The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony's suggested method for removing the program widened the security hole the original software created, researchers say.
Sony has moved to recall the discs in question. But music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.
"This is a surprisingly bad design from a security standpoint," said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, Alex Halderman. "It endangers users in several ways."
The "XCP" copy-protection program was included on at least 20 CDs, including releases by Van Zant and Celine Dion. Sony BMG said 4.7 million were shipped, with 2.1 million sold.
When the CDs were put into a PC -- a necessary step for trans-ferring music to iPods and other portable music players -- the CD automatically installed a program that restricted how many times the discs' tracks could be copied, and made it extremely inconvenient to transfer songs to iPods.
That antipiracy software -- which works only on Windows PCs -- came with a cloaking feature that allowed it to hide files on users' computers.
Researchers classified the program as "spyware," saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC's CD drive.
The program also gave virus writers an easy tool for hiding their malicious software. Last week, "Trojan horse" programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said.
Stung by the controversy, Sony BMG and the company that developed the antipiracy software, First 4 Internet Ltd of Oxfordshire, England, released a program that uninstalls XCP. But the uninstaller created a new set of problems.
To get the uninstall program, users were asked to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.
Experts say the program fails to make the PC confirm that such code should come only from Sony or First 4 Internet.
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
LANDSLIDES POSSIBLE: The agency advised the public to avoid visiting mountainous regions due to more expected aftershocks and rainfall from a series of weather fronts A series of earthquakes over the past few days were likely aftershocks of the April 3 earthquake in Hualien County, with further aftershocks to be expected for up to a year, the Central Weather Administration (CWA) said yesterday. Based on the nation’s experience after the quake on Sept. 21, 1999, more aftershocks are possible over the next six months to a year, the agency said. A total of 103 earthquakes of magnitude 4 on the local magnitude scale or higher hit Hualien County from 5:08pm on Monday to 10:27am yesterday, with 27 of them exceeding magnitude 5. They included two, of magnitude
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique