- The Washington Times - Tuesday, November 15, 2005

BOSTON (AP) — The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony’s suggested method for removing the program widened the security hole that the original software created, researchers say.

Sony has moved to recall the discs in question. But music fans who have listened to them on their computers or tried to remove the dangerous software deposited by the discs could still be vulnerable.

“This is a surprisingly bad design from a security standpoint,” said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, J. Alex Halderman. “It endangers users in several ways.”

The “XCP” copy-protection program was included on at least 20 CDs, including releases by Van Zant, the Bad Plus, Neil Diamond and Celine Dion. Sony BMG said 4.7 million were shipped, with 2.1 million sold.

When the discs were put into a personal computer — a necessary step for transferring music to IPods and other portable music players — the CD automatically installed a program that restricted how many times the disc’s tracks could be copied and made it extremely inconvenient to transfer songs into the format used by IPods.

That anti-piracy software — which works only on Windows computers — came with a cloaking feature that allowed it to hide files on users’ computers.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide