According to the BBC, Sony have confirmed there is a rootkit on their Micro Vault fingerprint-locked USB flash drives and that they are absolutely concerned about this. They’re looking into the problem, ladies and gentlemen. Surprisingly, it only took them five days this time to acknowledge the problem instead of the weeks they went ignoring the problem with the CDs.
However, their definition of concerned and mine seem a bit different, as they’ve promised a fix for those effected by mid-September, and reiterated that people shouldn’t be overly concerned as they no longer make this Micro Vault anyway, even though they are still for sale on various internet websites — or they were until Wednesday, when the story broke.
Sony said it was conducting an internal investigation into the problem and would offer a fix “by mid-September”.
Moreover, Sony points out, no customers have complained about the problem yet. Well, that could be because it’s a, oh I don’t know, rootkit and the scary thing about said rootkits is that you do not know that they are there until a friendly little hacker knocks on your computer’s virtual unlocked door and says, “Pardon me, but you appear to have left your computer unlocked. You may want to have this checked.” Or, they send in a trojan or worm or virus (or virii if they’re feeling particularly nasty) and start logging your keystrokes, infecting your computer, and turning your computer into a little zombie PC. And as much as I like zombie films, I’d rather not have one in my home — human or machine.
Researchers at F-secure said that a hacker could then infect a computer as any files stored on the hidden directory would be invisible to the user and also from some virus scanners and security software.
As usual, Sony do not take the blame for this, and insist the problem was an outside firm they contracted to do the security work. This time, they say, the rootkit problem is “not as serious” because they were doing it for your protection, not theirs. I’m sure anyone who loses their identity due to some malevolent hacker feels much better already.
Sony also stated that, in conjunction with the outside vendor’s full cooperation, they’re launching an internal investigation. Don’t you feel better? I sure do! It’s the equivalent of wealthy and/or politically important parties finding out their son or daughter (or both) have been arrested on charges of a DUI, possession, and assaulting an officer and insist that the child should be released to their care and they will quietly handle things themselves. Then, they disappear from the media, not to be heard from again until the little bastards do something else. So we let Sony off the hook for this one, they fuck off and work on making a bigger, better PlayStation or plasma TV so people will go “rootkit what?” and meanwhile pull a repeat of the CD problem, releasing a patch that only makes things worse.
To which Sony (in Invader Zim-style) would reply, “Worse? Or better?”
Sadly, only the BBC seem to be covering this right now, which means thousands of people could have left the door wide open to their computers and be none-the-wiser! Oh, you tech-savvy, anti-corporation bastards, where are you now?!
As of “press time” (ie: when I uploaded) Sony’s website for the Micro Vaults does not acknowledge this security flaw! Also of note: neither the Press Release nor the articles available online denote which of the three “discontinued” models of Micro Vault have been effected. I tried looking for any kind of press release from Sony regarding which models are effected, so that I could do a search of online and local retailers to see who’s still selling the effected models and how many are out there to be purchased, as Sony can’t be arsed doing a recall, but guess what I found when I searched the term “rootkit” at Sony’s website?
A search for “Micro Vault” led to press releases announcing the newest Micro Vaults to be released and those about to go on clearance sale, but nothing noticing its customers to the huge security hole gaping in their systems. Nice.
Additionally, now McAfee’s dev blog is giving Sony a verbal bashing that’s somewhat fierce. Go McAfee!
A search of MSN’s shopping site revealed eight smaller online retailers still carrying the effected flash drives, and a quick google search of the model numbers reveal that they are still for sale at the websites for major retailersCircuit City and Amazon.com.
I intend to check out the Circuit City, Best Buy, Radio Shack, and CompUSA in my area to see if they are still for sale in stores, just to get a feel for how widespread this problem could potentially be.
- Recording a Story to Develop Writers
- Micro-viewers the Way to View the Tiny Things
- Microscopes on the Big Screen!
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.