Morpheus Users - Sharing More Than They Think?

[JackSpratts]

It's starting to look like this is a very easy to do hack - against inexperienced users but in much the same vain as netstat -n. While different, it doesn't appear now to violate the drives of people who were careful about their set-ups. Although firewalls offer no protection you shouldn't have to worry if you're sure you did your initial share scheme correctly.

I'm going to continue recommending that regular, less savvy users avoid Morpheus until a patch is forthcoming (when that will be is an open question). I can't in good faith expose people to such a ridiculously easy attack. A seven year old can do this for Chr*st sake!

- js.

[BuzzB2K]

Is this hack only in regards to Morpheus, or All of the FastTrack Clients?

All I have seen mentioned so far is Morphius...

[Malk-a-mite]

Ok - still playing with this - and the information I have gotten from Jack.

Couple problems as I see them:

Quote:

"Member of the security group 2600 said they have been investigating this problem since coming across it on Friday."

http://news.bbc.co.uk/hi/english/sci...00/1798095.stm

2600 Security Group?
Very unlike Emmanuel Goldstein to post a security flaw in this manner which makes me think this is from a 2600 user group.


This was given to the press and not the security community despite the fact the "discovers" don't even know what the cause of it is:

Quote:

“We’re not sure what it is that makes some Morpheus members vulnerable to this,” said the anonymous security expert. “Potentially this could make every user’s computer available to anyone who wants to have a look at it.”

Conflicting reports as to if this effects Win9X paltforms, NT based systems or all of them. The "exploit" Jack has been speaking directly of is something that would only affect NT based systems. The idea behind it is simple enough and just involves someone sharing their boot drive by mistake.

I'm still waiting for more information - such as a supernode bufferoverflow - but at the moment the method by which this has been brought forth isn't giving me much faith in this group or "exploit".

We shall see - since most of us can afford to go without filesharing for a week might as well sit back and see what happens.

*shrug*

[JackSpratts]

in the meantime...who hacked my manners!?

welcome to the board Ethen. we're glad to call you a member! hope you find the info and community here at NU productive and entertaining

- js.

[BuzzB2K]

Quote:

Originally posted by JackSpratts
in the meantime...who hacked my manners!?

welcome to the board Ethen. we're glad to call you a member! hope you find the info and community here at NU productive and entertaining

- js.

Great, now we have to worry about hacked manners as well?!?!

Welcome to the underground Ethen, I was so wrapped up in this "Morpheus Hack" issue I didn't even notice a new voice contributing to the discussion!

Make yourself at home, I am sure you will find it informative, at times fascinating and always entertaining here!!

[Mowzer]

.

[TankGirl]

Hi Ethen , a warm welcome to you - I hope you enjoy your stay on the board!

- tg

[JohnDoe345]

This issue is becoming more problematic then I first thought. Thanks JackSpratts for digging deeper into the problem and not brushing it off so quickly like some of us.

If this is all true it just gives us more reasons to want version 2.0 to come out soon. Hopefully, they won't add 10 more bugs or security problems while they are at. I've been looking for more information about version 2.0 but it's just as hard to find as looking for information about this security issue.

As usually keep up the go work of informing us JS

[AYB]

Is someone going to post details of the hack or would that be irresponsible?

[Malk-a-mite]

Quote:

Originally posted by AYB
Is someone going to post details of the hack or would that be irresponsible?

If what Jack is suggesting is the hack it's not a hack at all just some users with the sharing on their drives wrong.

The basics of the one is just searching for a file that would only be on the root drive (such as autoexec.bat, command.sys) that gives you a list of people with root shared on their drives.

I'm still waiting to see if there's anything more to this.....

[indiana_jones]

hey AIB
since with your MorpheusX you go through all d/l items, can you detect uploads with blank usename and automatically cancel them - would be a nice feature - ain't it?
indy

[AYB]

Could do indy, same issue with refreshing paused downloads tho (i.e. reading whether they are paused or not). Should have a fix for that soon tho so could be possible

Reason I ask for details on the hack is because I want to know whether its worth coding a 3rd party fix for it...

[BuzzB2K]

Quote:

Originally posted by TankGirl
If this is not a hoax, it is worrying news... BUT the story is very vague, referring to unidentified 'secury experts' that had obviously contacted BBC News Online directly before publishing any details of their findings in security-related bulletins... and BBC's comment sounds odd and uninformed to say the least:"It's definitely an accident from Morpheus' side, probably a worm. This is very dangerous."

If there is anything real to it, we should know in a few days from more reliable sources.

- tg

I have mentioned some of these sources before, but there are some newer developements and a new link to a posting at Gnutella.com.

Well, as you can see at the attached links the PAUL-SARSFIELD posts are spreading around the various forums.
They are all copies of the same post I first saw at Zeropaid
The latest is at Gnutella.com - General Discussion: MORPHEUS SECURITY HOLE. -PAUL SARSFIELD- and is being debunked by KayaMan -MusicCity IRC Admin who is taking it rather personal...

Quote:

Subject: Re: MORPHEUS SECURITY HOLE. -PAUL SARSFIELD-
Date: February 5, 2002 @ 1:14 PM
The above post as " FROM: PAUL SARSFIELD, MORPHEUS"
is a FAKE being posted all over discussion boards by lamers attempting to defame MusicCity IRC Ops and the Morpheus Program itself. Pauls 'Gamer' real response can be seen here: www.gamerspage.com/morpheus.htm

-MusicCity IRC Admin
KayaMan
chat.musiccity.com/kaya.html
kayaman.net

P.S. Paul Sarsfield (Gamer) is one of the MusicCity IRC Ops (you can locate him in #help)


:smokin Buzz

P.S. I originally wrote this posting on onother another P2P Board and the Only bits of code to carry over correctly were the [b] & [quote]

[JackSpratts]

Grokster is somewhat bent about that paul post too -

From their forum:
"Also the so called "Musiccity Support Technician" is clearly no such thing and that is a totally bogus post and he is misrepresenting himself. This is true for many reasons, but a couple of the more obvious are:

1) MusicCity is not known for issuing any type of support emails, and

2) Even if they had, why would they talk about Grokster, let alone claim they would post something on our website?

Other than sharing the same network, Grokster has absolutely no business connections to Morpheus and we certainly would not allow them to post anything to the Grokster website, now would we? " - Support

oohkayyy.

- js.

[BuzzB2K]

Quote:

Originally posted by JackSpratts
Grokster is somewhat bent about that paul post too -

1) MusicCity is not known for issuing any type of support emails

- js.

I think that one line speaks volumes...