| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Nov 11 17:13:16 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: the "Sony/BMG" virus > I'm not sure what's more scary -- whether they have no idea > what the impact of a rootkit is or that they know what a > rootkit is and everything has been intentional and damage > control-based. In all honesty, I'm not sure how they could > have done what they did without the knowledge of how a > rootkit works. Which, in my mind, leaves only one option... The PHBs over at Sony have no idea what a rootkits is or what it can do, I know that. But you would guess the Sony programmers (if they even have programmers) know what is it and how it works, right? Umm, not sure. If you are a global billion dollar record company and you need DRM software for your record..you would go to a company that knows their stuff to make it for you. Fine, that is fair. So Sony uses First4Internet in the case of the XCP. Lets just pretend that First4Internet develops this root-kit hiding technology for the DRM and names the services in a way that could mislead the normal user. Would Sony just throw the software on millions of CD and ship them out without looking over the software first? I believe they WOULD HAVE to look over the software...as a step to protect their company from danger. With that in mind, they HAD to know what it does...perhaps they don't understand the security issues connected to it...but they will soon know about those all too well... > Very true, but to be honest... I hope that this triggers a > DMCA battle. > It will either invalidate a portion of the DMCA or show that > the DMCA actually hurts normal people rather than helping > them. We all know that the DMCA is too broad, and until now > it's largely only hurt researchers and entrepreneurs. So I > say let's let the whole thing circle the drain. Let's force > the issue. Let's bring this to its ultimate extent. > > Maybe then we can get some real public outcry. Maybe then, > when the vaunted ideal of capitalism, the sanctity of > personal property, is being trampled by the corporate sector > and the government, people will realize that the man behind > the curtain does not have their best intentions in mind. > > Until then, I don't think that one can morally accept and go > along with the actions of corrupt individuals. I say that if > Sophos' removal tool is struck down, the international nature > of the internet must be leveraged to ensure that the removal > tools themselves can never disappear. Treaties only reach so > far. What Sophos has done is honorable and just. They > deserve our support... as does their cause in this case. It > is important for people to control what is within their realm > of property. What's next? TVs with CCTV cameras in them > sitting on a wall in our apartments and only a small nook to > hide in ourselves? While I may not agree with all your views on socialism, I totally agree with ya. ;) They have stepped out of line IMHO and the people has a whole must not like companies go down this road.. -Todd
Powered by blists - more mailing lists