Sony rootkit roundup, part II

See Part I, Part III, Part IV, Part V and Part VI of this post for more.

It's been three days since the first roundup post on Sony's rootkit DRM and lots of new stuff has come to light since. Below is a timeline of posts since then, but first, here's the Sony debacle news that came in while I slept:

Now, all the news that's come in since the initial roundup post on Nov 14:

Nov 14: Sony anti-customer technology roundup and time-line

Roundup of Sony's misdeeds to Nov 14.

Nov 14: EFF to Sony: you broke it, you oughta fix it

EFF publishes an open letter to Sony calling on the company to make amends for its misdeeds — Sony should disclose the risks of its DRM software, it should give customers uninfected CDs, help anti-spyware companies fix the holes, compensate customers for damage to PCs, and package their CDs will full disclosure of any malware contained within.

Nov 14: Sony's rootkit uninstaller is *really* dangerous

Following on the November 13 research about Sony's rootkit "uninstaller" leaving your computer vulnerable to attacks like rebooting it by inserting malicious code in a web-page, Princeton researchers Ed Felten and Alex Halderman announces that they have discovered far more serious problems with the software and warn against installing it at all, promising prompt full disclosure (they publis this the next day, along with some instructions for defending yourself if you've run the uninstaller)

Nov 15: Sony begins to recall some infected CDs

Sony announces a limited recall of its infected CDs — they'll take them back from stores, but not from customers (they announce that they'll swap out customers' CDs later in the day)

Nov 15: Sony's spyware "remover" creates huge security hole

Princeton DRM researchers Ed Felten and Alex Haldermen publish detailed analysis of the security vulnerabilities created by the rootkit "uninstaller" Sony that provides. Running this software leaves your machine vulnerable to complete takeover by simply embedding malicious code in a webpage.

Nov 15: Sony infects more than 500k networks, including military and govt

Dan Kaminsky publishes research showing that Sony's DRM has infected over 500,000 computer networks including networks belonging to the military and the government.

Nov 15: Sony disavows lockware patent

Sony issues a statement promising not to use technology that locks videogames to consoles.

Nov 15: Latest Sony news: 100% of CDs with rootkits, mainstream condemnation, retailers angry

Mini-roundup post. Before Sony recanted, they were sending out emails to their customers proudly promising that 100 percent of their CDs would be infected with rootkits by end of 2005. The Globe and Mail's business section denounces Sony. A tipster at a retailer reports that Sony is pressuring the sales channel to downplay the scope of the threat from its rootkit DRM. Sony and other electronics companies get caught jacking up the wholesale price to online stores, so that their retail price will be the same as those in physical stores.

Nov 15: Sory Electronics: Will Sony make amends for infecting our computers?

SORY Electronics — lovely parody of Sony's logo, reading: "SORY IS THE HARDEST WORD." It's the concept behind a site calling on Sony to really make amends for the infecting of its customers' PCs.

Nov 15: Sony issues non-apology for compromising your PC

Sony promises to send you a non-DRM CD to replace your DRM CD. Still no word on how to effectively uninstall their rootkit, and the company downplays the scope of the damage — just what we need, infected users with a false sense of security.

Nov 16: Katamari/Sony DRM mashup

Humor break: Joey De Villa creates "Katamari DRM," showing the wonderful videogame transformed into a game where the objective is to overwhelm the planet with rootkit DRM — he draws on Dan Kaminsky's excellent visualizations of the 500,000+ networks infected with the rootkit.

Nov 16: Sony waits 3 DAYS to withdraw dangerous "uninstaller" for its rootkit

Three days after being notified that its rootkit DRM uninstaller leaves computers in a dangerously insecure state, Sony finally stops advising its customers to use it.

Nov 16: Sony CDs banned in the workplace

Companies, educational institutions, and government agencies are banning the use of Sony CDs on workplace computers, due to the security risks that arise from the rootkit DRM. Some orgs go so far as banning audio CDs altogether, since there are plenty of malicious bits of anti-security technology in music from many labels.