Inept, Indifferent, or Insidious?
<p>Get rid of the rootkit, install a back door. Ed Felten notes in <a href="http://www.freedom-to-tinker.com/?p=927">his blog</a> that if you run the official Sony DRM uninstaller, you’re opening your computer up for an even worse problem than you started with.</p> <p>Briefly put, it installs an ActiveX control on your computer that will, upon the request of any webpage, download any content from the Internet. I give the blackhats 3 days or less to start installing malware on computers through this vulnerability.</p> <p>So, what’s going on here? Could Sony afford to hire a security person who would have prevented any of the 4 or more transgressions that have come down so far from happening? Certainly. But they didn’t. So, that means either they’re too stupid to be doing this or they’re doing it knowingly. ‘Eat me’ or ‘Drink Me’ - neither is particularly appetizing.</p> <p>There’s room here for a legislator to make a good name for himself by introducing a bill that would explicitly make these kinds of DRM illegal. Sure, Sony might have made some extra profit from selling some more CD’s, but we’ve just put at least 500,000 machines on the Internet that could be used by nefarious agents to launch the CyberAttack DHS has been warning about. Drop a note to your Congresscritter.