lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri Nov 11 15:03:32 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: the "Sony/BMG" virus

Todd Towles wrote:

>How to use Sony cloaking
>
>1) Write standard virus/trojan
>2)  Trick poor person to run on computer (easy right?)
>3) Name it with $sys$
>4) It is now cloaked by the Sony DRM.
>
>Isn't too hard...you will see more and more, it won't be long before
>spyware is using it to hide as well. Is it good? No, any virus or
>spyware can have it's own rootkit hooks if they wanted. But if they use
>Sony, they can claim they weren't not trying to hide..."some other
>software" was hiding them. Botnet admins like smaller coded bot...no
>need to add any code...just a file renamed...man even a folder rename
>for that matter
>
>Thanks Sony...
>
>  
>
Sony needs to pay big for this.  I'll never buy a Sony/BMG item again... 
no apology is enough.

The way I see it, this is no different than a company orchestrating a 
mass breaking and entering on all of their customers.  This is like if 
Matag hid the Matag man* INSIDE the dish washer so that he could rummage 
through your home in the middle of the night.

There is no excuse for what they've done... and there needs to be a very 
real public acknowledgment and discussion about what to do about the 
RIAA/MPAA -- let's face facts; what Sony has done is not an isolated 
case.  This is only the logical conclusion in a string of damn near or 
should be criminal actions either committed or proposed by the big media 
names of the world.

They need to be reminded that the consumer base are not cattle to be 
used.  They exist to service us, not vice versa... and the base of 
corporate leadership which harbors the idea that we exist to supply them 
with money exclusively... the ethically challanged of our world if you 
will... must be purged from all positions of power, whatever the cost.

This is only a symptom of a greater problem.

             -bkfsec


* Only an example.  I have no intention of maligning Matag with it. 

p.s. Some people refuse to say that this is a malicious action on Sony's 
part.  Now I'm going to speak truth to the situation.  There is no 
mistake that this is a malicious act against their customers.  If it was 
not malicious, they would not have had to hide it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ