Sony Rootkit may Lead to Regulation 266
An anonymous reader writes "Computerworld has a story about DHS officials meeting with Sony to read them the riot act, following the rootkit fiasco. From the story: 'A U.S. Department of Homeland Security (DHS) official warned today that if software distributors continue to sell products with dangerous rootkit software, as Sony BMG Music Entertainment recently did, legislation or regulation could follow.'"
WTF? (Score:5, Interesting)
Why are people not in jail for this yet?
(yes, that was a rhetorical question).
smash.
You haven't figured it out yet? (Score:2, Insightful)
Re:You haven't figured it out yet? (Score:2, Insightful)
smash.
Re:You haven't figured it out yet? (Score:5, Insightful)
Re:You haven't figured it out yet? (Score:2)
Doesn't that make it theft ?
Re:You haven't figured it out yet? (Score:5, Insightful)
Re:You haven't figured it out yet? (Score:2, Insightful)
What you described as capitalism is what we see today in the US, which is better described as "bastardized capitalism". Under bastardized capitalism, there is room for coercion (theft, fraud, gover
Re:You haven't figured it out yet? (Score:2, Insightful)
Re:You haven't figured it out yet? (Score:5, Interesting)
Re:You haven't figured it out yet? (Score:3, Insightful)
Regulation? We already have laws against hacking people's computers and causing damage. Sony needs to be prosecuted, not regulated. Sony commited a felony and DHS wants to turn this into a beaurocratic exercise. This is in the FBI's and Attorney General's realm, not DHS.
DHS should stick to what it is good at, screwing up responses to national disasters, oh wait.
Re:WTF? (Score:5, Interesting)
Re:WTF? (Score:5, Insightful)
I was merely trying to point out how "fucked up" the system is - we live in a world that allowed the two events described above to have the outcomes they did...
smash.
Re:WTF? (Score:3, Insightful)
Re:WTF? (Score:5, Insightful)
I agree it stinks, but I'm not exactly sure how we stop it short of a constitutional amendment, and if that amendment is too broadly worded, the cure could be worse than the disease.
Re:WTF? (Score:3, Interesting)
Outlaw campaign contributions to anything other than a central fund. Cap campaign spending at a dramatically lower level. The n candidates with the most petition signatures get on the ballot, and get equal campaign funds.
This prevents people from buying elections...
The only missing piece here is who pays for advertis
Re:WTF? (Score:3, Interesting)
Including Slashdot? Or does "media" not include the net?
Furthermore, with the ruling that cash == speech, there is no way to cap or equalize spending. It's unconstitutional prior restraint. Yes, it sucks, but that is the law as written. You can force someone to forgo government assistance if they spend beyond a certain limit, but you cannot limit the amount o
Re:WTF? (Score:3, Interesting)
The family owned business starts sending lobbyists to congress, and gets a law passed that basically makes it such that they're
Re:WTF? (Score:5, Insightful)
Re:WTF? (Score:2, Funny)
Re:WTF? (Score:2)
Re:WTF? (Score:5, Insightful)
Corporation: An organization created in order to generate individual profit without individual responsibility.
That is why no on is in jail, it goes against the very idea of corporations.
Re:WTF? (Score:3, Insightful)
Security Flaws are Not the Issue (Score:4, Insightful)
Re:WTF? (Score:2)
At least someone in the government has enough clue to see how this is a Very Bad Thing, and the government getting involved, while less than optimal, is the only way this kind of behavior will stop. The industry certianly isn't going to restrain itself, and the buying public is too stupid/ignorant/drunk to give half a shit about this issue. People who buy country music generally wouldn't know a rootkit if it walked up and bit them in the FA
Re:WTF? (Score:3, Insightful)
Except with enough campaign donations they can keep hitting foul balls without ever facing a real penalty.
The recent Sony experience (Score:5, Funny)
"I just bought a DVD with rootkit software on it."
"You've been Sony-ed", or,
"That's the Sony experience!"
Re:The recent Sony experience (Score:5, Interesting)
Re:The recent Sony experience (Score:2, Interesting)
Re:The recent Sony experience (Score:5, Funny)
Re:The recent Sony experience (Score:5, Interesting)
Re:The recent Sony experience (Score:3, Funny)
Re:The recent Sony experience (Score:3, Informative)
As I have had many bad experiences with upgrading windows I tried to do a clean install of XP Pro. SATA not supported. OK, I thought, I'll download the controller drivers, write to floppy, and do the whole F6 thing.
Checked the Sony
Re:The recent Sony experience (Score:4, Funny)
So.. (Score:5, Funny)
Re:So.. (Score:2)
Re:So.. (Score:5, Funny)
And what about Linux rootkits? Will Linux rootkits be supported by the DHS? Or will they just be banned altogether? Surely the DHS can't be stuffed writing a Linux rootkit as well as a Windows rootkit.
Even scarier... what if Linux rootkits weren't regulated at all? Cyberterrorists could go on a rampage of linux rooting, and the government wouldn't be able to stop them, or more importantly, tax them.
Hmm... that's an idea, the DHS could implement a rootkit tax, to fund their own rootkit development, and better protect our fellow God-fearing American citizens from the cyberterrorists of the future.
The War on Terror is ending. The War on Rootkits is only just beginning...
Re:So.. (Score:2)
Jail em! (was:So..) (Score:2)
Re:Jail em! (was:So..) (Score:2)
Threatening Legislation (Score:4, Insightful)
They are not even being told they will get punished if they do it again,
It seems to say, if you do it again, only then will make it illegal so you can't do it a third time.
(Gee, I'll have to try that one next time I get busted by the cops - its only my first offence, officer, you shouldn't lock me up until I've done it at least 3 times)
Re:Threatening Legislation (Score:5, Insightful)
smash.
Re:Threatening Legislation (Score:2, Interesting)
You, yourself said it: "It seems to say, if you do it again, only then will make it illegal so you can't do it a third time." which is
Sony DID do Something Illegal (Score:3, Insightful)
Subsection (3) states that anyone who "intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Governmen
Regulation? (Score:4, Insightful)
So the time has finally come... (Score:2, Funny)
Mr. & Mrs. Smith DVD (Score:5, Informative)
Re:Mr. & Mrs. Smith DVD (Score:2)
Re:Mr. & Mrs. Smith DVD (Score:3, Informative)
Re:Mr. & Mrs. Smith DVD (Score:2)
Re:Mr. & Mrs. Smith DVD (Score:4, Informative)
Apple haven't got a fix out yet but I guess they will soon (WTF is system software doing loading libraries from the home directory anyway? There's a *reason* why
From the virus summary:
"Leap.A installs a bundle to '~/InputManagers/apphook' that hooks certain iChat functions. When any of the user's buddies change their status, the worm initiates a file transfer and sends a copy of ' 'latestpics.tgz'. The file transfer is not visible to the user as the worm hides the transfer status information."
"The worm enumerates all applications on the computer that were used during the last month. Leap.A replaces the main executable of those applications with itself and saves the original file to a resource fork with the same filename. When the application is opened the worm activates first, then it runs the original application from the resource fork."
My EFF Action letter worked! (Score:3, Funny)
I told my senator to tell the RIAA and Sony to go f##k themselves... I guess he listened.
threatening? (Score:3, Insightful)
not malicious? (Score:4, Insightful)
From TFA:
I guess that depends on what you mean by malicious. As far as I'm concerned, anyone who distributes trojans is either malicious, or mentally insane — on the same level as the man who thinks he's a poached egg.
Re:not malicious? (Score:4, Insightful)
Re:not malicious? (Score:2)
Actually it's the word intent that's important - Sony used third party software that they believed would stop people copying their music, I doubt if Sony got in to too much technical details about how it worked. Managers don't want to know the gory details, they want to know if it works, how much it'll cost and how much profit it will make. All that was on Sony's mind was copy protection, even if the third party software had formatted your HDD Sony ma
Re:not malicious? (Score:2)
Even assuming that Sony's behaviour should be punished, how about we punish them for the actual damage they caused? Otherwise, it becomes just like the old patent rant: "just because it's made with a computer, it is not necessarily a new thing". So why bring in new laws?
That said, anyone who feels like using state-sponsored violence
Re:not malicious? (Score:2)
Re:not malicious? (Score:3, Insightful)
The side-effect of making computers unstable and hackable was not the intent of sony
Yes, but there was also:
Making it difficult / impossible to uninstall
Using rootkit tech _at all_ (to hide the driver files, to stop you uninstalling)
Making it install even when the user clicks no / cancel
All those were clearly deliberate intent - and dubious legality in some places (particularly installing, irreversibly, when the user explicitly denies permiss
eh? (Score:4, Insightful)
Mod Parent Up. (Score:5, Interesting)
Laws have already been broken and all we're seeing is warnings implying this may be made illegal in the future.
Re:Mod Parent Up. (Score:2)
Laws have already been broken
Which ones? I don't mean to be difficult, but can you name the actual statutes that apply?
No malicious intent? (Score:5, Interesting)
Would someone please define malicious? I think it WAS malicious.
------------
The American Heritage dictionary:
malicious (m-lsh's) pronunciation
adj.
Having the nature of or resulting from malice; deliberately harmful; spiteful.
-------------
Thompson-Gale Legal Encyclopedia:
Malicious
Involving malice; characterized by wicked or mischievous motives or intentions.
An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification.
--------------
I'd say that given Sony's generally agressive posture with regards to personal/individual fair use and copyright infringement, I think they could easily be characterized using words like "angry" and "vengeful." And regardless of the emotional component, it was certainly wrongful, willfull, intentional and without legal justification.
Re:No malicious intent? (Score:3, Insightful)
Was the security problem intentional? No.
What is being discussed in TFA? The security problem.
It seems like a case of (Score:2, Interesting)
Since when did the Executive branch make laws? (Score:4, Insightful)
wrong act.... (Score:3, Insightful)
Should it not read RICO act?
Re:wrong act.... (Score:2)
They should read Sony the Patriot Act.
Re:wrong act.... (Score:3, Informative)
And yet, the cynic in me... (Score:4, Interesting)
...thinks that DHS would love for this to happen again.
I could almost see them thinking, . o O (...and the best way to do it would be to stringently regulate consumers' computers, so that we can watch for intrusions of this sort in future and prepare for them. Oh, do it again Sony? Ohpleaseohpleaseohpleaseohsnausagesohplease!)
Could someone explain? (Score:5, Insightful)
Read: Juvenile dick-waving without commercial interest -> 2 years prison.
A large corporation spreading a rootkit with their product to their paying customer with the intent to cripple their customer's software performance (not being able to use it as intended, by manufacturer or user) that also has the capability of spying on their behaviour (allegedly they didn't use that function, but
Read: Commercial malvolent infiltration of customer's computers -> Nada.
The world sure is changing. When I was still in school, adding "commercial" to a crime sure upped your sentence by some magnitude. Nowadays it seems to be your "get out of jail" card if you commit a crime with financial interest.
Al Capone simply died too early. He'd love these times.
Re:Could someone explain? (Score:2)
If they hadn't gone about it in such a half assed way, such that people can exploit it to do real damage, it wouldn't have had the backlash it did.
Re:Could someone explain? (Score:3, Insightful)
Still, 2 years and some other rules that simply crippled his future, like banning him from the 'net for a while.
Imagine a ban on Sony to produce music for 2 years, what good this could do!
But I ramble. The core point is that there is NO way that you
Re:Could someone explain? (Score:2)
There are also good reasons why the government is unwilling to pass explicit legislation. Defining a rootkit is difficult, and sometimes people really a
Re:Could someone explain? (Score:2)
At risk of being pedantic, I think you mean "enforce them!"
Other than that, well said!
Re:Could someone explain? (Score:2)
Re:Could someone explain? (Score:2)
But yes, I do agree. It might make then think twice before simply breaking the law with a "let's try and see what happens" attitude.
Talk about a misleading submitted post (Score:3, Informative)
In there is a small paragraph mentioning that DHS and a talk with Sony that what they did "was not a useful thing", which becomes the main thing.
The thing thing that should of been focused on was the message from DHS that companies should not defeat the security measures that people have in place on thier computers.
Could someone sue StarForce spreaders please? (Score:4, Interesting)
According to Wikipedia [wikipedia.org], Ubi Soft, Digital Jesters and Codemasters routinely use StarForce on new games. Forget about consoles, THIS is what might kill PC gaming permanently.
What is a rootkit? (Score:5, Informative)
Important distinction (Score:5, Interesting)
The important thing to keep in mind is that, while SONY may have a software division, the product sold wasn't even a software product at all, and no disclosure of a software product was discussed in any terms of sale, etc. The whole software angle was completely surrepetitious. It's not just "software distributors" that need policing here. When it boils down to it, this SONY division had no business "engineering" software into their product; they had little grasp of the ethics or the technical implications of what they were doing... or at least that's what they tell us now. For all we know, they were fully aware and just did it anyway thinking plausible deniability was all they would need when it came to light. If indeed they thought so, they would seem to have been prescient - nothing has happeded because of it. I for one am a bit surprised at that.
Sony should be prosecuted (Score:4, Funny)
forget rootkits... (Score:5, Funny)
Linkage to blueray software (Score:2)
What they really want... (Score:2)
Megacorp meets with secret police (Score:5, Insightful)
Sony BMG settles (Score:5, Informative)
It's your chance to stick it to the man.
Morals? Ethics? (Score:3, Insightful)
Dollar Power? (Score:2)
If people just stop buying their crap, they will change how they do business or go out of business.
Re:Dollar Power? (Score:2)
WHAT?! (Score:2)
How lax can they get?! When you hurt millions of people, you get punished. So, if Sony puts out another rootkit, will they be at all worried about repercussions? Hell no! They just got away with it.
I'm SICK of the "shareholders" argument (Score:3, Insightful)
When you count out who the majority VOTING shareholders are, you will find that a vast majority of the time, they are the same decision makers who are citing "will of the shareholders." It's bullshit. A doctor should do no harm regardless of who pays his fees. A corporation should do no evil regardless of shareholder interest or profit-making directives. The decision of HOW to go about making profit was made by people and THOSE people should be held accountable for those decisions.
Sony is EVIL!!! (Score:3, Interesting)
Will Someone Please Explain.... (Score:4, Insightful)
With computer crimes there's some kind of investigation from local and federal law enforcement (FBI maybe?) and maybe a public hearing or two to give the appearance to voters that something is going to be done.
Please point out the obvious here because I'm missing it.
regulation? (Score:3, Insightful)
Re:regulation? (Score:2, Funny)
Re:regulation? (Score:2)
If you would, don't go into politics.
Re: (Score:3, Insightful)
Re:regulation? (Score:2)
Oh, wait, companies are protected from that.
I'd LOVE to see companies be put in jail.
Or, give companies the death penalty for breaking into government systems. Force them to dissolve.
Re:Angelina Jolie only? (Score:2)
In fact; a more succesful title for this article would have been "Angelina Jolie DVD gets Sony in trouble"; everybody here would read it!
Re:meanwhile.... (Score:2)