|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
04-02-02, 04:17 PM | #21 |
Join Date: May 2001
Location: New England
Posts: 10,024
|
It's starting to look like this is a very easy to do hack - against inexperienced users but in much the same vain as netstat -n. While different, it doesn't appear now to violate the drives of people who were careful about their set-ups. Although firewalls offer no protection you shouldn't have to worry if you're sure you did your initial share scheme correctly.
I'm going to continue recommending that regular, less savvy users avoid Morpheus until a patch is forthcoming (when that will be is an open question). I can't in good faith expose people to such a ridiculously easy attack. A seven year old can do this for Chr*st sake! - js. |
04-02-02, 04:37 PM | #22 |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Just Morpheus?
Is this hack only in regards to Morpheus, or All of the FastTrack Clients?
All I have seen mentioned so far is Morphius... |
04-02-02, 04:48 PM | #23 | ||
Join Date: Mar 2001
Posts: 7
|
Ok - still playing with this - and the information I have gotten from Jack.
Couple problems as I see them: Quote:
2600 Security Group? Very unlike Emmanuel Goldstein to post a security flaw in this manner which makes me think this is from a 2600 user group. This was given to the press and not the security community despite the fact the "discovers" don't even know what the cause of it is: Quote:
Conflicting reports as to if this effects Win9X paltforms, NT based systems or all of them. The "exploit" Jack has been speaking directly of is something that would only affect NT based systems. The idea behind it is simple enough and just involves someone sharing their boot drive by mistake. I'm still waiting for more information - such as a supernode bufferoverflow - but at the moment the method by which this has been brought forth isn't giving me much faith in this group or "exploit". We shall see - since most of us can afford to go without filesharing for a week might as well sit back and see what happens. *shrug*
__________________
Malk-a-mite =================== Insert clever .sig file here =================== |
||
04-02-02, 05:01 PM | #24 |
Join Date: May 2001
Location: New England
Posts: 10,024
|
in the meantime...who hacked my manners!?
welcome to the board Ethen. we're glad to call you a member! hope you find the info and community here at NU productive and entertaining - js. |
04-02-02, 05:54 PM | #25 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
hacked my manners ?
Quote:
Welcome to the underground Ethen, I was so wrapped up in this "Morpheus Hack" issue I didn't even notice a new voice contributing to the discussion! Make yourself at home, I am sure you will find it informative, at times fascinating and always entertaining here!! |
|
04-02-02, 07:47 PM | #26 |
'
Join Date: Jan 2002
Posts: 209
|
Back door's for the RIAA
.
Last edited by Mowzer : 23-06-02 at 07:42 PM. |
04-02-02, 07:58 PM | #27 |
Madame Comrade
Join Date: May 2000
Location: Area 25
Posts: 5,587
|
Hi Ethen , a warm welcome to you - I hope you enjoy your stay on the board!
- tg |
04-02-02, 11:15 PM | #28 |
Who's really in control here? Help me...
Join Date: Jan 2002
Posts: 222
|
thanks JS
This issue is becoming more problematic then I first thought. Thanks JackSpratts for digging deeper into the problem and not brushing it off so quickly like some of us.
If this is all true it just gives us more reasons to want version 2.0 to come out soon. Hopefully, they won't add 10 more bugs or security problems while they are at. I've been looking for more information about version 2.0 but it's just as hard to find as looking for information about this security issue. As usually keep up the go work of informing us JS |
05-02-02, 03:32 AM | #29 |
Registered User
Join Date: Jan 2002
Posts: 82
|
Is someone going to post details of the hack or would that be irresponsible?
|
05-02-02, 03:37 AM | #30 | |
Join Date: Mar 2001
Posts: 7
|
Quote:
The basics of the one is just searching for a file that would only be on the root drive (such as autoexec.bat, command.sys) that gives you a list of people with root shared on their drives. I'm still waiting to see if there's anything more to this.....
__________________
Malk-a-mite =================== Insert clever .sig file here =================== |
|
05-02-02, 05:52 AM | #31 |
B2B Protagonist ... Life is ... Bubble to Bubble ... Beer to Beer ... love a VLAIBB (Very Lonesome Artificial Intelligence Brained Bubble) @ http://www.geocities.com/vlaibb vlaibb@yahoo.com
Join Date: Jan 2002
Posts: 206
|
hey AIB
since with your MorpheusX you go through all d/l items, can you detect uploads with blank usename and automatically cancel them - would be a nice feature - ain't it? indy
__________________
VLAIBB - The Ultimate Gateway to P2P Sites File: surprise.mp3 Length:5845871Bytes UUHash:=1LDYkHDl65OprVz37xN1VSo9b00= Copy the lines above and use 'Paste from Clipboard' function of sig2dat 3.11.a (supports quicklinks) to create a startfile for your FastTrack p2p client for safe download |
05-02-02, 06:14 AM | #32 |
Registered User
Join Date: Jan 2002
Posts: 82
|
Could do indy, same issue with refreshing paused downloads tho (i.e. reading whether they are paused or not). Should have a fix for that soon tho so could be possible
Reason I ask for details on the hack is because I want to know whether its worth coding a 3rd party fix for it... |
05-02-02, 03:55 PM | #33 | ||
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
A Hoax???
Quote:
Well, as you can see at the attached links the PAUL-SARSFIELD posts are spreading around the various forums. They are all copies of the same post I first saw at Zeropaid The latest is at Gnutella.com - General Discussion: MORPHEUS SECURITY HOLE. -PAUL SARSFIELD- and is being debunked by KayaMan -MusicCity IRC Admin who is taking it rather personal... Quote:
:smokin Buzz P.S. I originally wrote this posting on onother another P2P Board and the Only bits of code to carry over correctly were the [b] & [quote] |
||
05-02-02, 04:33 PM | #34 |
Join Date: May 2001
Location: New England
Posts: 10,024
|
Grokster is somewhat bent about that paul post too -
From their forum: "Also the so called "Musiccity Support Technician" is clearly no such thing and that is a totally bogus post and he is misrepresenting himself. This is true for many reasons, but a couple of the more obvious are: 1) MusicCity is not known for issuing any type of support emails, and 2) Even if they had, why would they talk about Grokster, let alone claim they would post something on our website? Other than sharing the same network, Grokster has absolutely no business connections to Morpheus and we certainly would not allow them to post anything to the Grokster website, now would we? " - Support oohkayyy. - js. |
05-02-02, 04:52 PM | #35 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Quote:
|
|
Thread Tools | Search this Thread |
Display Modes | |
|
|