Don’t say I didn’t warn you….

Wow, Sony just doesn’t seem to know security from a hole in the ground these days.

A couple weeks ago I pointed out a story about Sony’s faulty copy protection scheme that they’ve been putting on recent music CDs. The software was really pretty egregious, in terms of invading they users’ computers, opening up several security holes, potentially disabling the computers completely, and several other problems that major tech companies really, really shouldn’t be secretly inflicting on their customers.

Well, if you thought it wasn’t possible for them to be this stupid, they went and made it worse. They’ve released a software tool for customers who already have the first program embedded in their systems to remove said offender. Unfortunately, the new program has even worse flaws that, in the words of a Princeton University professor and one of his students, is “about as serious as a security flaw can get.”

The Wall Street Journal quotes them thus:

“The consequences of the flaw are severe,” Felten and Halderman wrote in a blog posting Tuesday. “It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes.”

Mind you, this new problem is a fundamental design flaw in the program designed to remove the other security-hole-riddled copy protection software. Sony has broken the First Rule of Holes: “When you find yourself in one, Stop Digging.”

At least they have issued a recall of the original copy-protected CDs. Hey, you can hardly go wrong with getting rid of the damned things.

Comments are invited and encouraged

Anti-Spam Quiz: