Vox Populi Vox Dei
High Tory
Nevertheless, Sony BMG asked First4Internet to investigate. Both Sony BMG and F-Secure say that it was on Oct. 17 that F-Secure first spelled out the full scope of the problem to Sony. The security company’s report on the matter, sent that day to First4Internet and Sony BMG, confirmed there was a rootkit in XCP and warned that it made it possible for hackers to hide viruses and protect them from antivirus software products. F-Secure referred to XCP as a “major security risk,” according to a copy of the e-mail supplied to BusinessWeek Online by F-Secure.
Sony BMG says it asked the two software companies to investigate and find a solution to the problem. “From the moment our people learned that F-Secure had identified a potential problem we contacted our vendor and in no uncertain terms told them you have to get with F-Secure and find out what needs to be done about it,” says Daniel Mandil, Sony BMG’s general counsel.
BOGGED DOWN. What happened next is in dispute. F-Secure had a conference call with executives of First4Internet on Oct. 20. It says First4Internet argued that there was no real problem because only a few people knew of the vulnerability XCP created, and said an update of the XCP software, due out early next year, would fix the problem on all future CDs.
Read more: http://www.businessweek.com/technology/content/nov2005/tc20051129_938966.htm