Its all over the news but still many ppl ask me wat the story so i decided to just post in simple words wat is the story so that i can just tell everyone to read my blog ;) frankly everyone shd be knowing this by now for those who dont read this:
sony released its cds with its new copy protection software (xcp). while the cds played normally on cd players if u wanted to play them on your systems u wud hav to install sony media player bundled on the cd. this installation included the copyprotection software therby preventing reading of music content on cd by any other software other than its native player this is done by rewritin few functions of os. in order for it to do this the software behaved like a rootkit ( a well built rootkit ) its function to prevent any access to folders whose name begins with $sys$ the copy protection software hides itself in the same and chks every cd for copy protection before it gives control to the software u are using to access it.
few @ sony thought this was preety ingenious but they made a basic flaw to see if there software acts as doorway to hackers or virus writers ?!? we knw many worms are designed to dump itself in system32 folder using %system32% in path. now this is worse the worm can be designed to create a directory with the $sys$ prefix anywher and ur os will be blind to notice it as it is concealed by sony’s copy protection got the point !
So thats the whole story! wat happend in the end ? sony recalled its cds “millions” Not before the news was out!, Not before millions of os had installed this! (some 50+ albums sold with this copyprotection) so imagine everyone who bought them were venurable! and worse is yet to come: Not before a worm’s release! there was a worm out within a week of this matter in news headlines. Now get this sony was approached by f-secure guys with this threat long long back wat did sony do ? Ignored ! everyone payed the price rest is history!
want to knw if there was any funny side to the story:
then imagine the mountains of cds in sony’s gowdons lol.
so any new office policies :: dont play music cds he he he kiddin…
so any gud guys ?!? yes f-secure of course! instead of announcing to press that wud add another star on f-secure’s collar the company contacted sony with the problem and dint leak fearing a mass systems infection.
ps: i dont think anyone can be more simple :)
cheers.
No comments:
Post a Comment