EFF Open Letter to SunnComm (aka The Clowns That Created the Sony Rootkit)
08:27 PM / 09 Dec 2005 Filed in: technology
Mr. Kevin M. Clement
President and Chief Executive Officer
MediaMax Technologies, Inc.
Mr. Clement:
As you know, we have already discovered one security concern arising from the MediaMax software, resulting in the patch issued on Tuesday and the revised patch issued yesterday.
The Electronic Frontier Foundation (EFF) remains concerned that additional security flaws will be discovered in MediaMax software, in both version 5 and version 3. EFF isn't alone in this concern. Indeed, as Professor Ed Felten has noted, "Experience teaches that where there is one bug, there are probably others. That’s doubly true where the basic design of the product is risky. I’d be surprised if there aren’t more security bugs lurking in MediaMax." See http://www.freedom-to-tinker.com/?p=944.
While Sony BMG has taken some steps to address the security vulnerabilities in the MediaMax software, we are very concerned about consumers who purchase "MediaMax'd" CDs from labels other than Sony BMG, such as Cuban Link's "Chain Reaction" by Men of Business Records, Peter Cetera’s “You Just Gotta Love Christmas" by Viastar Records or MediaMax'd releases on KOCH Records. Many of these consumers have not been notified of this security issue, and indeed may be unaware that they even have a security vulnerability.
Read More...
President and Chief Executive Officer
MediaMax Technologies, Inc.
Mr. Clement:
As you know, we have already discovered one security concern arising from the MediaMax software, resulting in the patch issued on Tuesday and the revised patch issued yesterday.
The Electronic Frontier Foundation (EFF) remains concerned that additional security flaws will be discovered in MediaMax software, in both version 5 and version 3. EFF isn't alone in this concern. Indeed, as Professor Ed Felten has noted, "Experience teaches that where there is one bug, there are probably others. That’s doubly true where the basic design of the product is risky. I’d be surprised if there aren’t more security bugs lurking in MediaMax." See http://www.freedom-to-tinker.com/?p=944.
While Sony BMG has taken some steps to address the security vulnerabilities in the MediaMax software, we are very concerned about consumers who purchase "MediaMax'd" CDs from labels other than Sony BMG, such as Cuban Link's "Chain Reaction" by Men of Business Records, Peter Cetera’s “You Just Gotta Love Christmas" by Viastar Records or MediaMax'd releases on KOCH Records. Many of these consumers have not been notified of this security issue, and indeed may be unaware that they even have a security vulnerability.
Read More...
|