TELECOM Digest OnLine - Sorted: Not Again! Uninstaller for Other Sony DRM Also Opens Security Hole

Not Again! Uninstaller for Other Sony DRM Also Opens Security Hole

Monty Solomon (
Sat, 19 Nov 2005 14:57:30 -0500

Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole

I have good news and bad news about Sony's other CD DRM technology,
the SunnComm MediaMax system. (For those keeping score at home, Ed and
I have written a lot recently about Sony's XCP copy protection
technology, but this post is about a separate system that Sony ships
on other CDs.)

I wrote last weekend about SunnComm's spyware-like behavior. Sony CDs
protected with their technology automatically install several
megabytes of files without any meaningful notice or consent, silently
phone home every time you play a protected album, and fail to include
any uninstall option.

Here's the good news: As several readers have pointed out, SunnComm
will provide a tool to uninstall their software if users pester them
enough. Typically this requires at least two rounds of emails with the
company's support staff.

Now the bad news: It turns out that the web-based uninstaller SunnComm
provides opens up a major security hole very similar to the one
created by the web-based uninstaller for Sony's other DRM, XCP, that
we announced a few days ago. I have verified that it is possible for a
malicious web site to use the SunnComm hole to take control of PCs
where the uninstaller has been used. In fact, the the SunnComm problem
is easier to exploit than the XCP uninstaller flaw.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Seth Breidbart: "Re: Sony, Rootkits and Digital Rights Management Gone Too Far"
Go to Previous message: Monty Solomon: "New AT&T Launches; Offering Customers a New Leader"
TELECOM Digest: Home Page