[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on the Sony Rootkit
Begin forwarded message: From: "Steven M. Bellovin" <smb@cs.columbia.edu> Date: November 5, 2005 6:03:15 PM EST To: dave@farber.net Subject: more on the Sony Rootkit The Sony rootkit saga continues. Mark Russinovich, who found the original problem, notes several more: * the "fix" from Sony is not only incomplete and perhaps dangerous, you can't get it via the normal path without implicitly agreeing to a privacy policy that says your email address will be added to Sony marketing mailing lists. (Hmm -- I wonder if that's a violation of the CAN SPAM act.) * The patch produces strange error messages * The software phones home during player startup. It appears to be seeing if there are updates for the lyrics or cover art, but of course it's also telling Sony (a) when the CD is played, and (b) what IP address it's coming from. The trace posted by Russinovich is http, which (to me) raises the question of whether or not previously-set tracking cookies are accepted. I've verified that the site contacted (connected.sonymusic.com) does set a session cookie; that, at least, is innocuous. As he points out, the real issue is full disclosure of what software does, and what the user is actually agreeing to in the EULA. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC