|
|
 |
| New User, Welcome! Login |
Re: Sony: The Return Of The Rootkit
| From: |
Jason Brooke <jason qgl org> |
| To: |
Paul Sebastian Ziegler <psz observed de> |
| Cc: |
bugtraq securityfocus com |
| Subject: |
Re: Sony: The Return Of The Rootkit |
| Date: |
Fri - Aug 31, 2007 02:13 PM |
Paul Sebastian Ziegler wrote:
> Have another one:
> http://observed.de/?entnum=101
>
> Now I was outraged by Sony's Copyprotection Rootkit - but this is simply
> something different.
>
> Many Greetings
> Paul
I can't see anything in your article that adds anything to your email,
why did you want him to read it?
Also, the article by f-secure that you're having a go at, says "This USB
stick with rootkit-like behavior" and openly acknowledges that the
purpose of hiding files by the device is probably to try and prevent
tampering with the fingerprint authentication. Their main point is that:
"The Sony MicroVault USM-F fingerprint reader software that comes with
the USB stick installs a driver that is hiding a directory under
"c:\windows\". So, when enumerating files and subdirectories in the
Windows directory, the directory and files inside it are not visible
through Windows API. If you know the name of the directory, it is e.g.
possible to enter the hidden directory using Command Prompt and it is
possible to create new hidden files. There are also ways to run files
from this directory. Files in this directory are also hidden from some
antivirus scanners (as with the Sony BMG DRM case) — depending on the
techniques employed by the antivirus software. It is therefore
technically possible for malware to use the hidden directory as a hiding
place."
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
