Details On The Sony BMG / First4Internet Uninstaller Problem
from the it-just-gets-better-and-better dept
It seems the folks over at First4Internet, who made the Sony rootkit in the first place, aren't the sharpest knives in the drawer when it comes to designing secure applications. After all, the rootkit left open the ability for other malware to hide behind it, and, as mentioned yesterday, the web-based uninstaller they provided has a huge security hole. Ed Felten and Alex Halderman have detailed the security problems with the uninstaller, and it's quite a security hole. Basically, they were using an ActiveX control to download and run the uninstaller, but the control stays on your machine and is open for any other website to use. So all a malicious coder needs to do is code some nasty malware that looks for that ActiveX control and if you visit that website, you're toast. As Felten and Halderman note, this is only the web-based uninstaller. Sony BMG and First4Internet also provide a downloadable uninstaller that doesn't appear to have similar issues (or, at least they haven't been found yet). Either way, every step of the way, this story just gets more and more ridiculous.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
The UK company that supplied the DRM software
Phone: Tel: +44 (0)1295 255777, Fax: +44 (0)1295 262682
Post: 6 South Bar Street, Banbury, Oxfordshire, OX16 9AA, UK Google Map
Management Team: Nick Bingham Chairman, Mathew Gilliat-Smith CEO, Tony Miles Operations & Technical Director, Peter Worrall Marketing & Research Director, Nick Drew ICA Business Development Manager (thanks, voidstar)
There's nothing on the first4internet press page since August.
[ link to this | view in chronology ]
smooth move sony
note to self; don't buy sony
[ link to this | view in chronology ]
Re: smooth move sony
The Canon Powershot now looks like a better deal..
[ link to this | view in chronology ]
Re: smooth move sony
[ link to this | view in chronology ]
Re: smooth move sony
[ link to this | view in chronology ]