Categories
- Arts & Entertainment
- Business
- Communications
- Computers
- Culture & Society
- Disease & Illness
- Fashion
- Finance
- Food & Beverage
- Health & Fitness
- Hobbies
- Home & Family
- Home Based Business
- Internet Business
- Legal
- Pets & Animals
- Politics
- Product Reviews
- Recreation & Sports
- Reference & Education
- Religion
- Self Improvement
- Shopping
- Travel & Leisure
- Vehicles
- Writing & Speaking
Information
First 4 Internet Sony XCP DRM Vulnerabilities
Submitted: 2007-01-17 16:02:35
Print this article | Tell a friend | For publisher |
Technological measures protecting works distributed on Compact Discs have been found to pose unreasonable security risks to consumers personal computers, corporate and government networks and the information infrastructure as a whole. Vulnerabilities inherent in widely distributed CD protection measures create the potential for a frightening range of abuses.
Viruses and Trojan horses are already leveraging these technologies to hide from antivirus programs and system administrators. Exacerbating the unacceptable risks posed by these technological protection measures, is that fact that the uninstallers provided to remove these measures pose additional security risks allowing a malicious web site to hijack a consumer’s computer.
You have to be aware of several vulnerabilities regarding the XCP Digital Rights Management (DRM) software by First 4 Internet, which is distributed by some Sony BMG audio CDs. The XCP copy protection software uses "rootkit" technology to hide certain files from the user. This technique can pose a security threat, as malware can take advantage of the ability to hide files. We are aware of malware that is currently using this technique to hide.
One of the uninstallation options provided by Sony also introduces vulnerabilities to a system. Upon submitting a request to uninstall the DRM software, the user will receive via email a link to a Sony BMG web page. This page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked "Safe for scripting," which means that any web page can utilize the control and its methods. Some of the methods provided by this control are dangerous, as they may allow an attacker to download and execute arbitrary code.
First 4 Internet XCP "Software Updater Control" ActiveX control isincorrectly marked "safe for scripting" We recommend the following ways to help prevent the installation of this type of rootkit: Do not run your system with administrative privileges. Without administrative privileges, the XCP DRM software will not install. Use caution when installing software. Do not install software from sources that you do not expect to contain software, such as an audio CD.
Alexandro have a diploma and a master in Software Engineering and Information Security. He is the owner of http://www.jaec.info a site with free guides to computer security. You can get information about Rootkit Detector Software, Free guide to computer firewall security - protection and more at his site |
Article source: Expert Articles
Most Recent Articles in Computers category
- Can Dell Truly Regain Its Top Spot - By: Carl Winston
Dell has been working hard to regain it top position in the global PC industry, deploying various strategies related to operations and production. But will it succeed? - Should You Use Cloud Computing - By: Carl Winston
Cloud computing has become rather well-know and can facilitate you or your business in a number of ways. - Renting a Storage Unit - By: Ellerbrock Catina
You may need a storage unit for a variety of reasons. You could be moving out, or renovating your home, or downsizing from a bigger home to a smaller one, or your possessions may simply have outgrown the space in your home. You can find an appropriate self storage facility either through the yellow pages or through an online search. You need to select a facility that is convenient, a facility that is somewhere in your neighbourhood. - US and Japan in the Tech Mix - By: Darwin Redshield
I'd like to take an opportunity to examine several recent examples of successful and unsuccessful cross-pollinations between the Japanese and American technology industries. - The Variety of Styles Available of a Laptop Desk or Laptop Table - By: MJ Marks
With the advent of the laptop computer comes the need to use them in comfort. Using a laptop on a chair or in bed often leads to neck and back strain, but by using a laptop table or laptop desk, much of this can be avoided. Take a look at the two basic designs available to find what would work best for you. - All Pro Solutions' Zeus Series - The Difference Between Synchronous and Asynchronous Modes - By: Christian Czentye
This article describes the main differences between synchronous and asynchronous modes of duplication with the Zeus series by All Pro Solutions. In synchronous duplication, Publisher uses all of the optical drives to burn the same disc image. In asynchronous duplication, Publisher uses each optical drive to burn independently, so each optical drive can be burning a different disc image. - Mapping Ancient Egyptian Sites with GPS and Imagery - By: Michiel Van Kets
C. Jason Smith is an associate professor at the City University of New York, LaGuardia and founder of the freelance writing collective Discipline & Publish. - Online Poker Rooms: The best places for minting money - By: Melville Jackson
he software is stable and responsive. Even with more than a thousand players using it simultaneously, the software has never crashed or slowed down till date. - Play Texas Hold 'em online: Get connected with your buddies - By: Melville Jackson
Texas Hold 'em poker (also called Texas Holdem or Texas Hold'em) is one of the most popular card games available today. - Data Centre Solutions: Outsource the IT Infrastructure for Business Success - By: Isla Campbell
When a company outgrows their existing IT infrastructure, what are the options available to them?