iWon News: "A computer security firm working with EFF discovered the security issue with the MediaMax Version 5 CDs and how it affects computers running Microsoft Corp. (MSFT)'s Windows operating system.
Windows allows for different levels of access to a computer. The copy-protection software installs a file folder in the computer that could allow a guest user to gain unauthorized access to the computer.
'It's a privileged escalation attack,' said Kurt Opsahl, an EFF staff attorney. 'On Windows you can have users with different privileges, and because of security weakness in the permissions of a folder, it allows a low-ranked user to act as a high-ranked user.'
The problem is commonly found on many computer programs, said Robert Horton, director of NGS Software, which tested SunnComm's software fix for the record company.
The MediaMax problem differs from the security hole discovered last month with the so-called XCP technology by First 4 Internet Ltd. of Oxfordshire, United Kingdom, that Sony BMG placed on more than 50 other CD titles. That copy-protection effort was found to leave computers vulnerable to hackers.
'The main distinction is, with XCP, it was hiding itself so you wouldn't know that it was there,' Opsahl said.
This one is not hidden, he said, but the average user wouldn't know to look for it unless it was brought to their attention.
Sony BMG recalled the discs with XCP last month and released a way to remove the software from users' computers.
Opsahl said the MediaMax patch addresses the problem, but the EFF, which has a lawsuit pending in California against Sony BMG over its use of copy-protection technology, is continuing to investigate.
'We can't say that the software is now secure,' Opsahl said. 'We're going to continue to raise these issues with Sony.'"
A prematurely crusty South Park Republican, with a raging addiction to internet news and current events.
Daily light reading:
Recent Posts:Commercials, Reason #2 why the movies are now ente...