Gifts for $25 or Less Spotify Wrapped Neuralink Brain Chip Black Hole Burps Light of 1,000 Trillion Suns Stamp Price Increase Streaming Services to Cancel Melatonin Rival Monkeypox Renamed
Want CNET to notify you of price drops and the latest stories?
No, thank you

New Sony CD risk identified

Label says it will work with Princeton researchers on fix for copy-protection software uninstaller.

Computer researchers uncovered a new security risk Friday related to Sony BMG Music Entertainment copy-protected CDs, which could expose several hundred computers to attack.

This security flaw dealt with different technology than that which has sparked controversy for nearly three weeks, however.

Recent criticism has focused on Sony's release of discs containing copy-protection software created by British company First 4 Internet, which opened listener's computers to hackers' attack. The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases.

Sony said in a statement Friday that SunnComm had removed the uninstall program from the Web, and was in the process of contacting 223 consumers who had downloaded it while it was available.

The security hole in the uninstall program was similar to one discovered with First 4 Internet's uninstall program several days ago.

In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' Web sites, but would also respond to malicious instructions from other Web sites.

In its statement, Sony said that SunnComm was developing a new uninstall program for its copy-protection software, and that Felten had agreed to review it before it was posted online.

The SunnComm security risk discovered by Felten and Halderman is limited to the uninstall program, which was distributed separately from the CDs themselves.