Slyck.com
 
Slyck Chatbox - And More

New MediaMax Patch Just as Vulnerable

Discuss Slyck's latest news
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

New MediaMax Patch Just as Vulnerable

Postby SlyckTom » Wed Dec 07, 2005 7:03 pm

The Sony-BMG fiasco has taken many twists and turns. Originally confined to the XCP (Extended Copy Protection) scheme manufactured by First4Internet, it was soon discovered that Sony-BMG CDs "protected" with SunnComm's MediaMax version 5 DRM also presented serious security vulnerabilities.

DRM and restrictive arguments aside, there are no fundamental security risks surrounding the MediaMax software. However the implementation of MediaMax has been discovered to present dangerous security risks.

In order to play a CD with MediaMax technology, full administrator privileges must be enabled at all times. To enhance security, many people only enable full administrator privileges to install software or make upgrades to the operating system. Adding to the security problem, the MediaMax files are stored in an easily accessible folder regardless of your security setting. Also keep in mind that MediaMax installs software even if you decline the EULA. How is this significant?

MediaMax executes a program called “MMX.exe” every time you run a CD with SunnComm’s copy protection. A devious individual could replace the MMX.exe file with a malicious version. With full administrator privileges enabled, there is no limit to what damage can be accomplished. One could insert this malicious software physically when the administrator is away, or by creating an email trojan and hope someone takes the bait. The end result could leave your computer open to very serious localized security issues. And if someone is truly malicious, he or she could craft a more wide spread problem.

This issue was confronted by the EFF (Electronic Frontier Foundation), <a href=http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf target=_blank>iSEC Partners</a> and <a href=http://www.freedom-to-tinker.com/ target=_blank>Freedom-to-tinker.com</a>. In response, Sony-BMG and SunnComm issued a patch which addressed the security issues. Independent security firm NGS Software reviewed and approved the measure taken by SunnComm and Sony-BMG.

“After carefully researching the security vulnerability presented to us by SONY BMG, we have determined that it is not uncommon and, importantly, it is easily fixed by applying a software update,” said NGS Software Director Robert Horton. As George Bush would say, “mission accomplished.”

However, like Geroge Bush, we’ll have to revise this statement to “<i>a</i> mission accomplished.”

In the entire month this Sony-BMG DRM fracas has been going on, does anyone honestly think one patch will resolve the issue? Freedom-to-tinker.com’s Ed Felten and J. Alex Halderman certainly don’t think so. Indeed, the “security patches” issued by Sony-BMG and SunnComm present their own set of security issues.

Let’s go back to our initial scenario. Now this ultra crafty and highly intelligent individual who’s hell bent on destruction anticipated this move by SunnComm and Sony-BMG. Knowing a patch would eventually be released, the individual subversively installs a “booby trap” in the MediaMax folder. When an attempt is made to either uninstall or patch the MMX.exe file, the trap is sprung and the world is theirs. In this case, the trap waits until the new Sony-BMG or SunnComm patch is applied.

This issue is currently being <a href=http://www.eff.org/deeplinks/archives/004235.php target=_blank>addressed</a> by the EFF and Freedom-to-tinker.com. Surprisingly, if you happen to have installed the MediaMax software, or just inserted a CD with such protection, the best course of action is to do nothing and turn off autorun. Sony-BMG and SunnComm have both been advised of this pressing issue, and it is anticipated a new patch will be released.
Follow us on Twitter @SlyckDotCom
Join our Facebook Fan page
SlyckTom
 
Posts: 5713
Joined: Fri Jul 26, 2002 7:22 pm
Location: New York City

Postby hacker90 » Wed Dec 07, 2005 8:08 pm

Good Article Tom.

Hacker
hacker90
 
Posts: 65
Joined: Thu Nov 10, 2005 3:45 pm

Postby ejonesss » Wed Dec 07, 2005 8:11 pm

sony why dont you just give up trying to prevent copying no drm is perfect and can still be ripped.


be glad you are making money off the legit sales and if you want to milk more money then require purchase for merchandise meaning

if you want that switchfoot poster or concert tickets you have to buy the cd and present the cd as proof of purchase.

people are going to copy it no mater what.

ok if you put data on the cd to make it unreadable on computer then there is the digital out to in (tos link,spdif

ok you protect those ports with scms no copy there are scms killers out there in kit form.

ok you then disable the tos link outs there are the screeners/critics that get to preview cds for the press one of them could rip and post it to the net.

ok you no longer send out screener copies there are insiders at the cd pressing factories that leak copies.



bottom line you are wasting your money and time trying to prevent ripping when it is just an illusion and will be cracked eventually.
ejonesss
 
Posts: 2972
Joined: Thu Feb 06, 2003 5:43 pm

Postby illPhever » Wed Dec 07, 2005 8:16 pm

i think that any DRM-enable "cd" (if you still call it a cd), should come with a big FAT label on THE FRONT like those parental advisory labels, warning buyers. and not one of those stickers on the plastic wrap that gets thrown away. i've seen some DRM-CD's with tiny icons on the back near the record label credits, but that's not enough. they should just ruin the cover art by covering it with a DRM Warning message. i figure, they've already ruined the cd, so it shouldn't be a big deal ruining the cover art, too, for a good cause.
illPhever
 
Posts: 62
Joined: Sat Mar 20, 2004 8:32 pm

Postby zim » Wed Dec 07, 2005 8:24 pm

i love sony!


they are doing more to kill DRM than any of us!



GO SONY!
User avatar
zim
 
Posts: 5776
Joined: Wed Apr 20, 2005 10:01 am

Postby BasicTek » Wed Dec 07, 2005 8:37 pm

zim wrote:i love sony!


they are doing more to kill DRM than any of us!


LOL I can't wait until their DRM starts accidentally formatting hard drives.
"The government, which was designed for the people, has got into the hands of the bosses and their employers, the special interests. An invisible empire has been set up above the forms of democracy." - Woodrow Wilson
User avatar
BasicTek
 
Posts: 1610
Joined: Sat Jun 04, 2005 12:59 pm
Location: Somewhere warm

Postby IceCube » Wed Dec 07, 2005 8:46 pm

BasicTek wrote:
zim wrote:i love sony!


they are doing more to kill DRM than any of us!


LOL I can't wait until their DRM starts accidentally formatting hard drives.


Better yet, a DRMed CD that somehow turns a HDD into a chocolate chip cookie after three 'listens'! :lol:

On the disclamer, they should put, "After you listen to our cr@ppy music three times, you deserve a cookie. We'll provide the cookie for you because you deserve it."
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Postby zim » Wed Dec 07, 2005 8:58 pm

drm cd that reflashes your burner and turns it into a paperweight!
User avatar
zim
 
Posts: 5776
Joined: Wed Apr 20, 2005 10:01 am

Postby curzlgt » Wed Dec 07, 2005 9:24 pm

Nice Article Tom!

Sony has certainly demonstrated that Murphy's Law can affect the Big Guys just as much as average Jo.
“The music business is a cruel and shallow money trench, a long, plastic hallway where thieves and pimps run free, and good men die like dogs. There's also a negative side,” - Hunter S Thompson
User avatar
curzlgt
 
Posts: 3923
Joined: Fri Jul 29, 2005 1:17 am
Location: Land of the tall corn

Postby mommyhatesu420 » Wed Dec 07, 2005 10:04 pm

ejonesss wrote:and if you want to milk more money then require purchase for merchandise meaning

if you want that switchfoot poster or concert tickets you have to buy the cd and present the cd as proof of purchase.

that right there is probably the best advice to a big greedy record label ive ever read.......
mommyhatesu420
 
Posts: 9
Joined: Thu Feb 03, 2005 10:22 am

Postby brengarne » Wed Dec 07, 2005 10:15 pm

zim wrote:i love sony!

they are doing more to kill DRM than any of us!

GO SONY!


Talk about shoot yourself in the foot!

This whole screw up by SONY is doing SOOO much good for the file sharing community. :lol:

Suddenly they are on the back foot, and a whole world of tenacious techies will never let up finding faults in anything to do with DRM - AND letting the world know about it.
Brengarne
brengarne
 
Posts: 32
Joined: Wed Nov 23, 2005 9:26 pm
Location: Gaia

Re: New MediaMax Patch Just as Vulnerable

Postby nJectid » Thu Dec 08, 2005 3:24 am

SlyckTom wrote: Sony-BMG and SunnComm have both been advised of this pressing issue, and it is anticipated a new patch will be released.



Like anyone with half a brain is going to install more software provided by these tards. Granted that it would be very stupid to try and make some sort of back door replacement software, while under all the public and official eyes at this time. But honestly, anyone that knows the damage they have done are not going to install more of there evil software.
It's a pirate's life for me.
User avatar
nJectid
 
Posts: 69
Joined: Sat Sep 11, 2004 1:04 am
Location: your mom's house

Postby IceCube » Thu Dec 08, 2005 3:34 am

Sony BMG makes Kazaa look clean! :shock:
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Postby GraphiX » Thu Dec 08, 2005 5:20 am

great another reason not to buy any more shop cd's
GraphiX
 
Posts: 922
Joined: Sun Jun 12, 2005 7:19 pm

Postby Christopher » Thu Dec 08, 2005 6:32 am

illPhever wrote:i think that any DRM-enable "cd" (if you still call it a cd), should come with a big FAT label on THE FRONT like those parental advisory labels, warning buyers. and not one of those stickers on the plastic wrap that gets thrown away. i've seen some DRM-CD's with tiny icons on the back near the record label credits, but that's not enough. they should just ruin the cover art by covering it with a DRM Warning message. i figure, they've already ruined the cd, so it shouldn't be a big deal ruining the cover art, too, for a good cause.


You are exactly right! Any CD with DRM in it should have a big fat label on the front AND the back of the CD, saying "This CD contains DRM technology. This Technology might keep you from being able to play this CD on personal computers, and some other devices. It also installs software on your computer to keep you from illegally trading the music on this disc, that has been shown to leave your computer open to security risks if it is played in your computer."
Also, there should be separate sections in stores for DRM-enabled CD's, so that normal people will not get them mixed up with regular CD's.
I am not as stupid or naive as people would like to believe I am.
Christopher
 
Posts: 829
Joined: Sun Mar 27, 2005 9:43 am

Postby jokster » Thu Dec 08, 2005 6:49 am

One wat to spot a DRMed CD is to look for the official CD logo ( be it on the cover or the jewel case itself ), if it dont have one its got a severe case of the nasties about it. DRM on the disc means it no longer complies with the Compact Disc format thus the CD logo cannot be displayed.
User avatar
jokster
 
Posts: 920
Joined: Sun Nov 06, 2005 6:54 am
Location: Norn Iron

Postby Royce » Thu Dec 08, 2005 6:59 am

jokster wrote:One wat to spot a DRMed CD is to look for the official CD logo ( be it on the cover or the jewel case itself ), if it dont have one its got a severe case of the nasties about it. DRM on the disc means it no longer complies with the Compact Disc format thus the CD logo cannot be displayed.


That is some excellent advice, and easy to carry with me to the music store. Thanx.
The wages of sin are death, but by the time taxes are taken out, it's just sort of a tired feeling.
- Paula Poundstone
User avatar
Royce
 
Posts: 259
Joined: Fri Oct 28, 2005 2:51 am
Location: Southwest, U.S.

Postby Hydratrumpet » Thu Dec 08, 2005 10:37 am

So does that mean I can go to my high street music retailer of choice and demand they remove all the "cd"s without the cd logo on it, or else demand they give them their own section elsewhere in the store, under threat of legal action for false advertising? I'm sorely tempted to try this. :twisted:
User avatar
Hydratrumpet
 
Posts: 3
Joined: Thu Dec 08, 2005 10:26 am

Postby BasicTek » Thu Dec 08, 2005 11:01 am

Hydratrumpet wrote:So does that mean I can go to my high street music retailer of choice and demand they remove all the "cd"s without the cd logo on it, or else demand they give them their own section elsewhere in the store, under threat of legal action for false advertising? I'm sorely tempted to try this. :twisted:


I'd really like to see you try. :D Who knows where it would lead? :?:
"The government, which was designed for the people, has got into the hands of the bosses and their employers, the special interests. An invisible empire has been set up above the forms of democracy." - Woodrow Wilson
User avatar
BasicTek
 
Posts: 1610
Joined: Sat Jun 04, 2005 12:59 pm
Location: Somewhere warm

Postby zim » Thu Dec 08, 2005 11:37 am

try it. phillips will back you...

if it doesnt have their logo (the CD logo)

it cannot legally be called or sold as a CD or compact disc.

theyve been in court about that before... drm cd's using their logo.
User avatar
zim
 
Posts: 5776
Joined: Wed Apr 20, 2005 10:01 am

Postby Hydratrumpet » Thu Dec 08, 2005 11:50 am

It seems, based on the scant research I've done in the last half-hour, that the retailers are ok if they sell these horrible discs as "compact discs". What Philips have done with drm cd's is tell the maunfacturers they can't use the traditional CD logo, which in full reads "Compact Disc Digital Audio" (CDDA). So all it means is that a drm disc is not a CDDA, and as such cannot have a CDDA logo.

The term "Compact Disc" now has become a coverall for the likes of CDDA, SACD, DualDisc, CD-ROM, etc, and I guess the drm discs fall under the CD-ROM or ECD definition so it's OK for retailers to sell them as being a CD, I guess. :(
User avatar
Hydratrumpet
 
Posts: 3
Joined: Thu Dec 08, 2005 10:26 am

Postby zim » Thu Dec 08, 2005 11:56 am

has it been tried in YOUR country yet tho? :)


gotta nail them in every country!
User avatar
zim
 
Posts: 5776
Joined: Wed Apr 20, 2005 10:01 am

Postby nJectid » Thu Dec 08, 2005 2:30 pm

There should be an infomercial pretending to sell this awesome product that looks like putting these "cds" in your computer will be good for it...

"Hi there, I am Johnny B. Goode from Sony-BMG and I would like to offer you our latest musical hype. You will recieve a wonderfully crafted cd in an awesome little plastic case. This cd will contain the music we all love and hold dear to our hearts.

BUT WAIT! If you order within the next 15 minutes we will include our limited edition DRM package for no extra cost. What is DRM you ask, well it is the cool little thing we came up with that will do many things for you. You need not do anything because it does it all for you. It will install itself, access your computer on it's own, report "special" information from your computer and much much more."

"Don't hesitate any longer, DRM is a limited time offer and are going quick!"

"Just three easy payments. First payment will be a small cash or credit fee, second is the reinstallation of you operating system and the third is on us. YES, you heard correctly, this product is so awesome that the government thinks we should pay for the rest."

"So call now, 1-800-SONY-SUX. Cash, checks, credit and any other means of us making more money are accepted."
It's a pirate's life for me.
User avatar
nJectid
 
Posts: 69
Joined: Sat Sep 11, 2004 1:04 am
Location: your mom's house

Postby ultracross » Fri Dec 09, 2005 7:04 pm

nice political bias slycktom.. i wouldnt start spinning stories.
ultracross
 
Posts: 45
Joined: Wed Aug 03, 2005 8:24 pm

Postby curzlgt » Fri Dec 09, 2005 11:39 pm

ultracross wrote:nice political bias slycktom.. i wouldnt start spinning stories.


What exactly has SlyckTom spun here? Please elaborate.....
“The music business is a cruel and shallow money trench, a long, plastic hallway where thieves and pimps run free, and good men die like dogs. There's also a negative side,” - Hunter S Thompson
User avatar
curzlgt
 
Posts: 3923
Joined: Fri Jul 29, 2005 1:17 am
Location: Land of the tall corn

Next

Return to Slyck News

Who is online

Users browsing this forum: No registered users and 3 guests

© 2001-2008 Slyck.com