In Dutch newslogs, it is mentioned now that the rootkit is using parts of the (LGPL) LAME-encoder.
So, should their rootkit be open-source then?
"Script kiddies unite, fight for your source code rights" I'd fear.
Below some babelfished Dutch. (from Webwereld.nl)
Thursday 10 November 2005, 09.59 - the spyware which Sony on the computers of muziekfans install do not seem not only technical, but even also copyright in the hook.
In the rootkit pieces code appear sit which is identical to LAME, open source mp3-encoder. The licentie is exceeded.
Concerning software exercises the copyright with the so-called Lesser Gnu Public License (LGPL). According to this licentie Sony must satisfy requirements to a number of. Thus they must tell that they use software in a copyright notice. Also the company the source code of open-sourcelibraries must provide or available to make. Finally the tussenvorm between must make source code and feasible code, the so-calledobject traffic-jams, meeleveren or available, with which others can make similar software.
Sony have only satisfied to none of these requirements, but provide a feasible programme. A computer expert, of whom the name is confessed at the redactie, discovered that on the cd Get Right With The man of Van Zant strings from the library version.c of Lame sits. This is make up from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95".
But the expert has more proof. This way there so-called array largetbl sit at a place in the programme go.exe. This is a part that is used in the module tables.c of libmp3lame.
The discovery is possible far-reaching consequences has on the muziekgigant, which themselves claim only protect the copyrights. Rather judges in Germany forced several companies already make the source code public and the required spullen for compiling to provide. Also it is possible claim damageses.
Meanwhile details also other become clearly and this way complain the Electronic frontier foundation which the spyware make also legal listening music on iPods impossible. The organisation is busy with a list of cd's which publishes hidden programmatuur meeleveren to make and these on the Internet site.
Wouter Rutten of the NVPI emphasise that the commotie for Dutch a ' meaningless tale ' is because the aware cd's are only in the United States and in Mexico available. The organisation offers information on the beveiliging of First 4 Internet to Cdlogo.nl by means of the site, however.
Several phone calls to SonyBMG continued call back in spite of promises to unanswered.