lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0A3742FC-C006-11D8-AEDD-000D93AF6C2E@pcsage.biz>
Date: Wed, 16 Jun 2004 22:28:38 -0400
From: PC Sage <swayze@...age.biz>
To: Dragos Ruiu <dr@....net>
Cc: bugtraq@...urityfocus.com
Subject: Re: Caveat Lector: Beastie Boys Evil


Typically, when an application is being installed in Mac OS X (assuming 
X?), if it requires system file modification it will require an 
administrative level password to continue. While it is true that I 
haven't purchased said malware, this is the usual case. If this 
'helpful drm software' is being installed AND does modify system files 
w/o requiring administrative level authorization this would smack of an 
exploit against OS X and perhaps should be outed to Apple? Remember the 
media that would break CDROM units that Mac users suffered through in 
recent memory? DRM, while it's the buzzword du jour, should not 
supplant content creators and suppliers due diligence when implementing 
their policies. I am, for one, appalled by the manner in which Capitol 
has reportedly acted in this respect. Thank-you for bringing this to my 
attention.

Regards,

Sean Swayze
swayze AT pcsage DOT biz
On 16-Jun-04, at 4:10 AM, Dragos Ruiu wrote:

> Well I truly regret actually purchasing a copy of the new Beastie Boys 
> album
> to support them.
>
> It seems that Capitol Records has some sort of new copy protection 
> system,
> that automatically, silently, installs "helpful" copy protection 
> software on
> MacOS and Windows as soon as you insert the CD into default systems.
> I'm not sure exactly what it does yet, but I am sure regreting actually
> purchasing said media now... they don't deserve my money if they choose
> to pull stupid stunts like this. Installing software without your 
> permission
> sounds like viral malware behaviour to me. I certainly hope the AV 
> companies
> put signatures into their products for this crap.
>
> They include some sort of uninstaller buried on there for Windows, but
> I see no such thing for MacOS. If anyone has disassembled the
> aforementioned malware already and can save us some time with
> instructions on how to remove it... thanks in advance.
>
> caveat emptor,
> --dr
>
> -- 
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Tokyo, Japan	Nov 11-12 2004  http://pacsec.jp
> pgpkey http://dragos.com/ kyxpgp
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ