The included fingerprint-reader software in Sony’s MicroVault USM-F line of USB drives installs files in a hidden folder under "c:windows" that can be used maliciously, Finnish security company F-Secure has found. That directory and the files within it are not visible through Windows' usual APIs. "[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt, and it is possible to create new hidden files. There are also ways to run files from this directory," said F-Secure researcher Mika Tolvanen. F-Secure has not yet received a reply from Sony when the security company notified them about a month ago that its rootkit-sniffing software, BlackLight, had reported hidden files on a system with the MicroVault software.
Just like in the Sony BMG rootkit case in late 2005, the directory goes unspotted by some antivirus scanners. Then, researchers spotted rootkit-like cloaking technologies used by the copy-protection software Sony BMG Music Entertainment installed on PCs when customers played the label's audio CDs. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it," said Mikko Hypponen, F-Secure's chief research officer. Less than two weeks after the first reports of Sony’s mishap, new Trojan horses used Sony’s code to hide from security software. The MicroVault software is cloaking the folder for good reason: to protect the fingerprint reader's authentication files from being tampered with or circumvented. "What's not justified is that others can use this folder," said Hypponen.
News source: InfoWorld
Just like in the Sony BMG rootkit case in late 2005, the directory goes unspotted by some antivirus scanners. Then, researchers spotted rootkit-like cloaking technologies used by the copy-protection software Sony BMG Music Entertainment installed on PCs when customers played the label's audio CDs. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it," said Mikko Hypponen, F-Secure's chief research officer. Less than two weeks after the first reports of Sony’s mishap, new Trojan horses used Sony’s code to hide from security software. The MicroVault software is cloaking the folder for good reason: to protect the fingerprint reader's authentication files from being tampered with or circumvented. "What's not justified is that others can use this folder," said Hypponen.
News source: InfoWorld
this is truly unblelievable
Last edited by whocares78 on 28 Aug 2007 - 03:51
just more reason to say screw sony and avoid there products
just more reason to say screw Sony and avoid there products
Oh for sure. I hope ANOTHER lawsuit goes forth, and puts the smack down on Sony. I've grown to actually HATE them. I try not to hate anything... but damn, come on!
Thats the best you could come up with, lol... shitony....
A security risk they purposely created. Sony now isn't what Sony was 10 years ago. They couldn't care less about their customers these days.
A security risk they purposely created. Sony now isn't what Sony was 10 years ago. They couldn't care less about their customers these days.
Totally agree, pricing and not giving a S%&t about it's customers has been extremely detrimental, they do their brand name no favours with all this crap
Not in a special folder their software creates that hides all the content from the system even, making it a perfect place for worms and trojans to hide.
I do love my DSC T50 Cybershot, PS3, PSP and 2 x BRAVIA LCD's though.
And that's not just willy waving (well maybe a little bit) but they do make some good ****.
Well, perhaps when they have their credit cards and info stolen they will wish they had known. Or perhaps when their PCs mysteriously start crashing or running slow, they might know what was causing it.
EDIT:
What SecuROM does is phone home and activate, the same way MS malware in WGA and Vista does. If you install the game twice, it will keep you from installing a third time...
Round up the townsfolk, it's time for an angry mob armed with torches and pitchforks.
rant/
Sony releases rootkit = "DON'T BUY PS3!!!"
MS allows rootkits to be installed = "360 is teh owns!"
So many blind fools around
/rant
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.