StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

The other Sony spyware cd application (SunnComm)

http://stardestroyer.dyndns-home.com/viewtopic.php?f=24&t=80533

Page 1 of 1

The other Sony spyware cd application (SunnComm)

Posted: 2005-11-15 10:46am
by Faram
This is getting silly!

I am happy that I have not bought any cd for some years now, the last one was LoTR ROTK soundtrack.

And no I do not "accuire" them in any other way, radio is quite enuff for me.

But here is the quick and dirty about the SunnComm/Sony spyware.
To summarize, MediaMax software:

* Is installed onto the computer without meaningful notification or consent, and remains installed even if the license agreement is declined;
* Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;
* Sends information to SunnComm about the user’s activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.

Posted: 2005-11-15 12:11pm
by Sharpshooter
Man, first the DRM thing, and now this. Now I'm scared shitless of loading up my new copy of What the Hell Happened to Me...

Posted: 2005-11-15 01:23pm
by General Zod
All Sony's doing is making using pirated goods seem much safer than legal stuff. They definitely know how to shoot themselves in the foot.

Posted: 2005-11-15 02:35pm
by Datana
Sharpshooter wrote:Man, first the DRM thing, and now this. Now I'm scared shitless of loading up my new copy of What the Hell Happened to Me...
Just disable Autorun and insert the disc while under User privileges rather than as an Administrator. If you have any playback software that can be made to ignore any sessions after the first, you should be able to run the CD just fine without any of the DRM junk (which works primarily by creating a spoofed second session that Windows reads but standalone players ignore).

My usual policy with CCCDs is to rip them losslessly then write them back to a new disc without the copy protection crap, as some types (CDS in particular) screw up my car's CD player. With the new types used by BMG, though, I'll simply not buy their CDs.

Posted: 2005-11-15 04:21pm
by RThurmont
On the related topic of the Sony DRM fuckup discovered in October, the Dow Jones Newswires reports that the "fix" for the problem Sony and First 4 Internet came out with actually represents a huge security vulnerability in and of itself.

Apparently, the uninstall makes your computer vulnerable to having code executed on it from any website.

Security experts are rather outraged, and are furious that Sony hasn't come up with an immediate patch. The next security update for Microsoft Windows XP will fix the vulnerability that Sony exploited. Also, there are already several Trojans going about that exploit this vulnerability.

Sony has now basically proven itself to be the world's most unscrupulous company, and I rather hope they suffer for this...

Posted: 2005-11-15 04:27pm
by Faram
RThurmont wrote:Sony has now basically proven itself to be the world's most unscrupulous company, and I rather hope they suffer for this...
Well that is a ActiveX component that for some reason got marked as "Safe for Scripting"

Sorry mess here
Scriptable methods left behind

The uninstaller leaves behind lots of methods, here are the names:

* GenerateRequestPacket
* ExecuteCode (can crash browser, apparently removed in latest ocx)
* Uninstall
* RebootMachine (exploitable, see demo)
* GetProgress
* OnLoaded
* InitializeDiscScan
* GetNumberOfDiscs
* IsDRMServerValid
* GetAlbumArtist
* GetAlbumName
* GetMaxBurnCount
* GetCurrentBurnCount
* GenerateIncrementPacket
* IsContentOwnerValid
* DoIncrement
* GetInstalledSoftwareVersion
* IsXCPDiscPresent
* InstallUpdate (exploitable)
* GetInstallProgress
* GetCompletionStatus
* IsXCPDiscPresentAsLong
* IsAdministrator

Considering anyone can reboot the computer using these, I suspect security wasn't thought about for even a second during development of this thing. Virus writers and such would be very interested in analyzing what these methods do, in case some of them are remotely exploitable... possibly even by design.

Posted: 2005-11-15 04:27pm
by Soontir C'boath
RThurmont wrote:Sony has now basically proven itself to be the world's most unscrupulous company, and I rather hope they suffer for this...
With all the bad publicity, we can all be sure their fourth quarter will be dismal.

I am very glad I haven't bought anything from Sony in awhile.

Posted: 2005-11-15 04:30pm
by RThurmont
I am very glad I haven't bought anything from Sony in awhile.
I'm very glad I haven't bought any Sony stock!

That would hurt...

Posted: 2005-11-15 07:52pm
by DarkSilver
mmmmmmm

ok, so no more Sony products.....

which is a shame, I was looking forward to watching Spiderman 3.....

-crosses the PS3 off his list of game systems due to Sony boycott-
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited