NEWS
Computer researchers uncovered a new security risk on Friday related to Sony BMG Music Entertainment copy-protected CDs, which could expose several hundred computers to attack.
This security flaw dealt with different technology than that which has sparked controversy for nearly three weeks, however.
Recent criticism has focused on Sony's release of discs containing copy-protection software created by British company First4Internet, which opened a listener's computer to hackers' attack. The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases.
Sony said in a statement on Friday that SunnComm had removed the uninstall program from the web, and was in the process of contacting 223 consumers who had downloaded it while it was available.
The security hole in the uninstall program was similar to one discovered with First4Internet's uninstall program several days ago.
In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' websites but would also respond to malicious instructions from other websites.
In its statement, Sony said SunnComm was developing a new uninstall program for its copy-protection software, and that Felten had agreed to review it before it was posted online.
The SunnComm security risk discovered by Felten and Halderman is limited to the uninstall program, which was distributed separately from the CDs themselves.
John Borland writes for CNET News.com
