Why do they bother ???
http://news.com.com/New+Sony+CD+security+risk+found/2100-1002_3-5984764.htmlSony BMG Music Entertainment and the Electronic Frontier Foundation digital rights group jointly announced Tuesday that they had found, and fixed, a new computer security risk associated with some of the record label's CDs.
The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.
The issue affects a different set of CDs than the ones involved in the copy-protection gaffe that led Sony to recall 4.7 million CDs last month, and which has triggered several lawsuits against the record label
The patch can be downloaded from Sony's site. A list of the CDs affected in the United States, and a slightly different list in Canada, is also posted on the site.
Meanwhile back in reality land ...
http://www.slyck.com/news.php?story=1017MediaMax executes a program called “MMX.exe” every time you run a CD with SunnComm’s copy protection. A devious individual could replace the MMX.exe file with a malicious version. With full administrator privileges enabled, there is no limit to what damage can be accomplished. One could insert this malicious software physically when the administrator is away, or by creating an email trojan and hope someone takes the bait. The end result could leave your computer open to very serious localized security issues. And if someone is truly malicious, he or she could craft a more wide spread problem.
In the entire month this Sony-BMG DRM fracas has been going on, does anyone honestly think one patch will resolve the issue? Freedom-to-tinker.com’s Ed Felten and J. Alex Halderman certainly don’t think so. Indeed, the “security patches” issued by Sony-BMG and SunnComm present their own set of security issues.
Let’s go back to our initial scenario. Now this ultra crafty and highly intelligent individual who’s hell bent on destruction anticipated this move by SunnComm and Sony-BMG. Knowing a patch would eventually be released, the individual subversively installs a “booby trap” in the MediaMax folder. When an attempt is made to either uninstall or patch the MMX.exe file, the trap is sprung and the world is theirs. In this case, the trap waits until the new Sony-BMG or SunnComm patch is applied.
The threat of a threat is real enough, but how likely is this scenario ?
I think this one is something that is a major outside horse as the Sony problem took most by storm including the virus scripters, exploiting this removal patch for suncomms system is a leap into pure guesswork, but who knows ... anythings possible
