Hackers are exploiting flaws in the software Sony is using to remove its controversial copy protection system. Although only proof of concept attacks, security firms fear that users ridding themselves of Sony's copy protection system will soon face other dangers. Other security researchers have released tools that close the loophole opened by Sony's uninstaller. Sony's music arm has now published a list of all the CDs that use its much criticised anti-piracy system.
It also came under fire from Dutch electronics giant Philips which said the discs were not true compact discs because XCP was not in the standard that defines such things. Most recently the US Computer Emergency Response Team issued advice about XCP. "Do not install software from sources that you do not expect to contain software, such as an audio CD," it said. Virus writers have even adapted XCP to stop their creations being found by security scanning software.
First Sony said it was 20 discs affected. Then it was 49 discs including older material. Now it's 52 discs total. Freedom to Tinker say they have tools to close the hole left by the Sony uninstall process. Is the Microsoft uninstall any better?
This is my last post on the subject. I'd like to think this mess will dissuade other record labels from thinking that they are free to alter a person's computer, or from assuming that everyone who plays a CD on a computer is pirating it, but it's not likely. Someone will try this again, I just hope they get caught quickly and exposed.