|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
|
06-02-02, 11:09 AM | #1 |
Join Date: May 2001
Location: New England
Posts: 10,023
|
Morpheus Update Final
P2P Activity Report
After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts... RE:MORPHEUS HACK It's a different exploit than the Netstat -n Win/IE hack. Some of you may recall in order for the IE one to work you had to have a Morpheus user who was already transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. There was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks. If anyone's sharing more than they think on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download. Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks (but make no mistake, it can be done with patience). Most importantly though, I believe it shouldn't expose anything on anyones' PC who did proper Morpheus initializing to begin with. Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients won't be risking much if anything. Continue using this app and enjoy it. I will. It's very powerfull and it works within its' known limits. However, less sophisticated users may do well to consider alternate applications. This latest episode hammers home the original and continuing Fasttrack platform weakness of how easy it is to inadvertently share an entire Hard Drive - and how dangerous that is. Now "thanks" to this discovery, it's just as easy to exploit. I hope this has been helpful. - Jack Spratts. |
06-02-02, 01:26 PM | #2 |
Rebel With A Cause
Join Date: Apr 2000
Location: VA-USA
Posts: 5,088
|
To see an entire list of who is probably sharing thier entire hard drive... you need only search for .dbb then right click on any in the list and choose "find more from same user". Trying to display thier entire contents either takes forever or crashes Morpheus altogether. If it does, you usually find all kinds of junk like spyware, Cydoor, ect. from someone who obviously is not too keen about thier computer in the first place.
|
06-02-02, 03:40 PM | #3 | |
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
Re: Morpheus Update Final
Quote:
OH - What do we have here? A response from Streamcast!!! MusicCity Homepage |
|
06-02-02, 08:25 PM | #4 |
s.h.i.t. disturber
Join Date: Jan 2002
Location: Calgary, Canada
Posts: 114
|
And I thought streamcast didn't care about us. Now I feel all warm and fuzzy inside. (sigh)
What about an explanation for nuking the forum??? I won't hold my breath |
08-02-02, 08:07 AM | #5 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
a quote from that link:
"THIS REPORT IS FALSE · The report was allegedly made by an “anonymous” security consultant. Neither this consultant nor any others have contacted StreamCast directly to report a breach in security. · Several false postings have been made on behalf of StreamCast and Morpheus. One was reported by a source named Paul Sarsfield, who claimed to be a “Morpheus” employee. StreamCast does not employ any person by that name, nor have any StreamCast employees or company representatives posted any responses to this matter. · There has NEVER been a security breach in Morpheus since its introduction in April 2001. " gawd knows all the trojans and virus have not breached my security either- I think i'd rather belive you jack |
08-02-02, 08:32 AM | #6 | |
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
Quote:
Yeppers - Streamcast gives me that nice, safe, warm, fuzzy feeling too. NOT!! |
|
08-02-02, 07:43 PM | #7 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
nice, safe, warm, fuzzy feeling
Quote:
|
|
08-02-02, 08:15 PM | #8 |
Join Date: Mar 2001
Posts: 7
|
I'd like to repeat all my eariler comments.
This is not a hack, crack, or exploit. It is just people setting their shares incorrectly. You can search for any file type on these programs - if you search for system files you will find people who have them shared. Nothing more, nothing less. Watch what you share and you'll be fine.
__________________
Malk-a-mite =================== Insert clever .sig file here =================== |
08-02-02, 08:56 PM | #9 |
fish tacos ftw
Join Date: May 2000
Posts: 2,809
|
I just want to know how to do it.
|
Thread Tools | Search this Thread |
Display Modes | |
|
|