Sony Rootkit Investigation
The 2005 Sony BMG CD copy protection scandal started when security researcher Mark Russinovich revealed on October 31, 2005 that Sony's Extended Copy Protection copy protection software on the CD Get Right with the Man by Van Zant contained hidden files that could damage the operating system, install spyware and make the user's computer vulnerable to attack when the CD was played on a Microsoft Windows-based PC. Sony then released a software patch to remove XCP.
On November 15, 2005, Felten and J. Alex Halderman showed that Sony's method for removing XCP copy protection software from the computer makes it more vulnerable to attack, as it essentially installed a rootkit, in the form of an Active X control used by the uninstaller, and left it on the user's machine and set so as to allow any web page visited by the user to execute arbitrary code. Felten and Halderman described the problem in a blog post:
The consequences of the flaw are severe, it allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.
Read more about this topic: Edward Felten
Famous quotes containing the word sony:
“In the end we beat them with Levi 501 jeans. Seventy-two years of Communist indoctrination and propaganda was drowned out by a three-ounce Sony Walkman. A huge totalitarian system ... has been brought to its knees because nobody wants to wear Bulgarian shoes.... Now they’re lunch, and we’re number one on the planet.”
—P.J. (Patrick Jake)