Morpheus Hack - P2P-Zone

multi · 11-02-02, 09:15 AM

they were good links there buzz!i liked the post by YAZ(a little quote)"
So, to sum up, the "experts," who were not even sure how they could view files on some machines and not others, were able to view personal files on the computers of a seemingly random assortment of users, most of whom were not very computer-literate. Hopefully, being the astute readers you are, many of you would guess that the personal files in question were unknowingly shared by random users when they were choosing their shared files directories, and you would probably be correct.

So what of this "security exploit?" Most likely it is the same "exploit" that has been posted on the Internet for a while now. The behavior in question is due to the fact that Morpheus, Grokster, and KaZaA accept HTTP connections on port 1214. By connecting to users through port 1214, you can see a listing of their shared files. Note that only files chosen to be shared and otherwise available for download will be shown; no access is granted to the entire partition or drive.

I'm very disappointed by this unprofessional article from the BBC and will maintain my skepticism until a specific security hole is revealed. I'll stop short of any conspiracy theories involving the RIAA scaring people into abandoning peer-to-peer applications, but an anonymous source combined with the statement "This is very dangerous" should at least raise a few eyebrows.

[This message was edited by Yaz on February 03, 2002 at 02:20.]

and i agree with assorted about some corporate brainwash (FUD?)
someone posted this at gamers witch i thought was a good bit of piss-take:
A security hole has been discovered in one of the world's most popular file-swapping programs which allows anyone to gain private information about its millions of users.
Go on...

Security experts have found a way to gain access to the computer hard drives of users of Morpheus, which has taken over from Napster as the leading internet song-swapping service.
Oh really?

It means that the personal details, such as bank account numbers and internet cookies, of up to two million people are exposed to prying eyes.
Depending

Using the Morpheus file-sharing program, people can swap music, videos or movies with other users of the software.
Umm... So whats this have to do with the security hole?

Users 'vulnerable'
Security experts have been investigating this problem since coming across it on Friday.
...

Using the Morpheus program, they found a way of getting a random list of people using the service.
Called scanning a range of IP's to see if 1214 is open.

They could then obtain details of the content of a user's hard drive and make copies of any file.
Only the files which are shared, although some people are stupid and share their entire HD

"We're not sure what it is that makes some Morpheus members vulnerable to this," said one, who asked to remain anonymous.
Vulnerable my ass

"Potentially this could make every user's computer available to anyone who wants to have a look at it.
Define computer in this. Only those files SHARED can be seen

"All we know is that there's a major gap that's allowing certain users to become vulnerable."
How many times you gonna say that?

The group contacted BBC News Online out of concern about the privacy implications of the security hole.
ok....

"It's definitely an accident from Morpheus' side, probably a worm. This is very dangerous."
You're definately an idiot.

Napster was shut down by an American court last July for breaching music copyright.
Where the hell did that statement come from?

Morpheus is at present legal because there is no server storing the digital files.
No shit, but still off topic

Music fans swapping MP3 files are put in direct contact with each other.
what the fuck do you think p2p is?

The Recording Industry Association of America, which spearheaded the fight against Napster, is reportedly looking at ways it can tackle these new methods of file-sharing.
Of course, the fucking greedy bastards

Click here to go to the original BBC article.
Update: They have obviously noticed how stupid they are. Link goes to a blank page..

Remember kiddies, just because your an idiot doesnt mean you're getting "hacked"

sorry to those that have allready read that^
~multi~

11-02-02, 09:15 AM	#19
multi Thanks for being with arse Join Date: Jan 2002 Location: The other side of the world Posts: 10,343	they were good links there buzz!i liked the post by YAZ(a little quote)" So, to sum up, the "experts," who were not even sure how they could view files on some machines and not others, were able to view personal files on the computers of a seemingly random assortment of users, most of whom were not very computer-literate. Hopefully, being the astute readers you are, many of you would guess that the personal files in question were unknowingly shared by random users when they were choosing their shared files directories, and you would probably be correct. So what of this "security exploit?" Most likely it is the same "exploit" that has been posted on the Internet for a while now. The behavior in question is due to the fact that Morpheus, Grokster, and KaZaA accept HTTP connections on port 1214. By connecting to users through port 1214, you can see a listing of their shared files. Note that only files chosen to be shared and otherwise available for download will be shown; no access is granted to the entire partition or drive. I'm very disappointed by this unprofessional article from the BBC and will maintain my skepticism until a specific security hole is revealed. I'll stop short of any conspiracy theories involving the RIAA scaring people into abandoning peer-to-peer applications, but an anonymous source combined with the statement "This is very dangerous" should at least raise a few eyebrows. [This message was edited by Yaz on February 03, 2002 at 02:20.] and i agree with assorted about some corporate brainwash (FUD?) someone posted this at gamers witch i thought was a good bit of piss-take: A security hole has been discovered in one of the world's most popular file-swapping programs which allows anyone to gain private information about its millions of users. Go on... Security experts have found a way to gain access to the computer hard drives of users of Morpheus, which has taken over from Napster as the leading internet song-swapping service. Oh really? It means that the personal details, such as bank account numbers and internet cookies, of up to two million people are exposed to prying eyes. Depending Using the Morpheus file-sharing program, people can swap music, videos or movies with other users of the software. Umm... So whats this have to do with the security hole? Users 'vulnerable' Security experts have been investigating this problem since coming across it on Friday. ... Using the Morpheus program, they found a way of getting a random list of people using the service. Called scanning a range of IP's to see if 1214 is open. They could then obtain details of the content of a user's hard drive and make copies of any file. Only the files which are shared, although some people are stupid and share their entire HD "We're not sure what it is that makes some Morpheus members vulnerable to this," said one, who asked to remain anonymous. Vulnerable my ass "Potentially this could make every user's computer available to anyone who wants to have a look at it. Define computer in this. Only those files SHARED can be seen "All we know is that there's a major gap that's allowing certain users to become vulnerable." How many times you gonna say that? The group contacted BBC News Online out of concern about the privacy implications of the security hole. ok.... "It's definitely an accident from Morpheus' side, probably a worm. This is very dangerous." You're definately an idiot. Napster was shut down by an American court last July for breaching music copyright. Where the hell did that statement come from? Morpheus is at present legal because there is no server storing the digital files. No shit, but still off topic Music fans swapping MP3 files are put in direct contact with each other. what the fuck do you think p2p is? The Recording Industry Association of America, which spearheaded the fight against Napster, is reportedly looking at ways it can tackle these new methods of file-sharing. Of course, the fucking greedy bastards Click here to go to the original BBC article. Update: They have obviously noticed how stupid they are. Link goes to a blank page.. Remember kiddies, just because your an idiot doesnt mean you're getting "hacked" sorry to those that have allready read that^ ~multi~ __________________ i beat the internet - the end boss is hard Secret Temple of It

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode