Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Sony DRM Woes Continue



 By: Larry Loeb
2005-12-12
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: The MediaMax DRM didn't get as much attention as the other XCP DRM used by Sony, but it turns out it has a problem with Windows.

While I have had my fill of Sony DRM and all the screaming that has gone on around it (though it still gives me a chuckle when I see a breathless story in some second-tier MSM newspaper about "Copy Protection on Sony CDs" that is both outdated and inaccurate) there was actually a new wrinkle going on in the last week.

Remember the MediaMax DRM that didnt get as much attention as the other XCP DRM used by Sony during the first wave of screaming and yelling? Well, it seems SunnComms little child has a problem when dealing with Windows.

There are insecure default directory ACLs being set on the "SunnComm Shared" directory, which allow any local user full and total access to the directory. "So what?" you ask. Well, non-administrative users can modify the installed files in the directory because of this. If they are of a mind to do so, these users can potentially gain escalated privileges by (for example) replacing the MMX.exe program with a malicious (and privilege-escalating) program. The MMX.exe program will be automatically executed when another user inserts a MediaMax protected CD.

Resource Library:
Changing the directory ACL manually is reportedly non-effective. The reason is that the insecure permissions will be restored the next time a MediaMax-protected CD is played.

The security issue has been reported in version 5.0.21.0, and prior versions may also be affected. Sony has a program that they say will fix the damage done to your machine. You may wish to document any further damage that this new program does to your machine for inclusion in your future lawsuit.

Hardened-PHP finds more stuff

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Stefan Esser of the Hardened-PHP project found a huge problem with it, though. In their advisory, Esser noted, "phpMyAdmin comes with a register_globals emulation layer within grab_globals.php, to ensure compatibility with hosts where this feature is turned off. This layer was heavily modified for the release of phpMyAdmin 2.7.0. One of the major changes is that the blacklist of variables that may not be overwritten by the emulation layer is now stored in a global variable."

Read the full story on Security IT Hub: Sony DRM Woes Continue



  Reader Comments: Sony DRM Woes Continue
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Loeb
 


x}ksȲqfϸ\ !a:61t{zb#X!t$a73{rcͬ*xtmPUYYYI"WftcfQ?uOu>'Tw6G&R(-GgP+N-w5 E]0eZNv@\~}@^}FwD%x_'Щ=ѩ:€wɄIPS^ۗͩ6}^~l .pѲ ⌲Qm5x@`nZN<1)_NDRB@T 4NHXߢȱ7{Xe376m( 19,^b&{Bq4%;^7W;FV~B {.Y^Z -GZUX'[vb1BE8 ;wOA%;_q@ؓ:IuhmUb'ӨRcbx#:Q^]ݱ&\./RF͌iAw4ԬkSzcG 3GCLH<~0[QMK.n5G)%F^^HN,7MesE {(-4K[9K2}1xc+AX ,>JAͼ94o o SE@;- uj 8k+:YK70Sh_fC-w a6Z@L4\ aCǘش 6,%ߨ6`I˪2TI0&mQu3 . If0A0<^f/_\RG 1 p1S{".S4apv^]-7+De,,ɺ s5-wixKsqm5I{Nk\@*1 @ Lna 8 V83 5Cuәݰ=Uԇ9[˩G`IA 6]LRml;>tPh>P0<xLL)σJCˋF` VPCh9N@tmS(|` S9ʹiǀxԘ/.aHd˕)@FX mNt"BђF 4  gsSX"C"'s [AX/w$]VpDJm'83PJ/CscMX:L٣XB ^X/_2әJRj2mń(VFNDl0VRx5Vn`oNT\O'4MhFnf#@.kәiK0Pl;ij`1Ԑ(ʲI9@cyp Iϱ(@aEдBk`BAqyc]@k9htlRԴa81 ՠmZ&4D ڛ8uVs]ˤF\h5KvıAs>n5 ~"Wnznr#ʇ&fy>epGҶLoj@~)&]LqαrB&k*H(X3b-rlrp V֌M'W*r1r@@-Tড়rH1g0d8ЌOq=18S7RtZC+>q^i.;[Oe]Zr{{#Vv/KT:?ouR@,H#oh m_EڠeeLGi K-C IP֦(X+ezdxy62&CŸ 7q(=  XU.*rȄeê%VbګY3ld xAq!r?-j(6 ofsXSq;hzE>uHGMcg@>`˙ǟG(a!w1JkX$ U*=̔:Y[ ^|@'K |o2tJ.k>uM^\+]79e"A>8|p$'Z>pdZ`/R7:_x;ڈy / EEQ?O~2;2.eX k9  4 đMTb0vQغ;(k12q˝a&?@&R)Ö1SghiGDž-*IH՗bPNc&Xk5F><}"}qNxCHE~"=ilA6\,0|" VH0pl@:RԒxZC@^~vJ%$m4X2H=z,nLH0u 0k-dqM)TE}ffW7{)|h#R @ h`! K{ZCAm2۩\Gw]܁c2P>H(T\g7cME]ac6U{zn&)ZMMӳe;4 cIۛp|3|f93#OQMGF \,[5^093+NH]MM:f2/cʣ#WTo HD">A:T{  30XfSf~ruWJU08n ({wO5~͟Mׂܶ -&o# d&.ōfπiLǖ2m#7H=* `E'8wD1$5ۃ6,!yo$2s~Y("U@Z_AҰg /3_5u_f&קnq& )Ja@hG2caoQ U-q'.Ҁ^KST1 Vc>_I|SeFr+V +i+T\)aokA~fZX*=gR T>cO3(~ (zC>[u z~L>\TS<Q}UͻCUR(BBлgaC͢JNqi-EBSkkps-p B0_ \PFͧ.^GEl`\ASf<^ΐےtK3ק~ 6F˔[ā3W?f4$ΞcVpDMb? h)k0TiˊZ=R$ujURբT'sٞE(FߋCeRԣ\\׆hg?"XWP)~31ȔɹT>TC*mT)NߓNtLÀ1ZrR: GY\' WBxT$YPX9H(PJ Yz>ۻmpI3T!,Cۓ)&l |* N=$QtW%}wn/IQet贯>?kٿv0yOe}qُ ՒeKKx4}l|LJ'V-.nRӸh4.[-tJ2}i&A)p]2~̮^boofBцϮZ0N@ɁvnG4n/Kgݫ-?wB-)^{#y2W#NԸj_\$'d0 svj܆'6bL`jX&IEyD#SV5CuW0MR XɫI)j껰ΫT~DC6 OY`01+GS"6GHDi:n{GQ =dZnO8Z𿲜\ta_}`|;#sF'5\{6'cv,Q'}Z]s6ͥO̴E{wmhG(V-w)c99Z3vY?yxx?4f8?n4[Ҹܿ1LN[_ |1$?[0#|&j~>xFM>z@uS意g ڃ9krĸ~n =lKx?Koҽ{g;ᧅ}ErwtR*9$XH!Hn e_"+2gNIɅ^t;>rix7Ymx3DoӼ4iAhflOC\j`l_@y~mq.e~W(TR/bOk$J骇93]MT--^\RK>^+Uk< h`#Ba"fFs8EE[o\Ӧmef73G??C4ȥN<ƛ;`!3ȑ +Ӡ9m&s$;gr0 @* v4.߭[ B;BJ [42UCnuk-Ǭ§ ,'iƿ'ʫqVԱQ*2$;hߖ6ւ1v̙[ʈ1gcR_SZR|  .w?FӞ Ma_˽z2.mE>zQc%Fm?^ϗIO 4|gtY?+]bQEQ GX(F'x s m] 椃! GHE#"oEk`ݗ]oRO)Am?f5RKL:;S`RPy7Z_ 4 Bj/1CĄ89]h̵K_9$b(;,v!"ylN=<3 e~hjLӽ^CveOHF>=#]C|fdܞ++N=I :4 >NH͝eɺEI"PDVggsnD]Nx CpRnw2g@\K Ԅ)kT=U}"m^'1upa꿸ȠȂr TAr ]Մfext:qۅWF,HZkcOmF8 ֕cOh=$P9'cϥS 23 I-:Np\lSĵ, 2 l0 $ D$&N$B2x]{S +} tLԟr2UA~7jP UI=z<"-џR6,[pL8, ͖S'/u@rÌH؅ET8 1~@x"1˓d URDԟ a'=ER&IVl6yT UQ-'vkk/1zID^va8èz$Eⶓ{RcSޕVhRK[71]~Vͥ%UKR7 GZBwx`H5EJl?n_Sf^X r]T`˞];`o>Bp014gP⩱9S\*+ţr@ M(yƷAo/aN̪-1MUr4)7HL?'}]=!`Ll̆,[P.Shr: !@1Jpt^M)>s့^}sH()lKsSd/% DN;#=Ǖ0pOI`"(U x'%ĀXN7!^/)=߉ܪ@kR-U_pضGi4t mۧZplA}@ {L4ZQGt$ DBV/;OPywy׸D|~-_鶽w]9p'}i N݁'d[ |o#p|o;5T}-2~e;Vdb.R(hPҤm&Gu#Bn,mѧRش`0I ӋG!*$⋭gä̊9s,kpF*) tK11u!25b^zIblᰖS_z4_ؾ-=m_\sicVXLԛ: d!3m]E@ ߎx-EK@VlIR`x= ׳9*ٰ1ztFmm640d%}*ig,;!$gx| !ua{x0oҙTjM.gGt6 &Bzo;9]Kz]xvYb q}e mn/剘" ,Ӡw.( tJ@"D ''?5v{}7e?Rϥ%jJ_:yTl#XA,HBfίGdS33j3 b]7?S:+J0 '|' 7]rx-+~m F] S *|O)ҟh.01ta| 0K=CA8! 7#;[ 5S@endGʱvtP8Pt^To\kE_A-hgϡ0G0Ǘq4x` sHQñŃe7DrZ/ 3LK?"=c9.G)*E;Lm!۟`n3+w1V^cF<2QȏQ QEu@T駠TCyw"II~e`jqx+1</aٸœGKe~O\أ z]kF9-83Whyl?mĒ DQ= !jb`!1Q9!K8hX^LbEy6 T8캃䄲ew4>RPi!Fv{Kb+r{##ߏ=gf?Ñ2.ě=VFXz-ܨ#VZ"'"7"wyaypD]dbɠ;^,4o&vf- =L8ll/vxsCHkcΩ=Zjp\(.HQ,:-~e=^^@F3 n oTJ9t[`ɣ.jݼ\U BI?%|Zj>A76ǽjbxc;XycabS;Xif‹,yBE ~K-y -JYՉ]|T3Uh GzKxcyƸKOܡAnr8M/k㓔KPIV 7}w+)䶾RK;}v}U-Tꡒ>W3mX5Ǯ xXܪ oc%XieZ}#qF^*j95Ys00Ra *zd1޴oN)D|->(vBAfғXNO>f? h \z9}j<kzit3!8 l+_aw#׭ msdǤ+vl"6B<\sJDyj$Z(Lϱ'X~)Cg]+L6mIQ* ֶBz (Ә`Ij&\jfM1:1S75T<#V̯R}FFV>G6ފb︰|ăD> 1Xtt1XjrGh%qpi< T/XoL! TTbЭaU&wܠeЃ5T?02м~#n_jaIb+/n@kbޅ7ҁ+qܒ:iT@ xS)}0IML8$\С ʁ&hpzym@1"r?"IOgP"5O.JeE d3_ c!z v7UIu~Qfs`:>00Ovp15xpo@J2}Mݓ8]1(pjBKl͒w\j:rtT b:M 5?|Dz[7ΥI(!4' .yHcI OiN4xT+rK;:B<@Nw^a]N0{xbwT IhRW tP(rL=VRe<>;Nn?,4!W)WTh r##v(Cd=Եk`frO4~c޸LλAo[-x;mk~;¶V-r5evϺ7׭u?W?7=|j5ۼV6/ vg(P_7:-f(NTbQ{̥,% U*w";n2޿x6~z0^{0^@ ?/1>Arߧ}}ee]%u$e!(odYNotpN3Ki /ޯ?e<3Y+z7^˰s3ce_/ˀq}sm&R+ ]Q%5Lk[I2}ח c|U(X2T^>&c 4tk 7b[y@Yp&}:=WVvl+Jy.)ܢ}:QOXE)9 8q"gaOd_;0ʛQGЬa]#=D~MD?|k2xI0,9 ۓ{ opmঠϻ]O^{-A0.: 7W}.nmG;yh#ֽ2b;w S췡\2,1y}³2wفGhD+,r e%HI_1σCO3mr'܌ӃXZgoii^77{hϦ"di󠦰iPͩȪ)N(~P7Ejn2h s/.ʼnC ;wK-=C O7nƜ8Ǝ3 P3ebIP*RJRs''.[DDӢR(B]N-U˅a`"! *s>P`26UJ` Pz!J1 #4c֭dKb(wp E#УcoPC1{7/TE5// {_A1<7 J,{sЛِD@.ޛ3/q) ߄`-kD҃Yhp䣿 $Q8Sc#ӄwYBDxhlգ{h9ıiSrO?g)bZũ |hn2$3!Mť{:︂|<%(uL?s-̡8Df=Nؒ1"QURۨWUɑ"9<23wH"KzU:_axqp itˉk<:^ o p1Q.`oN=X v7n\8פ`HHGLOd~ OfAL hkоxQ IZ-#wXZNƄ_ð@n=,N7"4FbjN˩+9suJ]Hb7;Swpf`O*}q Afz5sʹ YM+up;O^ۍY:!k'Bo>1%KHP O"}5x^7D6?,q?i"r]6M b ه%Ϙ+Ӟ}aw;t]@p_ĜN8B8L%)#%;"4v$ѓ]5*`W91ݙr&\ktEEאE$&Jh»`VߞsQH O/}Ǧ a4`7Ѐ9ao5RFXk;nLZԝ86Zd 9L'>15'W1хϑt(,6ptwkdŽCIM &Ah&W5b8gK“J'Ҥr\鱻$Vr.Q =@U7VAO=SY,> N_dvO~5"NiWeֳx6Yұ ߚR DOQ[ |YKڼAߍ6_wsԶeEQ&PL¶#U%/_AG,99"Ź oPm b/<% * > ,AS6vƾL34A>Xfc:1ebV!qdzӧ-[@O"OC24@ خ;Oq^' 3>Ƌћ!Z=_v{[>/'R`ЕhOɬQ;Z?Y m-pĶ`:+JbA,pibb @ëh 7#TU^X (K# LwCΡps::hՆGHx,z5/ـ&@6G:qSrM ШpCTؕE'dK^k'gym/E]Y>9Ѝ5ϱ|3'5cgb@xVOm{~kC'> k~sx.O)h<˜4W6QĶqy4}~X>0#ŸErsg,aZ!%ӫrXulC"|f@Xjv:`-hs&ǂ)0ѕDM1F(ͦ,1_\,@=փ LW{څGQy6;|,ݐbV"Nd׊Fnrmm3kJiF 5cP.W-%B@ εx CG,$?ˋ} byx Uf}')VS/π.ȟ83}E.tqea@T,7ZKc~; <^F}TO34[;? oڿˌhT*.㉋ZU6هV- Q{lA0}Ml__$+e={`ݯ3 g|oUAtMez'14mEg,(3lW'GjqKmN~늘P%On6%c(\ɜKBS+$Ĥ{mHզr0>d֌VMӝo3a-dcˤ_ ?j