2005 - 833 views, 1 Comment

Summary: Sony BMG has just announced that there is a security flaw in the MediaMax software shipped on 5.7 million of their CDs. MediaMax developer SunnComm Technologies Inc. has developed a patch, and Sony BMG urges that you install it.

Previous Article « Sunnyvale, California Gets Free WiFi!
Read Next Article » PetCell Cell Phone for Dogs Announced

Sony BMG has just announced that a brand new security flaw has shipped on 5.7 million of their CDs, in the form of MediaMax “security” software by SunnComm Technologies. First the First4Internet rootkit, and now the MediaMax by SunnComm. Sony BMG has really stepped in it, haven’t they?

According to the Electronic Frontier Foundation, who discovered the MediaMax flaw while working with a computer security company, the flaw allows guest users on a Windows system to have privileges on the system which they shouldn’t otherwise have.

Explained Kurt Opsah, an attorney with the EFF, “It’s a privileged escalation attack. On Windows you can have users with different privileges, and because of security weakness in the permissions of a folder, it allows a low-ranked user to act as a high-ranked user.”

The affected CDs include Alicia Keys’ “Unplugged”, and Cassidy’s “I’m A Hustla”.

Here is the full list of titles affected sold in both the United States and Canada:

United States:

Alicia Keys - Unplugged
Amici Forever - Defined
Babyface - Grown & Sexy
Black Rebel - Motorcycle Club Howl
Britney Spears - Hitme - Remix
Cassidy - I’m A Hustla
Chris Brown - Chris Brown
Cook, Dixon & Young - Volume One
David Gray - Life In Slow Motion
Dido - Dido Live
Faithless - Forever Faithless/ENH
Imogen Heap - Speak For Yourself
Judd & Maggie - Subjects
Leo Kottke/Mike Gordon - Sixty Six Steps
Maroon 5 - Live
My Morning Jacket - Z
Raheem Devaughn - The Love Experience
Santana - All That I Am
Sarah McLachlan - Bloom (Remix Album)
Stellastarr* - Harmonies for the Haunted
Syleena Johnson - Chapter 3: The Flesh
T-Pain - Rappa Ternt Sanga
Various - So Amazing: An All Star Tribute To Luther Vandross
Various - Songs Brown Hotel
Wakefield - Which Side Are You On?
Charlie Wilson - Charlie, Last Name Wilson
YoungBloodZ - Everybody Know Me

Canada

Alicia Keys - Unplugged
Amici Forever - Defined
Babyface - Grown & Sexy
Britney Spears - Hitme - Remix
Cassidy - I’m A Hustla
Charlie Wilson - Charlie, Last Name Wilson
Chris Brown - Chris Brown
David Gray - Life In Slow Motion
Imogen Heap - Speak For Yourself
Judd & Maggie - Subjects
Leo Kottke/Mike Gordon - Sixty Six Steps
Maroon 5 - Live Friday the 13th
Melissa O’Neil - Melissa O’Neil
My Morning Jacket - Z
Our Lady Peace - Healthy In Paranoid Times
Santana - All That I Am
Say Anything - …Is A Real Boy
Stellastarr* - Harmonies for the Haunted
Syleena Johnson - Chapter 3: The Flesh
The Trews - Den of Thieves
T-Pain - Rappa Ternt Sanga
Various - Canadian Idol High Notes
Various - Tribute To Luther

Email the link for this page to a friend!

» Band Takes Matter Into Own Hands Over Sony Rootkit Debacle

» Sony Charged with Knowing that Their Laptop Batteries Would Overheat and Start Fires

» Yahoo Offers Popular Music Downloads with No Digital Rights Management - “DRM Doesn’t Add Any Value” says Yahoo

For additional similar stories check out our archives on Security

1 Comment »

Speaking of Pearl Harbor day - Perhaps Sony is launching a new attack on us via their CDs!

Comment by Ronan Hyde — 12/7/2005 @ 2:05 pm

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>