I am following the story started here. And wishing some one would have summarized it in a way covering most critical aspects.
Well, here’s it. Bruce Schneier’s complete overview of the whole Sony rootkit saga. He sum it up well, excellent article. Go read it!
Some highlights:
Sony claimed the rootkit didn’t phone home when it did. On Nov. 4, Thomas Hesse, Sony BMG’s president of global digital business, demonstrated the company’s disdain for its customers when he said, “Most people don’t even know what a rootkit is, so why should they care about it?” in an NPR interview. Even Sony’s apology only admits that its rootkit “includes a feature that may make a user’s computer susceptible to a virus written specifically to target the software.”
This drama is also about incompetence. Sony’s latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony’s rootkit — designed to stop copyright infringement — itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library’s license agreement. But even that is not the real story.
Reading Summary - Jan 19, 2006
Snakes and Rubies Talk - Jan 08, 2006
Symantec - Dec 28, 2005
Weekend Tech-and-reading activities - Dec 04, 2005