Is DRM software in mp3 files a security threat?

Discussion in 'other security issues & news' started by exus69, Jan 14, 2014.

Thread Status:
Not open for further replies.
  1. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hello,

    I was reading about LUA on microsoft site( http://technet.microsoft.com/en-us/library/bb456992.aspx ) when I came across this piece of information
    I tried googling the same but couldn't find any information about threats from DRM software in music files. Can someone plz throw some light on this issue??
    Is it serious?

    Thank You :)
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,050
    If I remember correctly it was Sony's scandal that made rootkit technique popular. I don't remember much malware using rootkit before that incident. After that, rootkits became popular among malware writers.

    Regards, hqsec
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
  5. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Wow that was quick. Thanks for the info. I had read about the Sony rootkit earlier. So my only concern was is this method used regularly these days to infect a computer? Since there doesn't seem to be anything more on this attack vector other than Sony DRM Rootkit, I'll lay my curiosity to rest :)

    Thank You again :)
     
  6. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    It's a good topic, actually. DRM can indeed be a security threat, as they are designed to report back and interfere with any "unauthorized" use of purchased material. In my book, if I pay for something, not a monthly fee but actually make a purchase..I'll do whatever I please with it. I'm very, very tired of this "You don't own it" attitude from companies when it comes to digital goods.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Thanks for the links MrBrian. By the way do you'll think the following group policy is an ideal way to stay protected ? So basically after reading all those links do you'll agree that this is more of a privacy than a security issue ?
     

    Attached Files:

    • DRM.jpg
      DRM.jpg
      File size:
      139.9 KB
      Views:
      2
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @exus69:

    MP3 files are DRM-free.

    For disabling Autorun features completely, use Microsoft Fix it 50471 at http://support.microsoft.com/kb/967715. That will stop autoruns when you insert any CD.
     
  10. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    Yes, I was under the impression that all MP3 files are DRM-free; the format just doesn't support it. Although it gets confusing as some people (and professionally-written articles, apparently) refer to any music file as an "MP3."
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    There's definitely a privacy angle here. But there can also be a security angle, as shown here and here.
     
  12. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    MrBrian, sorry to say but that is not the right way to fix the autorun problem. The following link will clear the air.

    http://www.datamation.com/secu/arti...AutorunAutoPlay-Good-Method-vs-Bad-Method.htm

    There are some interesting links in that article regarding the autorun issue specially this one:

    https://www.us-cert.gov/ncas/alerts/ta09-020a

    Have a good day :)
     
    Last edited: Jan 18, 2014
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the links :). I've seen that method before, but I never used it. Maybe I'll reconsider though.
     
  14. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Yes its very easy and more importantly applies to all versions of Windows(which the link says) but autoplay/autorun can anyways be taken care of in group policy post Vista.
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I actually did it with group policy before, but I wasn't sure if you had access to the policy editor or not.
     
    Last edited: Jan 18, 2014
  16. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Ooops well I was talking about restricting Autorun/Autoplay from XP point of view. Am aware of those policies in 7. Thanks for the link anyways :)
     
  17. Aryeh Goretsky

    Aryeh Goretsky Security Expert

    Joined:
    Apr 4, 2006
    Posts:
    54
    Location:
    United States
    Hello,

    If memory serves, Windows Media Audio files can include a URL in them to download a codec. This can be used to send a malicious file to the requesting application (Microsoft Windows Media, etc.), which it would then launch under the aegis of using it to play the encoded content.

    Regards,

    Aryeh Goretsky
     
Loading...
Thread Status:
Not open for further replies.