Computer science professor Edward Felten and graduate student Alex Halderman '03 discovered a glitch on the Sony BMG website on Monday, at a time when the music giant is recalling millions of CDs that put users' computers at risk.
This is only the latest in a series of problems for Sony BMG that Halderman called "the Sony soap opera." Felten and Halderman have been detailing the progression of events on Felten's blog, freedom-to-tinker.com.
As a method of protecting against the illegal copying of music, Sony BMG placed hidden copyright protection software on many of its CDs. This software automatically installed itself when a CD was inserted into a computer. It operates with a rootkit, something normally used by attackers to breach a computer's security system.
"What Sony didn't realize was people would react negatively to them using the same techniques as attackers," Halderman said. "This software could be used for viruses to hide from antivirus programs and be invisible to you."
As a result of the backlash, Sony BMG posted an online uninstaller for those who wished to remove the rootkit software. According to the Sony BMG website, it was meant "to alleviate any concerns that users may have about the cloaking component posing potential security vulnerabilities."
But the software seems to have had other purposes. Over the weekend, a Finnish web user going by the title "Muzzy" reported on his website that something seemed suspicious about this uninstaller software.
"I was at my office at 10 p.m. on Sunday night and sent an email over to professor Felten," Halderman said. "He came 15 minutes later and we started exploring the problem." The two then spent all of Sunday night into Monday morning working to understand how the software functions.
It was late Monday afternoon when Halderman and Felten figured it out. Halderman, posing as an "attacker," tried to use the program to install his own software — a simple file. When he saw his program pop up, they realized that this was a huge problem.
"The ... component allows any website you visit to download and run software on your computer," wrote Halderman in a blog post on Tuesday. Sony has since removed the uninstaller request form from its site to prevent any more users from being susceptible to the holes in the software.
However, those users who have already used it are still at risk. Felten and Halderman recommend not using Internet Explorer until Sony releases a fix. The two are also currently researching possible solutions.
Read More
GSG approves audit, delays budget approval after ‘insufferable’ meeting
Nikki HanThe final Graduate Student Government (GSG) meeting for the semester lasted more than an hour and a half when discussions over the proposed budget for the next year and a proposed Student Life Fee of $100 turned controversial.
The final Graduate Student Government (GSG) meeting for the semester lasted more than an hour and a half when discussions over the proposed budget for the next year and a proposed Student Life Fee of $100 turned controversial.
Effort to restore chapel’s pews slowly progresses
Ben GoldstonHead carpenter Jim Sullivan has been restoring the Chapel pews over the last year. The dry atmosphere of the Chapel has warped the wooden pews over the years.
Head carpenter Jim Sullivan has been restoring the Chapel pews over the last year. The dry atmosphere of the Chapel has warped the wooden pews over the years.
Metals, molecules, and medicine: chemical biology’s influence on health and sustainability
Aanya KaseraChemistry professor Chris Chang’s lab studies the chemical biology of the elements, specifically examining the roles that copper, iron, and zinc play in biology across all kingdoms of life.
Chemistry professor Chris Chang’s lab studies the chemical biology of the elements, specifically examining the roles that copper, iron, and zinc play in biology across all kingdoms of life.