Morpheus Update Final

[JackSpratts]

P2P Activity Report

After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts...

RE:MORPHEUS HACK

It's a different exploit than the Netstat -n Win/IE hack. Some of you may recall in order for the IE one to work you had to have a Morpheus user who was already transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. There was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks.

If anyone's sharing more than they think on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download.

Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks (but make no mistake, it can be done with patience). Most importantly though, I believe it shouldn't expose anything on anyones' PC who did proper Morpheus initializing to begin with.

Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients won't be risking much if anything. Continue using this app and enjoy it. I will. It's very powerfull and it works within its' known limits. However, less sophisticated users may do well to consider alternate applications.

This latest episode hammers home the original and continuing Fasttrack platform weakness of how easy it is to inadvertently share an entire Hard Drive - and how dangerous that is.

Now "thanks" to this discovery, it's just as easy to exploit.

I hope this has been helpful.

- Jack Spratts.

[Maze]

To see an entire list of who is probably sharing thier entire hard drive... you need only search for .dbb then right click on any in the list and choose "find more from same user". Trying to display thier entire contents either takes forever or crashes Morpheus altogether. If it does, you usually find all kinds of junk like spyware, Cydoor, ect. from someone who obviously is not too keen about thier computer in the first place.

[goldie]

Quote:

Originally posted by JackSpratts
P2P Activity Report

After taking a look at the latest file sharing vulnerability seen in the news I 'd like to present these Final Thoughts to everyone at NU…

RE:MORPHEUS HACK

It's a different exploit than the Netstat -n Win/IE hack. Some of you may remember that in order for the IE one to work you had to have a Morpheus user who was already in the process of transferring a file. You had to use DOS and figure out how to work the IP #s and freeze netstat and the whole complicated bit. Then there was no guarantee that the user was sharing their entire drive to start with so a hacker had to try it over and over again until he found someone who was. With this new technique none of that is necessary. It works with a simple command right from inside Morpheus. The victim only has to be online and have Morpheus open. Most importantly, it instantly finds only those people who have shared their whole drive! (Unknowingly I presume). It's so much easier and efficient than other hacks it's almost scary, and that's what makes this so dangerous. A little kid can do this (and undoubtedly will) when the details get out in the next few weeks.

If anyone's sharing a drive on a Morpheus local node then this exploit will expose that person in seconds and make every file they have in their pc ultimately vulnerable to download.

Now the good news: it takes forever and uses huge resources for a normal pc to download someone's entire list of hard-drive file names onto the Morpheus page, greatly reducing the number of potential attacks. Most importantly I believe it shouldn't expose anything on peoples' pcs who did proper Morpheus initializing to begin with.

Bottom line? Sophisticated users exercising caution with these Morpheus/Kazzaa/Grokster clients wouldn't be in much danger. Use this app and enjoy it. It's very powerfull and it works. However, less sophisticated users may do well to consider alternate applications.

It hammers home the original and un-addressed Fasttrack platform weakness about how easy (and dangerous) it is to inadvertently share a Hard Drive. Now "thanks" to this discovery, it's just as easy to exploit it.

This thread will move to P2P in a day or two. I hope this has been a help.

- Jack Spratts.

OH - What do we have here? A response from Streamcast!!!


MusicCity Homepage

[Crankygirl]

And I thought streamcast didn't care about us. Now I feel all warm and fuzzy inside. (sigh)
What about an explanation for nuking the forum???
I won't hold my breath

[multi]

a quote from that link:
"THIS REPORT IS FALSE

· The report was allegedly made by an “anonymous” security consultant. Neither this consultant nor any others have contacted StreamCast directly to report a breach in security.

· Several false postings have been made on behalf of StreamCast and Morpheus. One was reported by a source named Paul Sarsfield, who claimed to be a “Morpheus” employee. StreamCast does not employ any person by that name, nor have any StreamCast employees or company representatives posted any responses to this matter.

· There has NEVER been a security breach in Morpheus since its introduction in April 2001. "

gawd knows all the trojans and virus have not breached my security either-


I think i'd rather belive you jack

[goldie]

Quote:

Originally posted by multi inter user face
a quote from that link:
"THIS REPORT IS FALSE

· The report was allegedly made by an “anonymous” security consultant. Neither this consultant nor any others have contacted StreamCast directly to report a breach in security.

· Several false postings have been made on behalf of StreamCast and Morpheus. One was reported by a source named Paul Sarsfield, who claimed to be a “Morpheus” employee. StreamCast does not employ any person by that name, nor have any StreamCast employees or company representatives posted any responses to this matter.

· There has NEVER been a security breach in Morpheus since its introduction in April 2001. "

gawd knows all the trojans and virus have not breached my security either-


I think i'd rather belive you jack

Yeppers - Streamcast gives me that nice, safe, warm, fuzzy feeling too.


NOT!!

[BuzzB2K]

Quote:

Originally posted by goldenrod





Yeppers - Streamcast gives me that nice, safe, warm, fuzzy feeling too.


NOT!!

Where did you find that demonic Teddy Bear... He looks Absolutely Evil

[Malk-a-mite]

I'd like to repeat all my eariler comments.

This is not a hack, crack, or exploit.

It is just people setting their shares incorrectly.

You can search for any file type on these programs - if you search for system files you will find people who have them shared.

Nothing more, nothing less.


Watch what you share and you'll be fine.

[Squid]

I just want to know how to do it.