Sony BMG Rootkit: More Problems to Be Revealed

Several groups of privacy and security experts are expected to release research later today that points to multiple, serious security flaws present in "XCP," the anti-piracy software used on an undisclosed number of Sony BMG music CDs. (For the record, Security Fix observed that experts were busily searching for such flaws shortly after this whole fiasco began).

According to details provided by prominent security researcher Dan Kaminsky, the resulting public outcry could make Sony feel like the last two weeks of consumer backlash were a walk in the park.

Kaminsky wil be unveiling research that indicates just how many computer networks have Sony's anti-piracy software installed on them. Kaminsky declined to be more specific, but numbers referenced in a class-action lawsuit filed Tuesday in New York against Sony and XCP maker First4Internet indicate that Sony sold approximately 3 million music CDs carrying the software. Security Fix - Brian Krebs on Computer and Internet Security - (

Linked by shanmuga Tuesday, 15th November 2005 7:17AM