The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony's suggested method for removing the program widened the security hole the original software created, researchers say.
Sony has moved to recall the discs in question. But music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.
"This is a surprisingly bad design from a security standpoint," said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, Alex Halderman. "It endangers users in several ways."
The "XCP" copy-protection program was included on at least 20 CDs, including releases by Van Zant and Celine Dion. Sony BMG said 4.7 million were shipped, with 2.1 million sold.
When the CDs were put into a PC -- a necessary step for trans-ferring music to iPods and other portable music players -- the CD automatically installed a program that restricted how many times the discs' tracks could be copied, and made it extremely inconvenient to transfer songs to iPods.
That antipiracy software -- which works only on Windows PCs -- came with a cloaking feature that allowed it to hide files on users' computers.
Researchers classified the program as "spyware," saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC's CD drive.
The program also gave virus writers an easy tool for hiding their malicious software. Last week, "Trojan horse" programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said.
Stung by the controversy, Sony BMG and the company that developed the antipiracy software, First 4 Internet Ltd of Oxfordshire, England, released a program that uninstalls XCP. But the uninstaller created a new set of problems.
To get the uninstall program, users were asked to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.
Experts say the program fails to make the PC confirm that such code should come only from Sony or First 4 Internet.
GET TO SAFETY: Authorities were scrambling to evacuate nearly 700 people in Hualien County to prepare for overflow from a natural dam formed by a previous typhoon Typhoon Podul yesterday intensified and accelerated as it neared Taiwan, with the impact expected to be felt overnight, the Central Weather Administration (CWA) said, while the Directorate-General of Personnel Administration announced that schools and government offices in most areas of southern and eastern Taiwan would be closed today. The affected regions are Tainan, Kaohsiung and Chiayi City, and Yunlin, Chiayi, Pingtung, Hualien and Taitung counties, as well as the outlying Penghu County. As of 10pm last night, the storm was about 370km east-southeast of Taitung County, moving west-northwest at 27kph, CWA data showed. With a radius of 120km, Podul is carrying maximum sustained
Tropical Storm Podul strengthened into a typhoon at 8pm yesterday, the Central Weather Administration (CWA) said, with a sea warning to be issued late last night or early this morning. As of 8pm, the typhoon was 1,020km east of Oluanpi (鵝鑾鼻), Taiwan’s southernmost tip, moving west at 23kph. The storm carried maximum sustained winds of 119kph and gusts reaching 155kph, the CWA said. Based on the tropical storm’s trajectory, a land warning could be issued any time from midday today, it added. CWA forecaster Chang Chun-yao (張竣堯) said Podul is a fast-moving storm that is forecast to bring its heaviest rainfall and strongest
TRAJECTORY: The severe tropical storm is predicted to be closest to Taiwan on Wednesday and Thursday, and would influence the nation to varying degrees, a forecaster said The Central Weather Administration (CWA) yesterday said it would likely issue a sea warning for Tropical Storm Podul tomorrow morning and a land warning that evening at the earliest. CWA forecaster Lin Ting-yi (林定宜) said the severe tropical storm is predicted to be closest to Taiwan on Wednesday and Thursday. As of 2pm yesterday, the storm was moving west at 21kph and packing sustained winds of 108kph and gusts of up to 136.8kph, the CWA said. Lin said that the tropical storm was about 1,710km east of Oluanpi (鵝鑾鼻), Taiwan’s southernmost tip, with two possible trajectories over the next one
TALKS CONTINUE: Although an agreement has not been reached with Washington, lowering the tariff from 32 percent to 20 percent is still progress, the vice premier said Taiwan would strive for a better US tariff rate in negotiations, with the goal being not just lowering the current 20-percent tariff rate, but also securing an exemption from tariff stacking, Vice Premier Cheng Li-chiun (鄭麗君) said yesterday. Cheng made the remarks at a news conference at the Executive Yuan explaining the new US tariffs and the government’s plans for supporting affected industries. US President Donald Trump on July 31 announced a new tariff rate of 20 percent on Taiwan’s exports to the US starting on Thursday last week, and the Office of Trade Negotiations on Friday confirmed that it
RSS