Re: [SLUG] Sony-BM Rootkit:

From: Bill Shaw (bill.shaw@gmail.com)
Date: Sun Nov 13 2005 - 13:08:32 EST

Next message: Paul M Foster: "Re: [SLUG] Re: Virus now using Sony's "rootkit" DRM"
Previous message: SOTL: "[SLUG] Fedora, OpenSuSE, & Mandrake."
In reply to: SOTL: "[SLUG] Sony-BM Rootkit:"
Next in thread: SOTL: "Re: [SLUG] Sony-BM Rootkit:"
Reply: SOTL: "Re: [SLUG] Sony-BM Rootkit:"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> One or two of the news sites was reporting that not only was there a root kit
> for MS Windows but also one for Apple.
>
> If I recall correctly Apple's new OS is a BSD derivative.
>
> Assuming that the previous statement is true could someone in very simple
> terms [10 words or less] explain how Sony can reliability install a root kit
> in a BSD system without root privileges? I thought [absence some
> configuration failure of coding failure which Sony could not rely on to limit
> music playing] that this was completely 100% impossible.
>
> Frank
> -----------------------------------------------------------------------

Based on this you do get prompted for you username/password:

http://www.macintouch.com/#tip.2005.11.10.sony

I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA
Victor release, but with distribution credited to Sony/BMG. Reading
recent reports of a Sony rootkit, I decided to poke around. In
addition to the standard volume for AIFF files, there's a smaller
extra partition for "enhanced" content. I was surprised to find a
"Start.app" Mac application in addition to the expected
Windows-related files. Running this app brings up a long legal
agreement, clicking Continue prompts you for your username/password
(uh-oh!), and then promptly exits. Digging around a bit, I find that
Start.app actually installs 2 files: PhoenixNub1.kext and
PhoenixNub12.kext.
Personally, I'm not a big fan of anyone installing kernel extensions
on my Mac. In Sony's defense, upon closer reading of the EULA, they
essentially tell you that they will be installing software. Also, this
is apparently not the same technology used in the recent Windows
rootkits (made by XCP), but rather a DRM codebase developed by
SunnComm, who promotes their Mac-aware DRM technology on their site.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Paul M Foster: "Re: [SLUG] Re: Virus now using Sony's "rootkit" DRM"
Previous message: SOTL: "[SLUG] Fedora, OpenSuSE, & Mandrake."
In reply to: SOTL: "[SLUG] Sony-BM Rootkit:"
Next in thread: SOTL: "Re: [SLUG] Sony-BM Rootkit:"
Reply: SOTL: "Re: [SLUG] Sony-BM Rootkit:"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:01:10 EDT