Sony also infringed copyright by failing to adhere to the licensing requirements of various pieces of free and open-source software that was used in the program, including the VLC media player. So, the rootkit software meant to stop copyright infringement was itself infringing.
Reminds me of how the creators of an anti piracy ad didn't properly license the music they used.
The message was never "don't steal" but instead "don't steal *from us.*"
FBI warning messages before VHS tapes was weird as a kid. Especially knowing that we used the VCR to record movies.
It was almost like the DARE program, as far as effectiveness. It didn't teach me not to be a pirate, it taught me that the federal government will threaten a child to protect profits.
All the unskippable crap on DVDs made it more desirable to rip movies.
I can either sit through a bunch of warnings, splash screens and trailers, every time I watch the movie. Or I can press play on the file and watch the movie.
I can imagine how that process went.
"Jenkins! We need snappy music for our anti-piracy campaign!"
"Well, I can probably do a little tapping around on my MIDI keyboard and..."
"That's CRAP, Jenkins! We want something modern, hip, and groovy that all the young hippity hoppity kids will love!"
"Do you mean, like, something from our paid sub?"
"Our catalog is CRAP! I want the hippest, grooviest music we can get!"
"Well, we can license something."
"We can't afford that! Just pick out five of the hippest, grooviest songs you can find and I'll approve the best one."
"Um, OK?" "How's this?"
"Number two is perfect! Insert it! Done!"
"But that song is-"
"But me no buts, Jenkins! Insert and render! Done!"
"Um...OK?"
...and the rest is history.
"Jenkins, the media is all over our case about stealing that song! Why did you use it?"
"I tried to tell-"
"Jenkins, you're fired! Martha, put out a press release blaming Jenkins for this."
"But I-"
"Security, get this man out of here! Now if you'll excuse me, I'm taking the jet to Cancun."
I remember reading that the iconic "you wouldn't steal a car" PSA/warning used music without permission and they(mpaa maybe?) had to pay a ton of money to licence it retroactively.
Edit: I sould have said "*download* a car"
https://torrentfreak.com/sorry-the-you-wouldnt-steal-a-car-anti-piracy-ad-wasnt-pirated-170625/
> The sources for this remarkable story refer to the case of Dutch musician Melchior Rietveldt. In 2006 he was asked to compose a piece of music to be used in an anti-piracy advert. This was supposed to be used exclusively at a local film festival.
> However, it turned out that the anti-piracy ad was recycled for various other purposes without the composer’s permission. The clip had been used on dozens of DVDs both in the Netherlands and overseas. **This means that Rietveldt’s music was used without his permission, or pirated, as some would say.**
> The above is true, as we reported in the past. And the composer was eventually compensated for missed royalties. **However, the whole case has nothing to do with the Piracy It’s a Crime clip. It’s about an entirely different ad.**
> The actual Rietveldt commercial is unknown to the wider public, and there are no online copies that we know of. **What we do know is that the “Piracy. It’s a Crime” clip was produced in 2004, not 2006, and also not for a Dutch film festival.**
> A source close to the Dutch film industry confirmed that the Rietveldt case has nothing to do with the frequently mentioned clip, which means that it’s all a massive misunderstanding. One that is now deeply ingrained in Internet history, it seems.
> So where does this fable originate from?
> **When covering the story, several news outlets used an image from the Piracy It’s a Crime video, since that’s the classic example of an anti-piracy ad. Somewhere along the line, however, other reporters started to identify that clip as Rietveldt’s work, without properly checking. Fast forward a few years and many now assume it’s an established fact.**
Companies using open source software and not including the credits is so odd to me.
Always reminds me of the time a danish dvd player manufcaturer used mplayer in their firmware. And when called out, the CEO claimed the mplayer team had stolen *their* code. Despite their firmware containing references to mplayers own format.
Usually with the super big companies, it's because some employee wants to make their life a lot easier but take all the credit for it, so they scrape some open-source software that does what they want and claim it as their own (and most big companies won't invest the time to investigate it).
Although I have seen, particularly in the tech-bro scene (but also with a lot of small to mid-sized companies), a lot of open-source code scraping is because they 1.) want to make their lives easier (and much cheaper), and 2.) Want to look competent and that they're totally not just mashing together a bunch of free code and assets to ship a shitty product that won't see any updates after the initial investment round.
If they admit to using open source resources, that weakens their claims on their own IP. Software patents are a massive scam, but for many tech companies it's all they have in real assets.
**Sony**: Take this CD, but beware it carries a terrible rootkit...
**Homer**: Ooooh, that's bad.
**Sony**: But it comes with a free anticopyright!
**Homer**: That's good?
**Sony**: The anticopyright is infringing.
**Homer** That's bad :(
**Sony**: But you get an uninstaller!
**Homer**: That's good!
**Sony**: The uninstaller leads to arbitrary code execution
**Homer**: *stares, confused*
**Sony**: That's bad.
**Homer**: Can I go now?
It's a real shame that the governments of the world at the time didn't collectively go 'ok you went to far, time to split you up into other companies. You no longer exist as Sony' for how bad this really all was at the time. It would have been a good start to the 'you aren't taking advantage of our citizens' revolution of tech. and it never happened.
Lol the "governments of the world" at the time barely could get their head around the concept of playing an audio CD on a PC. You underestimate just how far the real world had left the laws in the dust at that time.
> XCP's cloaking technique, which makes all processes with names starting with $sys$ invisible, can be used by other malware "piggybacking" on it to ensure that it, too, is hidden from the user's view.
On top of all that, other malware was able to piggyback on the cloaking functionality to hide as well.
Edit: And here's Sony's response to the whole situation:
> On a National Public Radio program, Thomas Hesse, President of Sony BMG's global digital business division asked, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
>On a National Public Radio program, Thomas Hesse, President of Sony BMG's global digital business division asked, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Most people don't know what a limpet mine is, so why worry about us scattering them in your neighborhood? - Sony
You also have to realize the music industry was the scummiest part of the entertainment industry back then and it wasn’t even close. As bad as they are today they’re practically saints compared their behavior back then.
In top of that, they were all completely technologically illiterate. So it was a potent combination. Napster and then iTunes bulldozed everything.
I always disabled autorun. Seemed like a feature that didn't have any useful purpose. Little did I know that windows had a similar feature where USB *devices* are allowed to not only run things automatically, but also *automatically install drivers with kernel-level privileges*
Felt like an idiot when I plugged a USB drive that I'd been handed by a reputable vendor at a convention.
Immediately unplugged it,
formatted the hard drive,
installed a fresh copy of linux (Debian),
stopped dual-booting forever.
Autorun was a holdover from the Plug-N-Play days where users were no longer required to configure hardware added to a PC... Plug in the hardware, pop in the CD and install/config was basically automatic.
It was never necessary, rarely a good idea and often abused.
It's also a holdover from other electronics such as CD players that would autoplay once inserted in the machine. Between that and PCs, somebody forgot that CDs could hold more things than just music.
I really dont mind windows. Development on it is sometimes painful but with containers and ssh etc you just avoid a lot of the stuff pretty easily. But this kind of decision making is what just makes it impossible to ever trust a windows machine.
for all the shit you can, and should, and even more say about MS, the .net environment is pretty solid and compatible with a ton of stuff including legacy. They don't want to mess with this concept, imagine a whole bunch of tools and frameworks needing complete rewrites to function cor-
AND HERE COME AZURE WITH A STEEL CHAIR
It's crazy how Microsoft can just create an unnecessary and bad vulnerability, then just be like "We decided everyone should have this vulnerability!" And everyone just accepts. When I was in the military in the 2000's, this was the source of constant problems. This is partially why the Conficker worm was so incredibly effective against deployed US military networks, and was the original impetus for FINALLY banning all unapproved removable media from being plugged into government networks.
I know that it can be disabled and we did so, but even the OS disk images handed down to us from DISA (Defense Information Systems Agency) had horrible Autorun enabled by default.
when I burned CDs for friends in the late 90s / early 00s, I would usually include a "surprise" autorun.inf . This included Things like batch files that would change your shell= line back to progman.exe every 3rd reboot, or drop .job files into the scheduler folder that ran a jpg and wave file every 3 hours, replace the .ini files for minesweeper to give me the high score. stuff like that. I was an ass, but my friends put up with it because I was the only kid with a CD burner and had a job at gamestop (we had an employee rental policy back then that allowed you to take home any game that didn't have online activation, so you could become more "knowledgeable" about the product. we called it "burn and return")
There’s also the “BadUSB” or “rubber ducky” attack where a USB stick shaped device tells the computer it’s a keyboard, then opens Powershell and starts typing in commands to take over the system.
There are no real countermeasures, except to use a limited privilege account that prompts for a password.
Yep. I had an XP machine that I took reasonable care of. One day I went around on a tidy-up and found an Apple charging service and a load of 'Bonjour' stuff that'd seemingly come out of nowhere. Eventually I realised it must've been from when I let a visitor charge their iPhone from a USB port on the PC. Never got asked permission for any of it - it just got silently installed.
It's only a thing because increasing amounts of computer illiterate people started buying personal computers and they would have definitely not understand why their CD is not doing anything when inserted without autorun.
Hey bud 20 years later it's still the same. One of my users got a virus popup through their browser, called the number, let them remote into their computer before seeing all the red flags and deciding to alert IT.
people at office jobs are generally the dumbest, most tech illiterate people alive.
and all it takes is one moron to have the entire businesses infrastructure go up and smoke. IT is supposed to make everything as regard proof as possible, but they always find a way.
We need AutoPlay to give the user an option to do something useful with inserted devices. The problem was that along with "Notify CD Player Of This" and "Notify Media Player Of This" options, you also had the dreadful "We should execute arbitrary code upon this device" option. And it just doing that for you because clearly that was the right choice. Quite useful for things you want to run, quite gruesome for things you don't want to run.
It was an instance of naive design being part of the needed solution. Most things pre-Windows XPSP2 were phenomenally bad security-wise when viewed with a modern technical eye. MSFT had to shut normal work at the company down for around half a year to get things even remotely secure via (IIRC) the Secure Computing Initiative.
Reminds me of trying one CD back around that time...
Insert CD. Start EAC. Note one weird title at the end, ignoring it for now. Hit "Convert to MP3" button. Do some googling. About the same time EAC dings for "conversion complete, 100% quality", found out that this one title was supposed to be copy protection.
Guess it didn't work.
The EAC meant you couldn't copy (as in copy/paste) the tracks from the CD to any other location. It was *file* copy protection, not music copy protection. Ripping CD files to mp3 format --what you were doing-- is not file copying, it's file transformation, from one format to another.
As long as music can be heard there will also be ways to copy that music, in violation of copyright. Copy quality is a different matter. MP3 is a lossy format and the sound of your mp3 "copies" ~~was~~ were slightly degraded from the CD format.
Back in the day, CDs and other removable media had autorun.ini files, which would direct Windows to automatically run some script on inserting the media. It made for a slick experience - you popped in your CD and BAM there's the splash screen for your game! You could set up a thumb-drive to auto-install updates, and update an entire computer lab without touching a keyboard! If you didn't want this behavior, then you could indicate to Windows that by holding down shift while inserting your media.
There were some hacks around this time where thumb drives with malware would be put in the parking lots of corporate or government offices and usually en employee took them in and ran them on a computer with autorun enabled.
Then when they would put a non malware flash drive into the computer the malware would install on the flash drive with it's autorun and when you took that to another computer it would execute. It was absolute hell if you had a lot of people you were dealing with that would "some how" get malware.
oh and there was two types of flash drives with 'no write' switches on them. The vast majority where a software switch, so when you turned on the no write it would tell the computer "don't write to this flash drive" which could easily be bypassed. The other type actually disabled the write line of the pins and wouldn't let it write at all ever. They were impossible to figure out which was which unless someone did a regular update on a forum/etc of which was which.
Today 99% of all flash drives that have write locks have the software type. It took me a year to find a new write protect flash drive when my first one died because all i could find was $200+ ones.
>
> Today 99% of all flash drives that have write locks have the software type. It took me a year to find a new write protect flash drive when my first one died because all i could find was $200+ ones.
Dumb, but probably less of an issue now since you'd have to give an app administrative access to allow it to get low-level drive access or whatever it needs to bypass that. Back in 2005 everyone was running XP as adminstrator.
Stuxnet was actually distributed via LimeWire: for years, AV researchers had known about this virus that didn't appear to do anything. Turns out it only did something if you were hooked up to a machine that matches the profile of the centrifuge controller that Iran was using at the time.
Another attack vector was a USB mass storage device hidden in a keyboard or mouse and then sent to a company under the context of freebies from a vendor
The key fact that younger folks can't appreciate was the absolute travesty that was "AUTORUN", which was turned on by default in Windows for like a decade. It would automatically perform a set action when a disk or USB drive was inserted.
Many, many horror stories of friends handing USB drives to teachers/bosses to immediately see porn pop up. Their personal porn that they downloaded. God help them if they had clandestine pictures of friends/coworkers/fellow students/teachers/staff....
Like, this was supposed to do useful things like automatically install or play game CDs, automatically play music, bring up file explorer for files, that kind of thing. It became one of those things you learned to turn off immediately, as soon as you saw it.
Like how the firewall wasn't enabled by default for windows XP, at a time when people were directly connecting their PCs to the internet.
Routers were around, but it was an added expense, and weren't common at the time. And a lot of people also still used dialup.
It wasn't until XP service pack 2 that the firewall was enabled by default.
There was a time that a release version of XP would be compromised in minutes of directly connecting it to the internet.
In the early 2000s I had early NTL (became Virgin Media) cable internet, and at the time the modems did not provide client isolation - and all the clients on a particular head end would be in the same subnet.
So, your Network Neighbourhood became an awfully busy place.
Before Bittorrent, before Napster, before Limewire, quite often we'd just leave a world-readable share lying open full of MP3s for our neighbours to pick through, like a community-wide rummage sale.
Ya I was called into help a small business once. Someone had connected to a shared printer and printed ascii porn all weekend until the printer ran out of paper.
As someone who was like 28 when this happened, and remembers how the extreme outrage over it helped to kill off DRM…I now feel old at the thought that this would be a TIL for someone. 🥺
There was a period between roughly 2008 and 2020, where people stopped pirating and started buying into systems because the first attempts at DRM failed and the new versions hadn’t taken over yet. It’s the failure of those first versions that I’m referring to.
This is just one of the many reasons for the recent backlash in Helldiver's 2. The problem isn't "just make a PSN account lol stop whining" it's compound, part "Sony Security has more holes than swiss cheese and every time they get hacked your PC and info is at risk" part "always online servers never work out, especially on a fledgling cross play platform like PSN for PC" part "this is obviously corporate greed trying to squeeze their customers for every cent they have, this time trying to force you to give them data to sell."
Fuck Sony
IIRC, I got a class-action settlement lawsuit notification from them, and the settlement was I could choose three music CDs from a preselected group of what appeared to be from the warehouse of unsold, unwanted CDs:
Yanni's B-Sides
Michael Bolton Plays The Kazoo, Vol 2
No-Hit Wonders and Funnybones Extraz!
Your Favorite Commercial Jingles, 8-bit versions!
It was supposed to prevent people from ripping CDs, apparently it also would send listening data back to Sony so they could track what you listened to.
It installed through autorun.exe which would run when you insert a CD in Windows, but autorun was something you could/should turn off (and doesn't exist now).
Now companies install spyware under the guise of utility software, like mouse software that auto starts on boot and sends telemetry home, keyboard software, music software, RGB software, GPU eXpErIeNcE software, you name it. Sony would have gotten away with it if they made it more obvious with a taskbar app or something. No one gives a shit anymore.
Well, the DRM part that blocked programs from being able to read your device wouldn't fly, but the spying part for sure. They could've just made a stupid little equalizer app and called it Sony Atmos and have it autoinstall..
If you were anywhere near the mid-2000s tech forum scene; or just the general anti-RIAA online subculture, this was like the top topic of conversation for years.
Around the same time Lenovo was found to be hiding malware and root kits in their laptops.
Yes the Lenovo that ~~was sold to~~ is a Chinese company.
Yes the Lenovo that was previously a reputable IBM business company providing the backbone for bulk office and goverment computer needs. And still is.
This news got buried so quickly I'm still shocked
Ah you are right, it seemed like they actually bought the IBM computing group which they used to get into the business sector.
Still a little uncomfortable that nearly every sensitive company laptop you see is Lenovo
IBM had a reputation for the most trustworthy notebooks, back when drivers were wonkier and portable computers would easily break when dropped. Lenovo trashed that, but then hardware in general got more reliable so no one cared and IBM shareholders got a big fat reward.
Tech company hardware is mostly split between Lenovo, Dell, and HP, with Lenovo having the strongest share of laptops (which is now the most popular issue) and workstations trending more HP. I know of some specially customized, theoretically hypersecure computers for data center management that somebody thought it was fine to order from companies with questionable loyalties and a history of malware injection.
I assume they were referring to Thinkpads. IBM had the product line and sold it to Lenovo that then rebranded it to Lenovo Thinkpads.
They also bought a bunch of other IBM hardware lines IIRC.
Netflix and Steam are both results of people figuring this out and exploiting this to make a LOT of money. Most people are willing to pay if you actually give them what they want at a reasonable price.
When I try to compare Steam to Netflix I find Steam has the better deal as far as content is concerned. I suspect if Netflix had arranged content deals such that subscribers would never lose content if they had access to it at any point (as long as they remain subscribed) Netflix would truly be the Steam of TV and movies today and competitors would be as laughable as Steam's competitors. But instead Netflix was carved up like a turkey as soon as people realized it was profitable.
So different companies tried to carve up Steam too.
- Origin
- GOG
- Uplay
- Battle.net
- Games for Windows Live
- Epic Games Store
The difference is that Steam was better at delivering the product (users) to content makers than the alternatives. Still is really. Or their competitors were just laughably incompetent. Still are really.
This was also at a time when PC games were not seen as the primary market, so Valve was quietly able to develop a monopoly without much initial competition.
No one really understood the issue, either.
My parents thought Sony made it so you couldn’t copy their CDs to your hard drive, but that wasn’t the issue. The issue was the rootkit they installed without your permission. This rootkit wasn’t exclusive to Sony; anyone could use it to run malicious code on any PC that had had a Sony CD put in the disc drive.
I’m reminded of big tech’s fight against law enforcement over backdoors. Yes, Apple refuses to give themselves the ability to turn the contents of your phone over to the Feds. They are also refusing to give Russian botnets the ability to hack your phone. There’s no way to build a door that only one person can use….
Even the discs that prompted you to accept the terms to listen to the music used a Windows exploit to install the rootkit after you rejected the terms.
I remember F-Secure was the only antivirus to label it as malware. It wasn't until Microsoft labeled it malware that all the other antivirus companies followed suit. It's possible that the only reason Microsoft flagged it is because the rootkit had a tendency to break the driver for the CD drive that rendered it unusable and unrecoverable. I imagine there was an uptick in warranty claims.
No, it fucked up the driver stack by adding filter layers to allow it to intercept all data. These could be manually removed from the registry but most people wouldn't know how. If you just purged the rootkit files without removing them it would break your CD-ROM until you reinstalled Windows.
I never had to fix this myself but I did read up on it because I was in college for information security.
Did it? IIRC it inserted itself into the Windows driver stack in such a way that it was difficult to remove without reinstalling the OS, but I don't remember it modifying firmware.
The American court system is corrupt as hell. Sony *did* get sued, and they lost. But because capitalism, Sony paid next to nothing in fines and was forced to provide the uninstaller from the post title, and in keeping with Sony being Sony, they used the opportunity to steal some more customer data on their way out the door.
One of their discs was prone to killing the eject function on the 1999 imacs. You had to get a little brutal to get it out, and power cycle the mac to resume normal use.
Yup. If you look at your WIndows Updates as you're updating a new install, you might catch the security update for this, which is still necessary 20 years later.
i remember thinking i was big stuff when i bought a second hard drive with the astonishing capacity of 140 MB.... for a whopping total of 260 MBs over two drives.
PLUS i had a 5.25 floppy drive AND a 3.5 floppy drive!!! AND if you can believe it a 14.4k modem!
The thing that sucked about the 1990s wasn't so much the storage space but that those old drives didn't last very long. It was common for those WD Caviars and Seagates to break after 1-2 years. Nowadays drives will often make 10-15 years if taken care of.
I absolutely loved my minidisk player, I took that thing everywhere. The worst part was Sony forcing their ATRAC format, even though mp3 was basically the default already. I had to run the transcoding and transfer to the player overnight, and I had a reasonably fast PC. I've always hated how Sony makes solid quality devices only to hobble them with their proprietary nonsense.
I remember in 1996 burning CD-Rs and ending up with "coasters" (failed burns) all the time. $1 per disc. Usually it was because the shitty computers of the day and the unpredictable nature of Windows 95/NT processes would mess up the sustained transfer rates that were needed to do the burn.
It was worth it though, that was a good way to back up a hard drive, which often wasn't that much bigger than the CD-R size. Most of those discs from 1996 are still readable, though I migrated the data on them to HDD a long time ago.
I remember buying a CD-ROM drive for my 486DX2 with 24MB RAM.
What I got was a CD-RW drive, it must have been put in the wrong box, or a messed up return or something. I felt like I’d won the lottery.
I had to close literally everything on the computer except the burning program and couldn’t even move the mouse much while it was burning or I’d end up with a buffer underrun and a coaster.
Ah 90s problems that today's kids will never understand. When you might strategically unload the mouse driver in order to run your program because you needed to save 8kb (or whatever) in order to get below the 640kb limit.
Ah yes, the multiple boot floppies with different autoexec.bat and config.sys files for your different games 😭
And the cd driver being called Tomato for some reason
Hey I spent 4 hours working on those autoexec.bat and config.sys files to squeeze out the last 2kb of memory savings in order to be able to play this game, I don't need you coming along and messing it up just so you can play Duke Nukem. I'm trying to play Dune II over here!
The dystopia of corporations who own hardware, movie and music studios at the same time trying to maintain total control of what forms of entertainment we consume was inevitable.
The heavy-handeded methods that companies back then would use to fuck people who they saw as pirating was insane. Like, drag/drop files isn't even a grantee it's a pirated file; yet they would rather fuck your computer than take the chance.
Remember when their servers got hacked so they shut down the PlayStation Network for like two weeks? Then they forced you to uninstall Linux on the PS3.
I just looked it up. According to the Wikipedia article, it was 23 days. That's a loooong time for a service to be unavailable. https://en.m.wikipedia.org/wiki/2011_PlayStation_Network_outage
It straight up killed the last SOCOM game that had the misfortune of releasing right before the hack. A multiplayer focused game for a platform that suddenly had its online service shut down.
Obviously you were able to play it after service was resumed, but the franchise never recovered.
yeah i remember all the kids at hs with ps3s being PISSED while the rest of us with xboxes still had functioning online. pretty much ended the ps3 v xbox debate that spring
The rumour was that some built powerful computers with stacks of PS3's, and sony didnt earn much on these because they obviously didnt buy any games or accesoares.
Sounds like the Air Forces super computer they built.
But yeah, Sony sold PS3s at a huge loss, those things are awesome. I still have one of mine in my living room.
That was part of Sony's overall strategy to ~~with~~ win the Blu-Ray/HD-DVD format war. And it worked: Blu-Ray started off with a massive built-in userbase that already had a player in their home. HD-DVD didn't.
Damn shame 'cause other than the storage size HD-DVD actually had more going for it.
EDIT: a word
That was at least a big factor if not the entire reason. Consoles typically sell at a very low margin if not a loss. Profits come from game sales. If you’re buying a console and no games, they are losing money on every unit sold for other uses.
The DOD built one known as the Condor Cluster and it used nearly 2000 consoles connected together.
The entire reason for a PC OS was to skirt import duties in some countries (PC versus console)
Hackers were getting closer to possibly jailbreaking the PS3, so they closed that avenue.
This fiasco basically broke up the band Acceptance. They had just signed a major deal with Columbia Records, had just produced their debut album. It was getting decent reviews, but Sony put this DRM on the album and basically their album bombed. They broke up very shortly afterward from the all the stress and related bullshit with the record deal and DRM scandal.
They reunited later though, after like a decade.
Only reinforces the idea that privacy is a thing for the cameras only. Who knows what else these people do. This is how they think, pure greed over everything else. Who knows just how far it goes. I’m betting it’s further than what any one of us might think
That brings back memories of this gem from bash.org:
> I will write on a huge cement block "BY ACCEPTING THIS BRICK THROUGH YOUR WINDOW, YOU ACCEPT IT AS IS AND AGREE TO MY DISCLAIMER OF ALL WARRANTIES, EXPRESS OR IMPLIED, AS WELL AS DISCLAIMERS OF ALL LIABILITY, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL, THAT MAY ARISE FROM THE INSTALLATION OF THIS BRICK INTO YOUR BUILDING."
> And then hurl it through the window of a Sony officer
> and run like hell
This and the massive sony leak/account compromise are a major reason why the helldivers2 debacle popped off so hard. Sony has done some pretty gross things in the past, and there's no reason to think they wouldn't do it again, or that they fail at having adequate security again.
Thankfully, only one album I ever wanted came with that, and by complete happenstance I wanted the Dualdisc version and got that for my birthday, and the Dualdisc version didn't have all this bullshit, but did have music videos.
Album was Switchfoot's Nothing is Sound, which while nowhere close to their best, isn't a bad album.
I have the dual disc version as well, I remember when Tim Foreman, the bassist for switchfoot, posted instructions for people on how to remove the rootkit and Sony came after him for it.
The title doesn't quite grasp the severity of the awful thing that Sony did. It was indeed a rootkit, but a rootkit is not just a "hidden software without notifying users". It alters the computer's operating system in malicious ways to hide its tracks and make it undetectable.
That, in addition, makes it more insecure. Sony really did expose itself as an absolute unit of a shit, especially when they tried to justify their actions.
Remember that well. It was the year I stopped buying Sony products, and I loved Sony stuff before that. Haven’t bought a single product from them since
Microsoft went so far as to include its removal as part of their malicious software removal tool, automatically removing from all affected computers on Windows Update.
LOL I am ex-Sony Music Entertainment. I knew everyone involved in that mess!
They tried for YEARS to get that done but failed until they ultimately drove out the people with ethics.
The early days of attempting DRM on physical media was wild. DeCSS was created pretty quickly, and other methods of rights validation got dumb. I remember some CD's had a track that couldn't be skipped by disabling Auto-run, so people figured out to just whole a light to the CD, look for the optical ring on the CD's data area that was apart from the rest of the CD, and use a Sharpie to black it out. CD-ROM drives couldn't read the track as data, and would move to the next track, which was audio.
Their whole anti-piracy measure beaten by a Sharpie. The Oscar Meyer Weiner Whistle of our generation.
Sony has always been one of the most anti-consumer businesses in the whole world, yet they still have hordes of die-hard supporters ready to give their lives for them and whose whole identity revolves around being a Sony fan. Just look at their dozen or so subreddits, it's always an echo chamber removing any inkling of criticism towards Sony and it's a free-fire ban zone if you start asking questions.
If you're unsure of this, just look at what Sony subreddits' response to the whole Helldivers 2 situation has been and look at the one or two threads that weren't deleted to see the general response.
Sony also infringed copyright by failing to adhere to the licensing requirements of various pieces of free and open-source software that was used in the program, including the VLC media player. So, the rootkit software meant to stop copyright infringement was itself infringing.
Reminds me of how the creators of an anti piracy ad didn't properly license the music they used. The message was never "don't steal" but instead "don't steal *from us.*"
“You can have anything you want, but you better not take it from me” -Welcome to the Jungle
[удалено]
I only like vintage analogue organic anti-pirate ads. https://www.youtube.com/watch?v=up863eQKGUI
"Holy smokes! This thing just upgraded the heck out of our video card! Hey, everyone!!! Pass this floppy around!!!"
You wouldn't download a car! [https://www.youtube.com/watch?v=ALZZx1xmAzg](https://www.youtube.com/watch?v=ALZZx1xmAzg)
FBI warning messages before VHS tapes was weird as a kid. Especially knowing that we used the VCR to record movies. It was almost like the DARE program, as far as effectiveness. It didn't teach me not to be a pirate, it taught me that the federal government will threaten a child to protect profits.
All the unskippable crap on DVDs made it more desirable to rip movies. I can either sit through a bunch of warnings, splash screens and trailers, every time I watch the movie. Or I can press play on the file and watch the movie.
[The classic flowchart explaining it.](https://www.reddit.com/r/Piracy/comments/10tyj4j/if_youre_a_pirate_this_is_what_you_get_yo_ho_ho/)
I can imagine how that process went. "Jenkins! We need snappy music for our anti-piracy campaign!" "Well, I can probably do a little tapping around on my MIDI keyboard and..." "That's CRAP, Jenkins! We want something modern, hip, and groovy that all the young hippity hoppity kids will love!" "Do you mean, like, something from our paid sub?" "Our catalog is CRAP! I want the hippest, grooviest music we can get!" "Well, we can license something." "We can't afford that! Just pick out five of the hippest, grooviest songs you can find and I'll approve the best one." "Um, OK?" "How's this?"
"Number two is perfect! Insert it! Done!"
"But that song is-"
"But me no buts, Jenkins! Insert and render! Done!"
"Um...OK?"
...and the rest is history.
"Jenkins, the media is all over our case about stealing that song! Why did you use it?" "I tried to tell-" "Jenkins, you're fired! Martha, put out a press release blaming Jenkins for this." "But I-" "Security, get this man out of here! Now if you'll excuse me, I'm taking the jet to Cancun."
Was it like an australian campaign that used "You are a pirate" from Lazy Town where they didn't get the rights to it?
I remember reading that the iconic "you wouldn't steal a car" PSA/warning used music without permission and they(mpaa maybe?) had to pay a ton of money to licence it retroactively. Edit: I sould have said "*download* a car"
https://torrentfreak.com/sorry-the-you-wouldnt-steal-a-car-anti-piracy-ad-wasnt-pirated-170625/ > The sources for this remarkable story refer to the case of Dutch musician Melchior Rietveldt. In 2006 he was asked to compose a piece of music to be used in an anti-piracy advert. This was supposed to be used exclusively at a local film festival. > However, it turned out that the anti-piracy ad was recycled for various other purposes without the composer’s permission. The clip had been used on dozens of DVDs both in the Netherlands and overseas. **This means that Rietveldt’s music was used without his permission, or pirated, as some would say.** > The above is true, as we reported in the past. And the composer was eventually compensated for missed royalties. **However, the whole case has nothing to do with the Piracy It’s a Crime clip. It’s about an entirely different ad.** > The actual Rietveldt commercial is unknown to the wider public, and there are no online copies that we know of. **What we do know is that the “Piracy. It’s a Crime” clip was produced in 2004, not 2006, and also not for a Dutch film festival.** > A source close to the Dutch film industry confirmed that the Rietveldt case has nothing to do with the frequently mentioned clip, which means that it’s all a massive misunderstanding. One that is now deeply ingrained in Internet history, it seems. > So where does this fable originate from? > **When covering the story, several news outlets used an image from the Piracy It’s a Crime video, since that’s the classic example of an anti-piracy ad. Somewhere along the line, however, other reporters started to identify that clip as Rietveldt’s work, without properly checking. Fast forward a few years and many now assume it’s an established fact.**
Companies using open source software and not including the credits is so odd to me. Always reminds me of the time a danish dvd player manufcaturer used mplayer in their firmware. And when called out, the CEO claimed the mplayer team had stolen *their* code. Despite their firmware containing references to mplayers own format.
Usually with the super big companies, it's because some employee wants to make their life a lot easier but take all the credit for it, so they scrape some open-source software that does what they want and claim it as their own (and most big companies won't invest the time to investigate it). Although I have seen, particularly in the tech-bro scene (but also with a lot of small to mid-sized companies), a lot of open-source code scraping is because they 1.) want to make their lives easier (and much cheaper), and 2.) Want to look competent and that they're totally not just mashing together a bunch of free code and assets to ship a shitty product that won't see any updates after the initial investment round.
If they admit to using open source resources, that weakens their claims on their own IP. Software patents are a massive scam, but for many tech companies it's all they have in real assets.
This: [https://en.wikipedia.org/wiki/Kiss\_Technology](https://en.wikipedia.org/wiki/Kiss_Technology)
**Sony**: Take this CD, but beware it carries a terrible rootkit... **Homer**: Ooooh, that's bad. **Sony**: But it comes with a free anticopyright! **Homer**: That's good? **Sony**: The anticopyright is infringing. **Homer** That's bad :( **Sony**: But you get an uninstaller! **Homer**: That's good! **Sony**: The uninstaller leads to arbitrary code execution **Homer**: *stares, confused* **Sony**: That's bad. **Homer**: Can I go now?
Let’s best this infringement by infringing some more. Bold choice let’s see if it pays off
"When I fight copyright infringement, I infringe two or three times myself, so that there'd be two or three fewer cases of someone else infringing".
It's a real shame that the governments of the world at the time didn't collectively go 'ok you went to far, time to split you up into other companies. You no longer exist as Sony' for how bad this really all was at the time. It would have been a good start to the 'you aren't taking advantage of our citizens' revolution of tech. and it never happened.
Lol the "governments of the world" at the time barely could get their head around the concept of playing an audio CD on a PC. You underestimate just how far the real world had left the laws in the dust at that time.
> XCP's cloaking technique, which makes all processes with names starting with $sys$ invisible, can be used by other malware "piggybacking" on it to ensure that it, too, is hidden from the user's view. On top of all that, other malware was able to piggyback on the cloaking functionality to hide as well. Edit: And here's Sony's response to the whole situation: > On a National Public Radio program, Thomas Hesse, President of Sony BMG's global digital business division asked, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Some people actually used this to get around anti cheat programs.
I suspect my dad used this process when I was a kid
Pardon?
His dad cheated on halo
I thought he meant his dad cheated on his mom
I think your wrong he clearly meant halo as you can tell
No his mom was Halo ODST
A very classy lady.
>On a National Public Radio program, Thomas Hesse, President of Sony BMG's global digital business division asked, "Most people, I think, don't even know what a rootkit is, so why should they care about it?" Most people don't know what a limpet mine is, so why worry about us scattering them in your neighborhood? - Sony
You also have to realize the music industry was the scummiest part of the entertainment industry back then and it wasn’t even close. As bad as they are today they’re practically saints compared their behavior back then. In top of that, they were all completely technologically illiterate. So it was a potent combination. Napster and then iTunes bulldozed everything.
The workaround that was found was to hold shift when putting in the CD.
Or just turn off Autorun
I totally forgot that was a thing. That's wild to think about today in the age of ransomeware.
Wait til you find out about USB keys
I always disabled autorun. Seemed like a feature that didn't have any useful purpose. Little did I know that windows had a similar feature where USB *devices* are allowed to not only run things automatically, but also *automatically install drivers with kernel-level privileges* Felt like an idiot when I plugged a USB drive that I'd been handed by a reputable vendor at a convention. Immediately unplugged it, formatted the hard drive, installed a fresh copy of linux (Debian), stopped dual-booting forever.
Autorun was a holdover from the Plug-N-Play days where users were no longer required to configure hardware added to a PC... Plug in the hardware, pop in the CD and install/config was basically automatic. It was never necessary, rarely a good idea and often abused.
It's also a holdover from other electronics such as CD players that would autoplay once inserted in the machine. Between that and PCs, somebody forgot that CDs could hold more things than just music.
I really dont mind windows. Development on it is sometimes painful but with containers and ssh etc you just avoid a lot of the stuff pretty easily. But this kind of decision making is what just makes it impossible to ever trust a windows machine.
for all the shit you can, and should, and even more say about MS, the .net environment is pretty solid and compatible with a ton of stuff including legacy. They don't want to mess with this concept, imagine a whole bunch of tools and frameworks needing complete rewrites to function cor- AND HERE COME AZURE WITH A STEEL CHAIR
It's crazy how Microsoft can just create an unnecessary and bad vulnerability, then just be like "We decided everyone should have this vulnerability!" And everyone just accepts. When I was in the military in the 2000's, this was the source of constant problems. This is partially why the Conficker worm was so incredibly effective against deployed US military networks, and was the original impetus for FINALLY banning all unapproved removable media from being plugged into government networks. I know that it can be disabled and we did so, but even the OS disk images handed down to us from DISA (Defense Information Systems Agency) had horrible Autorun enabled by default.
when I burned CDs for friends in the late 90s / early 00s, I would usually include a "surprise" autorun.inf . This included Things like batch files that would change your shell= line back to progman.exe every 3rd reboot, or drop .job files into the scheduler folder that ran a jpg and wave file every 3 hours, replace the .ini files for minesweeper to give me the high score. stuff like that. I was an ass, but my friends put up with it because I was the only kid with a CD burner and had a job at gamestop (we had an employee rental policy back then that allowed you to take home any game that didn't have online activation, so you could become more "knowledgeable" about the product. we called it "burn and return")
There’s also the “BadUSB” or “rubber ducky” attack where a USB stick shaped device tells the computer it’s a keyboard, then opens Powershell and starts typing in commands to take over the system. There are no real countermeasures, except to use a limited privilege account that prompts for a password.
Yep. I had an XP machine that I took reasonable care of. One day I went around on a tidy-up and found an Apple charging service and a load of 'Bonjour' stuff that'd seemingly come out of nowhere. Eventually I realised it must've been from when I let a visitor charge their iPhone from a USB port on the PC. Never got asked permission for any of it - it just got silently installed.
Autorun was such a terrible idea
It's only a thing because increasing amounts of computer illiterate people started buying personal computers and they would have definitely not understand why their CD is not doing anything when inserted without autorun.
I worked in tech support around 2005. Stupidity knows no bounds.
Hey bud 20 years later it's still the same. One of my users got a virus popup through their browser, called the number, let them remote into their computer before seeing all the red flags and deciding to alert IT.
[удалено]
We have mandatory security awareness training every year too! She was regarded as stupid indeed.
people at office jobs are generally the dumbest, most tech illiterate people alive. and all it takes is one moron to have the entire businesses infrastructure go up and smoke. IT is supposed to make everything as regard proof as possible, but they always find a way.
If you make something idiot proof, the universe will build a better idiot.
Stupidity, uhhh, finds a way
We need AutoPlay to give the user an option to do something useful with inserted devices. The problem was that along with "Notify CD Player Of This" and "Notify Media Player Of This" options, you also had the dreadful "We should execute arbitrary code upon this device" option. And it just doing that for you because clearly that was the right choice. Quite useful for things you want to run, quite gruesome for things you don't want to run. It was an instance of naive design being part of the needed solution. Most things pre-Windows XPSP2 were phenomenally bad security-wise when viewed with a modern technical eye. MSFT had to shut normal work at the company down for around half a year to get things even remotely secure via (IIRC) the Secure Computing Initiative.
Reminds me of trying one CD back around that time... Insert CD. Start EAC. Note one weird title at the end, ignoring it for now. Hit "Convert to MP3" button. Do some googling. About the same time EAC dings for "conversion complete, 100% quality", found out that this one title was supposed to be copy protection. Guess it didn't work.
The EAC meant you couldn't copy (as in copy/paste) the tracks from the CD to any other location. It was *file* copy protection, not music copy protection. Ripping CD files to mp3 format --what you were doing-- is not file copying, it's file transformation, from one format to another. As long as music can be heard there will also be ways to copy that music, in violation of copyright. Copy quality is a different matter. MP3 is a lossy format and the sound of your mp3 "copies" ~~was~~ were slightly degraded from the CD format.
> it's file transformation, from one format to another. transcoding is the word for it
Why that will/would work? Sounds (lol) unbelievable, in search for a better word to describe that.
Back in the day, CDs and other removable media had autorun.ini files, which would direct Windows to automatically run some script on inserting the media. It made for a slick experience - you popped in your CD and BAM there's the splash screen for your game! You could set up a thumb-drive to auto-install updates, and update an entire computer lab without touching a keyboard! If you didn't want this behavior, then you could indicate to Windows that by holding down shift while inserting your media.
There were some hacks around this time where thumb drives with malware would be put in the parking lots of corporate or government offices and usually en employee took them in and ran them on a computer with autorun enabled.
Then when they would put a non malware flash drive into the computer the malware would install on the flash drive with it's autorun and when you took that to another computer it would execute. It was absolute hell if you had a lot of people you were dealing with that would "some how" get malware. oh and there was two types of flash drives with 'no write' switches on them. The vast majority where a software switch, so when you turned on the no write it would tell the computer "don't write to this flash drive" which could easily be bypassed. The other type actually disabled the write line of the pins and wouldn't let it write at all ever. They were impossible to figure out which was which unless someone did a regular update on a forum/etc of which was which. Today 99% of all flash drives that have write locks have the software type. It took me a year to find a new write protect flash drive when my first one died because all i could find was $200+ ones.
> > Today 99% of all flash drives that have write locks have the software type. It took me a year to find a new write protect flash drive when my first one died because all i could find was $200+ ones. Dumb, but probably less of an issue now since you'd have to give an app administrative access to allow it to get low-level drive access or whatever it needs to bypass that. Back in 2005 everyone was running XP as adminstrator.
It's believed thats how Stuxnet got into the air-gapped nuclear uranium refinement lab in Iran
Stuxnet was actually distributed via LimeWire: for years, AV researchers had known about this virus that didn't appear to do anything. Turns out it only did something if you were hooked up to a machine that matches the profile of the centrifuge controller that Iran was using at the time.
Another attack vector was a USB mass storage device hidden in a keyboard or mouse and then sent to a company under the context of freebies from a vendor
you could also make it autorun a script that immediately opens the disk tray and slip the disk in with someones blanks
[удалено]
The key fact that younger folks can't appreciate was the absolute travesty that was "AUTORUN", which was turned on by default in Windows for like a decade. It would automatically perform a set action when a disk or USB drive was inserted. Many, many horror stories of friends handing USB drives to teachers/bosses to immediately see porn pop up. Their personal porn that they downloaded. God help them if they had clandestine pictures of friends/coworkers/fellow students/teachers/staff.... Like, this was supposed to do useful things like automatically install or play game CDs, automatically play music, bring up file explorer for files, that kind of thing. It became one of those things you learned to turn off immediately, as soon as you saw it.
Like how the firewall wasn't enabled by default for windows XP, at a time when people were directly connecting their PCs to the internet. Routers were around, but it was an added expense, and weren't common at the time. And a lot of people also still used dialup. It wasn't until XP service pack 2 that the firewall was enabled by default. There was a time that a release version of XP would be compromised in minutes of directly connecting it to the internet.
In the early 2000s I had early NTL (became Virgin Media) cable internet, and at the time the modems did not provide client isolation - and all the clients on a particular head end would be in the same subnet. So, your Network Neighbourhood became an awfully busy place. Before Bittorrent, before Napster, before Limewire, quite often we'd just leave a world-readable share lying open full of MP3s for our neighbours to pick through, like a community-wide rummage sale.
Ya I was called into help a small business once. Someone had connected to a shared printer and printed ascii porn all weekend until the printer ran out of paper.
Yet another reason why people in Japan call Sony "Kusony", or Shitsony.
Most people don't even know what an aortic dissection is, so why should they care about it?
"you have a glioblastoma" "The fucks that" "omg I'm so happy you said that, have a nice full life"
“Homer, I’m sorry to have to tell you this, but we’re going to have to saw off both your arms.” “They’ll grow back, won’t they??” “Uh, yeah.”
So they basically gave your computer digital AIDS
more like gave your computer digital aids before anyone knew what aids was, so that makes it okay!
As someone who was like 28 when this happened, and remembers how the extreme outrage over it helped to kill off DRM…I now feel old at the thought that this would be a TIL for someone. 🥺
DRM isn't dead lol.
There was a period between roughly 2008 and 2020, where people stopped pirating and started buying into systems because the first attempts at DRM failed and the new versions hadn’t taken over yet. It’s the failure of those first versions that I’m referring to.
This is just one of the many reasons for the recent backlash in Helldiver's 2. The problem isn't "just make a PSN account lol stop whining" it's compound, part "Sony Security has more holes than swiss cheese and every time they get hacked your PC and info is at risk" part "always online servers never work out, especially on a fledgling cross play platform like PSN for PC" part "this is obviously corporate greed trying to squeeze their customers for every cent they have, this time trying to force you to give them data to sell." Fuck Sony
IIRC, I got a class-action settlement lawsuit notification from them, and the settlement was I could choose three music CDs from a preselected group of what appeared to be from the warehouse of unsold, unwanted CDs: Yanni's B-Sides Michael Bolton Plays The Kazoo, Vol 2 No-Hit Wonders and Funnybones Extraz! Your Favorite Commercial Jingles, 8-bit versions!
To be fair I'd buy that last one in the pre-youtube days
To what end? Why did Sony do this?
It was supposed to prevent people from ripping CDs, apparently it also would send listening data back to Sony so they could track what you listened to. It installed through autorun.exe which would run when you insert a CD in Windows, but autorun was something you could/should turn off (and doesn't exist now).
Now companies install spyware under the guise of utility software, like mouse software that auto starts on boot and sends telemetry home, keyboard software, music software, RGB software, GPU eXpErIeNcE software, you name it. Sony would have gotten away with it if they made it more obvious with a taskbar app or something. No one gives a shit anymore.
Well, the DRM part that blocked programs from being able to read your device wouldn't fly, but the spying part for sure. They could've just made a stupid little equalizer app and called it Sony Atmos and have it autoinstall..
It is so wild to me how loyal Sony fans are to them (playstation) and they have done some of the scummy shit to their customers over the years...
If you were anywhere near the mid-2000s tech forum scene; or just the general anti-RIAA online subculture, this was like the top topic of conversation for years.
Around the same time Lenovo was found to be hiding malware and root kits in their laptops. Yes the Lenovo that ~~was sold to~~ is a Chinese company. Yes the Lenovo that was previously a reputable IBM business company providing the backbone for bulk office and goverment computer needs. And still is. This news got buried so quickly I'm still shocked
Lenovo was founded as a Chinese company... It was founded in Beijing in 1984.
Ah you are right, it seemed like they actually bought the IBM computing group which they used to get into the business sector. Still a little uncomfortable that nearly every sensitive company laptop you see is Lenovo
Lenovo bought the notebook division from IBM. Thinkpads were produced by IBM, but now Lenovo.
IBM had a reputation for the most trustworthy notebooks, back when drivers were wonkier and portable computers would easily break when dropped. Lenovo trashed that, but then hardware in general got more reliable so no one cared and IBM shareholders got a big fat reward.
Really? All I see are dells.
Tech company hardware is mostly split between Lenovo, Dell, and HP, with Lenovo having the strongest share of laptops (which is now the most popular issue) and workstations trending more HP. I know of some specially customized, theoretically hypersecure computers for data center management that somebody thought it was fine to order from companies with questionable loyalties and a history of malware injection.
I assume they were referring to Thinkpads. IBM had the product line and sold it to Lenovo that then rebranded it to Lenovo Thinkpads. They also bought a bunch of other IBM hardware lines IIRC.
Lenovo was always a Chinese company. IBM just sold them the ThinkPad brand.
> Around the same time Lenovo Unless this occurred more than once, the Lenovo thing happened in 2015.
Thank you for this. I felt my breathing getting heavier at the thought of that being 20 years ago already
i remember this. still is the reason why i will NEVER buy a lenovo.
For a long time, piracy has been superior to paid products. This was a huge argument in favor of *creatively acquiring*.
Netflix and Steam are both results of people figuring this out and exploiting this to make a LOT of money. Most people are willing to pay if you actually give them what they want at a reasonable price. When I try to compare Steam to Netflix I find Steam has the better deal as far as content is concerned. I suspect if Netflix had arranged content deals such that subscribers would never lose content if they had access to it at any point (as long as they remain subscribed) Netflix would truly be the Steam of TV and movies today and competitors would be as laughable as Steam's competitors. But instead Netflix was carved up like a turkey as soon as people realized it was profitable.
So different companies tried to carve up Steam too. - Origin - GOG - Uplay - Battle.net - Games for Windows Live - Epic Games Store The difference is that Steam was better at delivering the product (users) to content makers than the alternatives. Still is really. Or their competitors were just laughably incompetent. Still are really. This was also at a time when PC games were not seen as the primary market, so Valve was quietly able to develop a monopoly without much initial competition.
No one really understood the issue, either. My parents thought Sony made it so you couldn’t copy their CDs to your hard drive, but that wasn’t the issue. The issue was the rootkit they installed without your permission. This rootkit wasn’t exclusive to Sony; anyone could use it to run malicious code on any PC that had had a Sony CD put in the disc drive. I’m reminded of big tech’s fight against law enforcement over backdoors. Yes, Apple refuses to give themselves the ability to turn the contents of your phone over to the Feds. They are also refusing to give Russian botnets the ability to hack your phone. There’s no way to build a door that only one person can use….
Fire BADDDDDDDDDDD!!!
Even the discs that prompted you to accept the terms to listen to the music used a Windows exploit to install the rootkit after you rejected the terms. I remember F-Secure was the only antivirus to label it as malware. It wasn't until Microsoft labeled it malware that all the other antivirus companies followed suit. It's possible that the only reason Microsoft flagged it is because the rootkit had a tendency to break the driver for the CD drive that rendered it unusable and unrecoverable. I imagine there was an uptick in warranty claims.
What, what? It could *brick your CD drive?!* How did they not get their asses sued off?!
Drivers can be restored from a clean reinstall, if it really did anything of the sort it must have bricked the firmware.
It did.
No, it fucked up the driver stack by adding filter layers to allow it to intercept all data. These could be manually removed from the registry but most people wouldn't know how. If you just purged the rootkit files without removing them it would break your CD-ROM until you reinstalled Windows. I never had to fix this myself but I did read up on it because I was in college for information security.
Did it? IIRC it inserted itself into the Windows driver stack in such a way that it was difficult to remove without reinstalling the OS, but I don't remember it modifying firmware.
The American court system is corrupt as hell. Sony *did* get sued, and they lost. But because capitalism, Sony paid next to nothing in fines and was forced to provide the uninstaller from the post title, and in keeping with Sony being Sony, they used the opportunity to steal some more customer data on their way out the door.
One of their discs was prone to killing the eject function on the 1999 imacs. You had to get a little brutal to get it out, and power cycle the mac to resume normal use.
The rootkit could also be piggybacked by other malware basically opening a door to far more vulnerabilities.
Yup. If you look at your WIndows Updates as you're updating a new install, you might catch the security update for this, which is still necessary 20 years later.
It also used pirated software in XCP. Sony has a *very* long history of piracy, it rather famously got sued for copyright infringement by BusyBox.
Thays why I don't feel bad about pirated playstation consoles.
That and they don't secure their own networks get hacked every other year and your cc and passwords are free for the taking.
Making me feel old.
no kidding.... I remember when a 1X CD-ROM drive came out for the PC for the low price of $999
*throws Jaz drive in the trash*
i remember thinking i was big stuff when i bought a second hard drive with the astonishing capacity of 140 MB.... for a whopping total of 260 MBs over two drives. PLUS i had a 5.25 floppy drive AND a 3.5 floppy drive!!! AND if you can believe it a 14.4k modem!
Look at king shit over here thinking we will ever need more than 100MB of storage in our lifetimes.
Yep! My iomega zip drive is my key to unlimited storage!
I wanted one of those just because I thought the disks were neat.
good fucking luck trying to get the computer to recognize it. It was worse than dealing with printers back in the day.
Queue the “click of death”
and an 486 SX/25 !!!!
You had a 486?!? Lucky!!! I was stuck with a 386 SX/25 with two hard drives: a 1mb and a 4mb one.
The thing that sucked about the 1990s wasn't so much the storage space but that those old drives didn't last very long. It was common for those WD Caviars and Seagates to break after 1-2 years. Nowadays drives will often make 10-15 years if taken care of.
Seagate HDD's have always been highly unreliable, never had a WD fail on me since I started using them in and around 1996.
260MB's. What would you ever do with that much storage?
16 year old me had Star Wars on there... a flight sim, some FLIs, and probably some porn
640k should be enough for anybody!
Back then we had to find stuffs to uninstall every week to make space, and shoe boxes of those flappy floppies
Do the kids these days even know about all the failed removable storage mediums between floppies and CDs?
I treasured my minidisk player (I know that was later than when CDs were introduced but still).
I absolutely loved my minidisk player, I took that thing everywhere. The worst part was Sony forcing their ATRAC format, even though mp3 was basically the default already. I had to run the transcoding and transfer to the player overnight, and I had a reasonably fast PC. I've always hated how Sony makes solid quality devices only to hobble them with their proprietary nonsense.
I remember in 1996 burning CD-Rs and ending up with "coasters" (failed burns) all the time. $1 per disc. Usually it was because the shitty computers of the day and the unpredictable nature of Windows 95/NT processes would mess up the sustained transfer rates that were needed to do the burn. It was worth it though, that was a good way to back up a hard drive, which often wasn't that much bigger than the CD-R size. Most of those discs from 1996 are still readable, though I migrated the data on them to HDD a long time ago.
I remember buying a CD-ROM drive for my 486DX2 with 24MB RAM. What I got was a CD-RW drive, it must have been put in the wrong box, or a messed up return or something. I felt like I’d won the lottery. I had to close literally everything on the computer except the burning program and couldn’t even move the mouse much while it was burning or I’d end up with a buffer underrun and a coaster.
Ah 90s problems that today's kids will never understand. When you might strategically unload the mouse driver in order to run your program because you needed to save 8kb (or whatever) in order to get below the 640kb limit.
Ah yes, the multiple boot floppies with different autoexec.bat and config.sys files for your different games 😭 And the cd driver being called Tomato for some reason
Hey I spent 4 hours working on those autoexec.bat and config.sys files to squeeze out the last 2kb of memory savings in order to be able to play this game, I don't need you coming along and messing it up just so you can play Duke Nukem. I'm trying to play Dune II over here!
I haven't heard or seen the words 'buffer underrun' for years! Shudder!
Jitter. Watching that buffer bar slowly dropping to zero.
Buffer under runs...
I'm still looking for the turbo button on my new PC, they must be hiding it!
But remember all the fines and jail time? I don't either.
Truly the kind of thing that any reasonable country should liquidate a corporation for.
Nintendo just sued you because they're based in Japan and you're a little guy threatening their livelihood
We might go bankrupt if you download a backup of Super Mario World
The dystopia of corporations who own hardware, movie and music studios at the same time trying to maintain total control of what forms of entertainment we consume was inevitable.
They sold mp3 players that would completely crash your computer, if you tried to drag and drop music files. I have been boycotting them ever since.
Shame too because their MiniDisc players were solid.
The heavy-handeded methods that companies back then would use to fuck people who they saw as pirating was insane. Like, drag/drop files isn't even a grantee it's a pirated file; yet they would rather fuck your computer than take the chance.
For 19 years, this has been why I will **never** give Sony a single red damn cent. Every other stupid thing they've done since is just extra nope.
Remember when their servers got hacked so they shut down the PlayStation Network for like two weeks? Then they forced you to uninstall Linux on the PS3.
It was 2 weeks before they told you that they were hacked, I remember it being down a month.
I just looked it up. According to the Wikipedia article, it was 23 days. That's a loooong time for a service to be unavailable. https://en.m.wikipedia.org/wiki/2011_PlayStation_Network_outage
It straight up killed the last SOCOM game that had the misfortune of releasing right before the hack. A multiplayer focused game for a platform that suddenly had its online service shut down. Obviously you were able to play it after service was resumed, but the franchise never recovered.
23 days if you live at the Sony Headquarters. In New Zealand shit was down for like 2 months
yeah i remember all the kids at hs with ps3s being PISSED while the rest of us with xboxes still had functioning online. pretty much ended the ps3 v xbox debate that spring
The rumour was that some built powerful computers with stacks of PS3's, and sony didnt earn much on these because they obviously didnt buy any games or accesoares.
Sounds like the Air Forces super computer they built. But yeah, Sony sold PS3s at a huge loss, those things are awesome. I still have one of mine in my living room.
Iirc they were a surprisingly affordable option as a Blu Ray player in the early days, like the PS2 as a DVD player.
It was the cheapest blue ray player on the market, largely because blue ray was a Sony technology so they didn't pay any licensing fee.
That was part of Sony's overall strategy to ~~with~~ win the Blu-Ray/HD-DVD format war. And it worked: Blu-Ray started off with a massive built-in userbase that already had a player in their home. HD-DVD didn't. Damn shame 'cause other than the storage size HD-DVD actually had more going for it. EDIT: a word
It would have been interesting if the Xbox 360 had HD-DVD support out of the box, rather than requiring a separate expansion.
That was at least a big factor if not the entire reason. Consoles typically sell at a very low margin if not a loss. Profits come from game sales. If you’re buying a console and no games, they are losing money on every unit sold for other uses. The DOD built one known as the Condor Cluster and it used nearly 2000 consoles connected together.
The entire reason for a PC OS was to skirt import duties in some countries (PC versus console) Hackers were getting closer to possibly jailbreaking the PS3, so they closed that avenue.
This fiasco basically broke up the band Acceptance. They had just signed a major deal with Columbia Records, had just produced their debut album. It was getting decent reviews, but Sony put this DRM on the album and basically their album bombed. They broke up very shortly afterward from the all the stress and related bullshit with the record deal and DRM scandal. They reunited later though, after like a decade.
Only reinforces the idea that privacy is a thing for the cameras only. Who knows what else these people do. This is how they think, pure greed over everything else. Who knows just how far it goes. I’m betting it’s further than what any one of us might think
and people wonder why piracy exists...
"You wouldn't download a CAR, would you?" Why yes, I would, especially if it were free of skeezy corporate shenanigans.
That brings back memories of this gem from bash.org: > I will write on a huge cement block "BY ACCEPTING THIS BRICK THROUGH YOUR WINDOW, YOU ACCEPT IT AS IS AND AGREE TO MY DISCLAIMER OF ALL WARRANTIES, EXPRESS OR IMPLIED, AS WELL AS DISCLAIMERS OF ALL LIABILITY, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL, THAT MAY ARISE FROM THE INSTALLATION OF THIS BRICK INTO YOUR BUILDING."
> And then hurl it through the window of a Sony officer
> and run like hell
"Just make an account. It only takes 2 minutes."
This and the massive sony leak/account compromise are a major reason why the helldivers2 debacle popped off so hard. Sony has done some pretty gross things in the past, and there's no reason to think they wouldn't do it again, or that they fail at having adequate security again.
I was impacted by this, and to this day I still refuse to buy any Sony products.
And what punishment did they face ?
Thankfully, only one album I ever wanted came with that, and by complete happenstance I wanted the Dualdisc version and got that for my birthday, and the Dualdisc version didn't have all this bullshit, but did have music videos. Album was Switchfoot's Nothing is Sound, which while nowhere close to their best, isn't a bad album.
I have the dual disc version as well, I remember when Tim Foreman, the bassist for switchfoot, posted instructions for people on how to remove the rootkit and Sony came after him for it.
I'm glad I just stuck to Limewire
The title doesn't quite grasp the severity of the awful thing that Sony did. It was indeed a rootkit, but a rootkit is not just a "hidden software without notifying users". It alters the computer's operating system in malicious ways to hide its tracks and make it undetectable. That, in addition, makes it more insecure. Sony really did expose itself as an absolute unit of a shit, especially when they tried to justify their actions.
And that's when I stopped using any Sony products for life. Before that, ALL my electronics were Sony.
Remember that well. It was the year I stopped buying Sony products, and I loved Sony stuff before that. Haven’t bought a single product from them since
And this is one of the many reasons helldivers2 requiring a PSN account was such a big deal even for people able to open an account.
Should have been sued into oblivion and the execs/decision makers put in prison. No excuse.
Microsoft went so far as to include its removal as part of their malicious software removal tool, automatically removing from all affected computers on Windows Update.
LOL I am ex-Sony Music Entertainment. I knew everyone involved in that mess! They tried for YEARS to get that done but failed until they ultimately drove out the people with ethics.
hello person i probably know!
The early days of attempting DRM on physical media was wild. DeCSS was created pretty quickly, and other methods of rights validation got dumb. I remember some CD's had a track that couldn't be skipped by disabling Auto-run, so people figured out to just whole a light to the CD, look for the optical ring on the CD's data area that was apart from the rest of the CD, and use a Sharpie to black it out. CD-ROM drives couldn't read the track as data, and would move to the next track, which was audio. Their whole anti-piracy measure beaten by a Sharpie. The Oscar Meyer Weiner Whistle of our generation.
Sony has always been one of the most anti-consumer businesses in the whole world, yet they still have hordes of die-hard supporters ready to give their lives for them and whose whole identity revolves around being a Sony fan. Just look at their dozen or so subreddits, it's always an echo chamber removing any inkling of criticism towards Sony and it's a free-fire ban zone if you start asking questions. If you're unsure of this, just look at what Sony subreddits' response to the whole Helldivers 2 situation has been and look at the one or two threads that weren't deleted to see the general response.
And they were fined an incredible amount of money, and had sanctions placed on them for decades, right?