Sony Rootkit Allegedly Contains LGPL Software (Copyright infringe by Sony

From Slashdot:

According to this Dutch article the Sony DRM software (or rootkit, if you may prefer) contains code from the LAME MP3 encoder project, which is licensed under the LGPL. However, the source code has not also been distrbuted, hence breaching the license. Here is an english translation of the page." So apparently Sony violates your privacy to create a backdoor onto your machine using code that violates an Open Source license.

Article in Dutch
Link to slashdot article

This could be huge -- Sony, by breaking copyright laws that it helped pass, could face statuatory damages of 250,000 per CD.

Note to Mods: I really think this is breaking news, but couldn't find a good article to link. Feel free to move to GD if you think its needed.

Their music is all tripe anyway. Look for quality independents.

...all the major record labels having participated.

http://www.pcworld.com/news/article/0,aid,123543,00.asp

Microsoft has joined a growing group of security software vendors who are treating Sony BMG Music Entertainment's controversial Extended Copy Protection (XCP) copy protection software as a threat. Microsoft has announced it will begin treating the software as spyware and offering users tools to remove it, just as a Princeton University computer science researcher raised questions about a second Sony copy protection product.
MORE AT LINK


http://cnet.com.au/software/security/0,39029558,40058242,00.htm

On Thursday, a wave of malicious software appeared in the wild that piggybacked on copy-protection technology installed on hard drives by Sony BMG Music Entertainment CDs.

Computer security companies had been predicting such exploit code in the wild for weeks, since an independent developer had exposed the presence of a "rootkit" tool on the Sony CDs. The rootkit technology hid the copy protection from view, but also left open a hole that could hide other software.

Virus writers quickly took advantage of that hole, modifying an old Trojan horse to take advantage of the powerful inadvertent shielding provided by the Sony software.

On Friday, Sony responded to the furor and announced that it will suspend production of CDs that contain this particular copy-protection technology and take a second look at its digital rights management strategy. ...MORE AT LINK

...Check this out

http://www.eff.org/deeplinks/archives/004145.php

More good reasons to avoid Sony.

And....This is great! Sony, eat shit (and subpoenas)!

PB

:D

They're going to get sued for a lot of money. Royalties for every disk found to contain it.

Your joking right? No self-respecting judge is going to allow any adverse action to be taken against Sony. It would be too great a burden for the company. :sarcasm: Be careful downloading the MP3 of 20-year old song you just heard though. Your libel to get bankrupted.

Jay

They are not persons; their 'personhood' under the law is false, was never argued before the SCOTUS, never appeared in any SCOTUS decision (only the headnotes of a decision) and strongly resembles in that decision a Divine Declaration of the King.

The issue needs to be revisited so corporations can be either completely stripped of their "rights" under the Constitution- since by definition they are not persons and thus may posess no rights- or they purchase with those rights the responsibilities you and I live under, including jail time and a corporate death penalty (suspending a corporate charter for x years or closing the company completely if it pulls an Enron or does similar misdeeds).

As things stand, corporations have things both ways and it is causing incalculable damage to our society and our world. From illegal logging to environmental pollution to corporate media control to copyright abuse, progressive issues across the entire spectrum of ideas could be successfully fought if corporations had controls on their personhood or (more logically) no personhood at all.

Thanks, kgfnally.

The player contains LAME constants, but so far no actual code has been found.



http://www.the-interweb.com/serendipity/index.php?/archives/51-Is-Sony-in-violation-of-the-LGPL.html

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=105&topic_id=4290418
http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=105&topic_id=4302890

...is debunked in the comments on that very page. Thanks for playing. Please try again.

The go.exe thing is soundly debunked.

There are other possible (L)GPL breaches still under investigation - we'll see.


On Edit:
http://www.the-interweb.com/serendipity/index.php?/archives/52-Is-Sony-in-violation-of-the-LGPL-Part-II.html

RootKit Hook Analyzer

New: check for active kernel rootkits on your system

RootKit Hook Analyzer is a security tool which will check if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. If any of these system services are intercepted and modified it means that there is a possibility that the safety of your system is at risk and that spyware, viruses or malware are active.

http://www.resplendence.com/hookanalyzer

checkmate
http://personalpages.tds.net/~brian_hill/checkmate.html

peace

This, from the /. comments section:




And then there's this comment, which I just find delicious:




Yes, yes, one thousand times, yes. We all knew they were playing fast and loose with the very same law they authored, and we all knew it would turn right around and bite them in the ass.

A complete ban upon all copyright protections in music and software strictly upon the grounds that the consumer has a right to use a copy of the program or software for personal use cannot be argued against at this point. The only way to protect the "right" to no unauthorized copying is to put roadblocks in place that by default affect legitimate copiers far more than illegitimate ones, and we now know it is a given that those attempts will be abused by the copyright holder if it is possible for them to do so, even when we let them write the law governing unauthorized copying.

This has to end.

but I still can't understand a word of it.

Can somebody please explain this issue to a retarded non-tech-fiend??

...than to make their code available to corporations for uses just like this. Many applications (but more often simply code libraries) are considered "freeware". Freeware comes in many forms, but this particular form (LGPL license) requires certain things about copying or using the code that someone else developed in your (for sale) application.

Sony has used someone else's "free" software as part of their "rootkit" attack on their customers. It appears that by doing this, they have violated the LGPL (http://www.gnu.org/copyleft/lesser.html) license agreement inherent with the free software. This opens them up to all kinds of lawsuits...

:popcorn: time to sit back and watch the fireworks!

Sony had a little program placed on some of its music cds that installs silently on your computer's hard drive when the disc is played on a PC. This little slice of software apparently uses software code within its executable (the .exe file it runs on the PC in question) that Sony never bothered to get the license for.

It should be pointed out that it doesn't matter if you son or daughter downloads music without your knowledge; according to the RIAA, you are still liable. Similarly, it doesn't matter that it was the developer of the spyware on the Sony music cd who made it and not Sony; it's still Sony's product, so they're liable as well.

Apparently, according to the comments over at Slashdot, there were actually four pieces of seperate software the Sony spyware program internally checks against or (according to the poster Muzzy) actually uses in some way. For that to be possible, there would have to be code for those other pieces of software present, which would require that the license for each of them be properly followed.

From what I gather, Sony never bothered; they just used it- commercially- without consent and without license: the very same thing they have gone after 12-year-olds for in the past.

It's all very lovely, really.

:think:

has that software and people are not buying his cd because of it. I found that info reading people's reviews of the cd. Is this true?

an analysis of what it's costing them to keep pursuing these copy protection schemes vs. what they are supposedly losing to file-swapping?

Jay

cause according to the BMG/Sony Music CEO, customers don't know what it is so they won't care (paraphrased from an NPR interview last week).

It's more like "people are not buying his CD because it's a Neil Diamond CD."

It's Neil Diamond. Come on. This guy plays Community Concerts.

About 90 percent of the people who write online reviews of products are completely full of shit. None of the people bitching about Sony's spyware were gonna buy a Neil Diamond CD anyway..."isn't that what your mom listens to?"

In Sept. when Neil Diamond came to town, he played a pretty close to sold out Rose Garden. I know because I went to it. Yes, I am a mother and I took my mother to this concert. A near forty yr. old with her mid-sixties mother. How totally uncool of me. :P

So, basically you are implying that people who are Neil Diamond cd buyers are not tech savvy? :shrug:

Concerts are expensive to stage, and promoters don't like to go into a venue without a reasonable expectation of at least breaking even. This means that in a lot of areas, there will be no live music because there's a history of concerts playing at a loss.

Enter Community Concerts. Counties that have them pay the promoter a set fee, and all ticket revenue goes to the county. Community Concerts' offerings tend to "mirror the tastes of the community" which means they're pretty tame--Cumberland County's 2005-06 Community Concerts schedule includes "Abba The Show" and Neil Diamond has played here a couple of times.

I wasn't implying that people who are Neil Diamond CD buyers are not tech savvy. I am coming right out and saying that people who are Neil Diamond CD buyers are not fifteen to twenty years old, like most of the people who wouldn't buy a CD because they can't rip it to their iPod are.

Good point regarding Neil Diamond, but I avoid "protected" "CDs" (they are not actually CDs).

Why? Easy: more expensive, less of the money goes to the artist, less durable, inferior audio quality, nasty surprises and I am not allowed to make copies for my own private use.

Why should I pay the same amount of money, or even more, for a clearly far inferior product?

No thanks.

Sony broke copyright laws while trying to prevent consumers from breaking copyright laws???

:rofl: :rofl: :rofl: :rofl: :rofl: :rofl:

in court against people who download music?

Three words: clean hands doctrine.

They cannot sweep the floor; their broom is dirty. I sincerely hope Sony's ongoing suits get dismissed on these grounds; to my mind, they just lost their right to bring suit-

NOT THAT THEY EVER ACTUALLY HAD THAT RIGHT IN THE FIRST PLACE, GIVEN THAT 'SONY' IS NOT A PERSON. 'Sony' should NOT be able to sue any private citizen- period. For ANY reason.

http://www.msnbc.msn.com/id/10069563/

Sony recalls copy-protected music CDs
Company will also distribute program to remove virus-like software

Updated: 1:10 p.m. ET Nov. 16, 2005

BARCELONA - Music company Sony BMG, yielding to consumer concern, said on Wednesday it was recalling music CDs containing copy-protection software that acts like virus software and hides deep inside a computer.
<snip>

I hope it's too late for damage control.

I was reading a pro audio forum and someone was talking about trying to obtain from Sony a $1000 part for a $50,000 Sony product. And Sony wasn't exactly expediting his request.

Some other guy wrote back, "our greatest scientists have discovered a cure for AIDS. They're going to put it in the Sony parts catalog and then no one will be able to get it."

Out of spite for the rootkit and other tactics.