<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d7134549\x26blogName\x3dJonathan\x27s+Liverstone\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://liverstone.blogspot.com/search\x26blogLocale\x3den_GB\x26v\x3d2\x26homepageUrl\x3dhttp://liverstone.blogspot.com/\x26vt\x3d-3181951560992862409', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>
Jonathan's Liverstone

A place of Bile & other Humours.

BlogRoll

Links
Google
Aardvark
Scoop
Arts & Letters

Bloglines Blogroll feed currently *broken*

Subscribe to
Posts [Atom]bloglines

 

Listed on Blogwise
Who Links Here

This page is powered by Blogger. Isn't yours?

The Sony Saga  

So now it turns out that:
1. A rootkit (known as XCP) is found on about 50 of their CDs
2. Their uninstaller for this is a bigger security threat.
3. A second self-install software (MediaMax) is far more prevalent
and is "Spyware", in that it phones home.
4. The uninstaller for this is also a security problem.
5. The virus writers are all over this like a rash.
6. None of the anti-virus protection systems considered this a threat.

A summary can be found at: EFF and the whole thing is documented at Freedom to Tinker

An interesting solution has been suggested:
Every time a user plays a XCP-affected CD, the XCP player checks in with Sony's server. As Russinovich explained, usually Sony's server sends back a null response. But with small adjustments on Sony's end -- just changing the output of a single script on a Sony web server -- the XCP player can automatically inform users of the software improperly installed on their hard drives, and of their resulting rights and choices.
But as Bruce Schneier suggests:
This is so obviously the right thing to do. My guess is that it'll never happen.

Posted by The Denizen @  11/23/2005 12:36:00 pm }
Back to Top

0 Comments:

Post a Comment

Back to Jonathan's Liverstone

Disclaimer: (I stole this from Internal Affairs.)
All links and references to other websites, organisations or people not within my control are provided for the user's convenience only, and should not be taken as endorsement of those websites, or of the information contained in those websites, nor of organisations or people referred to. I also do not implicitly or impliedly endorse any website, organisation or people who have off-site links to this website.
... But then again; I only link to sites 'cos I see something there that's worth linking to.