P2P-Zone  

Go Back   P2P-Zone > Napsterites News
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Napsterites News News/Events Archives.

Reply
 
Thread Tools Search this Thread Display Modes
Old 31-05-09, 01:06 AM   #1
VWguy
Japanamation junkie
 
VWguy's Avatar
 
Join Date: Apr 2001
Location: U.S.A.
Posts: 2,075
Default Soulseek, serious exploit found

This was also posted in the Peer to Peer News but I thought it was worth a second mention.



Soulseek, created by former Napster programmer Nir Arbe, is a lessor known file-sharing network/application. Although files of any type can be shared, its specialty lies in the diverse independent music to be found within - for electronic music lovers Soulseek an absolute goldmine. But it’s not all good news.

In July 2008, security researcher Laurent Gaffié found a bug in two of the latest versions of the official software - Soulseek 157 NS & 156. The problem was so serious he informed the Soulseek developer on 3rd September 2008. Unfortunately, Laurent heard nothing back so on 14 October 2008 he contacted the developer again. He appears to have been ignored. On 16 May 2009 Laurent tried again to contact the Soulseek team - yet again he had no response so decided to reveal his findings.

More...

http://torrentfreak.com/soulseek-p2p...keover-090530/

http://www.p2p-zone.com/underground/...ad.php?t=24826
__________________

You're only given a little spark of madness. You mustn't lose it. -Robin Williams

Your future in a nutshell.

Last edited by VWguy : 31-05-09 at 11:32 PM.
VWguy is offline   Reply With Quote
Old 31-05-09, 06:54 AM   #2
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default

although it's not clear this makes a non-irc user vulnerable (most ss users hang in irc-style ss chat rooms) it still looks severe. in the meantime soulseek chief (and ex-napster developer) nir - who says he doesn't recall hearing from laurent about this exploit before - has nevertheless taken his advice and placed a character limit on the search string at the server side. this should make the network safe again without having to propagate a patch thru all the clients. nir says he'll continue to monitor.

- js.
JackSpratts is offline   Reply With Quote
Old 31-05-09, 08:13 AM   #3
napho
Dawn's private genie
 
napho's Avatar
 
Join Date: May 2001
Location: the Canadian wasteland
Posts: 4,461
Default

I'm sure all will be well with Soulseek. It's quite a survivor in the day of Bittorrent and Usenet.
napho is offline   Reply With Quote
Old 08-07-09, 07:05 PM   #4
theknife
my name is Ranking Fullstop
 
theknife's Avatar
 
Join Date: Dec 2001
Location: Promontorium Tremendum
Posts: 4,391
Default

don't know where i've been, but i just saw this for the first time...

i love Soulseek...when all else fails
theknife is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - March 7th, '09 JackSpratts Peer to Peer 0 04-03-09 08:55 AM
Peer-To-Peer News - The Week In Review - January 31st, '09 JackSpratts Peer to Peer 0 28-01-09 07:24 AM
Peer-To-Peer News - The Week In Review - January 24th, '09 JackSpratts Peer to Peer 0 21-01-09 09:49 AM
Peer-To-Peer News - The Week In Review - October 18th, '08 JackSpratts Peer to Peer 0 15-10-08 06:43 AM
Peer-To-Peer News - The Week In Review - December 9th, '06 JackSpratts Peer to Peer 5 09-12-06 03:01 PM






All times are GMT -6. The time now is 12:05 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)