Advanced search
Home     Login    Registration    Subscribe to articles    Feed Generator     FAQ    Contact Us   
Sign In
E-mail Address
Password
Remember Me
No account yet?   Register now
Categories
Computers and Technology
3 Key Advantages of Buying iPo ...
3 Steps for Proper Windows Reg ...
Adobe Photoshop A Basic Tut ...
An Ounce of Prevention – Prote ...
An Overview of Exchange 2007
Analog People in a Digital Wor ...
Apple Computers Compatibilit ...
Are I.T. Workers Blue Collar?
Are You Sure You Don't Need a ...
Choosing The Right PAT Testing ...
Computer Consulting Business T ...
Computer Peace Of Mind
Computer Security
Establishing Criteria for Clie ...
Extended Warranties and Notebo ...
Finding The Best Computers For ...
First 4 Internet Sony XCP DRM ...
Get the Whole Enchilada With I ...
Grid Computing
Here Are Four Common Steps to ...
High End Audio Surveillance Eq ...
How Does HID Lighting Work?
How to Choose a Computer for Y ...
How To Choose The Right GPS Tr ...
How To Kill Spyware
How To Properly Install A New ...
Industrial Automation Help y ...
Information Communication Tech ...
Inkjet Cartridges: An Overview
Is Artificial Intellgience Pos ...
Previous Article Next Article

First 4 Internet Sony XCP DRM Vulnerabilities

by Alexandro Frante

Technological measures protecting works distributed on Compact Discs have been found to pose unreasonable security risks to consumers personal computers, corporate and government networks and the information infrastructure as a whole. Vulnerabilities inherent in widely distributed CD protection measures create the potential for a frightening range of abuses.

Viruses and Trojan horses are already leveraging these technologies to hide from antivirus programs and system administrators. Exacerbating the unacceptable risks posed by these technological protection measures, is that fact that the uninstallers provided to remove these measures pose additional security risks allowing a malicious web site to hijack a consumer's computer.

You have to be aware of several vulnerabilities regarding the XCP Digital Rights Management (DRM) software by First 4 Internet, which is distributed by some Sony BMG audio CDs. The XCP copy protection software uses "rootkit" technology to hide certain files from the user. This technique can pose a security threat, as malware can take advantage of the ability to hide files. We are aware of malware that is currently using this technique to hide.

One of the uninstallation options provided by Sony also introduces vulnerabilities to a system. Upon submitting a request to uninstall the DRM software, the user will receive via email a link to a Sony BMG web page.
This page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked "Safe for scripting," which means that any web page can utilize the control and its methods. Some of the methods provided by this control are dangerous, as they may allow an attacker to download and execute arbitrary code.

First 4 Internet XCP "Software Updater Control" ActiveX control isincorrectly marked "safe for scripting"
We recommend the following ways to help prevent the installation of this type of rootkit:
Do not run your system with administrative privileges. Without administrative privileges, the XCP DRM software will not install.
Use caution when installing software. Do not install software from sources that you do not expect to contain software, such as an audio CD.

Alexandro have a diploma and a master in Software Engineering and Information Security.
He is the owner of http://www.jaec.info a site with free guides to computer security.

You can get information about Rootkit Detector Software, Free guide to computer firewall security - protection and more at his site



del.icio.us Digg Furl Reddit Ask BlinkList blogmarks Google Ma.gnolia RawSugar Rojo Shadows Simpy Socializer Spurl StumbleUpon Tailrank Technorati Wists Yahoo!

Previous Article Next Article
See other articles posted by InfoSweet
Home    About Us    Terms of Service    Privacy    FAQ    Authors Agreement   Contact Us  
© Immersion Enterprises, Inc. 2007