
Just when you thought it was safe to play some music...
By John Borland
Published: 21 November 2005 08:30 GMT
Computer researchers uncovered a new security risk on Friday related to Sony BMG Music Entertainment copy-protected CDs, which could expose several hundred computers to attack.
This security flaw dealt with different technology than that which has sparked controversy for nearly three weeks, however.
Recent criticism has focused on Sony's release of discs containing copy-protection software created by British company First4Internet, which opened a listener's computer to hackers' attack. The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases.
Sony said in a statement on Friday that SunnComm had removed the uninstall program from the web, and was in the process of contacting 223 consumers who had downloaded it while it was available.
The security hole in the uninstall program was similar to one discovered with First4Internet's uninstall program several days ago.
In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' websites but would also respond to malicious instructions from other websites.
In its statement, Sony said SunnComm was developing a new uninstall program for its copy-protection software, and that Felten had agreed to review it before it was posted online.
The SunnComm security risk discovered by Felten and Halderman is limited to the uninstall program, which was distributed separately from the CDs themselves.
John Borland writes for CNET News.com
These next-generation threats attack on multiple levels of the network infrastructure. McAfee offers in-depth protection-from the network core, to ...
We are looking to add an experienced Program Manager to our existing Project Management team based in the UK. Proven experience of Program/Project ...
Information Security Analyst (Attack Monitoring/Data Leakage/CISSP/CEH)A highly risk-aware Attack Monitoring Analyst is required for a leading global ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business