-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And from what I know of the problem, the Nullsoft guys already fixed this bug in Winamp v2.81+. The part of this thing that's so funny that people are eating up is the fact that they were NOT hired by the RIAA to do it. You can see at the bottom of the original statement, that they even say they're joking, but the exploit is real, and had nothing to do with the RIAA. RIAA even said they have nothing to do with it. I wished I had saved the link for the news.com story, but it's there if you look for it. - -- Thanks, Shon Elliott Systems Engineer; OptiGate Networks, Inc. blitz wrote: | | From ISN: | | | | |> http://www.theregister.co.uk/content/6/28842.html |> |> By Andrew Orlowski in San Francisco |> Posted: 14/01/2003 |> |> The RIAA is preparing to infect MP3 files in order to audit and |> eventually disable file swapping, according to a startling claim by |> hacker group Gobbles. In a posting to the Bugtraq mailing list, |> Gobbles himself claims to have offered his code to the RIAA, creating |> a monitoring "hydra". |> |> "Several months ago, GOBBLES Security was recruited by the RIAA |> (riaa.org) to invent, create, and finally deploy the future of |> antipiracy tools. We focused on creating virii/worm hybrids to infect |> and spread over p2p nets," writes Gobbles. |> |> "Until we became RIAA contracters [sic], the best they could do was to |> passively monitor traffic. Our contributions to the RIAA have given |> them the power to actively control the majority of hosts using these |> networks." |> |> Gobbles claims that when a peer to peer host is infected, it catalogs |> media and sends the information "back to the RIAA headquarters |> (through specifically crafter requests over the p2p networks) where it |> is added to their records", and also propagates the exploit to other |> nodes. |> |> "Our software worked better than even we hoped, and current reports |> indicate that nearly 95% of all p2p-participating hosts are now |> infected with the software that we developed for the RIAA." |> |> The "hydra" is uncorroborated. |> |> Gobbles attached two pieces of code, one of which jinglebellz.c |> details a frame header exploit for the Linux player mpg123. The code |> chastises OpenBSD lead Theo de Raadt for failing to checksum the |> public MP3s (written to celebrate each OpenBSD release). The group has |> singled out OpenBSD in its previous exploits |> |> In their presentation to last year's DefCon, the group described |> itself as "the largest active nonprofit security group in existence |> (that favors full disclosure)," consisting of 17+ members. |> |> "They're real, and they're damn good. They have made what appeared to |> be extremely exaggerated claims in the past, and when mocked, they |> have demonstrated that they are serious," one security expert familiar |> with their work, who declined to be named, told The Register. |> |> "He's a funny guy," De Raadt told us. "This is a buffer overflow |> exploit," he confirmed. De Raadt said he was more concerned by social |> engineering than by external exploits. "We had Fluffy Bunny, now we |> have Gobbles. They come in waves. " |> |> An exploit of this nature is of dubious legality, right now, but |> language in Howard Berman's "P2P Piracy Prevention" bill last year |> legitimizing such exploits was backed by RIAA chief Hilary Rosen:- |> |> The Berman bill, ensured a copyright owner would not be liable for |> "disabling, interfering with, blocking, diverting, or otherwise |> impairing the unauthorized distribution, display, performance, or |> reproduction of his or her copyrighted work on a publicly accessible |> peer-to-peer file trading network, if such impairment does not, |> without authorization, alter, delete, or otherwise impair the |> integrity of any computer file or data residing on the computer of a |> file trader." Berman is expected to re-introduce the bill in this |> Congressional session. | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQE+JvLOt49dIzGDssARAiZXAKCESxgB20PMuAoAFB9Pf3jxtD3TrQCgkzBW qM9GchP8dtXe0/NDk1U1kIg= =lvzj -----END PGP SIGNATURE-----