United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Sony rootkit debacle rolls to a halt (we hope)

It appears that the dust has settled after Sony's excessive attempts at music copy protection were first outed, then mercilessly flogged.

It amazes me how much this debacle has tarnished Sony's image. They face litigation, have been banned from libraries, mocked by The Onion, and have been the subject of ugly rumors concerning the origin of the rootkit itself. It all seemed to spiral out of Sony's control faster than their PR could spin it. And that is surprising, considering they knew about the vulnerability 28 days before the story broke. Apparently, they didn't want to announce the hole until they had developed their own patch.

But despite the risks covered in my two previous posts (from early- and mid-November), there was no major damage done (that we know of). Thus, in the end, some good things might arise from Sony making a complete fool of itself in front of the world. There had been a lot of rumors that other music distributors were considering using copy protection software similar to Sony's. I don't think any of them realized how much bad press they could get. After all, Sony BMG president Thomas Hesse was quoted at the beginning of this fiasco as saying: "Most people don't even know what a rootkit is, so why should they care about it?"  But now, after being dragged through the mud not just by Tech news, but by major press such as the New York Times, the BBC, and others, Hesse is singing a different tune: "This whole story has led us to look at the approach we have to take going forward." We can only hope that this drastic shift in policy will serve as a lesson to other distributors.

But even if the entertainment industry hasn't learned, the tech industry has. In yesterday's cumulative patch for Internet Explorer, buried amongst some low-level FAQs we found the following:

"This cumulative security update sets the kill bit for the First4Internet XCP uninstallation ActiveX control. For more information about this ActiveX control, visit the SONY BMG Web site."

You know the times have changed when a large corporation's sloppy practices put our network security at risk -- and Microsoft is the entity that has our back. -- Jon Skovron

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.