RE: [SLUG] Sony-BM Rootkit:

From: Ken Elliott (kelliott4@tampabay.rr.com)
Date: Sun Nov 13 2005 - 14:42:17 EST


>>The question is: under either one of these scenarios, could a serious
hacker install a rootkit, and how?

The rootkit is _already_ installed. When you loaded the Sony Software, you
installed it. So, the real question becomes: what does that rootkit do?
Can a hacker take advantage of it? Can a web page or email containing
JavaScript (or other such) trigger the Sony rootkit to do something
unexpected/undesired?

I used to be a "Sony guy", but I stopped buying anything with their name on
it.

Ken Elliott

=====================
-----Original Message-----
From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Paul M Foster
Sent: Sunday, November 13, 2005 1:10 PM
To: slug@nks.net
Subject: Re: [SLUG] Sony-BM Rootkit:

On Sun, Nov 13, 2005 at 11:20:17AM -0500, SOTL wrote:

> On Friday 11 November 2005 02:08 pm, Ian C. Blanker wrote:
> > The EFF is collecting a list of people who satisfy the following
criteria:
> >
> > 1. you have a Windows computer;
> > 2. First 4 Internet's "xcp" copy protection has been installed on
> >your computer from a Sony CD (for more details, see our blog post
> ><http://www.eff.org/deeplinks/archives/004144.php> referenced above
> >or SysInternals blog
> ><http://www.sysinternals.com/blog/2005/10/bypass-traverse-checking-or
> >-is-it .HTML>); 3. you reside in either California or New York; 4.
> >you are willing to participate in litigation.
> >
> > They are considering litigation against Sony.
> >
> > If you were affected, contact allison@eff.org.
> >
> > - Ian C. Blenke <ian@blenke.com> http://ian.blenke.com/
>
> One or two of the news sites was reporting that not only was there a
> root kit for MS Windows but also one for Apple.
>
> If I recall correctly Apple's new OS is a BSD derivative.
>
> Assuming that the previous statement is true could someone in very
> simple terms [10 words or less] explain how Sony can reliability
> install a root kit in a BSD system without root privileges? I thought
> [absence some configuration failure of coding failure which Sony could
> not rely on to limit music playing] that this was completely 100%
impossible.

We discussed this at the Dunedin meeting, but let's be more precise about
the setup in asking the question. Let's assume the computer is connected to
the internet via a firewall. Let's assume there are no other users on the
local LAN where the machine lives, and 0% likelihood that some local user
would exploit a software security flaw. Let's assume the usual complement of
services running on the box, like an MTA, init, perhaps a SQL database
server, cron, portmapper, etc.-- the usual things a user would have running
privileged on their computer. And let's assume that the user, in conducting
day-to-day activities, is running as an unprivileged user. And in answering
the question, assume one of two
scenarios: the firewall is not advertising to the internet anything other
than perhaps the SSH port, or the firewall is presenting an HTTP port, SSH
port and an FTP port. You can assume the user is actively working on the
machine, or away from the box.

The question is: under either one of these scenarios, could a serious hacker
install a rootkit, and how?

Paul
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages posted
are those of the author and do not necessarily reflect the official policy
or position of NKS or any of its employees.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:01:29 EDT