Sony's rootkit uninstaller is *really* dangerous
We've written here that the "uninstaller" that Sony provides for getting rid of the malicious trojan horse that is installed on your computer when you play one of their music CDs introduces some pretty big security holes into your PC.But it looks like it might be worse than we suspected. DRM-fighting Princeton prof Ed Felten sends us this:
Alex Halderman and I have confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.Link, Link to November 14 time-line of Sony's misdeeds (Thanks, Ed!)We are working furiously to nail down the details and will report our results here as soon as we can.
In the meantime, we recommend strongly against downloading or running Sony's Web-based XCP uninstaller.
Share this post
Cory Doctorow
Upcoming appearances
* Feb 9, 2012, DeKalb, IL: Day of Doctorow, NIU
* Feb 10-12, 2012, Chicago, IL: Capricon 32
* Feb 13, 2012, Arlington, TX: UT Arlington College of Engineering Distinguished Speaker Series
* Feb 16, 2012, Victoria, BC: 13th Annual Privacy and Security Conference
Recent books:
* Context (essays)
* With a Little Help (short stories)
* For the Win (YA novel)
* Makers (adult novel)
Where not otherwise specified, this work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.