Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Hole in Morpheus

Posted by CmdrTaco on from the your-hard-drive-is-an-open-book dept.

Saint Aardvark writes: "The BBC reports that they've been contacted by a group claiming to be able to copy any file off some Morpheus user's hard drives. Apparently a bug allows for a great deal more file-sharing for some users of the software than intended ..." Man this thing got submitted a lot. I've never actually seen Morpheus, but apparently a lot of readers have! There really isn't a lot of information except that if you're running Morpheus, you might as well consider your hard drive world readable ;)

4 of 264 comments (clear)

  1. upside is by NeMon'ess · · Score: 2, Redundant
    Now troubleshooting any computer with Morpheus over the phone just became much easier.

  2. Re:here is how to do it by rodbegbie · · Score: 4, Redundant

    That page doesn't describe the hack -- You can only access files the user has chosen to make available with it.

    rOD.

    --
    Rod Begbie done this, and he's not
  3. This is not a big deal! by FreakyGeeky · · Score: 1, Redundant

    This so-called hole only allows access to the folder of files the Morpheus user specifically designated for sharing.

    If they're not sharing their "My Documents" folder, hackers can't download the files contained in that folder.

    The same goes for a user's Quake 3 directory, Half-Life folder, SAM database, wifey porno pics, etc. If the folders containing these files are not shared through Morpheus, THIS HACK WILL NOT ALLOW ACCESS TO THESE FILES.

    Try it on your own machine and you'll see what I mean.

  4. Re:Not A Hack by Anonymous Coward · · Score: 4, Redundant

    "i think that someone creative should write a really short perl script to scan IP netblocks on port 1214, connect to HTTP and list the shared files, then create an index. "

    They did. It's called Morpheus. But it's not quite as crude.