Security Hole in Morpheus

Posted by CmdrTaco on Saturday February 2, 2002 @03:25PM from the your-hard-drive-is-an-open-book dept.

Saint Aardvark writes: "The BBC reports that they've been contacted by a group claiming to be able to copy any file off some Morpheus user's hard drives. Apparently a bug allows for a great deal more file-sharing for some users of the software than intended ..." Man this thing got submitted a lot. I've never actually seen Morpheus, but apparently a lot of readers have! There really isn't a lot of information except that if you're running Morpheus, you might as well consider your hard drive world readable ;)

2 of 264 comments (clear)

Min score:

Reason:

Sort:

Re:here is how to do it by rodbegbie · 2002-02-02 15:42 · Score: 4, Redundant

That page doesn't describe the hack -- You can only access files the user has chosen to make available with it.

rOD.

--
Rod Begbie done this, and he's not
Re:Not A Hack by Anonymous Coward · 2002-02-02 15:57 · Score: 4, Redundant

"i think that someone creative should write a really short perl script to scan IP netblocks on port 1214, connect to HTTP and list the shared files, then create an index. "

They did. It's called Morpheus. But it's not quite as crude.