Sony is prepping an update to remove rootkit-like technology that shipped with a range of USB storage devices featuring fingerprint authentication. The Sony MicroVault USM-F fingerprint reader software that comes bundled with the USB stick installs a hidden directory under Windows. Files in the directory might be hidden from …
Why should we believe Sony?
They lied about the rootkit TURDS (Technology Users' Rights Denial System). Then they lied about the removal software. Then they lied *again* about the TURDS removal software.
Three strikes and you're out; the USB "rootkit-like" software is Strike Four. Blaming a third-party software vendor is a lame excuse; the fact that the software vendor is in China simply reveals that the security flaws introduced are probably deliberate on the part of the Red Chinese Army.
And, 'Rick Rubin ... told the New York Times that the technology "recorded information about whoever bought the record", indicating that some kind of "spyware" also came with the cloaking technology introduced by Sony's DRM software.'
I could be wrong, but I believe that distribution of that sort of spyware is a criminal, not a civil, offense in the USA - and it's certianly a violation of the UK's Data Protection Act.
If a private citizen were caught doing all this, he'd be put *under* Old Bailey. Why is Sony getting away with a wrist-slap?
Potentially, could, might, some - Has El Reg reached the end of their legal budget for the year (in the time old HIGNFY tradition) allegedly.
Trust Sony? Yeah, right!
"According to Sony, the blame lies with code supplied by a third-party developer from China."
Just like they blamed the Banbury(UK)-based coder-wankers who supplied the infamous CD DRM rootkit.
Since that fiasco, I've made a point of boycotting Sony products and (except for stolen or pirated copies) music released on Sony's labels.
The word 'scum' sums up Sony for me.
Sony sure likes to point fingers at third parties for its screw ups rather than own up to their underhandedness. One would think that Sony would thoroughly check its products for these types of things before they ship considering how their last attempt to control users blew up in their face. Sony has certainly gone down hill lately. No Sony products for me until they clean up their act.
Customer Relations Sony Style
I think it's fairly easy to see how they reached the decision to do this, basically they've been paying attention to the genius positive PR the RIAA and MPAA have been enjoying with their own initiatives in this area.
After reading about the success stories of threatening to imprison customers every time they watch DVDs they've paid for, or the tremendous reception extorting protection money from society's more vulnerable members, Sony obviously decided they wanted a piece of that.
I can only imagine their directors brain storming this one out..
"Ok so our sales are in the toilet because we've overpriced our consoles, installed malware-enabling rootkits on our CDs and developed a proprietary, customer unfriendly, high def movie format, so we need something positive to win back the hearts and minds of our customers.."
"Well what about installing a new, special kind of malware-enabling rootkit and delivering it in a manner that our customers would least suspect - USB flash drives?"
"Awesome idea, and not only does this reinforce the message we delivered with our CDs - that we want to wreck your system from the ground up - but it also clearly demonstrates how full of shit we were when we said we didn't know the company we paid to write this software, wrote this software."
"I agree, because this time we don't even have the flimsy excuse that we are protecting our intellectual property rights, we're just doing it for the hell of it. And as you say, it puts pay well and truly to the notion that we didn't know the company we specifically asked to produce this kind of thing would deliver it, or that we went ahead and copied it onto millions of CDs. In the realms of being full of shit, that one was out of this world - the level of honesty and straighforwardness this delivers is bound to convince everyone to come back to Sony."
Dog food, toothpaste, lead-based paint, rootkits ... those dang Chinese!
Sorry, SONY (Standard Oil of New York - redesigned to exploit the conception that stuff "Made in Japan" is better than stuff "Made in the USA") ... I can't understand any of those companies who pleaded ignorance when their food products contained industrial waste, and I can't understand those who professed ignorance that the products they were selling at Wal-Mart failed to meet US Safety Guidelines, and I certainly cannot understand a global giant like you claiming to have inherited the "Doh!" gene with regard to your "security" products.
There are no mistakes, at that level.
Chinese People's Liberation Hacker Army
From the Reg story - "According to Sony, the blame lies with code supplied by a third-party developer from China."
Most of the code coming out of China will probably be just fine, but given that no-one at Sony seemed to be checking it much perhaps the Chinese military hackers might see an opportunity for an alternative distribution path for exporting their trojan horses...
Of course with good old American code you're only going to get the nice bys at the NSA peering into your systems!
...and this is the company...
...that wants to be in charge of our high-definition movie experience?
Thanks, but no.
At least with Microsoft/HD-DVD, I only have to worry about incompetence, not actual malice towards the end user.
How Sony manage to stay in business?
Sony is a proven (in court) criminal corporation that do everything in its power to prevent legal user from the legsl rights!
Anyone buying a Sony product is
1. totally un-aware of Sony worlwide criminal record
2. a total idiot!
The copyright system (especialy in the USA) is totally corrupted by criminal organisations such as Sony, MPAA, RIAA, Macrovision and the like. Those organise crime syndicat literaly own the american justice system and use it to steal money from they own consumers. What does it take to stop them? a civil revolt?
Right now in the USA a copyright violation is whorst then then murder!
Well, you have to worry about that, and getting a sound system loud enough to drown out the racket that the xbox makes.
Oh, and overheating.
As for Sony, well they lost their edge a couple of years ago so nothing they do surprises me now.
This is their *security*?
Their thumbdrive needs to install (tamperable) software on a computer to check if the key has been tampered with?
So if the code has been "played with", would it be possible to access data on a protected drive, but they know that software is tamperable, so they hide it...
Has no-one told sony that security by obscurity is not an option?
Does this security system also work when plugged into a Mac/linux/<insert non windows os here>
Sony have made all sorts of electronic wonders. would it be too difficult just to embed an AES module and do any and all processing on-chip?
It would keep the customers happy, and why would you need anything else?
not the same as last time
The Sony CD DRM rootkit thing was just evil. From the ground up it aimed to take away users rights and screw up their computers so they were tied to Sony... and to make it impossible to undo. The security hole was a side effect.
But this is different, I don't see any evil here - just pure stupidity and lazy product design. There's no motive for them here - unless I'm missing a great conspiracy theory where Sony is involved in selling security backdoors to the russian mafia, or something!
So while the end result is the same - a nice cosy hiding place for the bogyman to embed a keylogger / auto-dialer / spam generator / [insert your favourite malware here] etc. I don't think it's really fair to say "Sony did it again".
First time evil, second time pure incompetence. I'm really not sure which one loses them more of my respect though :/
Re: ...and this is the company...
David Parker wrote: "At least with Microsoft/HD-DVD, I only have to worry about incompetence, not actual malice towards the end user."
Are you trying to tell us you don't realise you are being fucked up the arse by an MS operating system every day then?
I wonder if Sony will choose a Chinese supplier for the swords to be used by Sony executives for disembowelling themselves after yet another episode of "We're Sony – Don't Trust Us"!
Sony products are on my 'Do Not Buy Unless Absolutely Necessary' list and I don't think they make defibrillators.
"...and I don't think they make defibrillators"
No, but even then, based on the article, would you want to attach a Sony product *directly* to your body?
Nope, me neither.
Re: SONY/Standard Oil of New York
Absolute Codswallop: http://www.snopes.com/business/names/sony.asp
I concur, its currently vogue to hate Sony, they're the new Micro$hunt / Apple. A mate of mine was trying to win me over in a 360 Vs poos3 debate. I'm a fully fledged pooshoor now, wouldn't touch a 360 with a shitty barge pole.
Life just ain't good unless there's somebody or something to hate...
What ever happened to those "Awfully nice Sony people" in the ads a few years ago ?
Now they're just Awful.
Are we talking about the same "Microsoft" here?? Convicted monopolist, dodgy sales practices, full scale FUD machine?
Silly old Sony
I'm in agreement with Yousef Syed, Sony used to be a byword for high quality electronics. You could be sure that what you'd bought would last, but in recent times I've found that Sony stuff is as bad as the rest when it comes to stuff breaking pretty much as soon as the guarantee expires.
It used to be the case that it was worth paying a bit extra for Sony as it could be relied upon (my parents old trinitron telly lasted about 15 years), now they're just producers of flashy looking overpriced tat.
The Boycott Remains
I saw their rootkit in action as I tend to avoid Sony CDs anyway. That said, Sony would have to buy me a tropical island before I'd ever consider buying their crappy stuff anyway. It's all overpriced and they try every trick possible to lock you in with "closed" technologies (eg MemoryStick). Screw them. The Sony Boycott remains in place until I'm sipping margaritas on my own beach.
Web references? We don't need no stinkin' web references ...
"SONY acronym is from Rockefeller’s company Standard Oil New York. Rockfeller’s Chase bank was financing rebuilding of Japan and there were many crates on the tarmac of the airport in Japan, crates that were labeled S.O.N.Y. The Japanese businessman had already visited the USA and determined that imported electronics were low quality and he could make a new company featuring quality, but what to name it? and to not name a clumsy Japanese name like Yamaha or Suzuki or something and he saw the Standard Oil company of New York labeled S.O.N.Y. shipping crates and that is where he got the name. Rockefeller family had Standard Oil company for fifty years and he was heavily involved in financing the rebuilding Japan. SONY businessman wanted a powerful company with a name acceptable to the USA market. Standard Oil company of New York."
"The name SONY began to appear at the airport after the flood of post-war recovery money, and one of the meanings of those four letters is "STANDARD OIL OF NEW YORK". That has always been SONY or SOCONY. (The Standard Oil Company of New York)
THE ROCKEFELLERS had arrived to re-finance Japan.
What this meant was that during those "MacArthur" days Rockefeller money was flooding Japan; and money such as that (Yes, I'm using the term MONEY) kind of "money" began the amazing job of rebuilding Japan."
Sony-san [Published: May 17, 2007]
A friend of mine (who's more often right than wrong) claims that Sony Corporation was originally founded by Shell Oil of New York during the occupied-Japan period after WW2. I find it hard to believe that I have never heard that before, but then I've never heard of a Japanese named "Sony" either. Is my friend right, once again?
-- Jeff, via e-mail
Lay this on your friend the next time he's pummeling you with facts. 1. There is no such company as Shell Oil of New York. 2. There was a Standard Oil of New York. 3. Oil companies have their hands full already; why would they want to go into the consumer electronics business? 4. Sony's original name was Tokyo Tsushin Kogyo, a.k.a., Totsuko (founded, 1946, by two guys in Japan who repaired radios). 5. Totsuko marketed products with the brand name Sony (or Soni), 1950. 6. "Sony," from sonus, Latin for "sound." 8. Totsuko dominated Japanese market. 9. Americans couldn't remember or pronounce Totsuko. 9. Corporate name changed to Sony, 1958, in order to dominate U.S. market. 10. The plan worked. "
So ... maybe you're right, maybe not ... Don't you just love the Internet? ;)
Am I implying that a Major U.S.A.-based Corporation is not to be trusted?
Is SONY a Major U.S.A.-based Corporation?
Kill me now ... I couldn't stand the strain of a trial on charges of treason!
Is it conceivable that Rockefeller's Standard Oil Company of New York simply handed the SONY acronym to a small-ish Japanese firm in the late 50's?
Is it more likely that they struck a deal of some kind with Totsuko? Maybe buying out the company, or ... ?
After all ... oil makes plastic ... and plastic makes radios ... ?
I'm not making this stuff up! ;)
SONY -- good for nothin'
Anyone remember in 2000 when Sony remade and released (ie: copied in the most plagiarising manner) the tune Knights of the Jaguar by DJ rolando, note-for-note because he wouldnt give Sony permission to release it?!?
The downright, no good, thievin' b*****ds. Havent trusted them ever since.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Kate Bush: Don't make me HAVE CONTACT with your iPHONE
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers