Sony promotes XCP not recalling it

Press Release Source: Columbia Records

Neil Diamond’s ’12 Songs’ Makes Chart History as Artist’s First-Ever Top 10 Debut & First Top 10 Album in 13 Years
Wednesday November 16, 2:45 pm ET 
Critically Acclaimed ’12 Songs,’ Produced by Rick Rubin, With Music & Lyrics by Neil Diamond, Debuts at #4 on Billboard Top 200

NEW YORK, Nov. 16 /PRNewswire/ — Neil Diamond’s critically-acclaimed new album, 12 Songs, has debuted at #4 on the Billboard Top 200 and is the artist’s first album to debut in the Top 10.
Released on November 8, with first true week’s sales of 92,705, according to SoundScan, 12 Songs is providing the strongest opening week’s numbers of Neil’s career. His last studio album, Three Chord Opera, opened at #15 — his highest previous debut position, with first week’s sales of 67,975 — in July 2001.

I put this very simple question to SonyBMG:

Why are you still selling the Number 4 chart album on Billboard on your own web site?

The press release on Yahoo here states the source of the release as “Columbia Records” at “Wednesday November 16, 2:45pm ET”. Why does Sony have a subsidiary company “Columbia Records? releasing promotional and marketing hype surrounding the great success of Neil’s new album? This press release was received many hours after you had publicly noted on your web site that there is a product recall, retail and inventory stocks to halt distribution and sales of ALL the affected XCP CD’s. You have released a press release promoting and advertising this CD from Neil Diamond and continue to actively promote this. This will increase the amount of customers who have the potential to be infected with this security flaw. If any of the customers who have purchased this CD insert there CD into their Windows Personal Computer and they idly agree to the EULA you provide, which on the original disc has not been modified. Then the user thanks you very much for a great CD. They leave and are quite impressed with the listening experience they have just had getting a real kick and buzz from one of the great legends of the music industry. Neil Diamond does not deserve such treatment of your arrogance, ineptitude and deceit that you are continue to display by your entire organisation. You are hurting and making it worse for Neil, his fans and your customers. 

These two titles for the ’12 Songs’ album the ‘CD’ and ‘CD Special Digipak Edition’ versions of the disc are still available for purchase. This CD from Neil Diamond is stated as his best success so far. You give no disclaimers on the homepage for of what is really on his CD. The current part numbers for the two versions available online are the two part numbers you list in the document you have online for the ‘Affected Titles’ yet you continue.

These two titles are still for sale with the unaltered original XCP software security threat. With no mention of the security implications. There are proven cases of Virus’s in the wild that now attack this software in an unpatched state.

Who is speaking for the 92,705 customers (Less 4,057 Digital Purchases) who have purchased this CD.? Why do you continue even on your own website to still be offering this CD for sale from these locations?

Title CK94776 Neil Diamond 12 Songs [CD (Special Digipak Edition)] $16.98

Title 1CK97811 Neil Diamond 12 Songs [CD] $13.98

You have on your website here:

“We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory.”

How about you start from the top at your organisation and work from there including timely and accurate media releases about this issue and no more media releases promoting this as a musical CD and not the clear security breach that it is also.

A statement made publicly by The Department of Homeland Security made mention of tactics used by companies that are dangerous to National Infrastructure and Security, which if you have not caught the drift of it yet, Sony they are talking about YOU but you continue to do the WRONG thing.

When will you release a public media release regarding the security issue involved here? We have been warned by the great work of the security people within our industry. And now we are communicating this same information around the world to all of our clients. In a single step you have breached the trust that we have given to the music industry by letting our users of computer networks play and use their own personal CD’s on internal company networks. By doing this we then trusted that the users would play there favourite audio CD’s at work instead of downloading music from the internet to play on there computer. We have proactively helped by attempting to eliminate the P2P downloads that may end up on our networks and have that chance of a security threat in the download. Now all users in many organisations will very shortly face disciplinary action if a single piece of audio music is placed or played on the personal computer at the office because firstly downloaded music is illegal and often is just nasty, second the CD’s you may bring from home to listen have a greater chance or doing more harm than the P2P download and that is worse than nasty.

When will you release a media release that states the software that is on the 50 titles affected is a security threat and that all products affected have been withdrawn from sales, distribution and production?

Or will you wait until the next form of patch is created by the First 4 Internet Company which we can see from the three service packs they have released so far that they are completely inept. They cannot even create a good security solution for your DRM policy and then to update it with the current third patch. The removal instructions should be an exe file on a web site available for public download. Not an ActiveX control that creates an ever bigger security risk than the original DRM package. It has taken a couple of people from Princeton University to do this well before you could. Why are you not in damage control of this problem and have people such as Mark Russinovic, Jeff Dwoskin and Alex Halderman develop, create and release a removal tool for this. Oh I forgot Sony and First 4 Internet haven’t done this yet. But Jeff Dwoskin and Alex Halderman have and have made it public for people to use. How can they already know more about the product than the manufacturers, simple that’s how bad the original software truly is. Everything that First 4 Internet have done is extremely nasty programming and now they are faced with piracy and copyright infringements that the recording industry is trying to protect and now they use the exact technique to attempt to stop the music piracy by pirating GPL source code to implement such a design with no support or credits to the original authors and on the acceptance that if you use this code you must release the source code to the public.

ALL global media should NOW receive a media release stating a fair amount of the facts that have been listed in the case. If you stood up and mentioned a couple of these security threats you have on this product honestly to your customers you have a chance of some praise for your being a big and honest company to admit you made a rather big mistake. If you tell the truth people may still respect you for finally be honest. If you do not and continue to deceive people your any chance of ever saving your audio and video business’s including upcoming technologies such as Blu-Ray will be non-existent, if you are lucky you may still be able to hold onto your Television and Playstation arms of the business but all audio/video credibility you once had is now gone. Sony we trusted you explicitly now you have broken a major trust relationship that will take you a very long-time to re-establish if you actually are able to at all.
You need to immediately advise all 88,648 customers (plus the new customers) that have purchased this CD (And every other Artist) that it is a threat to infrastructure and national security as per the Department of Homeland Security. Sony you are literally putting your reputation before the lives of people. Sony you are WRONG you need to admit this and inform your customers of your installed security threat. You do not have the right to wait until First 4 Internet release there 4th version of a patch to fail again. You need to publicly endorse what has been done by Mark Russinovic, Jeff Dwoskin and Alex Halderman and utilise these people as independent people who are helping you achieve compliance in fixing your product. If it was not for people like the investigative analysis that Mark Russinovic produced in the first place on this particular topic, we would not have anywhere near the complex security that we take for granted on personal computers connected to the internet. You actually owe Mark a great deal of thanks. If this had come out from a virus writer first submitting it and it going wild on all the XCP music listeners’ personal computers you would be facing extremely costly litigation from many customers. So you should be thanking this man for this, and it should be contained in your press release.

Oh in case you were wondering the happy experience of the customer did not get infected by a virus so they were lucky. They do however have the computer in at a repair shop being looked at by computer technicians and engineers as when they got up the next morning to check there e-mail they noticed the Microsoft Blue Screen of Death. The only information they have so far from the computer shop is appears your anti-virus software did a virus scan and that was the last thing your computer ever did.

Sony it has been said and will again. It is your intelectual property but it is my computer and you cannot trespass illegly.

Now all those nasty trojan, spywar, malware & virus writers I just wonder how many of them now own there own personal loving copy of the Van Zants CD. Or after this post how many will go ahead and purchase it. And somehow I do not think I was the first person to think of this theory.

Author: netweb

#bbPress core committer, contributor & moderator, #WordPress, and #BuddyPress Build Tools component maintainer. You can find me on WordPress Slack as @netweb, Twitter as @netweb, GitHub as @ntwb.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: