Is DRM software in mp3 files a security threat?

Hello,

I was reading about LUA on microsoft site( http://technet.microsoft.com/en-us/library/bb456992.aspx ) when I came across this piece of information

I tried googling the same but couldn't find any information about threats from DRM software in music files. Can someone plz throw some light on this issue??
Is it serious?

Thank You

 

If I remember correctly it was Sony's scandal that made rootkit technique popular. I don't remember much malware using rootkit before that incident. After that, rootkits became popular among malware writers.

Regards, hqsec

 

Wow that was quick. Thanks for the info. I had read about the Sony rootkit earlier. So my only concern was is this method used regularly these days to infect a computer? Since there doesn't seem to be anything more on this attack vector other than Sony DRM Rootkit, I'll lay my curiosity to rest

Thank You again

 

It's a good topic, actually. DRM can indeed be a security threat, as they are designed to report back and interfere with any "unauthorized" use of purchased material. In my book, if I pay for something, not a monthly fee but actually make a purchase..I'll do whatever I please with it. I'm very, very tired of this "You don't own it" attitude from companies when it comes to digital goods.

 

Study Says DRM Violates Canadian Privacy Law
How "Dirty" MP3 Files Are A Back Door Into Cloud DRM
More: search web with mp3 drm privacy.

 

Thanks for the links MrBrian. By the way do you'll think the following group policy is an ideal way to stay protected ? So basically after reading all those links do you'll agree that this is more of a privacy than a security issue ?

 

@exus69:

MP3 files are DRM-free.

For disabling Autorun features completely, use Microsoft Fix it 50471 at http://support.microsoft.com/kb/967715. That will stop autoruns when you insert any CD.

 

Yes, I was under the impression that all MP3 files are DRM-free; the format just doesn't support it. Although it gets confusing as some people (and professionally-written articles, apparently) refer to any music file as an "MP3."

 

You're welcome .

There's definitely a privacy angle here. But there can also be a security angle, as shown here and here.

 

MrBrian, sorry to say but that is not the right way to fix the autorun problem. The following link will clear the air.

http://www.datamation.com/secu/arti...AutorunAutoPlay-Good-Method-vs-Bad-Method.htm

There are some interesting links in that article regarding the autorun issue specially this one:

https://www.us-cert.gov/ncas/alerts/ta09-020a

Have a good day

 

Thanks for the links . I've seen that method before, but I never used it. Maybe I'll reconsider though.

 

Yes its very easy and more importantly applies to all versions of Windows(which the link says) but autoplay/autorun can anyways be taken care of in group policy post Vista.

 

I actually did it with group policy before, but I wasn't sure if you had access to the policy editor or not.

 

Ooops well I was talking about restricting Autorun/Autoplay from XP point of view. Am aware of those policies in 7. Thanks for the link anyways

 

Hello,

If memory serves, Windows Media Audio files can include a URL in them to download a codec. This can be used to send a malicious file to the requesting application (Microsoft Windows Media, etc.), which it would then launch under the aegis of using it to play the encoded content.

Regards,

Aryeh Goretsky