Privacy of MP3 fans at risk
February 4, 2002 10:34 AM Subscribe
Privacy of MP3 fans at risk A new security hole has been discovered in one of the world's most popular file-swapping programs Morpheus which could allow anyone to gain private information about its millions of users.
apparently old hole, new news. (and same problem exists with KaZaa and other similarly coded programs)
Basically, instead of accessing the shared Morpheus folders via the Morpheus server, you can just go in via HTTP and port 80 and browse/grab whatever files you want. It seems that Morpheus brings its own InetServer process and runs that along with its own stuff.
And Norton/ZoneAlarm don't necessarily monitor port 80, so you also bypass any firewall protection that the Morpheus server is running on.
There's more to it, but that's the gist.
posted by aaaaa at 10:49 AM on February 4, 2002
Basically, instead of accessing the shared Morpheus folders via the Morpheus server, you can just go in via HTTP and port 80 and browse/grab whatever files you want. It seems that Morpheus brings its own InetServer process and runs that along with its own stuff.
And Norton/ZoneAlarm don't necessarily monitor port 80, so you also bypass any firewall protection that the Morpheus server is running on.
There's more to it, but that's the gist.
posted by aaaaa at 10:49 AM on February 4, 2002
Thank God Windows crashes so much. If it didn't, I might actually think of keeping something valuable on my computer. If anyone wants a buttload of poorly-written college papers, have at it.
posted by ttrendel at 11:04 AM on February 4, 2002
posted by ttrendel at 11:04 AM on February 4, 2002
i think it's also the fact that some users mistakenly allow the sharing of their entire hard drives. afaik it's not a bug or exploit (article is v. vague) but users not configuring properly (?). check the thread at slashdot for more conjecture.
posted by mokey at 11:28 AM on February 4, 2002
posted by mokey at 11:28 AM on February 4, 2002
Anything that is so private that i wouldn't want anyone else there to see it, I wouldn't even put it on my computer. If someome REALLY wants to break into my computer, more power to them. But, they won't find a single useful thing except lots of music and college schit.
posted by jmd82 at 1:18 PM on February 4, 2002
posted by jmd82 at 1:18 PM on February 4, 2002
Anything that is so private that i wouldn't want anyone else there to see it, I wouldn't even put it on my computer. If someome REALLY wants to break into my computer, more power to them. But, they won't find a single useful thing except lots of music and college schit.
posted by jmd82 at 1:18 PM on February 4, 2002
posted by jmd82 at 1:18 PM on February 4, 2002
Oh, hello, what's this? encryption? Encrypt all the files I don't want people to get at. What a novel idea!
posted by fuq at 2:14 PM on February 4, 2002
posted by fuq at 2:14 PM on February 4, 2002
A few things. It is apparantly port 1214, not port 80. However, if you've allowed net access to that port (to get Morpheus or Kazaa to work) with ZoneAlarm or any firewall, it opens that personal web server to the world.
Second, it is only sharing the files and folders you set it to share. Unfortunately for many people, they have shared their entire hard drive. If you don't think people are that stupid, do a search for some common file that lives in the \windows directory. Most of the hits are people that have way too much of their computer shared via this system.
Gnutella works very similarly, a searching mechanism built on top of a web server. Depending on the client a person is running, you may also be able to connect directly to the web server with a browser and look at files on their hard drive.
This is also an example of very poor reporting. The article originally mentioned that this could be the work of a 'worm'. That has since been removed. A look at the /. comments contains the original quote.
posted by mutagen at 2:23 PM on February 4, 2002
Second, it is only sharing the files and folders you set it to share. Unfortunately for many people, they have shared their entire hard drive. If you don't think people are that stupid, do a search for some common file that lives in the \windows directory. Most of the hits are people that have way too much of their computer shared via this system.
Gnutella works very similarly, a searching mechanism built on top of a web server. Depending on the client a person is running, you may also be able to connect directly to the web server with a browser and look at files on their hard drive.
This is also an example of very poor reporting. The article originally mentioned that this could be the work of a 'worm'. That has since been removed. A look at the /. comments contains the original quote.
posted by mutagen at 2:23 PM on February 4, 2002
« Older The ultimate nightmare? | Nike Air Jordan XVII priced at 200.00. Newer »
This thread has been archived and is closed to new comments
posted by zeoslap at 10:45 AM on February 4, 2002