The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony’s suggested method for removing the program actually widens the security hole the original software created, researchers say.
[…] “This is a surprisingly bad design from a security standpoint,” said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, J. Alex Halderman. “It endangers users in several ways.”
[…] To get the uninstall program, users have to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.
According to the Princeton analysis, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.
“The consequences of the flaw are severe,” Felten and Halderman wrote in a blog posting Tuesday. “It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.”
Apple Computer Inc. took 20 days to reach 1 million downloads of video files from its online store; the Web site SuicideGirls, offering free videos of unclothed models, hit the mark in about a week.
One of the quickest industries to take advantage of the new video iPod, and other new gadgets, is one that has often been at the forefront of other technological innovations: porn.
The global recording industry has launched its largest wave of legal action against people suspected of sharing music files on the internet.
The latest move targeted 2,100 alleged uploaders using peer-to-peer (P2P) networks in 16 nations including the UK, France, Germany and Italy.
File-sharers in Switzerland, Sweden, Argentina, Singapore and Hong Kong are also facing cases for the first time.
Thousands of people have agreed to pay compensation since the campaign began.
The number of cases brought by the International Federation of the Phonographic Industry (IFPI) outside the US since March 2004 now stands at more than 3,800.