Sorry, we thought "rootkit" was Finnish for "congratulations on your DRM scheme": And here I thought the the Sony BMG rootkit fiasco couldn't get any worse (see "All I said was 'Eliot Spitzer on Line 1,' and he went straight for the ceremonial dagger"). Today brings word that the company knew of the problems with its much maligned Digital Rights Management scheme long before the scandal broke. Turns out Finnish security outfit F-Secure told Sony BMG of its misstep on October 4th -- nearly a month before Mark Russinovich brought it to the public's attention (see "Sony reconsiders policy on hiring 'reformed' hackers"). "If [Sony] had woken up and smelled the coffee when we told them there was a problem, they could have avoided this trouble," Mikko Hypponen, F-Secure's director of antivirus research, told BusinessWeek, adding that Sony BMG clearly didn't understand the implications of the software it was introducing to people's computers. Sony, of course, says it did and was only holding off on announcing the problem until it could do so with a software patch in hand. But again, that's not the story coming out of F-Secure, and given Sony BMG's conduct to date, it's tough to take the company at its word. "We told them it was a major security risk," said Santeri Kangas, F-Secure's director of research "They thought we were silly. They wanted to keep the problem quiet."
Comment on this post