it probably should is Stupid Security.
I also do US-CERT, eWEEK Security Blog, Computerworld Security, and Yahoo's Computer Security & Viruses. I'm sure it would be easy to do more, but pretty much anything of importance will be noted at one or more of these sites.
I know, I know, I said I wouldn't, but you really have to read this.
I was watching CBC's Venture recently and they did a piece on corporate scandels. I believe it was the commentary from one of the fraud unit cops they interviewed that stands out in my mind -- essentenially, the individual remarked that in every white collar criminal case he has investigated in which the person(s) were subsequently found guilty, these corporate heads steadfastly assert that they have done nothing wrong and are remorseless about the situation.
Sound familiar. Sure does to me.
I was watching CBC's Venture recently and they did a piece on corporate scandels. I believe it was the commentary from one of the fraud unit cops they interviewed that stands out in my mind -- essentenially, the individual remarked that in every white collar criminal case he has investigated in which the person(s) were subsequently found guilty, these corporate heads steadfastly assert that they have done nothing wrong and are remorseless about the situation.
Sound familiar. Sure does to me.
Bozo
Storage? I am Storage!
Tannin
Storage? I am Storage!
Bozo
Storage? I am Storage!
Apparently Sony has TWO problems:
http://www.eff.org/news/archives/2005_12.php#004234
Quote:
"The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm's and Sony BMG's websites at http://www.sunncomm.com/support/updates/update.asp and http://www.sonybmg.com/mediamax."
You have to wonder what the other music companies are doing.
Bozo :mrgrn:
http://www.eff.org/news/archives/2005_12.php#004234
Quote:
"The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm's and Sony BMG's websites at http://www.sunncomm.com/support/updates/update.asp and http://www.sonybmg.com/mediamax."
You have to wonder what the other music companies are doing.
Bozo :mrgrn:
ddrueding
Fixture
Tannin said:
Why did F-Secure (a security company!) let Sony even think of keeping things quiet? Why didn't this pile of crap begin showing up on definition updates on October 21st? If not October 5th?
Santilli
Hairy Aussie
- Joined
- Jan 27, 2002
- Messages
- 5,278
LiamC said:
Try marrying a Japanese girl. You will get an entirely different picture from the above.
Or, better yet, watch a Japanese soap opera. The complexity of deceit requires a computer just to figure out the lies, and keep them in order, or straight.
gs
Tannin
Storage? I am Storage!
Good question, Dave.
CougTek
Hairy Aussie
What was the name of the American guy living in Japan? He was promoting Smoothwall and I think he posted under the name of B4RSK at SR. It's been a while, but I'm sure he could answer most of your interrogations about the japanese culture.
Tannin
Storage? I am Storage!
Gary. He posts here too sometimes. About once every couple of years, when he remembers to drop in.
Tannin
Storage? I am Storage!
Oh ... and he's Canadian. West coast, if I remember.
CougTek
Hairy Aussie
I found it. It's not Gary, it's Ian Hobday. And he posted today at SR.
Our Gary's from Houston, Tejas. It's not exactly near Japan.
Our Gary's from Houston, Tejas. It's not exactly near Japan.
CougTek
Hairy Aussie
Scratch that, he didn't post today. I was looking at the user local time at SR.
Tannin
Storage? I am Storage!
Gahhh ... I always do that. Their names both start with "H" and this ain't the first time I've got the names (not the people, I which of the people is which) mixed up.
Tannin
Storage? I am Storage!
.... speaking of mixed up, that lats opto fo mien wsa rtaher csrambedl. 
CougTek
Hairy Aussie
opto? I got the "last [...] of mine was rather scrambled". But "opto"? Should have been spto, maybe?
You Canadians are so out of luck + Sony doesn't learn
http://www.michaelgeist.ca/content/view/1433/125/
..."The EFF calls attention to a number of missing provisions, including no security reviews and no ongoing obligations to provide uninstallers for the rootkit. There is also a financial hit in Canada, with Canadian consumers receiving roughly ten percent less than U.S. consumers due to currency differences."...
http://www.michaelgeist.ca/content/view/1433/125/
..."The EFF calls attention to a number of missing provisions, including no security reviews and no ongoing obligations to provide uninstallers for the rootkit. There is also a financial hit in Canada, with Canadian consumers receiving roughly ten percent less than U.S. consumers due to currency differences."...