AfterDawn: Tech news

Sony BMG was warned about XCP

Written by James Delahunty @ 29 Nov 2005 12:37 User comments (13)

Sony BMG was warned about XCP Finnish anti-virus company F-Secure has revealed that it first alerted Sony BMG about problems surrounding the XCP copy protection technology used on some of the label's CDs on October 4th, after discovering it in September. "If [Sony] had woken up and smelled the coffee when we told them there was a problem, they could have avoided this trouble," says Mikko H. Hypponen, F-Secure's director of anti virus research. However Sony didn't act fast enough and that is why they are now stuck with this horrible problem.
An even worse fact for Sony BMG is that this proves the company knew about the problems surrounding XCP even before Mark Russinovich discovered it and posted it on his blog. This will bring more power to the lawsuits that have been filed against the company since Russinovich alerted the world about the problem. Sony however is also using the F-Secure warning to defend the actions that it took.

The company said it acted as quickly as it could and it expected to be able to go public when a software patch was available, but Russinovich posted the issue on his blog first. This forced Sony BMG to recall millions of CDs from 52 artists and offer "swap deals" to consumers who had bought the CDs. "We're very, very sorry for the disruption and inconvenience that this has caused to music consumers," said Thomas Hesse, president of Sony BMG's Global Digital Business.

XCP was developed by UK-based First4Internet. The DRM software applies limitations on how consumers can copy the CD's contents. The problem is that it uses file hiding techniques, similar to those used by virus writers to hide malicious software. This file hiding capability has also been exploited by virus writers ever since the issue went public.


Previous Next  

13 user comments

129.11.2005 06:24

Add another shrimp on the barbie this is just a sign that the new toys from sony will go up ... this company will need to seperate it self from the music biz or face the fact that they will go broke from the lawsuits... it been to long in the favor of the RIAA and there backers now its time to watch them squirm alittle.... The worst part of this artical is that F-Secure is washing their hands and making sony out to be more of a monster then anyone thought we all said foul and we want it off our systems but they knew well in advace that they were leaving us with holes in our system for buying their product so it was a planned deseption to make our systems vonirable to hacks and outher spyware and viruses .. so to this we must all say they are guilty....

229.11.2005 07:12

just info Sony's woes won't go away Sony's ongoing PR nightmare over the copy-protection software included on some of its CDs just got a lot worse. BusinessWeek Online is reporting that New York Attorney General Eliot Spitzer is looking into the rootkit situation. The AG has sent investigators into stores to see if the record label is still issuing discs with the controversial software. His office has urged consumers not to buy the discs, and if they do, not to play them on their computers, the site said. Texas Attorney General Greg Abbott has already filed a lawsuit against the company, but drawing the attention of Spitzer can't be good for Sony. Spitzer, who is running for governor of New York, has made his name taking on high-profile cases in the business world, and is no stranger to high tech. Blog community response: "Sony is now probably really, really sorry for the rootkit fiasco and probably really, really regrets its initial posture of indifference toward the world's outrage over the company's spyware-infected CDs. But, too late! Eliot Spritzer (sic) is now on the case." --IP&Democracy "Texas's Attorney General led the way by suing Sony BMG pretty quickly -- but Spitzer's reputation for coming down hard on companies that he believes have done something wrong can't be pleasant news for the record label that kept trying to tell everyone there was no problem at all." --Techdirt Posted by Margaret Kane QUOTE'S Sony Should Be Banned... Reader post by: Rod O'connor Posted on: November 26, 2005, 1:31 PM PST Story: Sony sailing past rootkit controversy Sony should be banned from doing business in the US for say the next five years. None, not any. They should be forced to sell all their holdings in the US and ,ideally, be cofined to doing business in Japan. Hopefully that will put them out of business forever! Wait until the Christmas buying season is over Reader post by: Newsdotcom Commenter Posted on: November 22, 2005, 9:39 AM PST Story: Sony sailing past rootkit controversy It's too early to be declaring Sony as unaffected, give it a couple months for the word to spread and for sales not already in the pipe to occur (or fail to occur). Not me! Reader post by: Ian Deal Posted on: November 21, 2005, 3:27 PM PST Story: Sony sailing past rootkit controversy Actually, the high order of probability, is the reason why these infected cd's are so hot is that a variety of trojan/virus/phishers writers, are scrambling, to buy these malware audio disc's so that they can dissassemble the code, for incorporation with the next gen virii etc! Oh well, since most of Sony Corps offerings appear overpriced and not cutting edge anymore, who will buy them anyway(and include a fair number of rebrands as well)! After spending hours disinfecting a windows machine, the answer is not me. A quick scan of financial papers show that SONY HQ in '04 to create an illusion of corporate profit sold off the staff pension fund and predictions in '05 show continuing negative profit trends! Further SONY BMG, joint venture company actually posted a trading loss in '04! One can say desperate times, means desperate illegal actions to reverse the downward negative trend! Let the class action law suits kill SONY! Spitzer Gets on Sony BMG's Case New York's Attorney General has turned his attention to Sony BMG's copyright-protection fiasco

329.11.2005 14:00

I have been downloading music free for years. The first CD I buy messes up my computer. Never again. :-)

429.11.2005 14:33

Well it seem that the H.M.S Sony is taking on water and going down very slowly. Not only are they in trouble for this music problem. There was and article in the local newpaper about how Sony pictures hasn't had any money makers in a long time. Plus the rumour I heard and don't know if it is true that the new PS3 will have a chip in it to identify the game disc being played and will record it to the console. And it won't alow it to be played on another console. Meaning that there won't be anymore game rentals or used game sale. All this spells out is greed in the highest.

529.11.2005 22:05

Well,I will not be buying this console.

630.11.2005 00:09

It's just a rumor for now.

730.11.2005 03:47

Now my company has outlawed playing CDs on company computers because of the risk. I cannot get radio stations at my desk. I now have no reason to buy a CD.

830.11.2005 09:15

These guys can eat a Canada sized hole in my Idaho sized shorts.

930.11.2005 09:45

Damn, Sony is pretty much digging its own grave at the moment. I personally like Sony; they make good audio equipment, they made pretty sweet gaming consoles, they had some okay movies. But now, almost all of Sony's originality is gone, they just look for ways to make money the fastest. I'd still prefer some products from them over other companies, but it's getting really hard to trust them with all this over-protection of their stuff. I'm also looking forward to the PS3, but if they actually do put that one-disc-one-console protection on it, then I'm shipping it right back to the store.

1030.11.2005 10:05


This message has been edited since its posting. Latest edit was made on 02 Dec 2005 @ 2:03

1130.11.2005 13:46


This message has been edited since its posting. Latest edit was made on 02 Dec 2005 @ 2:03

121.12.2005 14:50

So why the **** hasn't someone patched the entire "rootkit" vulnerability of WINDOWS??? Why would I EVER need files to be hidden on MY computer? Why can't we just eliminate that entire feature so I can find & DELETE all of this BS??? I'm not software/hardware/coding genius, but it seems like the ONLY use of "rootkit" is to do what Sony & all the virus-writers have done. Just because Sony is the first big company to do something illegal, immoral, & bad business with it doesn't mean we need to maintain this vulnerability.

1316.12.2005 07:13

"We're very, very sorry for the disruption and inconvenience that this has caused to music consumers," said Thomas Hesse, president of Sony BMG's Global Digital Business. The only reason that Sony is sorry is that they got caught and may loose money. I doubt Sony cares very much about anyone's personal computer...... F-Secure should have immeadiatly added the rootkit to it's virus database and notified the other virus protection companies instead of just warning Sony. F-Secure is partly responsable for letting people's computers being hit with the rootkit....

Comments have been disabled for this article.

News archive