|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
02-02-02, 08:10 PM | #1 |
Join Date: May 2001
Location: New England
Posts: 10,023
|
Morpheus Users - Sharing More Than They Think?
Ever since MusicCity (now Streamcast) tanked their old opennap client and replaced it w/Morpheus, rumors have floated around concerning a security flaw having to do with IP numbers and hard drive access. A lot of us spent considerable time and energy shooting it down, pointing out that it's really nothing more than a typical P2P in normal operation.
Well, things may have changed recently, as this news report suggests. On the other hand, maybe not. So far the lack of detailed information makes it too early to tell. - js. |
02-02-02, 08:25 PM | #2 |
Madame Comrade
Join Date: May 2000
Location: Area 25
Posts: 5,587
|
If this is not a hoax, it is worrying news... BUT the story is very vague, referring to unidentified 'secury experts' that had obviously contacted BBC News Online directly before publishing any details of their findings in security-related bulletins... and BBC's comment sounds odd and uninformed to say the least:"It's definitely an accident from Morpheus' side, probably a worm. This is very dangerous."
If there is anything real to it, we should know in a few days from more reliable sources. - tg |
02-02-02, 10:18 PM | #3 |
Join Date: Mar 2001
Posts: 7
|
Lame
Sorry - started playing around with this a bit. It's not a bug, it's not an exploit - it's just lame. Start a download, then at a dos prompt type "netstat -n" Look for IP address followed by 1214 Take said address a put it in a browser. Bamf - all the shared files. But only the files the person had shared. And yes some people are dumb and share there C drives. Tested it out on whoever this poor person is: http://xxx.xxx.142.63:1214/ <- who is now offline Edit: Trying to helping and not just complain :) http://securityfocus.com/archive/1/211663
__________________
Malk-a-mite =================== Insert clever .sig file here =================== Last edited by Malk-a-mite : 02-02-02 at 10:42 PM. |
02-02-02, 10:21 PM | #4 |
Join Date: Mar 2001
Posts: 7
|
:)
__________________
Malk-a-mite =================== Insert clever .sig file here =================== |
03-02-02, 12:13 AM | #5 |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Malk-a-mite
Well from that first file there he is apparently a KaZaA user. I tried several times to explain to people what those "blank" downloads were (No UserName showing in uploads, just files being uploaded.) As Malk-a-mite pointed out, All you can access is whatever is being shared! If you are sharing your "C:\Drive" or The entire contents of "My Documents" then maybe you are at some risk. If you have everything set up correctly (as in only sharing files and folders that you WANT to share) you are at no more risk with Morpheus then with any other filesharing program. If you want to see how many people on your particular node are at risk, try searching for *.pwl and see how many are actually sharing their Windows directory... |
03-02-02, 12:54 AM | #6 |
Join Date: May 2001
Location: New England
Posts: 10,023
|
thanks for the posts buzz, tg & malk. as malks' screen print illustrates, that IP trick only pulls up what morpheus users are sharing in the first place – but it sure is a lot more complicated than just letting morpheus do it!
the netstat -n exploit has been around since april and it doesn't give you anything off a drive morpheus user's aren't already allowing you to have. you're basically looking at how morpheus works - it's a IE based app. to work this hack your target has to be on morpheus and transferring in order for you to scan his drive but you can do that normally by checking “find more from user”! if that's what this is then the bbc has been snookered - probably by a pro-winmx group at that haha! the article does darkly suggest they're getting user names a different way. so maybe they're doing “resume.dat” searches, but it also suggests they're going deeper into peoples' hard drives than the IP paste in IE ever went. it certainly sounds bad alright... well it's late but here's my guess: people who are trying to cause a bit of trouble towards morpheus (could be anyone – giFT – winmx – riaa - ignorant “experts”? well meaning dopes - who knows…) are re-posting the old IP trick and if so then so what, it's nothing new. to make it sound new (and scary), they're doing a "resume.dat" scan to view ALL the current users on a supernode (well, 100 anyway or whatever your search limit is - it can be a bit higher). it sounds evil but again so what, that's what the program is supposed to do; query all users connected to a node. finally, they're confusing a common user mistake; sharing the entire contents of a hard drive, with some sort of Morpheus vulnerability. people have been inadvertently putting their whole hard drives on Morpheus since the beginning, but that's a user mistake made on all file-sharing clients (that allow you to share everything). it's never been unique to Morpheus. new users scream about it of course on xolox, blubster, gnucleus, bearshare and the rest. so if this is the case then the alert is about nothing more than the old spooky hack that's been around since april '01 and was – and is – totally benign. it's a fun and harmless “shortcut”. sure, it takes longer to do than what the client will do anyway, but it uses IE & Morpheus, instead of IE-based morpheus alone, and if that makes it kind of cool, it doesn't also make it bad. - js. |
03-02-02, 01:29 AM | #7 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Quote:
Couldn't find any of those credit card numbers those "experts" found though. |
|
03-02-02, 02:25 AM | #8 |
'
Join Date: Jan 2002
Posts: 209
|
.
Last edited by Mowzer : 23-06-02 at 07:38 PM. |
03-02-02, 02:27 AM | #9 |
B2B Protagonist ... Life is ... Bubble to Bubble ... Beer to Beer ... love a VLAIBB (Very Lonesome Artificial Intelligence Brained Bubble) @ http://www.geocities.com/vlaibb vlaibb@yahoo.com
Join Date: Jan 2002
Posts: 206
|
hi
it often happens, that if i tried to download a file, it at once says "More sources needed". my theory is, that anything ever imported to "My Media" has its records in the .dbb files. - even if you remove it, the records stay. i just want to know, if all things in the .dbb files still show up in the search results. if so then it is for sure a security hazard for users, who ever used the "Import Bastard" or the "Select All" function and corrected it afterwards to share all files, but do not know about the dbb files. (because even many filenames contain the real names of the users, or the urls they surfed) do you have an idea, how to find out about the search results or have a sure proof, my theory is simply nonsense. indy
__________________
VLAIBB - The Ultimate Gateway to P2P Sites File: surprise.mp3 Length:5845871Bytes UUHash:=1LDYkHDl65OprVz37xN1VSo9b00= Copy the lines above and use 'Paste from Clipboard' function of sig2dat 3.11.a (supports quicklinks) to create a startfile for your FastTrack p2p client for safe download |
03-02-02, 06:18 AM | #10 |
'
Join Date: Jan 2002
Posts: 209
|
.
Last edited by Mowzer : 23-06-02 at 07:39 PM. |
03-02-02, 07:11 AM | #11 |
Join Date: Mar 2000
Posts: 2,160
|
Another thing about open kazaa connections. If anyone has ever used Copernic as your search engine tool, if you were to do an mp3 search, one of the bots would come up is a bot that searches for kazaa users. Once the search was completed and you found songs available, all you had to do was click on the link which provided the IP number and port 1214 and start downloading via the web browser. I believe this has changed as of late because Copernic searches these days do not search thru the kazaa bot. Must have been updated or something.
|
03-02-02, 07:28 AM | #12 |
B2B Protagonist ... Life is ... Bubble to Bubble ... Beer to Beer ... love a VLAIBB (Very Lonesome Artificial Intelligence Brained Bubble) @ http://www.geocities.com/vlaibb vlaibb@yahoo.com
Join Date: Jan 2002
Posts: 206
|
thanks for the link,
but is this really a security problem? okay a hacker could use all my bandwidth but he doesn't get private data form me. I think the most security risks come from those easy to use "click click" features, like i.e. automatically importing some things - which simply make people stop thinking about what they are really doing. I mean, if one had ripped or downloaded 100 mp3's and morpheus says that he shares 10000 (as users who share their whole computer usually do) then he should think a bit, that there must be something wrong. i think the ratio of people sharing files (500000) to people reading forums or helps (500) is 1000:1 and this is the biggest security problem of this system - using something, but being not informed or do not know how to get informed. with this i dont want to imply that people are stupid - it's just that computer and internet is getting to be used like phone or tv or car - and i dont care much about how my car works - as long as it works. but it seems as if it's not quite such simple. indy
__________________
VLAIBB - The Ultimate Gateway to P2P Sites File: surprise.mp3 Length:5845871Bytes UUHash:=1LDYkHDl65OprVz37xN1VSo9b00= Copy the lines above and use 'Paste from Clipboard' function of sig2dat 3.11.a (supports quicklinks) to create a startfile for your FastTrack p2p client for safe download |
03-02-02, 08:52 AM | #13 | |
Join Date: May 2001
Location: New England
Posts: 10,023
|
Quote:
- js. |
|
03-02-02, 04:40 PM | #14 | |
Who's really in control here? Help me...
Join Date: Jan 2002
Posts: 222
|
Quote:
This whole security issue isn't really too new to me. My firewall constantly tells me that users try to access port 1214 when Morpheus is turned off. That's another thing, a lot of broadband users on Morpheus don't use firewalls. Either they are naive or they just don't care. Until there is a hole in Morpheus that let's people acces my whole hard drive and not just Morpheus's "my shared folder" then I will be worried (my firewall stops them anyhow). Although, if that does happen then it would be no different from hackers trying to gain access to my computer. A good firewall will put a stop to that. Just make sure to keep it up to date. Last edited by JohnDoe345 : 03-02-02 at 05:01 PM. |
|
03-02-02, 07:10 PM | #15 |
'
Join Date: Jan 2002
Posts: 209
|
*
Last edited by Mowzer : 23-06-02 at 07:37 PM. |
04-02-02, 07:03 AM | #16 | ||
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Re: Morpheus Users - Sharing More Than They Think?
Quote:
Quote:
|
||
04-02-02, 10:20 AM | #17 |
Join Date: May 2001
Location: New England
Posts: 10,023
|
Well as the hours pass unfortunately it looks more and more like this is the real thing. Sources at the BBC tell me that they've done their own research and the hack is real, it's different from the old one, it works, and they deliberately withheld salient details in the article to protect their sources and perhaps to keep new hackers from exploiting it -
"Jack, ... as you can understand, we could not give out specific details of the hole in Morpheus. This security hole is different to the bug you mentioned, which relies on a specific computer port. This one involves the use of [a] simple computer command which has now appeared on several websites. Let me know if you need further details" So...I've asked for further information - I'd like to find those sites! (anyone?) - We might want to step up the effort on this. - js. |
04-02-02, 01:08 PM | #18 |
Join Date: May 2001
Location: New England
Posts: 10,023
|
i just received the hack details momments ago and tested it.
1. it's real. 2. it pulls up the entire drive. 3. it's different from the netstat -n 1214 IE hack. 4. it's dangerous. 5. it's easy. at this point i'm suspending file sharing with this app and recomending all users do the same. more later. - js. |
04-02-02, 03:40 PM | #19 |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Well then I guess I will quit trying to get it to work. I lost my XP setup last week and have been straightening out the 98 setup I messed up in the process...
Right now Morpheus won't run without crashing so after what you said, until we find out more on this I will leave it that way for now! |
04-02-02, 03:54 PM | #20 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
RE: It's real
Quote:
In either case they couldn't get to much on mine because my download directory is not on my sytem drive but is instead on a drive that contains nothing but MP3's... And I have Morpheus installed on a seperate partition that was formerly my XP sytem drive but now has little more then Morpheus on it... Pretty slim pickings! Any ideas on this?? |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|