The Sony BMG anti-piracy story just refuses to go away.
And maybe it shouldn't: Security researchers -- the same ones who earlier this week found serious security holes in a patch Sony issued to remove the scariest components of its anti-piracy program -- today bring us evidence of similarly frightening security holes associated with another digital rights management (DRM) program the recording label uses on some CDs, a product called SunnComm MediaMax.
Edward Felten, a computer science professor at Princeton University, said that while SunnComm and Sony BMG offer a tool that allows users to completely uninstall the program, the uninstaller also opens the computer up to extremely serious security problems, much like the uninstaller for First4Internet's infamous copy-protection program.
From Felten's post: "When you visit the SunnComm uninstaller web page, you are prompted to accept a small software component -- an ActiveX control called AxWebRemoveCtrl created by SunnComm. This control has a design flaw that allows any Web site to cause it to download and execute code from an arbitrary URL.