News.com Mobile
for PDA or phone

CNET tech sites: Product reviews | Shop | Tech news | Downloads | Site map

Corrections Blogs Extra Readers' Choice My News

Front Door Business Tech Cutting Edge Access Threats Media 2.0 Markets Digital Life

Sony fixes security hole in CDs, again

By John Borland
Staff Writer, CNET News.com

Published: December 8, 2005, 12:21 PM PST

TalkBack

E-mail

TrackBack

Sony BMG is replacing a patch for its CD copy protection software after Princeton University researchers found a security flaw in the update.

Sony announced on Tuesday that a new risk had been found with a batch of 27 of its compact discs, which automatically install antipiracy software on hard drives when put into a computer's disc drive. Along with the Electronic Frontier Foundation, a digital rights group, the record label released a patch aimed at fixing that flaw.

However, Princeton computer science professor Ed Felten wrote in his blog on Wednesday that the patch itself could open computers to attack by hackers.

Sony executives said Thursday that they are working as closely as possible with security professionals to address the issues identified by Felten, and would have a new patch available by midday that day.

"The security space is a dynamic one, as we have learned," said Thomas Hesse, president of Sony's global digital businesses. "Our goal is to be diligent and swift, and we have gone to experts to handle this issue."

Sony's ongoing troubles with copy protection software highlight the delicate line that record labels and other content companies are walking in trying to protect their products from widespread duplication.

On the one hand, labels have watched their revenues decrease over the past several years, as more people swap songs online and burn CDs for friends and acquaintances.

However, the labels' technological attempts to create a copy-protected CD that retains compatibility with millions of old CD players have opened them up to the unfamiliar hazards of software development. Several of Sony's attempts to patch security holes in its antipiracy software over the past weeks have turned out to raise their own new problems, instead of quelling concerns.

In other news:

The current security flaw in Sony's discs is related to software produced by SunnComm Technologies and affects 27 titles that remain on the market.

It's separate from an earlier vulnerability that affected 52 other titles and that related to antipiracy software written by another company, First 4 Internet. Those titles have been recalled from store shelves.

The flaw found by Felten could allow Sony's original patch to trigger malicious software on a computer, if that software was already in place when the patch was installed.

TalkBack

E-mail

TrackBack

TalkBack

Shame on cnet

Mind your Own business Dec 9, 2005, 8:07 AM PST

Strike 2!

Mind your Own business Dec 9, 2005, 8:00 AM PST

At least Intel is doing something

Sql Dec 8, 2005, 6:10 PM PST

Sony punishes people that actually buy CDs

Larry Laitner Dec 8, 2005, 5:46 PM PST

Well, that's not possible

Jim Hassinger Dec 8, 2005, 2:12 PM PST

Where does DMCA fit in with Rootkit DRM?

Bob Bob Dec 8, 2005, 1:49 PM PST

Where's the fix?

Primaltrader Dec 8, 2005, 1:28 PM PST

Boycott Sony

Alexander Trauzzi Dec 8, 2005, 1:21 PM PST

Hey Sony -- it's easy

Ian Ameline Dec 8, 2005, 1:17 PM PST

How about something....

Earl Benser Dec 8, 2005, 1:16 PM PST

Oh well,

Ian Deal Dec 8, 2005, 1:15 PM PST

Record labels shouldn't be guaranteed a profit

Bob Bob Dec 8, 2005, 1:09 PM PST

Did you know?

Select a tab below to set your default view.

The big picture Related stories What's hot Latest headlines

Resource center from News.com sponsors

Concerned About Computer Security?

Education is the best defense

Computer security threats are part of daily life. But today's malware techniques present unprecedented challenges for businesses of all sizes. Learn how to protect yourself.

Learn from the experts>>