Archive for the 'XCP' Category

XCP uninstaller out

Tuesday, December 6th, 2005

According to BoingBoing, Sony BMG has finally released an XCP uninstaller that appears to address the exploit issues with the previous, web based uninstaller. Given their past track record, I would wait for further analysis by Freedom to Tinker or Mark Russinovich before using this uninstaller.

Plot thickens: Did Sony try to break Apple’s DRM?

Monday, December 5th, 2005

Via Freedom to Tinker and Boing Boing comes a startling suggestion about XCP. Remember the allegation that DVD Jon’s iTunes DRM busting code appeared in XCP? Alex Haldeman at Freedom to Tinker says that it was put there on purpose: so that Sony BMG could get its music into iTunes and onto the iPod by […]

BusinessWeek: Sales impact not likely

Friday, December 2nd, 2005

BusinessWeek Online: For Sony, a pain in the image. The article weighs the customer reaction to the rootkit fiasco and concludes that the effect on Sony’s bottom line will not be great. BW reporter Olga Kharif interviewed me for the article yesterday, and while the article doesn’t link to this site, I think my comments […]

Lawsuit roundup: Oklahoma

Friday, December 2nd, 2005

An additional lawsuit since I last wrote about the topic. In addition to the DC lawsuit announced earlier this week, a class action suit was filed in Oklahoma on Monday on behalf of Oklahoma residents who purchased a CD infected with either XCP or MediaMax or who were infected with either XCP or MediaMax.

Sony BMG announces Canadian mail-in recall

Wednesday, November 30th, 2005

CBC: Snail mail fix to Sony’s XCP problem. The Canadian recall is announced, finally; presumably recalls in other markets will follow. From the article:
Under the mail-in program, consumers will get a replacement CD thatdoesn’t have the XCP software and an MP3 file of that CD. Sony says itwill handle all mailing costs.
The only access […]

Artists outraged

Wednesday, November 30th, 2005

Rolling Stone: Sony XCP Bomb Sparks Rage. Good review of the perspective of the artists affected by the fiasco, including quotes from Trey Anastasio and the manager of the Bad Plus. This is where the impact to Sony’s pocket starts; unless there are a lot more people boycotting Sony than there are signing the petition, […]

Eliot Spitzer to Sony BMG: “Unacceptable”

Tuesday, November 29th, 2005

Also in Business Week Online today: New York Attorney General Eliot Spitzer is following up on reports that the XCP-infected discs are still widely available in retailers, and is sending a message to Sony BMG and to retailers that the discs need to be removed from shelves immediately. The article also suggests that Sony BMG […]

Post mortem of a screwup: what happened before Oct 31

Tuesday, November 29th, 2005

Business Week just posted an account of the internal communications among Sony BMG and First4Internet that sheds more light on the XCP rootkit foul-up, including the revelation that F-Secure warned Sony BMG in September that the rootkit existed and described the risk of exploits two weeks before Mark Russinovich went public. This is one of […]

How’d that LGPL code get in there, anyway?

Monday, November 28th, 2005

Boing Boing: Pre-history of the Sony rootkit and Sony rootkit author asked for free code to lock up music. Two posts in which Boing Boing’s readers do some spelunking through Google News and other online sources for evidence of First4Internet’s inclusion of open source code in their XCP rootkit. Good reading, especially the quote from […]

Security through obscurity: First4Internet’s website offline

Friday, November 25th, 2005

Boing Boing: Rootkit arms-dealer takes website down. Remember that great website that the makers of XCP used to have that showed all the information about their product, including all those wonderful braggy press releases? All gone. In fact, no mention of XCP at all on the revised site, just contact information.
Hmm. Does this mean there […]