Monday, November 14, 2005

Rootkit explained...updated before the next day!

Never heard of it. Well now you have, and so have I.
A couple of weeks ago blogsnow reported a lot of activity at a technical site so full of geektalk that I couldn't read it. My buddy Bob explained it in a line or two and described the high level of techie interest as "flies over molasses," a wonderful image that I have to remember to use.

Here is a Crooked Timber post that goes into more detail and reveals now cd's now can plant programming features into Windows software leaving the system vulnerable to other, less-benign invasive attacks.

It’s bad enough that Sony would do this without giving users adequate notification. But the system they used – licensed from a company called First 4 Internet – did this in a particularly clunky way. Any file starting with the prefix $sys$ would also be hidden from the operating system, leaving the computer open to other hacks that would themselves be hidden.

Additional information update...

I was a bit breezy with my post. BoingBoing, which originally broke the story, says the problem is more serious than first thought. Ed Felten reports on his blog:

Alex Halderman and I have confirmed that Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

We are working furiously to nail down the details and will report our results here as
soon as we can.

In the meantime, we recommend strongly against downloading or running Sony’s Web-based XCP uninstaller.

1 comment:

Andreas Wacker said...

Thanks for remembering that you saw it first on BlogsNow.

That's what's it made for: To show you first what's going on.