Display Modes: Help
All: Full / Chopped / Footer / None
Works best with Mozilla/Firefox or IE 7.0+

Thursday, November 10, 2005

Sony DRM rootkit code - Moved Sony DRM rootkit code - Moved

I just moved all of my Sony DRM posts to a new blog at: http://sonyrootkit.blogspot.com/ The intent is to dedicate this new blog to this one subject.

Labels:

11:46 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#23) Infected CDs Sony DRM rootkit code (#23) Infected CDs

A partial list of CDs infected by the Sony DRM rootkit code:

XCP PROTECTED CDS
Trey Anastasio - Shine
Celine Dion - On ne Change Pas
Neil Diamond - 12 Songs
Our Lady Peace - Healthy in Paranoid Times
Chris Botti - To Love Again
Van Zant - Get Right with the Man
Switchfoot - Nothing is Sound
The Coral - The Invisible Invasion
Acceptance - Phantoms
Susie Suh - Susie Suh
Amerie - Touch
Life of Agony - Broken Valley
Horace Silver Quintet - Silver's Blue
Gerry Mulligan - Jeru
Dexter Gordon - Manhattan Symphonie
The Bad Plus - Suspicious Activity
The Dead 60s - The Dead 60s
Dion - The Essential Dion
Natasha Bedingfield - Unwritten
Ricky Martin - Life

Labels:

10:26 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#22) EULA (#3) Sony DRM rootkit code (#22) EULA (#3)

Ray Nimmer has a new blog out: http://www.ipinfoblog.com/. I first met Ray about 15 years ago at a Computer Law Association meeting. The joke was that he was constantly asked if he was "The Nimmer" (of "Nimmer on Copyrights" fame, originator of the definitive trestise on copyright law). His response was that he was "the Other Nimmer". Even then, he had already published a book on IP issues and was well known and respected in the computer law area.

In any case, in this new blog, he has an entry titled: "Shrink-wraps are enforceable contracts" in which he argues very strongly that shrinkwrap and clickwrap licenses, like the Sony EULA, are enforceable.

Labels:

9:53 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sunday, November 06, 2005

Sony DRM rootkit code (#21) EULA (#2) Sony DRM rootkit code (#21) EULA (#2)

In a previous post, I discussed some of the elements in the Sony End User License Agreement (EULA) that comes with its music CDs. Note the following in the EULA:
Before you can play the audio files on YOUR COMPUTER or create and/or transfer the DIGITAL CONTENT to YOUR COMPUTER, you will need to review and agree to be bound by an end user license agreement or “EULA”, the terms and conditions of which are set forth below. Once you have read these terms and conditions, you will be asked whether or not you agree to be bound by them. Click “AGREE” if you agree to be bound. Click “DISAGREE” if you do not agree to be bound. Please keep in mind, however, that if you do not agree to be bound by these terms and conditions, you will not be able to utilize the audio files or the DIGITAL CONTENT on YOUR COMPUTER.

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER.
So, what happens if you “DISAGREE”? Well, I went on a couple of web sites to look at return policies for music CDs. Amazon's refund policy provides that:
Items that do not meet our returns guidelines will receive only partial refunds:
* Any CD, DVD, VHS tape, software, video game, cassette tape, or vinyl record that has been opened (taken out of its plastic wrap): 50% of item's price.
Best Buy is worse. Its refund policy is:
Nonreturnable Items
These items include labor and/or installation services; consumable items such as phone cards, gift cards, food and drink; or items that are damaged or abused. Opened computer software, movies, music and video games can be exchanged for the identical item but cannot be returned for a refund.
So, if you buy a CD at Amazon and promtly find that it contains the DRM rootkit software, you can get half your money back. But regardless of how fast you discover it if you bought the CD at Best Buy (online or in a store), you are SOL.

But you are not out of options. You can sue Sony. Remember, the EULA was declined, so Sony is stuck with the normal warranties of fitness, merchantability, etc., which the CD arguably breaches.

More interestingly though, given that these major CD retail vendors return half (Amazon) or none (Best Buy) of your money if you decline, that lost money had to have bought something. In the case of Best Buy, a good argument can be made that you purchased the contents of the CD with it. Then what about the EULA? Two things. First, if all the money went to buying the contents of the CD, then you aren't receiving any consideration for your agreeing to the EULA. A contract not supported by consideration is void. Secondly, it is what is called an "after acquired terms" under the Uniform Commercial Code (UCC) II (Sales). This is the "Battle of the Forms" that merchants engage in. But they are not applicable to retail customers. Again, then, the EULA is arguably invalid. Alternatively, you could argue that the contract is one of adhesion, since getting half or none of your money back is not a realistic alternative.

Unfortunately, these same arguments have been made for awhile with software shrinkwrap agreements, and recently, they have been losing. Nevertheless, looking at the totality of the transactions (that you don't get your money back if you decline the EULA), a court is going to have to close its eyes to reality in order to enforce the EULA.

Labels:

6:45 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#20) Reviews Sony DRM rootkit code (#20) Reviews

Mark Russinovich found the Sony DRM rootkit after it was installed from a CD titled "Get Right with the Man" by Van Zant. As a result of his article in his blog, the music buying public has pummeled the CD in reviews on Amazon.com. Currently, it carries a one star rating (Amazon's lowest) almost entirely because of the DRM rootkit software. At last count, there were over 140 reviews, all negative, except for the first couple who reviewed the CD on its musical merits alone.

I do feel sorry for Van Zant, because this was not of their doing. Nevertheless, this appears to be spreading to other Sony CDs. None of those reviewers who panned the CD because of the DRM rootkit software expect to buy Sony CDs in the near future - at least not until Sony cleans up this mess. The questions though are how wide spread will the damage be to the company, and if it will die down in the near future? If not, then Sony's music business could take a big hit over this.

Labels:

6:32 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#19) EULA Sony DRM rootkit code (#19) EULA

The End User License Agreement (EULA) on Mark Russinovich's Sony BMG music CD stated that:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
Note that the EULA does not mention that the small proprietary software program is a rootkit, that it implements system call hooking of kernel APIs, that it actively scans running processes regardless of whether or not a CD is loaded, or that it transmits play information to Sony. It also does not mention that it is extremely difficult to uninstall.
Article 5. EXCLUSION OF WARRANTIES

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOU ARE INSTALLING AND USING THE LICENSED MATERIALS AT YOUR OWN SOLE RISK. THE LICENSED MATERIALS ARE PROVIDED “AS IS” AND WITHOUT WARRANTY, TERM OR CONDITION OF ANY KIND, AND SONY BMG, ITS LICENSORS AND EACH OF THEIR LICENSEES, AFFILIATES AND AUTHORIZED REPRESENTATIVES (EACH, A “SONY BMG PARTY”) EXPRESSLY DISCLAIM ALL WARRANTIES, TERMS OR CONDITIONS. EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT AND FITNESS FOR A GENERAL OR PARTICULAR PURPOSE. ... SHOULD THE LICENSED MATERIALS PROVE TO BE DEFECTIVE, YOU (AND NOT THE SONY BMG PARTY CONCERNED) AGREE TO ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIRS OR CORRECTIONS...
This simply says that it doesn't matter what Sony did, it doesn't violate any warranties. Merchantability and Quality are especially relevant here, as the Sony DRM arguably would violate both.
Article 6. LIMITATION OF LIABILITY

NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO, THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED EQUIPMENT, DOWN TIME AND USER’S TIME), EVEN IF THE SONY BMG PARTY CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES, COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO FIVE US DOLLARS (US $5.00)...
Don't bother suing Sony, because you won't get any damages, or if you do, they will be limited to $5.00 (less than half the retail value of the CDs).
Article 9. EXPIRATION AND TERMINATION

1. The rights granted to you hereunder to use the DIGITAL CONTENT are conditioned upon your continued possession of, and your continued right under a license from SONY BMG to use, the original CD product that you purchased. In the event that you no longer possess or have the right under such license to use the original CD product, your rights hereunder to use the DIGITAL CONTENT shall expire immediately, without notice from SONY BMG.

2. Without prejudice to any other rights SONY BMG or any SONY BMG PARTY may have hereunder, the term of this EULA shall terminate immediately, without notice from SONY BMG, and all rights you may have hereunder to use the LICENSED MATERIALS shall be immediately revoked, in the event that you: (i) fail to comply with any provision of this EULA, (ii) fail to install an update of the SOFTWARE that was previously provided to you by the SONY BMG PARTIES within the time specified, or (iii) file a voluntary petition or are subject to an involuntary petition under applicable bankruptcy laws, are declared insolvent, make an assignment for the benefit of creditors, or are served with a writ of attachment , writ of execution, garnishment or other legal process pertaining to any of your assets or property.

3. Upon the expiration or termination of this EULA, you shall immediately remove all of the LICENSED MATERIALS from your personal computer system and delete or destroy them, along with any related documentation (and any copies thereof) that you may have received or otherwise may possess....
Note a couple of things here. The EULA terminates when you get rid of the CD. No problem. But then you have to remove the software. Not so easy. Sony hasn't bothered to include an uninstall facility. Indeed, it hides itself from the system and doesn't bother to register with Windows so you can remove it via the normal Add/Remove Program control panel. Instead, you have to provide Sony a bunch of information before it will tell you how to uninstall the software - and better not try it yourself. Mark's CD drive disappeared when he tried it, and he is an expert. Most of aren't. Finally:
Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY

1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS (STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS.

2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY WAY TO THIS EULA OR THE SOFTWARE.
This means that if you sue, you have to do it in New York and can't get a jury trial. At least they didn't try to force arbitration.

All is not lost though. Most of this will be thrown out in many states. In Colorado, for example, an attempt to move venue is void in consumer transactions.

Additionally, my view is that it may be possible to attack (and presumably eliminate) the EULA through lack of actual consent, that it is an adhesion (or forced) contract, or that it fraudulently misleads as to the conduct of the DRM code.

Labels:

12:40 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#18) Hacking Sony DRM rootkit code (#18) Hacking

At The Register is an article titled "World of Warcraft hackers using Sony BMG rootkit" by SecurityFocus. It starts out by asking: "Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD."

Apparently, World of Warcraft hackers are starting to use the Sony DRM rootkit to subvert the game's "Warden" security monitor. They just insert a Sony CD, let the software automatically install, and rename their favorite hacking tools to have names starting with "$sys$". Warden is then unable to detect them.

It sure didn't take long for the hackers to start exploiting the Sony DRM rootkit.

Labels:

12:28 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Saturday, November 05, 2005

Sony DRM rootkit code (#17) Blacklist Sony DRM rootkit code (#17) Blacklist

Some other commentors to Mark's recent blog entry: "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home" point out something else (from Matti Nikki):
Ohyea, another thing. This DRM system uses a blacklist to filter out what applications can and what can't read the CD. So, this doesn't protect the CD, but rather intends to break the listed software. To verify, use your hexeditor and you can locate the following list yourself:
http://hack.fi/~muzzy/sony-drm-magic-list.txt

If you want a more concrete proof, try to rename your favourite ripping software as $sys$whatever.exe and then run it again. You'll notice that the DRM system can no longer detect it, and thus you'll get good copy of the track you try to rip instead of one filled with noise.
and from Brad Green:
Thats just hilarious. I think everyone should simply not worry about removing the rootkit, as this is too difficult, and then just do at Matti says, and use the rootkit to make your favorite ripping tool immune to the DRM. On second thought, is their software breaking the DMCA? It provides a method to bypass copyright protection that they install? Hmm...
Note if you haven't been following this - the Sony cloaking software hides all programs and registry entries starting with "$sys$" - apparently, including from itself.

Labels:

5:21 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#16) System Call Hooking Sony DRM rootkit code (#16) System Call Hooking

The posters to Mark Russinovich's recent blog entry: "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home" have managed to use the Sony DRM code to break Windows systems by exploiting the vulernerabilities inherant in system call hooking.

In particular, if you rename the Sony drivers, then start the original, followed by the copy, then stop the original, followed by the copy, Windows systems fail. Why? Because when they load they do system call hooking, inserting themselves between the system call table and the driver that should be called for that API. But when you do it twice, each driver inserts itself at the top. So you have:
Table->module0 (original module)
Table->module1->module0
Table->module2->module1->module0
But when you unload them in FIFO order (module1, module2), instead of LIFO order (module2, module1), it doesn't get cleaned up properly. When module2 is unloading, it restores the contents of the system call table to what it was when it loaded (module1), but module1 had already been unloaded. The table entry now points at the address where module1 was - but no longer is. Boom.

Labels:

4:55 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#15) Sony FAQ Sony DRM rootkit code (#15) Sony FAQ

Following is from the Sony BMG FAQ:
6. I have heard that the protection software is really malware/spyware. Could this be true?

Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.

If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components.

Our technology vendors are constantly looking to improve the product as well as respond to any critical software issues found. Please check here for upgrades to address any known issues
Seems somewhat clueless to me. For example:
The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system.
Inactive? It seems like scanning all running processes every two seconds and querying for information about their executables (regardless of whether or not a CD is in the drive) is not "inactive". Sony may not be collecting the information that it receives automatically from sites playing its CDs, but it sure apparently receives such.
1. What computer access rights do I need to use this disc on Windows?

You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you.

On Windows XP Home Edition system you will need Administrator rights (typically the default setting) as well, not User rights.
In short, you need Administrator privileges to install the Sony software. This is obvious from what it does, hiding files and registry entries, and installing system call hooks. Not the mark of benign software.

Labels:

4:36 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#14) 64 bit Sony DRM rootkit code (#14) 64 bit

Following was from geek27:
NOT GOOD FOR 64bit USERS, October 9, 2005 Reviewer: tvideo (NJ, USA) - See all my reviews
Since, I don't care about stealing any music, the "Copy Protected" warning didn't bother me in the least. I am a Hardcore gamer I have a high end 64bit PC running Windows XP Pro. The CD claims it is compatible with Windows XP, it does NOT specify which versions so I assumed I was OK.

I installed this CD and I was forced to accept some agreement and then it installed some lousy music player. Everything seemed fine until next time I rebooted my PC both my DVD and CD drives had literally disappeared! That's right this so-called copy protection destroyed access to my drives!!! The copy protection REALLY works great they just disable all your CD/DVD drives so you can't use them with ANY discs anymore - UNBELIEVABLE!!!
Looks to orignally be from an Amazon review by "tvideo". We had heard rumors about 64 bit problems, and this seems to corroborate such.

Labels:

4:12 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#13) Sony DRM rootkit code (#13)

Mark Russinovich has an update to his original post titled: "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home". He first goes through the hoops that Sony puts you through to partially uninstall their DRM code. It turns out that all it does is to uncloak it, and installs 3.5 mb worth of updated DRM drivers. Again, no mention is made of any of this in the Sony EULA. It apparently attempts to act like a normal driver/program install, with an entry for MediaJam showing up in the Add/Remove Program control panel. However, to no one's surprise, it doesn't work. Somewhere along the way, it executes:
net stop “network control manager”
Where “Network Control Manager” is the misleading name the developers assigned to the Aries driver so the command directs the Windows I/O system to unload the driver from memory. However, since the drivers utilize system call hooking, stopping the cloaking this way apparently opens a system to the small possibility of a crash.

Then comes the point that is interesting to me. Earlier posters had suggested that the Sony code connected to Sony. In otherwords, that we had some spyware here. This was vehemently denied by Sony. Mark confirmed that it indeed was going on. When you play a Sony CD, the drivers connect to a Sony site to tell them that. Mark says:
It appears the Player is automatically checking to see if there are updates for the album art and lyrics for the album it’s displaying. This behavior would be welcome under most circumstances, but is not mentioned in the EULA, is refuted by Sony, and is not configurable in any way.
It still looks like spyware to me.

Update#1 - comment by xcp_support:
In responding to the specific comments in this blog we set out the following comments which I hope clears things up.

1) Blog: "The Player is automatically checking to see if there are updates for the album art and lyrics for the album it’s displaying. This behavior would be welcome under most circumstances, but is not mentioned in the EULA, is refuted by Sony, and not configurable in any way. I doubt Sony is doing anything with the data, but with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it."

Answer: The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities.

2) Blog: "The download of what should be a small patch is around 3.5 MB because it includes updated filters for the DRM software that the patch also installs (again, no mention of this is made in the download description)."

Answer: In addition to removing the cloaking, Service Pack 2 includes all fixes from the earlier Service Pack 1 update. In order to ensure a secure installation, Service Pack 2 includes the newest version of all DRM components, hence the large file size for the patch. We have updated the language on our web site to be clearer on this point.

3) Blog: He states that the patch installs something called MediaJam which he was not expecting and could not uninstall.

Answer: Service Pack 2 does not install the MediaJam player on the user's hard drive. The only MediaJam related file installed on the user's drive is a standard Windows file (unicows.dll) used to support multiple languages. When this standard Windows file is installed by Service Pack 2, it creates a MediaJam group in the Add or Remove Programs list -- even though no MediaJam player is installed. Attempting to 'uninstall' this program results in a dialog box which confirms that this program had never been installed in the first place.

4) Blog: He claims that the patch itself could cause a blue-screen, although he says the risk is small.

Answer: This is pure conjecture. F4I is using standard Windows commands (net stop) to stop their driver. Nothing more.

5) Blog: As part of the uninstall process he notes that "clicking on the Sony privacy policy link at the bottom of the page takes you to a notice that your email address will be added to various Sony marketing lists."

Answer: An email address is required in order to send the consumer the uninstall utility. The wording on the web site is the standard Sony BMG corporate privacy policy that is put on all Sony web sites. Sony BMG does nothing with the customer service data (email addresses) other than use them to respond to the consumer.

Labels: ,

3:50 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Friday, November 04, 2005

Sony DRM rootkit code (#12) more links Sony DRM rootkit code (#12) more links

Some more links:

Schneier on Security: "Sony Secretly Installs Rootkit on Computers"

Brian Krebs on Computer Security at washingtonpost.com > Technology: "Sony Raids Hacker Playbook"

F-Secure Antivirus Research Team: "A chilling though about CDs that have rootkit DRM" (Nov. 4 @ 08:13 GMT); "Sony releases update for DRM software" (Nov. 3 @ 09:47 GMT); 'The "Sony rootkit" case' (Nov. 1 @ 11:25 GMT)

washingtonpost.com > Technology > Special Reports > Cyber-Security: "Study of Sony Anti-Piracy Software Triggers Uproar:
File-Hiding Technique Alarms Security Researchers; Developer Offers Patch
" by Brian Krebs.

BBC News: "Sony is in trouble but we might be the ones who lose out in the end, says technology commentator Bill Thompson."

FOXNews.com: "Sony BMG Hacking Into CD Buyers' Computers" and "Sony BMG Releasing Rootkit-Revealing Patch".

The Inquirer: "Sony DRM is worse than you might think"

Labels:

9:31 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Meth Meth

Around six in the morning, I got a call from a good friend telling me that her son-in-law died last night. He was estranged from her daughter, and the divorce was pending.

The son-in-law got involved in meth maybe two years ago. It ruined their marriage, and now took his life. He is survived by his wife and two pre-school boys.

Labels:

9:19 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Golden capital burned last night Golden capital burned last night

Last night, the building in which the Colo. territorial legislature met in the 1860s burned in Golden. I had walked by it maybe fifteen minutes before the fire broke out. I heard sirens and helicopters a little later, but ignored them, as I was involved in a book at the time. A little later, I was walking (again) and wondered why the entire Golden police department was blocking off Wash. Street in downtown Golden. Upon further investigation, I saw three large ladder trucks in position on three sides of the building, along with that many pumpers. Some of the fire units were from other fire districts, including one ladder truck from West Metro.

You couldn't get very close to the building last night. The police were keeping everyone except TV crews about a block away. But it looked like all the windows on the 2nd floor had been broken out, as well as some of the top of the wall in the back. Later I heard that they had about a foot of water on that floor.

The interesting question is whether they will be able to rebuild. This building is on the national registery (well, it did house the capital at one point some 140 years ago). But the brick is apparently very soft, so it is not clear what will happen to it.

This morning, all the Denver TV stations had TV trucks and crews there. I got to watch a Fox 2 newsman interview someone from the Buffalo Rose bar across the street who saw the start of the fire. Also, the fire investigators had just arrived. In any case, at one point, I counted five TV trucks with their satellite booms extended up above the two story buildings along Wash. street, with several more with them unextended. That was my excitement for the morning - though it would have been fun to get interviewed.

9:07 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#11) Sony DRM rootkit code (#11)

John W. Suthers
Attorney General
State of Colorado

Dear Sir:

This is to request that your office investigate the business practices of Sony and its various music subsidiaries in their sale of compact disks (CDs) containing computer code that intentionally harms the computers on which it is installed. The code was apparently designed to enforce Digital Rights Management (DRM), but goes well beyond that. It appears that many, if not most, music CDs being sold today by Sony subsidiaries that are marked as having "copy protection" include this malware, which Windows systems computers automatically try to install whenever they first detect such CDs.

Last week, the installation of this code was detected by operating systems expert Mark Russinovich and documented in his blog as: "Sony, Rootkits and Digital Rights Management Gone Too Far". Subsidiary information can be found on my own blog: http://bhayden.blogspot.com/

Apparently, the Sony code is automatically installed with the Windows autorun feature. It loads a couple of drivers and then crudely hides them and all the associated registry entries (which is why Mark calls this a root kit). In addition to checking to see if a user can legally play any subsequent CD loaded in his CD drive, the code also scans all running programs every two seconds, querying information about the executables for such each time, regardless of whether or not a CD is currently loaded in the CD drive. Also, in loading and registering these programs, the Sony code installs some system call hooks to link some of its routines into the Windows kernel. Both the crude hiding of the DRM code and the system call hooking introduce serious systems stability and security problems into the computers in which the software is installed. Indeed, there is evidence that the hacking community is already starting to exploit both.

The problem is that this software is little different from the "spyware" that has become so prevelant, except that it is delivered via CD instead of over the Internet. In an older version of Sony's End User Licensing Agreement (EULA), no mention whatsoever is made of the code. In the latest version, instead of describing what the code actually does and how it affects computers in which it is installed, Sony instead prohibits disassembly and the like of the code - and appears to be threatening to use this against anyone who tries to detect and uninstall its code. This EULA does state that if you don't like the code, it can be uninstalled, but then doesn't supply uninstall code. Then, the uninstall code that you can download from its site merely removes the crude cloaking, leaving the code that scans all running processes every two seconds and the system call hooks in place.

The Sony malware arguably violates the CO Consumer Protection Act, notably C.R.S. 6-1-105(u), as well as numerous federal statutes, including the Digital Millennium Copyright Act (DMCA) and the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT). Also, Sony may be liable under theories of common law trespass to chattels, consumer fraud, negligence, and computer tampering.

The reason that I am referring this to your office is that Sony is one of the biggest sellers of music in this country. Without intervention, it is likely that probably hundreds of thousands of Sony CDs containing this DRM malware will be purchased by tens of thousands of Colorado residents and installed on tens of thousands of Colorado computers over the next year.

Already, some California attorneys are looking for class plaintiffs for class action suits against Sony over this. While this crude weapon would presumably work in the long run to get Sony to change its actions, my view is that typically the attorneys involved benefit most from this type of lawsuit. I believe that action by the Colorado Attorney General's office, as well as by other Attorneys General, would much better serve the music buying public.

Thank you for your consideration of this matter.
Bruce E. Hayden
Dillon, Colorado

Labels:

7:14 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Thursday, November 03, 2005

Sony DRM rootkit code (#10) Security Sony DRM rootkit code (#10) Security

A number of posters have talked about the fact that it takes "Administrator" privileges in order to install the Sony DRM root kit code. This is, in particular, true since that code conceils the Sony code, directories, registry entries, etc. and it installs code that inserts system call hooks. The obvious solution then is to run as a user under "User" instead of "Administrative" level privileges.

Theoretically, this is a legitimate suggestion. However, I would suggest that the vast majority of P.C. users don't understand multiple users and privilege levels. Rather, Windows XP Home Edition comes with one user ("Owner") configured as an Administrator. Most users never change this. Thus, they run, day in and day out, as "Owner" with "Administrator" privileges.

Labels:

11:15 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Wednesday, November 02, 2005

Sony DRM rootkit code (#9) System Call Hooking Sony DRM rootkit code (#9) System Call Hooking

I hate when I have to rekey something this long because blogger timed out, but... This is going to be fairly long and technical. I should note that while I have significant expertise in operating systems (OS), most of it was in older OS's than Microsoft Windows, and in particular, Windows NT, and progeny: 2000 (2K)and XP.

Let's start with virtual memory. Computer programs need two things to execute: control of a processor, and a program loaded in physical memory. But from the first, programs that need to be run have exceeded the physical memory available. This is a moving target, with program sizes growing as fast as, if not faster than, physical memories. The most successful solution to this problem is "virtual memory". Programs are allocated a (large) chunk of disk space. Fixed sized pages of a program correspond to similar sized pages on disk. This is the virtual memory image of the program. Then, when the program needs a page from its virtual memory, a page from physical memory is allocated, and the appropriate page from disk is loaded into the physical memory page. Later, the phsical memory page may be allocated to another virtual page for another program, in which case, the contents are rolled back to disk (if necessary), before the new contents are loaded there. The result is a much larger address space than is possible with phsyical memory. Indeed, it allows me to run the same OS (Win2K) on computers with physical memory ranging from 32mb to 768mb.

On to the kernel. At a minimum, the kernel is the part of the OS that needs to always be present in physical memory in order for a computer to run. At a minimum, it includes first level interrupt code, the cpu dispatcher, and memory management - all necessary to make virtual memory work. It also often includes other high security, high usage routines. Note though, that the kernel is locked into physical memory - it does not use virtual memory, but rather is necessary to implement it.

On to binding. One essential of computer programming is the concept of subroutines. A program enters a subroutine, which does some work, and then returns to the original program. The subroutine may, and ususally does, call or invoke other subroutines. OS functions in modern OS's are also typically invoked as subroutines. Binding is the determination of where subroutines are located so that they can be called. Older OS's bound their subroutines at link/edit time, requiring relinking when any changes are made. Modern OS's utilize tables of addresses to indirectly access subroutines or functions. This provides a lot more flexibility, since, instead of directly calling the routine at address 80402020, the routine at table entry #43 (that contains 80402020) can be invoked instead. Then, at the next boot, the routine may move to 80604020. But that is transparent to other routines, since they would still access it through table entry #43.

Microsoft Windows has a table of kernal routines or APIs called the "system service table". Each kernal routine has an entry in that table, and access is made by specifying its entry number in the table. The Sony DRM root kit replaces several of the entries in the system service table with addresses of Sony routines.

Note the first problem with this. The Sony routines are not located in the kernel. Thus, they are subject to virtual memory swap. And if they swap out, something else is likely to be loaded into physical memory at the location specified by those system service table entries overwritten by the Sony code. If another program is loaded there, it will be executed instead. And if it contains data or garbage, the results are liable to be even more bizarre when the APIs corresponding to those overwritten system service table entries are invoked.

Secondly, Microsoft enforces kernel security through a number of security measures. One of them is to checksum kernel routines when loaded at boot time, and check that those checksums match their expected values. This is missing for the Sony routines, since they don't reside in the kernel (and weren't written by Microsoft). They are thus significantly more vulnerable to being overwritten, linked to, etc. than the corresponding MSFT runctions. And note that any routines that utilize this security hole would execute in kernel mode, allowing almost unfettered access to the computer.

Thus, the Sony DRM root kit is likely to reduce both security and stability of Windows sytems.

Labels:

9:09 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#8) Sony DRM rootkit code (#8)

BNA's Internet Law News (ILN) - 11/2/2005 (today) linked to an article on CNET news titled "Sony CD protection sparks security concerns". Given their reputation, I would have expected a more critical analysis of the original article by Mark Russinovich. This article essentially said that the Sony DRM root kit code posed no real danger to systems, nor did it cost anything besides a little memory (cheap these days). This ignores Mark's points about system call hooking vulnerabilities and the overhead of scanning the executables of all the executing processes every two seconds. It also failed to mention that all files, regardless of source, starting with $SYS$ are hidden by the code.

Labels:

8:56 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#7) Sony DRM rootkit code (#7)

The Sony DRM root kit thing was picked up by Clicked at MSNBC online in an article entitled: "Running from the beat of a different DRM". And that article links to an article entitled "DRM Crippled CD: A bizarre tale in 4 parts" at The Big Picture Blog. And that is where things got interesting.

According to The Big Picture, the DRM stuff started as a fight between Sony and Apple. It seems that Sony doesn't like the fact that there are a lot of people ripping songs off of its CDs and downloading them to their iPods, and, maybe even worse, bypassing that to buy just the single songs from Apple's iTunes site. And hence the ever stranger tale told there in four parts. By the end of it, through the installation of the DRM root kit code among other things on Windows machines, Sony is pushing its recording fans from Windows based computers to Macs made by, of course, arch-enemy Apple. Weird. Sony indirectly pushing Macs as a reaction to iPods and iTunes, all from Apple.

Labels:

3:12 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Colo. Referenda Colo. Referenda

About a decade ago, Colorado voters passed the Tax Payers Bill of Rights (TABOR) amendment to the constitution. It set strict spending limits on govt. and mandated that excess tax revenues be returned to the voters, unless approved by the voters. Then, a couple of years later, they passed Amdt. 23, which locked in K-12 spending increases, regardless of tax revenues. Fine during the 1990s boom, but the combination caused problems with the bust that followed. Since then, everything else in the budget has been squeezed.

Yesterday, there were two connected referenda on the ballot. Referendum C would let the govt. keep any refunds for the next 5 years. Ref. D allowed the state to borrow money for a number of things, most notably roads, and pay such borrowing back from those unpaid refunds.

It was a vicious campaign on both sides. But in the end, Ref. C won and Ref. D lost. I had tried to do a vote swap with my father for just that combination. I strenuously objected to D because the borrowed money would have to be paid back even in an economic downturn, but didn't mind C nearly as much becuse in such a downturn, the C refunds would dry up and become moot. The Colo. voters agreed with me there, showing a lot more intelligence and discretion than they are usually given credit for.

Labels:

2:34 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Tuesday, November 01, 2005

Sony DRM rootkit code (#6) Trespass to Chattels Sony DRM rootkit code (#6) Trespass to Chattels

One of the legal theories or causes of action that looks promising for anyone suing Sony, et al. for their installation of the DRM root kit code is trespass to chattels. Wikipedia defines Trespass to chattels as:
Trespass to chattels is a tort whereby the infringing party has intentionally (or in Australia negligently) interfered with another person's lawful possession of a chattel. The interference can be any physical contact with the chattel in a quantifiable way, or any dispossession of the chattel (whether by taking it, destroying it, or barring the owner's access to it). As with all intentional torts, it is "actionable per se" so no proof of damage is required.

The origin of the concept comes from the original writ of trespass de bonis asportatis. As in most other forms of trespass, remedy can only be obtained once it is proven that there was direct interference regardless of damage being done, and the infringing party has failed to disprove either negligence or intent.

In some common law countries like the United States and Canada, a remedy for trespass to chattels can only be obtained if the direct interference was sufficiently substantial to amount to dispossession, or alternatively where there had been an injury proximately related to the chattel. (See Restatement (Second) of Torts, 1965.)

Damages from a trespass claim are limited to the actual harm sustained by the plaintiff (which can include economic loss consequent on the trespass - e.g. loss of profit on a damaged chattel). In cases of dispossession, the plaintiff is always entitled to damages if they can prove the dispossession occurred, even if no quantifiable harm can be proven.

Chattels are tangible personal property. Trespass to chattel is then primarily borrowing or utilizing chattels of another without permission. When I was in law school, this was one of those archaic torts that you have to learn about, but never expect to see, since damages are traditionally based on the actual harm done the owner of the chattel by the party trespassing thereof. Thus, if someone steals your bike, you can sue them, but if they don't harm the bike, you probably aren't going to get any damages. But a recent case, Sotelo v. DirectRevenue LLC, No. 05 C 2562 (ND Ill. Aug. 29, 2005), may have changed that.

In Sotelo, the plaintiff sued the defendant for installing spyware on his computer. One of his causes of action (or legal theories) was trespass to chattels. The defendant moved for summary judgement on this claim, and the Court denied. It found sufficient basis for such a claim to allow the case to go forward. Some comments on the case can be found in an article in USA Today by Eric Sinrod, Eric Goldman's Technology & Marketing Law Blog, and an article in freerepublic.com by Ernest_at_the_Beach. Goldman points out that:
The court explains a little more about what constitutes "causing harm" by noting that the plaintiffs allege that spyware:

1) causes significant and cumulative injury to computers
2) interferes with the computer usage
3) slows down the computer
4) uses bandwidth
5) increases "Internet use charges"
6) depletes a computer's memory
7) uses pixels/screen space on monitors [this one is pretty silly]
8) requires more energy because slowed computers must be on longer [also pretty silly]
9) reduces user productivity
10) increases user frustration

In the case of the Sony DRM root kit code, an argument can be made that ##1, 2, 3, 6, 8, 9, and 10 are potentially applicable.

Labels:

8:44 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#5) Sony DRM rootkit code (#5)

Legal Buff / ReynenStarfyre on the comment thread at Mark's Sysinternals Blog posts some interesting theories:
This action violates many local and international laws. Lets look at some of the ones mentioned.

DMCA anyone? Whos's the one NOW circumventing security? Wouldn't be grand if the DMCA was used AGAINST the RIAA and associated for the very same thing they are sueing other people for?

By sony installing rootkits they are effectly bypassing any security put in place and IF someone uninstalls it, they can completely screw up their computer.

I know someone in fact has installed this on a government computer that has TIGHT security. How do you think they will feel knowing SONY has willingly put on and changed a ROOTKIT.

Great news for computer repair's across the country. Is SONY going to pick up the tab because THEIR DRM software screwed up the computer?

Also if buy a CD and it doesnt work, fraud anyone? It's very clear if you buy something and it doesnt work, you are entitled to get your money back else it IS considered fraud regardless of any EULAs or store rules.

What is really ironic, I know a senators child who just happened to buy a number of SONY cd's with the DRM. Won't it be interesting when they install it on DADDY's computer.

SONY did you consider what happens when you piss of a senator? You think he is going to be happy to find out out about, and heaven forbid his kid try and remove it. Then he'll REALLY be mad.

-----------------------------------

This software will be considered spyware under the ASC definition,

The ASC's most recent definition of spyware is:

Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

* Material changes that affect their user experience, privacy, or system security;

* Use of their system resources, including what programs are installed on their computers; and/or
* Collection, use, and distribution of their personal or other sensitive information. - thank you Mellisa

-----------------------------------

"The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, makes spyware illegal, but it is unclear if the SPY ACT defines spyware the same way as the ASC.... " - thank you Mellisa

-----------------------------------

INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.

California Business & Protections Code Section 22947.3, Paragraph C:

A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
...
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.

- Thank you Erik

-----------------------------------

Computer Misuse Act - UK

Ever think of this one? It may be old but it's broad, however it does cover what is mentioned that they do.

-----------------------------------

Even if they changed the EULA, it's been proven that the DMCA OVERULES THEM. After all the RIAA has used the DMCA to overrule EULA's before theyby setting a precendence for others to use against them AND thier associates.

I love how they shoot themselves in the foot.

Also as previously stated the rootkit and can used by other programs to future exploit the system. So SONY has thereby placed a method to where others can hack the machine.

-----------------------------------

I look forward to a class action suit. If nothing else, bad publicity will hurt them more then anything.

Remember the embarassing bypass with a marker anyone?

Labels:

8:28 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#4) Sony DRM rootkit code (#4)

A recent post to cyberia-l by Drew Lehman discusses the DRM root kit code:
This was sent to a list for a user group I run. Seems this is the talk of the town everywhere.

After further reading at XCP1 Burn Protect - F4i XCP Aurora , it seems that the prerelease material refers to copies for internal use at the studios and should not be distributed publicly anyway. So, Universal, Warner & EMI are well within their rights to put this stuff on CDs that should only ever be run on their own systems.

*Where is XCP being used?*

XCP1 and XCP Red technology is being used by all four of the major Record Labels for the protection of pre release music on internal CDRs. Albums from some of the best known artists have been successfully copy protected in this way to reduce the occurrence of leaks prior to release.

*The Financial Cost Of Pre Release Leaks*

Record Labels regularly suffer the financial consequences of leaked pre release music when internal or promotional CDRs are wrongfully copied and distributed prior to the commercial release date. Many Record Labels are now analysing the effect on sales of new release album sales. Not surprisingly those albums that are successfully protected prior to commercial release achieve significantly higher sales revenue in the first two weeks than those that are not.

It appears that only Sony has taken the slimy dishonest and, most likely, illegal route of allowing this to be installed on their customers' systems. At least so far. The others were probably waiting in the wings to see how far Sony got and whether they would be caught. I wouldn't be surprised if they all agreed to underwrite Sony's legal defense, in return for Sony playing the role of the test rabbit.

So according to this, originally the DRM root kit code was developed to prevent illegal distribution of pre-release music. It appears that other music companies, including Universal Music Group, Warner Music Group, and EMI are still utilizing it for that purpose. Only Sony has apparently started shipping it with publically released music.

Labels:

8:19 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#3) Sony DRM rootkit code (#3)

Last night on cyberia-l, I suggested a class action suit against Sony for the damage done by the installation of their DRM root kit code. Someone asked for potential causes of action (i.e. legal theories). Carol Ruth Shepherd of Arborlaw Associates PLLC suggested the following:
You would have most of the same causes of action alleged in the Sotelo v DirectRevenue case in Chicago--trespass to chattels, consumer fraud, negligence and computer tampering.

Consumer fraud is almost always going to be claimed, under the various state "little FTC" laws, because in most states a violation of the consumer protection statute provides for attorneys' fees and in many cases also provides treble damages (Michigan is one such state). That starts making litigation look economically feasible.

Sotelo is a case about spyware companies gathering info to facilitate directed advertising, where the raison d'etre for the software is to generate third-party advertising revenue for the spyware distributor when the software beams personal browsing data back to the mother ship. That's definitely unjust enrichment in my book--hey, my data must be valuable, because people keep selling it and paying each other lots of money to buy it!!!

I think it will be interesting to see if the common-law right to privacy and right to publicity laws change--used to be, you had to make a living at your celebrity, to get compensation for unjust enrichment through the use of your "identity". So, Dustin Hoffman gets $100K for having his face photoshopped onto a billboard in L.A. that features a mature woman dressed up a la Tootsie. If legislatures pass legislation that removes the presumption that you have to be a celebrity to get paid for use of your identity for money, then a lot of us start getting micropayments...of course, this scenario destroys the entire data mining industry, which some people would consider to be a Bad Thing.

With regard to Sony--their "spyware" is DRM software, correct? They at least can claim this is a legitimate activity--protection of copyrighted material under the DMCA.

So here's the really interesting question: whether DMCA anti-circumvention law federally preempts the computer owner's right to (a) remove something installed without his permission on his own computer, (b) sue Sony for trespass to chattels, consumer fraud, negligence and/or computer tampering.

Greg Broiles asks:
I wonder if this is a violation of CA's new anti-spyware legislation, at CA Business & Professions Code section 22947 et seq, specifically
22947.4 ..

"22947.4. (a) A person or entity, who is not an authorized user, as defined in Section 22947.1, shall not do any of the following with regard to the computer of a consumer in this state:
(1) Induce an authorized user to install a software component onto the computer by intentionally misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content.
(2) Deceptively causing the copying and execution on the computer of a computer software component with the intent of causing an authorized user to use the component in a way that violates any other
provision of this section. [...]"

Labels:

8:09 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Sony DRM rootkit code (#2) Sony DRM rootkit code (#2)

Things are picking up a bit with the Sony Digital Rights Management (DRM) Root Kit code situation. Glenn Reynolds at Instapundit.com, one of the top blog sites, had a link to whizbangblog on the subject. Also, back on Mark's Sysinternals Blog, where I first saw this last night, one poster commenting there is already trolling for class action legal business:
We would be interested in speaking to any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme. You can contact us at gw@classcounsel.com.

Labels:

7:55 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Rove/Libby, et al. (#2) Rove/Libby, et al. (#2)

Last Friday, the special prosecutor came down with a five count indictment against Scooter Libby, VP Cheney's Chief of Staff. Libby immediately resigned, and was just as quickly replaced.

Interestingly, the five counts all involved Libby's actions during the investigation. There were no indictments concerning the original purpose of the investigation - the supposed leak of Valerie Plume's covert status at the CIA.

What appears to have happened is that some in the Administration started figuring things out with Wilson and Plame starting in May, 2003, before Wilson ever published his NYT article. It looks like a lot of people in the Administration knew that Wilson's wife was in the CIA and that she had recommended him for the Niger job even before his article. And Libby was among these people.

But at least some (3?) of the counts in the indictment come down to Tim Russert said this, and Libby said that, and the special prosecutor believing Russert and not Libby. He says, She says, often doesn't make for an easy prosecution for perjury, etc. Worse here, the claim is that the topic wasn't discussed between the two, based on what Russert said. That could as likely mean that Russert has forgotten. I am sure that prosecutor has more - but we haven't seen it yet.

Also, importantly, neither Karl Rove nor VP Cheney were indicted. Remember, Wilson was predicting that Rove would be frog marched out of the EOB in handcuffs. At present, this looks highly unlikely.

Nevertheless, Wilson was all over the liberal MSM TV channels last weekend, and even ended up on C-Span last night. Another 15 minutes of fame for the guy.

Labels:

10:24 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far

It appears that Sony, one of the biggest companies in the world, has potentially made a huge mistake legally. They are apparently installing Root Kit level Digitial Rights Management (DRM) software when people buy their music and try to play it on their computers. A Root Kit is defined by Wikipedia as: "...a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes." They then go on to describe two types of root kits, user level and kernel level. The Sony DRM code is kernel level. Among other things, it does Windows system call hooking - which means that it diverts certain system calls to its own ends. It also apparently runs every two seconds, querying about the executables for all the then running processes. It also fairly effectively hides itself by cloaking itself and hiding directories.

I should note that the author of the above cited article thinks that the system call hooking potentially opens up some timing windows in Windows. In other words, it is fairly crudely done and introduces potential instability into Windows systems in which the DRM software is installed.

Originally, the Sony End User Licensing Agreement (EULA) apparently didn't even mention the installation of the software. It was modified to do so last night. However, the modifications don't go nearly far enough, esp. when suggesting that you could uninstall the software if you didn't like it - despite not including uninstall software in the first place. Also, if you uninstall yourself, your CD player becomes inoperative.

Posters to that blog entry point out that the Sony DRM software more than likely violates the laws of numerous countries, and, here in the U.S., the laws of several states. Also, the company could be liable to its customers under any number of legal theories, including trespass to chattels (a case came down a week or so ago accepting this theory).

Labels:

10:02 AM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None