New Sony CD risk identified

This security flaw dealt with different technology than that which has sparked controversy for nearly three weeks, however.

Recent criticism has focused on Sony's release of discs containing copy-protection software created by British company First 4 Internet, which opened listener's computers to hackers' attack. The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases.

"This nightmare makes it rather clear that Sony doesn't really care about customers, not only in the way they want to spy on you (and open the door to your pc for any hacker) but rather in the way the handled the whole situation."
--Ki Ji

Sony said in a statement Friday that SunnComm had removed the uninstall program from the Web, and was in the process of contacting 223 consumers who had downloaded it while it was available.

The security hole in the uninstall program was similar to one discovered with First 4 Internet's uninstall program several days ago.

In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' Web sites, but would also respond to malicious instructions from other Web sites.

In its statement, Sony said that SunnComm was developing a new uninstall program for its copy-protection software, and that Felten had agreed to review it before it was posted online.

The SunnComm security risk discovered by Felten and Halderman is limited to the uninstall program, which was distributed separately from the CDs themselves.