eric’s extremeboredom

The first comes from RIAA president Cary Sherman said that sony “acted very responsibly” to the rootkit/xcp situation (As seen here):

“The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they’ve taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?” Source: CP NewsLink Transcript: Cary Sherman of the RIAA

Sony took a week before even offering a recall of the infected CDs and has still not shown any remorse for the whole situation. Interesting definition of “responsible”.

The second is an article by Bruce Schneier critisising the anti-virus industry for their (lack of) response, something I personally had wondered about:

What do you think of your antivirus company, the one that didn’t notice Sony’s rootkit as it infected half a million computers? And this isn’t one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn’t notice? This is exactly the kind of thing we’re paying those companies to detect — especially because the rootkit was phoning home.

Personally I am interested in hearing from Microsoft about what is being done to prevent people from rootkiting their operating system…am I alone on that?

And finally I had to throw this in, as seen using Buoh: