
'This is the road to hell!'
By John Borland
Published: 9 December 2005 08:25 GMT
Sony BMG is replacing a patch for its CD copy protection software after Princeton University researchers found a security flaw in the update.
Sony announced on Tuesday that a new risk had been found with a batch of 27 of its CDs, which automatically install anti-piracy software on hard drives when put into a computer's CD drive. Along with the Electronic Frontier Foundation, a digital rights group, the record label released a patch aimed at fixing that flaw.
However, Princeton computer science professor Ed Felten wrote in his blog on Wednesday that the patch itself could open computers to attack by hackers.
Sony executives said on Thursday they are working as closely as possible with security professionals to address the issues identified by Felten, and would have a new patch available by midday that day.
Thomas Hesse, president of Sony's global digital businesses, said: "The security space is a dynamic one, as we have learned. Our goal is to be diligent and swift, and we have gone to experts to handle this issue."
Sony's ongoing troubles with copy-protection software highlight the delicate line that record labels and other content companies are walking in trying to protect their products from widespread duplication.
On the one hand, labels have watched their revenues decrease over the past few years, as more people swap songs online and burn CDs for friends and acquaintances.
However, the labels' technological attempts to create a copy-protected CD that retains compatibility with millions of old CD players have opened them up to the unfamiliar hazards of software development. Several of Sony's attempts to patch security holes in its anti-piracy software over the past few weeks have turned out to raise their own new problems, instead of quelling concerns.
The current security flaw in Sony's CDs is related to software produced by SunnComm Technologies and affects 27 titles that remain on the market.
It's separate from an earlier vulnerability that affected 52 other titles and which related to anti-piracy software written by another company, First 4 Internet. Those titles have been recalled from store shelves.
The flaw found by Felten could allow Sony's original patch to trigger malicious software on a computer, if that software was already in place when the patch was installed.
John Borland writes for CNET News.com
Ambitious Clinical Project Manager required by a Global CRO recognised as a global leader in the field of Anti-Infectives. This includes work in ...
Other main functions of the role are troubleshooting & resolving cross platform message flow related issues, problem resolution & estate & patch ...
Candidate should have good working knowledge of large data patient (SUS, CDS, PAS, ESR) data sets, using access, excel, ability to create pivot ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...