Thread: Morpheus Update Final
View Single Post
Old 06-02-02, 03:40 PM   #3
goldie
yea, it's me.
 
goldie's Avatar
 
Join Date: Jan 2002
Location: usa
Posts: 2,093
Default Re: Morpheus Update Final
Quote:
Originally posted by JackSpratts
P2P Activity Report

After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts to everyone at NU…

RE:MORPHEUS HACK

It's a different exploit than the Netstat -n Win/IE hack. Some of you may remember that in order for the IE one to work you had to have a Morpheus user who was already in the process of transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. Then there was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds only those people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks.

If anyone's sharing a drive on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download.

Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks. Most importantly I believe it shouldn't expose anything on peoples' pcs who did proper Morpheus initializing to begin with.

Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients wouldn't be in much danger. Use this app and enjoy it. It's very powerfull and it works. However, less sophisticated users may do well to consider alternate applications.

It hammers home the original and un-addressed Fasttrack platform weakness about how easy (and dangerous) it is to inadvertently share a Hard Drive. Now "thanks" to this discovery, it's just as easy to exploit it.

This thread will move to P2P in a day or two. I hope this has been a help.

- Jack Spratts.

OH - What do we have here? A response from Streamcast!!!


MusicCity Homepage
goldie is offline   Reply With Quote