[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 17 November 2005, 12:23 GMT
More pain for Sony over CD code
Cyndi Lauper, Getty Images
Cyndi Lauper and Ray Charles are on the full list of XCP CDs
Hackers are exploiting flaws in the software Sony is using to remove its controversial copy protection system.

These are just proof of concept hacks, although security firms fear that users ridding themselves of Sony's CD software could soon face other dangers.

Other security researchers have released tools that close the loophole opened by Sony's uninstaller.

Sony's music arm has now published a list of all the CDs that use its much criticised anti-piracy system.

Criticism mounts

The websites set up to exploit the loophole opened by Sony BMG's uninstaller were discovered by security firm Websense.

It warned that anyone who has uninstalled Sony BMG's controversial XCP copy protection system and visits these sites could find their computer is attacked by malicious hackers.

So far the attacks seen on these websites have been fairly benign but Websense warned that "there is the potential for more nefarious actions to have been done".

Screengrab of XCP titles, Sony BMG
Sony BMG has released the full list of XCP CDs
The loophole that Sony BMG's uninstaller opened was first noticed by security researchers Ed Felten and J Alex Halderman. The pair have also released tools that find and close the loophole.

Sony BMG's trouble over XCP began on 31 October when Windows programming expert Mark Russinovich noticed that a CD he had played on his PC used virus-like techniques to hide its anti-piracy system.

Since then Sony BMG has been subjected to a long series of criticisms over its anti-piracy system, the problems it can cause computer users and the onerous uninstallation process.

It also came under fire from Dutch electronics giant Philips which said the discs were not true compact discs because XCP was not in the standard that defines such things.

Most recently the US Computer Emergency Response Team issued advice about XCP.

"Do not install software from sources that you do not expect to contain software, such as an audio CD," it said.

Virus writers have even adapted XCP to stop their creations being found by security scanning software.

The row culminated with Sony BMG announcing that it would suspend production of CDs with the XCP system onboard.

It is also recalling all the remaining XCP CDs from shops and has started an exchange program for customers who want a disc free of the controversial code.

Sony has now published a full list of the 52 titles that use XCP. Previously it would only say that about 20 titles used it. It is also working on an improved uninstaller that does not leave PCs open to more attacks.

Although figures for how many people have installed XCP are hard to come by, respected net expert Dan Kaminsky has found evidence that the software is in use on more than 500,000 networks.

The CDs that used XCP were only sold in the US and Canada but were available on import in Europe.




SEE ALSO:
Sony recalls copy-protected CDs
16 Nov 05 |  Technology
Microsoft to remove Sony CD code
14 Nov 05 |  Technology
Sony stops making anti-piracy CDs
12 Nov 05 |  Technology
Sony slated over anti-piracy CD
03 Nov 05 |  Technology
Sony tries to patch up piracy row
07 Nov 05 |  Technology
Sony sued over copy-protected CDs
10 Nov 05 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific