The Electronic Frontier Foundation (EFF) has found a
security hole
in SunnComm's MediaMax 5 technology for CD copy protection. This adds to
grief for SunnComm caused by the class-action suit that the EFF launched against
SonyBMG for its use of the technology a couple of weeks ago, in the wake of the
debacle over SonyBMG Music's use of other CD copy protection technology from
UK-based First4Internet Ltd.
In the latest developments, the EFF informed SonyBMG of the security hole,
known as a privilege escalation attack; SonyBMG rapidly issued a patch; but the
EFF has stated that the patch is untrustworthy and recommends not installing it.
The EFF is doing what all good advocacy organizations do: seizing an
opportunity to get its message across to a receptive public. Consumer
outrage over security holes in First4Internet's technology, and the
corresponding embarrassment to one of the four "music majors," has captured the
attention of the news media, which now is much more interested in covering the
issue of CD copy protection than it was previously.
For its part, SonyBMG is trying to act responsibly -- which in this case
primarily means pounding on SunnComm to issue patches as quickly as possible.
The music giant at least appears to understand the higher level lesson it needs
to learn from this mess. Thomas Hesse, SonyBMG's president of Global
Digital Business, was quoted in
Business Week as saying, "We have learned that we are in the software
business to some extent and we should behave like someone in the software
business does." That is as true now as it was several years ago, and it
involves putting people with software knowledge in positions of appropriate
power and influence.
Events
IE 7
Firefox 2.0
