Sony releasing malware

CityK

Storage Freak Apprentice
Joined
Sep 2, 2002
Messages
1,719
Excellent post Fushigi.

The user comments are quite interesting too. Love the C|Net history rewriting (or Soviet airbrushing as one person accurately alluded to it).
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
Yes, I thought so as well. While the malware is bad, and many of the reactions to it have been mediocre at best (why doesn't Congress address this vs. athlete's taking steroids?), the largest problem is that the security vendors we trust to protect us from this malware didn't treat it as malware until there was public pressure.

And C|Net now also needs to be taken to task for their 'revisionist history'. :-?
 

Gilbo

Storage is cool
Joined
Aug 19, 2004
Messages
742
Location
Ottawa, ON
Schneier is one of the best tech commentators out there. His day job is as a Cryptographer and CEO of CounterPane a technology security company. He has a way of cutting through the crap to the heart of the issues --as the above article in Wired demonstrates.

He has a monthly newsletter Crypto-Gram. I can't stress how excellent the content is. If you're interested in more frequent information you can subscribe via RSS to his blog .

Some of my favourite oldies:
The no-fly list.
The special issue on 9/11.
Open Source & Security.

And a classic: Coca-Cola & the NSA. It's a strange world...

One of the best reasons to subscribe to the e-mail newsletter are the Crypto-Gram reprints. Every issue he provides links to older articles. Everytime almost all of them are great reads and still very pertinent.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
Comments continue to be added to Bruce's blog entry. Worthwhile reading as are the updates over at SysInternals.

Gilbo, I have Bruce's blog via RSS on my My Yahoo page. And I get Crypto-Gram every month. Always good stuff.

A fun site that doesn't see as many articles as it probably should is Stupid Security.

I also do US-CERT, eWEEK Security Blog, Computerworld Security, and Yahoo's Computer Security & Viruses. I'm sure it would be easy to do more, but pretty much anything of importance will be noted at one or more of these sites.
 

CityK

Storage Freak Apprentice
Joined
Sep 2, 2002
Messages
1,719
I know, I know, I said I wouldn't, but you really have to read this.

I was watching CBC's Venture recently and they did a piece on corporate scandels. I believe it was the commentary from one of the fraud unit cops they interviewed that stands out in my mind -- essentenially, the individual remarked that in every white collar criminal case he has investigated in which the person(s) were subsequently found guilty, these corporate heads steadfastly assert that they have done nothing wrong and are remorseless about the situation.

Sound familiar. Sure does to me.
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,448
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
The beat goes on.

El Reg said:
Much of the cricitism of Sony is that it failed to act quickly enough when the problem became clear. This is likely to get worse with today's news that Finnish security firm F-Secure warned Sony about problems with its software on 4th October. This was followed by a more detailed report on 17 October.

A few days later, 20 October, a conference call was held between First4Internet, which wrote the rootkit for Sony, F-Secure and Sony. F-Secure claims that Sony decided at that point to keep things quiet. At the end of October the vulnerability was found, and published, by software engineer Mark Russinovich.

(My emphasis.)

Full story: Sony's DRM woes worsen
 

LiamC

Storage Is My Life
Joined
Feb 7, 2002
Messages
2,016
Location
Canberra
I thought this was drummed into children. Admit your mistake, rectify it if possible, move on. To hide it is to be deceitful or criminal.
 

Bozo

Storage? I am Storage!
Joined
Feb 12, 2002
Messages
4,396
Location
Twilight Zone
Apparently Sony has TWO problems:

http://www.eff.org/news/archives/2005_12.php#004234

Quote:
"The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm's and Sony BMG's websites at http://www.sunncomm.com/support/updates/update.asp and http://www.sonybmg.com/mediamax."

You have to wonder what the other music companies are doing.

Bozo :mrgrn:
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
Tannin said:
The beat goes on.

El Reg said:
Much of the cricitism of Sony is that it failed to act quickly enough when the problem became clear. This is likely to get worse with today's news that Finnish security firm F-Secure warned Sony about problems with its software on 4th October. This was followed by a more detailed report on 17 October.

A few days later, 20 October, a conference call was held between First4Internet, which wrote the rootkit for Sony, F-Secure and Sony. F-Secure claims that Sony decided at that point to keep things quiet. At the end of October the vulnerability was found, and published, by software engineer Mark Russinovich.

(My emphasis.)

Full story: Sony's DRM woes worsen

Why did F-Secure (a security company!) let Sony even think of keeping things quiet? Why didn't this pile of crap begin showing up on definition updates on October 21st? If not October 5th?
 

Santilli

Hairy Aussie
Joined
Jan 27, 2002
Messages
5,285
LiamC said:
I thought this was drummed into children. Admit your mistake, rectify it if possible, move on. To hide it is to be deceitful or criminal.

Try marrying a Japanese girl. You will get an entirely different picture from the above.

Or, better yet, watch a Japanese soap opera. The complexity of deceit requires a computer just to figure out the lies, and keep them in order, or straight.

gs
 

LiamC

Storage Is My Life
Joined
Feb 7, 2002
Messages
2,016
Location
Canberra
Santilli said:
Try marrying a Japanese girl. You will get an entirely different picture from the above.

Or, better yet, watch a Japanese soap opera. The complexity of deceit requires a computer just to figure out the lies, and keep them in order, or straight.

gs

Ah yes, "face". That cultural idiom that trained Japanese soldiers to shoot bow & arrow during WW2 because it was the Samurai way. Is face saving really that ingrained in Japanese culture?
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
What was the name of the American guy living in Japan? He was promoting Smoothwall and I think he posted under the name of B4RSK at SR. It's been a while, but I'm sure he could answer most of your interrogations about the japanese culture.
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
I found it. It's not Gary, it's Ian Hobday. And he posted today at SR.

Our Gary's from Houston, Tejas. It's not exactly near Japan.
 

LiamC

Storage Is My Life
Joined
Feb 7, 2002
Messages
2,016
Location
Canberra
You Canadians are so out of luck + Sony doesn't learn

http://www.michaelgeist.ca/content/view/1433/125/

..."The EFF calls attention to a number of missing provisions, including no security reviews and no ongoing obligations to provide uninstallers for the rootkit. There is also a financial hit in Canada, with Canadian consumers receiving roughly ten percent less than U.S. consumers due to currency differences."...
 
Top