|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
04-02-02, 01:10 PM | #1 |
Join Date: May 2001
Location: New England
Posts: 10,018
|
Morpheus Hack
Note: This thread ran originally in the Underground and contained previously posted material from Peer-To-Peer.
i received the details momments ago and tested it. 1. it's real. 2. it pulls up your entire drive. 3. it's not the netstat -n 1214 IE hack. 4. it's dangerous. 5. it's easy. at this point i'm suspending file sharing with this app and recomending all users do the same at least temporarily. more later. - js. edit: it's beginning to look like full hd access is intermittent - don't know why yet but it may be from incorrect user settings - similar to nestat -n. it's the first good news i've had in an hour. however when access is granted the resulting barrage of files is so huge it can crash morpheus! |
04-02-02, 01:29 PM | #2 |
Madame Comrade
Join Date: May 2000
Location: Area 25
Posts: 5,587
|
Thanks for your vigilance and the heads-up, Jack!
- tg |
04-02-02, 01:32 PM | #3 |
R.I.P napho 1-31-16
Join Date: Dec 2000
Location: Venus
Posts: 16,723
|
Is it ok to just leave the program off?
__________________
I love you napho and I will weep forever.......... |
04-02-02, 01:35 PM | #4 | |
Madame Comrade
Join Date: May 2000
Location: Area 25
Posts: 5,587
|
Quote:
- tg |
|
04-02-02, 01:49 PM | #5 |
R.I.P napho 1-31-16
Join Date: Dec 2000
Location: Venus
Posts: 16,723
|
That's what I thought, but I wanted to make sure.
Thanks for the info you guys! (P.S. I've been using iMesh more than Morph, I like the speeds I get from iMesh)
__________________
I love you napho and I will weep forever.......... |
04-02-02, 01:49 PM | #6 |
Fortified Board Wh0re
Join Date: May 2000
Posts: 3,619
|
i never share files...too damn risky...just like this!
|
04-02-02, 03:11 PM | #7 |
Senior Napsterite
Join Date: Jun 2000
Posts: 1,691
|
Good thing I stopped using morpheous about a month ago then
|
04-02-02, 03:17 PM | #8 |
fire up, chips!!
Join Date: Mar 2001
Posts: 788
|
me had a virus from morpheus...no more for me.
__________________
"The future belongs to those who believe in the beauty of their dreams." --Eleanor Roosevelt |
04-02-02, 03:26 PM | #9 |
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
Is this all being performed thru :1214?
Is there a way we can monitor (using netstat or other) these activities such as strangely sloooooooow downloads? Does a firewall have any effect or is it's protection negated due to the user giving Morpheus server rights? Does this particular weakness apply to all file sharing applications? Need more info JS...........will wait to hear what you come up with!! GR |
04-02-02, 04:48 PM | #10 |
Join Date: May 2001
Location: New England
Posts: 10,018
|
Q.Is this all being performed thru :1214?
A. Inasmuch as Morpheus trades on 1214, probably, but it's different from the well known netstat -n hack. Q.Is there a way we can monitor (using netstat or other) these activities such as strangely sloooooooow downloads? A.Undoubtedly. However if you're sophisticated enough to do that then this is not a hack you'll have to worry about. Q.Does a firewall have any effect or is its protection negated due to the user giving Morpheus server rights? A.Firewalls have no effect against this as long as morpheus works. Q.Does this particular weakness apply to all file sharing applications? A. Not that I'm aware of. For instance it has no effect on WinMx 2.6 but expect to hear more in coming days. As always with all clients including Morpheus make absolutely sure you and your familly are only sharing exactly what you want to share. - js. |
04-02-02, 11:31 PM | #11 |
my name is Ranking Fullstop
Join Date: Dec 2001
Location: Promontorium Tremendum
Posts: 4,391
|
..so would all this apply to Grokster?
|
04-02-02, 11:46 PM | #12 | |
-------Gender Nectar-------
Join Date: Mar 2001
Location: Sifting Through The Grain Of Gold
Posts: 2,045
|
Quote:
|
|
05-02-02, 03:22 AM | #13 |
Rebel With A Cause
Join Date: Apr 2000
Location: VA-USA
Posts: 5,088
|
*bump*
As usual, I'm trying to keep important stuff or anything else I don't care for someone to possibly have acess to on CD's ...but of course this is not always possible, and can also be a bit of a chore ...however, it does sort of force you to be organized. hehe...yes Peri...20 lashes for you for not sharing. lol try to find some interesting stuff you think people might like to have and share only that folder ...then just limit your uploads to say one or two at a time ...especially if your 56k and don't want to be swamped with traffic. |
05-02-02, 08:02 AM | #14 |
Registered User
Join Date: Mar 2001
Posts: 3,742
|
Shouldn't this be in the peer to peer area?
|
05-02-02, 08:07 AM | #15 |
R.I.P napho 1-31-16
Join Date: Dec 2000
Location: Venus
Posts: 16,723
|
I figured he posted it here for the benefit of us dummies who don't look in the peer to peer section much.
__________________
I love you napho and I will weep forever.......... |
05-02-02, 04:47 PM | #16 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Morpheus Wrapup @ Slyck
Quote:
For some interesting discussion and opinions on what is "News" you might want to take a look here: Rumors of a Morpheus security hole Also I noticed that the "Infamous" -Paul Sarsfield, Technical Support posting MORPHEUS SECURITY HOLE. -PAUL SARSFIELD- has made it's way here as well. |
|
06-02-02, 12:11 PM | #17 |
Posts: n/a
|
I am still confused as to the the level of risk with this "Morpheus Hack"
If someone scans my computer and finds the Morpheus webserver on port 1214, can they access my hard disk outside of my shared Morpheus directory through some form of directory traversal attack ? Streamcast are claiming that there is no security hole, and that there have been forged postings about the alleged problem. You claim that there is a real weakness, but it does not seem to be on Bugtraq or Vuln-Dev etc Is this a security hole on all platforms or only on some ? What is going on ? Is this all RIAA FUD ? |
06-02-02, 12:48 PM | #18 |
Join Date: May 2001
Location: New England
Posts: 10,018
|
welcome to nu confused i hope your stay here is long and enjoyable.
for answers to your questions, members can view the "Morpheus Update Final" thread in The Underground. (it will be placed here soon - js. |
11-02-02, 09:15 AM | #19 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
they were good links there buzz!i liked the post by YAZ(a little quote)"
So, to sum up, the "experts," who were not even sure how they could view files on some machines and not others, were able to view personal files on the computers of a seemingly random assortment of users, most of whom were not very computer-literate. Hopefully, being the astute readers you are, many of you would guess that the personal files in question were unknowingly shared by random users when they were choosing their shared files directories, and you would probably be correct. So what of this "security exploit?" Most likely it is the same "exploit" that has been posted on the Internet for a while now. The behavior in question is due to the fact that Morpheus, Grokster, and KaZaA accept HTTP connections on port 1214. By connecting to users through port 1214, you can see a listing of their shared files. Note that only files chosen to be shared and otherwise available for download will be shown; no access is granted to the entire partition or drive. I'm very disappointed by this unprofessional article from the BBC and will maintain my skepticism until a specific security hole is revealed. I'll stop short of any conspiracy theories involving the RIAA scaring people into abandoning peer-to-peer applications, but an anonymous source combined with the statement "This is very dangerous" should at least raise a few eyebrows. [This message was edited by Yaz on February 03, 2002 at 02:20.] and i agree with assorted about some corporate brainwash (FUD?) someone posted this at gamers witch i thought was a good bit of piss-take: A security hole has been discovered in one of the world's most popular file-swapping programs which allows anyone to gain private information about its millions of users. Go on... Security experts have found a way to gain access to the computer hard drives of users of Morpheus, which has taken over from Napster as the leading internet song-swapping service. Oh really? It means that the personal details, such as bank account numbers and internet cookies, of up to two million people are exposed to prying eyes. Depending Using the Morpheus file-sharing program, people can swap music, videos or movies with other users of the software. Umm... So whats this have to do with the security hole? Users 'vulnerable' Security experts have been investigating this problem since coming across it on Friday. ... Using the Morpheus program, they found a way of getting a random list of people using the service. Called scanning a range of IP's to see if 1214 is open. They could then obtain details of the content of a user's hard drive and make copies of any file. Only the files which are shared, although some people are stupid and share their entire HD "We're not sure what it is that makes some Morpheus members vulnerable to this," said one, who asked to remain anonymous. Vulnerable my ass "Potentially this could make every user's computer available to anyone who wants to have a look at it. Define computer in this. Only those files SHARED can be seen "All we know is that there's a major gap that's allowing certain users to become vulnerable." How many times you gonna say that? The group contacted BBC News Online out of concern about the privacy implications of the security hole. ok.... "It's definitely an accident from Morpheus' side, probably a worm. This is very dangerous." You're definately an idiot. Napster was shut down by an American court last July for breaching music copyright. Where the hell did that statement come from? Morpheus is at present legal because there is no server storing the digital files. No shit, but still off topic Music fans swapping MP3 files are put in direct contact with each other. what the fuck do you think p2p is? The Recording Industry Association of America, which spearheaded the fight against Napster, is reportedly looking at ways it can tackle these new methods of file-sharing. Of course, the fucking greedy bastards Click here to go to the original BBC article. Update: They have obviously noticed how stupid they are. Link goes to a blank page.. Remember kiddies, just because your an idiot doesnt mean you're getting "hacked" sorry to those that have allready read that^ ~multi~ |
Thread Tools | Search this Thread |
Display Modes | |
|
|