Morpheus Update Final - P2P-Zone

JackSpratts · 06-02-02, 11:09 AM

P2P Activity Report

After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts...

RE:MORPHEUS HACK

It's a different exploit than the Netstat -n Win/IE hack. Some of you may recall in order for the IE one to work you had to have a Morpheus user who was already transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. There was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks.

If anyone's sharing more than they think on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download.

Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks (but make no mistake, it can be done with patience). Most importantly though, I believe it shouldn't expose anything on anyones' PC who did proper Morpheus initializing to begin with.

Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients won't be risking much if anything. Continue using this app and enjoy it. I will. It's very powerfull and it works within its' known limits. However, less sophisticated users may do well to consider alternate applications.

This latest episode hammers home the original and continuing Fasttrack platform weakness of how easy it is to inadvertently share an entire Hard Drive - and how dangerous that is.

Now "thanks" to this discovery, it's just as easy to exploit.

I hope this has been helpful.

- Jack Spratts.

06-02-02, 11:09 AM	#1
JackSpratts Join Date: May 2001 Location: New England Posts: 10,018	Morpheus Update Final P2P Activity Report After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts... RE:MORPHEUS HACK It's a different exploit than the Netstat -n Win/IE hack. Some of you may recall in order for the IE one to work you had to have a Morpheus user who was already transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. There was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks. If anyone's sharing more than they think on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download. Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks (but make no mistake, it can be done with patience). Most importantly though, I believe it shouldn't expose anything on anyones' PC who did proper Morpheus initializing to begin with. Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients won't be risking much if anything. Continue using this app and enjoy it. I will. It's very powerfull and it works within its' known limits. However, less sophisticated users may do well to consider alternate applications. This latest episode hammers home the original and continuing Fasttrack platform weakness of how easy it is to inadvertently share an entire Hard Drive - and how dangerous that is. Now "thanks" to this discovery, it's just as easy to exploit. I hope this has been helpful. - Jack Spratts.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode