Slashdot Mirror
Has the RIAA Wormed 95% of P2P Networks?
DancingSword was one of many to submit links to a strange story about
the RIAA hacking back by sending a worm through the major peer-to-peer networks, supposedly with a 95% infestation rate. Hoax or not?
95% of networks is not 95% of files.
With the track record lately, I'd wager hoax.
Join 'em! I mean, if the RIAA does an illegal act to counter an illegal (only if copyright material) act, then its justified, right? First?
No mention of whether this affectes Windows clients/hosts or not. Any idea?
I wonder, If the RIAA sends a worm through P2P networks and shut's the networks down, can the RIAA representatives be charged with hacking?. Besides, not all files on P2P networks are illegal.
For some reason I think we may find out this is a hoax. Just guessing.
RIAA trying to scare us again?
I really doubt 95% of all P2Pers are running the same OS. In fact, given the mindset of Linux users in general, I would expect their representation among IP "sharers" would be much higher than the regular population. So that makes about 25-50% of targets unimpeachable, due to quality Open Source bug-finding.
In short, hoax.
Anyone who owns a dog knows that "to worm" means to _get rid_ of worms, not to infect with them.
hyacinthus.
why all my porn has been changed to Hillary Rosen with a strap-on.
It has become self-conscious last thursday, sends mails to every email address it can find and claims to be "big@boss.com".
Well a worm is a form of a virus, and it is a crime to create one... One would presume that the RIIA would not be stupid enough to try and play a vigilante.
.: Max Romantschuk
What the RIAA think about Gobbles telling everyone about this.
I mean normally they want everyone to know about their "anti-piracy" efforts - but when they're this dubious legally, do they really want it out in the open?
http://online.securityfocus.com/archive/1/30647
The actual exploit was posted on buqtraaq yesterday. You can find it here. That link has the original post from the group explaining what the exploit is, how the RIAA is supposedly involved, and it has the exploit as an attachment. Check it out and decide for yourself if it's a hoax.
This is the original posting.
Reading the posting, it seems unlikely.
SCO, Microsoft, P2P, what's your hot button?
This article may have more info that the one linked in the article.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
Hey, I found a copy of the worm's code:
;p
:]
RIAA - 0wn3d by....
oooh riaa want's to hack Filesharing Users / Servers ? - better lern to secure your own server...
Sorry Admin - had to deactivate ur accounts - they'll be reactivated after 2 hours
greetz : Rage_X, BRAiNBUG, SyzL0rd, BSJ, PsychoD + all the others who want to stay anonymous
wanna contact ? mailto:h4x0r0815@mail.ru
Oh, wait, that was the RIAA's web page. Never mind!
Maybe we can begin a list of all people in those 5%.
:
It reminds me of a old coldwar joke
In soviet russia, 98% of the population was satisfied with the current regime. But no matter who you speak to, you always encounter people in the other 2%
#include "coucou.h"
You don't want to believe anything GOBBLES says. He's the biggest wind-up merchant in the security community.
I hate to go off topic, but:
Gobbles have got a history of releasing some pretty scary exploits (remember the apache chunking vuln ?) but this time the actual message was a release of a straightforward buffer overflow in mpg123. I suspect that the stuff about the RIAA was added to make this release more interesting - and scare the whitehats a bit more.
Having said that, I have to admit that this and several other recent bl4qh47 posts on full-discolsure have genuinely made me feel very nervous. Especially the "sourceforge is our bitch" posts....
I'd certainly feel better if someone who knows, publicly debunked these as myths. Until then I'm wearing reinforced pants.
The Regested was probably told that it was the "equivilent" to 95% infected, so its probably somewhere around 24% inreality ;-)
Reminds me of that "156 CD burners are really 421 burners since they're really fast!" argument they tried to pass off some time ago.
----- Wtcher Dragon, UDIC
Where does this leave the RIAA legally? The bill mentioned in the article that would allow the RIAA and other copyright holders to crack computers to prevent piracy is not law yet. Does that mean that this would be regarded as just another worm with the authors being thrown in jail (like the authors of Love Bug and others)?
I've got at least 7 mp3 downloads running right now and none of them appear to be infe($!$%. .AF0ERIAA.`/2#..-
[MOD: This is a troll, yes, but i can't resist.]
Gobbles is a f*** idiot. He thinks he has a great sense of humour and he also thinkg he's smarter than he really is. From his previous e-mails etc. I could say he is 13 years old.
He has no sense of honour or respect to other people, he doesn't care about anything. All his "advisories" are only meant to insult people and cause havoc. He doesn't care that what he sais hurts people on many levels. He doesn't warn projects, etc. He's just out there for his own personal fame and satisfaction. He probably is a miserable person.
Now I have said it. There are still people who think he's funny. I don't agree. He is psycotic.
Keeping in mind the number of times their website has been hacked I seriously doubt they have the technical ability to do this. Also keep in mind that no corporation is going to essentially admit liable without some impending legal action as a catalyst.
Fluffy Bunny is a bad mofo and Theo knows it.
biatch.
I sincerely doubt that this is true for a number of reasons. First of all, if they were hired to write the software for RIAA, don't you thing secrecy would both, be part of the agreement, and be completely necessary?
In addition, I find it had to believe that all the antivirus companies are sitting on their collective asses, and completely missed an infection that is supposedly on 95% of computers that participate in P2P.
Further, if anyone was to do something such as this, they would most certainly get in serious trouble for, what is essentially a widespread, illegial, interstate, wiretap.
In addition, I'd just like to say that there is no reason to put much faith in Gobles... As Theo said, he's more or less the next ``fluffy bunny". If anyone can be said to have a severe ego problem, it is him...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Man, I sure am glad I use the newsgroups for music rather than P2P apps... I seem to get better quality files as well.
-- Windows security? Sure, which ONE would you like? -me
I doubt you could get 95% of people on the Internet to agree on anything, much less taste in music, and even if this worm/virus infected every MP3 on a computer, 95% infestation seems really, really unlikely.
On the other hand, this (worming P2P clients) has been talked about a lot in the past--and there are already viruses spreading via P2P, though the community seems to detect them pretty quickly--so I wouldn't put it past the RIAA to do something like this. Much less this Gobbles character; he's pretty infamous on the Bugtraq mailing list for trying to make fun of / piss off as many people as he can. (Incidentally, Gobbles is also known for overstatement, and as he was the one who stated the 95% figure in the article . . . well, you decide.) And it would of course be trivial to "phone home" to the RIAA with information about shared files on the computer.
So while I could believe the existence of the worm, I seriously doubt the 95% infestation figure.
this is froma discussion a friend at I had..
/home/fred/jail ./mpg123 pos.mpg
...
, 2877) = 2877
<snip>
I'm not kidding, yes this is serious and no don't take the piss
See URI below
fred:/home/users/jail# chroot
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59s-mh4 (2000/Oct/27). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Playing MPEG stream from pos.mpg
rm -rf ~ in 5 seconds.. CTRL-c to abort
;pPpPpPpPpPfred:/home/fred/jail#
Here's what it runs:
gettimeofday({1042546623, 823644}, NULL) = 0
read(3, "\377\345\352\0", 4) = 4
read(3, "\370\226\377\277AAAAAAAAAAAAAAAAAAAAAAAAAAAA"...
read(3, "\232\377\277\264", 4) = 4
read(3, "\232", 1) = 1
read(3, "\377", 1) = 1
read(3, "\277", 1) = 1
read(3, "", 1) = 0
write(2, "rm -rf ~ in 5 seconds.. CTRL-c t"..., 41rm -rf ~ in 5 seconds..
CTRL-c
to abort
;) = 41
write(2, "pP", 2pP) = 2
nanosleep({1, 0}, NULL) = 0
write(2, "pP", 2pP) = 2
nanosleep({1, 0}, NULL) = 0
write(2, "pP", 2pP) = 2
nanosleep({1, 0}, 0) = -1 EINTR (Interrupted system
call)
--- SIGWINCH (Window changed) ---
write(2, "pP", 2pP) = 2
nanosleep({1, 0}, 0) = -1 EINTR (Interrupted system
call)
--- SIGWINCH (Window changed) ---
write(2, "pP", 2pP) = 2
nanosleep({1, 0}, 0) = -1 EINTR (Interrupted system
call)
--- SIGWINCH (Window changed) ---
execve("/bin/sh", ["/bin/sh", "-c", "rm -rf ~"], [/* 0 vars */]) = -1
ENOENT (No
such file or directory)
_exit(0) = ?
IT WILL delete you home dir
and this using mpg123-.59s ish
Apparently mpg123 xmms xine and mplayer are all sploited.. along with
winamp and wmp7..
http://online.securityfocus.com/archive/ 1/306476
I would seriously look at this exploit and then NOT play any more mp3
files until it has been suitable patched
the bug lies in a buffer overrun to strcpy
If this Gobbles virus/worm is real, it should be easy enough to find. What's more, it should be easy enough to write a counter exploit that hunts down and removes the Gobbles virus/worm. Perhaps, the counter exploit could even propogate in the same way as Gobbles --a bit like an innoculation. I don't know how to do it, and I can't google-out a link to such an effort; does one exist?
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
"The Berman bill, ensured a copyright owner would not be liable for "disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader."
So, basically the RIAA/MPAA is immune to certain portions of the DMCA that's supposed to be there partially to help them. Too bad irony is dead.
Well, for one thing, I say there's a 95% chance of a hoax. I mean, let's face it, if the RIAA actually DID something to thwart real piracy, they'd be neutering their own efforts to gain absolute control over the distribution medium. No piracy = no justification to keep marauding for DRM and other technologies that would effectively provide them with absolute control over who uses their content, when they use it, and for how long they use it. That's a MUCH nicer looking bottom line to the RIAA than actually stopping pirates.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
So lets assume they are monitoring 95% of P2P clients (hosts, or whatever). What are they going to do whith the data they collect from that monitoring? Are they going to send everyone a bill? Put them all in jail? Wipe their hard drive? I don't like being watched but so what.
Forget the RIAA bashing, the Gobbles guys know what they do. That said, this is very un-gobbles from what I've seen from them in the past. Not the technology, but the comments in the source, for example. Then again, they're supposedly a large group.
From the little info that is available, I'd give them a 50-50 chance that it's true. That would be interesting.
Assorted stuff I do sometimes: Lemuria.org
"1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet."
Or: 'HEY MA - Look how cool I am'
Sounds like crud
Gobbles Security has posted crap like this before to security sites and this is in keeping with their other posts.0 security &sourceid=mozilla-search&start=0&start=0&ie=utf-8& oe=utf-8")
;PpPppPpPpPPPpP
t AA oJEBzRp5chmbAP4gwAJ sFFhywKWzMoiT/Qiy4FV +r1inukA==
v d+ GYydWzUQCgjq3Ofe2n
- ----END PGP SIGNATURE-----
(http://www.google.com/search?q=gobbles%2
It seems to be an obvious prank.
See below for text of latest post.
[snip for lameness filter]
"Putting the honey in honeynet since '98."
Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org) to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively monitor traffic. Our contributions to the RIAA have given them the power to actively control the majority of hosts using these networks.
We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could spread malicious media through the p2p networks, and gain access to the host when the media was viewed.
During our research, we auditted and developed our hydra for the following media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)
After developing robust exploits for each, we presented this first part of our research to the RIAA. They were pleased, and approved us to continue to phase two of the project -- development of the mechanism by which the infection will spread.
It took us about a month to develop the complex hydra, and another month to bring it up to the standards of excellence that the RIAA demanded of us. In the end, we submitted them what is perhaps the most sophisticated tool for compromising millions of computers in moments.
Our system works by first infecting a single host. It then fingerprints a connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would be. Then, the proper search results are sent back to the "victim" (not the hard-working artists who p2p technology rapes, and the RIAA protects). The user will then (hopefully) download the infected media file off the RIAA server, and later play it on their own machine.
When the player is exploited, a few things happen. First, all p2p-serving software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.
Our software worked better than even we hoped, and current reports indicate that nearly 95% of all p2p-participating hosts are now infected with the software that we developed for the RIAA.
Things to keep in mind:
1) If you participate in illegal file-sharing networks, your computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively infecting p2p users, and building one giant ddosnet.
Due to our NDA with the RIAA, we are unable to give out any other details concerning the technology that we developed for them, or the details on any of the bugs that are exploited in our hydra.
However, as a demonstration of how this system works, we're providing the academic security community with a single example exploit, for a mpg123 bug that was found independantly of our work for the RIAA, and is not covered under our agreement with the establishment.
Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de
Problem Type:
Local && Remote
Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are.
Exploit Available:
Yes, attached below.
Technical Description of Problem:
Read the source.
Credits:
Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj4jBA0VHGdvYmJsZXNAaHVzaG1haWwuY29
oKmMyRIxA74KZfAVv3MsEBKCZxRMA
=OjMp
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wj8DBQA+IwO0HNGnlyGZsA8RAuusAJ49gGSCJzKlRpn+7b9
WBnlQNf4GeyaFTit5N0=
=RBjc
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
So what they are saying is that it "uninteligently" kills all the files and essentially corrupts the DB.. even if no pirate material is located on the users machine.... Hmm Im not sure but I'd say that was illigal... ooops
I set up a mirror of the latest hack which occured a few days ago. http://homepage.mac.com/coolmacguy/riaahacked.html
-You may license this sig for only $6.99.
http://www.immunitysec.com/GOBBLES/. I'm not yet hosting their latest files, however.
I think RIAA is too keen to kill the networks that are slowly killing themselves. Take gnutella which when you search for a song you will get several different names for the same song, some other song wrongly labled, a few more truncated files and the rest are hosts which have been turned off days ago.
There is no point RIAA attacking now when the networks are a mess. They shoud save their main thrust for when these problems are fixed. In the mean time publisize these problems and that its more hassle than its worth.
Mouse powered Chips, Open source Processors and Lego
but RIAA.gov is an exception, huh?
...then it's an illegal act, period. Unless the Berman Bill is retroactive to a date prior to this supposed worm launch, it occoured before the bill is ever passed, and is illegal no matter what.
This supposed worm disables functions of a computer. Therefore, it is malicious, as is anything that modifies system performance without the user's knowledge and consent.
If this is true (95% infection rate? Doubt it), then we have one heck of a piece of ammo to use against the RIAA, if indeed they contracted this worm. The Price Fixing settlement, in that case, is just the beginning.
Blog Prophyts - Right On, Man
What happens if my mp3s are legit rips? Yay, more wood for the fire.
----- Wtcher Dragon, UDIC
Just a few random thoughts about this.
If this is a virus, as they so professionally put it, then when will the virus update be out so I can clean a system that was infected.
I do not know of many Admin's that would like to have their entire network infected with this *virus* reguardless of the RIAA's wishes. Im thinking more along the lines of K12 & College's; think of the number of problems this could rasie IF any of this is true. Last I heard creating a virus and then claiming owership of it, or braggin like a tool, is enough to get you tossed in the pokey.
Lastly, If I am following this correctly it infects the files, do you think that certain corporations will like the fact that another *corporation* is targeting their formats? Whould this not convince you to switch to another format that isnt targeted? Microsoft WMA comes to mind in this matter.
g
An exploit of this nature is of dubious legality
Dubious? How is there any doubt? Assuming this passes the farmer test (it's not just bullshit in a bag), how can there be doubts it's illegal. At best, it's invasion of privacy. At worst, it's cyber terrorism as defined by the Patriot Act.
The existance of a P2P client doesn't a criminal make, especially since the example given in the article by the l33t hacker is a perfectly legal file: the public MP3s (written to celebrate each OpenBSD release).
It's junk, like the quad-browser yesterday.
The biggest thing to fear is that the RIAA will use this to make up more numbers.
Never confuse volume with power.
The joke to me is that, IMHO (and I'm in the music biz) p2p actually is good for global sales. Disk to disk copying is where they're getting hit - kids go in three ways on a disk (which should cost 1/3).
Physics is like sex: sure, it may give some practical results, but that's not why we do it.
On the other hand do I think huge multi-billion dollar organizations should amount to kiddie style file corrupting/hacking in order to prove their point like whiny babies, no. It goes to show you who the real professionals are, oh yeah and I wouldn't put it past them.
Here is the source code attached to the original posting on Bugtraq. Due to lameness filter you will need to dl it from here.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Currently, systrace is available for OpenBSD and NetBSD, but work is going on to make it available for Linux as well.
So, any program you have that opens untrusted content (xmms, mplayer, mozilla, etc) can be run with systrace, and you can selectively enable certain types of activity all the time... disallow certain activities allways, and be prompted for selective approval or denial of everything else.
Even though I believe this to be a hoax, it's certainly true that it could be done, and something like systrace is needed to guarantee a bug in a program you run can't be used to take over your system.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I am not a Lawyer, but I am quite certain it is legal to create a virus. It is only a crime if you distribute the virus with the intent of infecting unwilling participants. You can still create and distribute viruses to, for example, study them.
With that said, this worm appears to have been distributed with malicious intent, so the perpetrators (and their financial backers) should be prosecuted--assuming it isn't all a hoax.
As an active downloader from WINMX, and an avid user of winamp, I can tell you that, (at least over here) it is a hoax. I download at least 1-20mbs a day, (thanks to a 120gb HD) and that the _WORST_ things I've seen out there are pr0n dialers which are usually a pain in the ass to remove, without spybot. Well, thats my two cents for the day. ;P
man.. first you americans spam iraq now.. RIAA hacks into private networks (which is a crime)... i pray to allah that those "terrorists" will beat the shit out of you and your crap country.. this summer on cnn.. live... and in color...
About Gobbles, that is.
if (WINDOWS)
{
Login("bill", "netscapeisforweenies");
Delete("*.mp3");
}
elseif (NIX)
{
alert("You open source theif!!!!");
}
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
This is a hoax. If you check the PGP signature, you can see that it isnt valid.
http://phreakinb.com
If you're a big enough corporation, two wrongs do make a right.
What is this attack REALLY classified as?
a) Worm - Automatically attacks other systems, taking advantage of security holes to infect
b) Virus - Usually infects executables, requires the user to run it in some form, will try to infect other "transport media" (i.e. other exectuables or in this case other MP3s)
c) Trojan - Comes in an infected package (Executable, exploited MP3, etc.), normally does not spread, it just runs and does damage.
I know these aren't exactly the most accurate descriptions, these days the lines between each are somewhat blurred.
But if it's a) or b), this virus/worm could spread to places where it would be affecting "legit" users who have done nothing legal. So even if that P2P hacking bill passed (has it?), the RIAA would be overstepping their "rights" within the bill the moment the virus spread too far. A trojaned copyrighted MP3 that only infected people trying to play that one MP3 would be a different story.
retrorocket.o not found, launch anyway?
I don't believe this is true because if it is they will have committed a very serious criminal offence in many countries and will be going to prison.
Sig is taking a break!
I'm sure if you are only sending/receiving legal mp3 files you won't run across this worm. And we all know that slashdotters never download illegal files.
Since when is C code junk? I thought this was News for Nerds. *sigh*
Assuming that the RIAA has created a p2p worm wouldn't it be the height of stupidity to announce it's existence? On the one hand they can generate some fear among p2p users and get a slight decrease in trading. On the other hand, if it really exists it is going to be found in very short order. If it's found by the wrong people (to them) then this is going to backfire in very short order. Once the details are known, I don't imagine it would be very hard to inject loads of spurious info into their violator database.
The SecurityFocus posting has lots of bragging about how network security tools won't find their exploit. I beg to differ. They aren't going to dodge tcpdump running on a machine that is a gateway for an infected machine. The way gnutella is supposed to work is known. To a trained eye, their "cleverly crafted" network requests are going to stick out like a sore thumb. In any case, just knowing a thing exists greatly simplifies finding it. We'll know in short order if they're hoaxing or not.
Because there *ARE* legitimate uses for p2p networks. If an organization uses various p2p networks on occasion to excange material related to their research, and the RIAA intentionally plants software on one of their computers that reports any information back to them as to the contents of the machines, that would constitute corporate espionage, as far as I am concerned.
All this is going to do is cause people to start trading mp3 files encased in some other wrapper, like zip, gzip, tar, or possibly even an encrypted format that cannot be snooped, or otherwise buggered with.
Including an mp3 file in a zip with an MD5 checksum might suffice for protecting the trading community from Cyber Terrorism by the RIAA.
Always use a condom, and never file trade with people you don't know.
If my computer, always running current AV software, were to somehow become infected with any sort of hack, virus, or other unauthorized software that I could trace back to the RIAA, I would be suing them faster than you can count to 3.
In fact, I kinda hope it happens just so I can do it.
It must be true, everything on the register is true.
If the RIAA can't find security consultants skilled enough to protect their own site, I'll never believe they found security consultants skilled enough to infect 95% of the computers they target.
I take back what I said--ok, so the RIAA may not have the brightest lightbulbs, but they can outsource.
:Peter
BUT...
Unless I am mistaken (already happened once today), this is just a buffer exploit. By the end of the work day, there should be patches for mpg123, xmms, and any other open source mp3 player affected. Then what is the RIAA going to do? Bang its collective shoe on the table and scream "Kill them! Kill them!"?
What about QuickTime? Or maybe the Apple computers on the P2P network are that missing 5%?
Glad I use OS X....rip, mix, burn, share.
Doesn't seem very likely. As some people have noted, obscurity in this case would better help reach the stated goal. In this case, the goal appears more along the lines of scaring people away from some vague threat.
Besides.. the name says it all.. what they did with the story was indeed "to gobble".
Regards,
Moz.
see a Text Widget
Let me guess, it was a graphical multi-headed worm using vernum encryption. I bet this thing was laying dormant on some PDP11 at a univerisity. Oh paleeezzeeee!
Got Code?
How exactly have they arrived at the figure of 95%? How the fuck can they even estimate how many clients in a p2p network have been infected? Its like saying "we don't know how many goats are out there, but by our calculations we have fucked 95% of them!"
I hope they all fucking die!
pardon me, I'm cranky when I don't have enopugh coffee in the morning, but ...
I have tended to see the RIAA as becoming a terrorist organization, via their adopting of terrorist tools and tactics.
This vs the usual thievery that they practice, and that occurs in the USA, which continues its march toward becoming a kleptocracy.
"It is a greater offense to steal men's labor, than their clothes"
With all the new laws won't the RIAA get life in jail. Spreading Worms and Viruses is now Terrorism isn't it?
Need help finding the flow? http://www.myspace.com/naturalismandbalance
"where it is added to their records and stored until a later time, when it can be used as evidence in criminal proceedings against those criminals who think it's OK to break the law." Ummm...don't they realize that "wiretapping" millions of computers without a warrant is a threat to our privacy rights? Personally that is an even bigger offense then copyright infrigment!
Unstable Apps: Our Android Apps Don't Suck
Probably a hoax.
So, the RIAA itself is giving away copies of its copyrighted material. Wouldn't that amount to an explicit permission to download and copy?
Followed by the ostensible list.
mplayer (www.mplayerhq.org) WinAMP (www.winamp.com) Windows Media Player (www.microsoft.com), xine (xine.sourceforge.net), mpg123 (www.mpg123.de), xmms (www.xmms.org)
I don't know much about media players but is this even possible? Media files are supposed to be data and should not be able to control the player. I would have believed the post if only Microsoft's Windows Media Player is listed. After all, I would expect as much from the inventors of Outlook, Word and Excel.
And then there is ...
Gobbles could learn a few things from watching cop movies. You don't warn your targets you're tailing them! That is unless you really aren't tailing them.
95% sounds overstated at best and the whole thing is a big lie in the worst case ...
Honestly now.
We're supposed to believe they've come up with a way to get a buffer overflow that affects all major MP3 players, and reports back to some clandestine P2P host which is actually owned and operated by the RIAA? I'll believe it when I see it show up in a packet analyzer -- Unless they've found a way to develop code so malicious that it even hAx0rZ other computers simply by being near them.
More likely what they've done is taken a single exploit, and said, "Gosh. Here's these RIAA guys we don't like. Let's say we claim the MP3 research we did was actually funded by them in order to shut down P2P networking. Let's claim we've got a way to get all the popular MP3 players, and then say we control 95% of the file-sharing hosts, just to spice things up.
"Now we have this exploit which is pretty impressive on its own, but now it gets carried by the RIAA scare, and gives them even more of a bad image, since we're saying they're hiring people to hack computers for them."
Who here honestly thinks the RIAA wants to walk into court, carrying reports from hacked computers as evidence? That kind of evidence doesn't just damn the filesharers. And for such an illegal contract, why would the NDA only cover technical details? You know the RIAA would be at least smart and paranoid enough to restrict any and all mention of the hack.
P2P is working all fine for me ( legal stuff of course ;-). Either way Kazaa isnt the only P2P software out there, and different apps use different security models. This would not only cost the RIAA alot in programming hours, its a very short-term solution. Newer versions of P2P patched against exploits and worms come out in days.
The RIAA is much better off suing popular P2P groups while newer ones mushroom all over. I'd say theyre running out of options and hacking the P2P networks isnt one of them.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
During our research, we auditted and developed our hydra for the following media tools: mplayer (www.mplayerhq.org)
And just what the hell is mplayerhq.org? You'd think that if they actually went to the trouble to discover an exploit for it, they'd get the URL right.
And don't you think that some people might notice the amount of hard disk activity that would be associated with scanning an entire HD for media? I have 5 gigs of music here and a couple of movies waiting to be burned, surely "cataloging and reporting it to the RIAA" would take more than no time at all?
And what the hell does the P2P client have to do with the media player? Are they telling me that if I use Xine to play a downloaded AVI on Linux it will somehow infect all the files on an NTFS partition mounted read-only? Did they patch the Linux kernel NTFS drivers to work perfectly? Did they also find a Linux exploit that allows them to remount partitions at will? Or are they just including a couple of Linux programs (Xine, mplayer, xmms) to get more attention than a minor exploit in mpg123 would warrant?
Besides you can get a list of files being shared by a Kazaa client by pointing a web browser at :1214
Repeat after me: bull. shit.
What if I made my own mp3's from my own original material and choose to distribute them via p2p? This must be a hoax. The leagal are much to many.
Meddle thou not in the affairs of Dragons, for thou art crunchy and with most anything.
More commentary including thoughts on some of the implications here:
x ml
http://www.virusbtn.com/news/latest_news/gobbles.
Score:-1, Funny
It's just a FUD attempt.
They have also placed a non-detectable hybrid-worm-virus combo (also known as a "jumbo virii") into Kazaa. When infected, this worm links to your bank account, transfers all but $1 from your account to theirs and then deletes your identification from the U.S. govt, effectively making you a terrorist. Then the RIAA and MPAA come to your home and force you to buy coppies of Fried Green Tomatoes and n'sync as torture measures.
Ok, look, first off, the RIAA isn't very smart. So on one hand, they might try to do something like this, on the other hand, they'd use the stupidest possible method. Second, they can't do math(just look at their CD sale/revenue calculations), so 95% would = maybe 20 computers. Third, they're not comming up roses 100% of the time legally, and getting squashed by the DMCA(which would happen, I'm sure the EFF will back me up) would set a disturbing precident for them.
Conclusion: this will generate a nice bout of publicity, to what end I'm not sure.
--Not to be worried, Pitr fix.
Blah, blah, blah. There are a lot of paranoid folks out there who run TripWire (or some other) integrity checker on their systems. The "exploit" claims to "infect" the player's software. Somehow I think someone from the paranoid masses would have started asking questions about their checksums by now.
So, has anyone downloaded the source example from bugtraq, compiled it, and seen what happens?
Praying for the end of your wide-awake nightmare.
Assuming this is true, and they have infected all of these systems, what are the ramification where one individual downloads an MP3 on, lets say his/her work system. This starts cataloguing the system they are on and starts infecting the local network. At this point it starts catalogue all af these sytems and is reporting what it finds back to RIAA. Well that is the point of the worm at least, but now just imagine that the person that downloaded the file is on a government network, or even on a corporate network that has to worry about trade secrets. I have a feeling that if they really do have this, they are about to have their butts in a sling.
So RIAA, please, fire it up, start logging away, I would love to see the fireworks.
'And all the monkeys aren't in the zoo Every day you meet quite a few...'
Over at SourceForge eMule is one of the largest downloaded clients on the list...
Change one byte of any file and the MD5 hash for said file changes. This is nothing new or even that clever but it does stop bad files from spreading around the network.
As I understand it, Kazza is still number one when it comes to P2P file sharing. When I last opened Kazza it reported 4 million users. Kazza also uses a file hash to allow segmented downloads as do most P2P clients these days.
These **AA infected files would be a drop in the ocean and they would not spread far. If this is a hoax then it's not even a very clever one.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
Am I simply tired, or does the above statement seem to say that independant artists can beat on the RIAA if the RIAA attempts to block distribution of their works via P2P networks? After all, the independant artists own their own copyrights and can therefore distribute their works however they like...
i mean, they even misspelled "catalogues"... :)
;-)
if they fuck with my machines like they fuck with their artists, i'm gonna... well, i leave that to their imagination.
freedom of information, it won't change in the near future... if they can't adapt, they must die. what do they wanna do, send us all to austalia and cut the backbones?
all the time, they waste on "piracy"-prevention tactics would be much better used in developing a completely new business model, i think.
just my 2 eurocents...
the computer is online
i am not at it
what a waste of ressources
This would be a lot easier to swallow if the RIAA.org wasn't so blatently easy to hack, then you could reasonably assume that the RIAA even knows a decent hacker let alone contracts them.
But seriously, let's say this isn't a hoax. Big Effing Deal. So the RIAA gets one day to make the P2P networks all DDOS themselves to hell. Yippie. That's just one day of interupted service. Within hours of this hyrda going off there will be virus definitions and patches from all the anti-virus vendors to fix the issue. And all of the software that is being exploited would also recieve patches.
Does anyone seriously believe that any significant percentage of P2P users are going to suddenly say "wow the RIAA has been right all along I better start paying for things" because they get exploited by Hilary & Friends?
I mean seriously here, the dilema is: a) Don't pay for anything and risk getting hacked by the RIAA *maybe* once. b) Pay for everything.
Wow that's sure gonna be a tough choice for the P2P crowd. What an insane waste of money for the RIAA to even bother with this nonsense.
Judging from the tone and language used in the Security Focus write-up, it's difficult to ignore what is blatant sarcasm throughout the post: "(not the hard-working artists who p2p technology rapes, and the RIAA protects). " "1) If you participate in illegal file-sharing networks, your computer now belongs to the RIAA." "4) Don't fuck with the RIAA again, scriptkids." "We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP"
It seems that Gobbles is simply making a joke at our expense here-- using fears of the RIAA for a good laugh. I mean, come on: 'RIAA headquarters'? This is the type of humour you'd expect... Anyone else reminded of the Panther Moderns from Neuromancer?
iopha
Oooo! I'm so fucking scared. Mommy! The RIAA is going to beat down my door.
Only 10% of the computers were really infected. But they were FAST computers, so they count as 95%.
Fluffy Bunny wrote:
> Things to keep in mind:
> 1) If you participate in illegal file-sharing
> networks, your computer now belongs to the
> RIAA.
> 2) Your BlackIce Defender(tm) firewall will
> not help you.
> 3) Snort, RealSecure, Dragon, NFR, and all
> that other crap cannot detect this attack,
> or this type of attack.
> 4) Don't fuck with the RIAA again, scriptkids.
> 5) We have our own private version of
> this hydra actively infecting p2p users, and
> building one giant ddosnet.
Dear Fluffy Bunny,
1: If you sound like a teenager who was dropped on his head as a child, you will not be taken seriously by too many people. If you want to be heard, say something worth listening to.
2 & 3: Most people I know use real firewall software and not "pretend to be" software.
4: *now stern* I told you before, say something worth listening to, and mind your language young man.
5: ok i give up, you obviously don't just sound like a a teenager who was dropped on his head as a child, you are a teenager who was dropped on his head as a child.
Reading through the post on SecurityFocus, a lot of the wording appears to be tongue-in-cheek humor. Lines like "Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.", "The professional staff of GOBBLES Security believe that by releasing our advisories without vendor notification of any sort is cute and humorous....We hope that you're as amused with our maturity as we are.", "If you participate in illegal file-sharing networks, your computer now belongs to the RIAA."
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
What we need now is some Joe User who admits he wrote and spread a worm on the Internet, just to see how the legal system deals with protecting people's rights and protecting corporations rights.
Just guess whose door they will knock first.
this will just be "the equivalent of 95% of computers".
;)
Or, to you and I, "none".
that's the stupidest thing I've ever heard in my life. 'Gobbles' ? Come ON. Where is PT Barnum when you need him?
It seems that no "typical" OSX applications like Quicktime and iTunes made the lists . . .
Of course it makes sense because:
95% = Windows
4 % = Mac
1 % = Linux
This is assuming desktop usage . . . .
Get the government out of this and lets have a real hacker war! Lamer vs Lamer. RIAA will hire a bunch of techie geeks to do battle against the p2p techie geeks. I think nsa should fight too. Be fun to see who'll win.
...That is *not* a strap-on!
Gobbles has given the community what it needs to find the worm. They have shown you one of the exploits that the worm uses. any file that is infected will trip that exploit. All that is needed is a MP3 player that detects a file attempting that exploit and if so indicate an infection.
What Gobbles has done is find a legal way to help whitehats.
Cartman: "What the hell is that?"
Kyle: "It's a turkey. His name is Gobbles."
Timmy: "GOBBLES!"
...All my MP3's are backed up onto CDR. How is it, exactly, that the RIAA can erase these without breaking into my house?
I guess I'll just have to download more .MP3, .MPG, and .AVI files since I won't be downloading any more 'infected' warez.
Thanks RIAA!
We distort, you deride.
I got this post from the VulnWatch listserver this morning at 4:00 am.. don't ask why i was up that early but i almost fired off an email to this guy. Along with the post came 2 attachments. Proof of concept... his exploit?? I don't know as my mail server tagged them as it does all attachments. I'll look at them today and let you know what they are.
*--- Sometimes a majority only means that all the fools are on the same side. ---*
Systrace is a nice toy, but unfortunately a flawed concept. There's a whitepaper from the NSA about the why, look on their selinux site (www.nsa.gov/selinux)
Assorted stuff I do sometimes: Lemuria.org
This is a load of bullshit from a cockgobbling ass-bandit.
He got lucky once by finding a buffer overflow. Big fucking deal, so he's in the same arena as most 12 year olds.
All that cross-host scripting and CSS exploit shit they linked to on the Reg was no more creative or dangerous than the old "I've cracked your box! Click here to see the contents of your C drive!" bullshit.
Hey gobbles, GOBBLE THIS.
I would like to see some numbers and some "social statistics" using historical data on how much p2p or other mp3 trading compares to previous methods of trading music or anything else which is recordable. The thing is it is only more visible now. There also needs to be a greater understanding of how many people "steal" media who would never buy it anyway and how many people buy media because they have discovered something they like through trading and want quality production--perhaps have even become inspired to support the artist. I have bought more CDs in the past 6 months than I had bought in the last 6 years. It's not so different than it ever was. The RIAA tactics being discussed here whether real or not is wasted time, energy, money and resources. If it is real, someone will defeat it and it creates its own wave of people, previously lacking involvement, jumping on a bandwagon of protest which incorporates the propagation of the problem as the RIAA sees it, in an exercise of anti-corporate, anti-big brother sentiment.
PegQuin--I've got a sneakin' suspicion
From the announcement:1) If you participate in illegal file-sharing networks, your computer now belongs to the RIAA.
Obviously, it's called all_your_file_are_belong_to_us.exe :-P
That was my first thought. If this is on the level, then anti-virus software should be catching it.
After all the anti-virus attacks of the last few years, consumers and businesses alike have dumped a ton of money into anti-virus software. I find it hard to believe that a worm could get 95% penetration in this group.
These hackers are just looking for some recognition, that's all.
Considering the last couple of days of so called news stories methinks that The Onion has bought itself some prime advertising space on Slashdot.
At least with Germany and some other countries. In Germany for example it is against the law to collect data from user's computer or modify any of someone's data or computer functionality for that matter without prior explicit user agreement. So if this proves to be true, RIAA might find itself in the position of paying a lot of damage to the users. The ones who downloaded illegal files might not pursue legal action, but if any legal downloads get infected, then it might be interesting to watch this fire back at RIAA...
... if this turns out to be a hoax, I wonder if RIAA will sue G* for libel? That would be *funny*... and ironic and appropriate.
Shadus
Just put computers sharing only mp3.com free mp3s. This intrusion will therefore be in violation of the law since there are no RIAA copyrighted materials on the computer.
Wait a minute...
THAT'S NO STRAP-ON !
My beliefs do not require that you agree with them.
a) Don't pay for anything and risk getting hacked by the RIAA *maybe* once. b) Pay for everything.
The program does not find differences between legit files and unlegit so if I bought the cd's but dl the mp3's because i don't want to make them myself hillary still sends my comp to a screaming death, no thnx. I tink that if they do that and hurt but even one legit user they get seud so hard it would take all the money of the entire recoding industry tot save the RIAA
Gee, could the RIAA have hired these guys to spew crap like this? I'm so scared. I should rush to remove any p2p software from my system now just in case. Chances are this is all crap to get people freaked out about using p2p nets.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
... that this isn't a hoax. How long till all of the said players fix their security? A week? Tops? Hell if it isn't a hoax, I wouldn't be surprised if they made some changes to make buffer overflows from the headers of mp3s impossible.
Ogg is your friend?
Shadus
Ya know what pisses me off? If this is true, then users like myself have been illegitamately hit.
I have a copy of Metallica's Kill Em All on tape. My tape is pretty worn out. So I hit the Fastrack network to download the songs. Now under Canadian law, this is perfectly legal as I own an original copy of the album.
But now my PC is infected by a worm/trojan because a cartel ^H^H^H^H^H some 'company' believes that everyone who downloads MP3s are doing so illegally. Nice when a company thinks that everyone is a criminal. Congress really needs to wake up and start protecting the people again, and not mega corporations. And other countries need to shove back when the US tries to push it's own laws onto them.
It's better to burn out than to fade away
To anyone who's read their advisories in the past this comes as no surprise. Gobbles's sole motivator here is to draw attention. From their security advisories that sound as if they're written by a third grader, to their advisories posted in comic form on their highly deceptive website www.bugtraq.org I've seen little from them that demands respect.
Besides, if they were working with RIAA, wouldn't the RIAA also have paid them a few bucks to secure their site? If they have, wow, bang up job so far.
scott
This is obviously a clever, drawn-out way to post a real bug. The whole part about the RIAA is just to get you to read their bug post at the bottom. This is probably just an attempt to inject some amusement into bugtraq. It seems rather obvious to me.
This is so obviously a joke its not even funny.
> Things to keep in mind:
> 1) If you participate in illegal file-sharing
> networks, your computer now belongs to the RIAA.
Im sure glad there are no illegal file-sharing networks yet!
> 2) Your BlackIce Defender(tm) firewall will not
> help you.
> 3) Snort, RealSecure, Dragon, NFR, and all that
> other crap cannot detect this attack, or this
> type of attack.
Admitting its an attack, and admitting you are purposly designing it to avoid current defences, that will look good to a judge.
> 4) Don't fuck with the RIAA again, scriptkids.
Oh, your 13 years old?
> 5) We have our own private version of this hydra
> actively infecting p2p users, and building one
> giant ddosnet.
So any future DDoS we now can blame on these people who openly admitted to it.
GO get em yahoo and ebay!
> Due to our NDA with the RIAA, we are unable to
> give out any other details concerning the
> technology that we developed for them, or the
> details on any of the bugs that are exploited in
> our hydra.
An NDA is a legal document which cannot in any way override existing laws.
They admit to breaking numerous laws, and yet think a legal document will protect them?
I guess they really must all be under 13.
As a matter of fact, if my PC acts strange in any way shape or form, they now have opened themselfs up to a lawsuit.
They also claim the RIAA now has an illegally gained list of the perfectly legal files on my harddrive. This would be the perfect time for a large company to sue and request discovery, which would allow someone (generally feds, but still) to collect evedence (IE take any/all of their servers on the public network which ever have/had connections to a p2p network) which will cost them time and resources and frustrations. Then hopefully some evedence will be found as well.
My only wish is that alot of companys able to afford the legal fees open petty lawsuits aginst them for admitting all the crimes they have commited, if for nothing else than to cause them grief. Can also be used to harass the RIAA a little (Would be much better if the RIAA admitted this was true, but that will never happen.)
Turn the stupidity of the system aginst the enemy for a change.
The idea of an mp3 hacking the computer through the player is only slightly more credible than that of a txt hacking the computer through the text editor.
RPM's greatest asset: ability to catalog every installed file, including MD5 checksum, ownership, timestamp, mode, size, etc. So any "worm" has to not only trojan target files, by RPM itself. Good luck.
BTW, since all my executables are installed and owned by root, and since I log in as myself, wouldn't this so called worm need not only a buffer overflow in the executable, but some way to elevate its privileges to root? The bugtraq posting makes no claim that it does this.
Well, just to let all you USA Lawers (and law makers) know that the US of A is not the centre of the universe, or the world for that matter.
(I know that the general US Public, well most of them, are not the same as their f@#ken lawers, so this is not directed at you all.)
The quicker you wankers learn that, the better this world will become.
Do you really think that quoting a US law will scare any Aussie, think again.
All I have to say to you butt f#$kers is, go F#$k yourself.
Not only that, but do you really think that you have any chance to catch everybody, and not only that if there is so many people swapping files (music, movies ets) across the net, doesn't that tell you something about the way in which you conduct business.
I have downloaded many gigs of music, and almost always buy the album (except for one hit wonder bands). This is partly for the principle that if the music is good, the Artist deserves the money.
But usually a one hit wonder bands out there (the ones which I do not buy), are those that are really just puppets for the big guns in the music industry (Sony, BMG etc), and could not write their own tunes if they tried. Support the Indie music industry, they are the ones making music for the love of it, and not the money, and almost always offer music via their websites. Not only that, their music means more, and usualy kicks arse.
Basically what I am saying is that if all this file swapping is going on, maybee the root cause of it is the respective industries themselves that own the 'copyrights' to such works (which I believe should be held by those responsible for creating the art, and not a company).
So in short, f#$k off seppo lawers (read US Lawers for Americans), and to the general public wake up and get into (and support) the real non manufactured music, not the big gun wankers.
Supe
Sydney, Australia
Here are a few key B.S. things from his buqtraq post:
Yeah right. If there was any NDA, he wouldn't be posting this message to bugtraq.
Really? If it did I would be on the phone with the FBI getting GOBBLES the cyberterrorist thrown in jail. Breaking into other people's computers is illegal. If the RIAA was actually involved in this they would face a class-action lawsuit big enough to drive them to bankruptcy....think 95% percent infection rate and all those people suing them for theft of services, etc.
Look, the RIAA may be DOSing the P2P networks, but I just don't think they're stupid enough to break into people's computers. The P2P vigilante bill never passed, so these guys would be begging to go to jail.
Why are we posting trolls from other places? Doesn't slashdot have enough of its own?
Life is too short to proofread.
Seriously, I believed it to be ALMOST totally bogus until I read the Gobbles Adfvisory. Then I was fully convinced of its bullshittedness (nice new word).
If the RIAA version spread to all those computers in a mattrer of minutes, this would do the same, and it would not go unnoticed if 95% of those computers were infected with TWO worms, let alone one, considering the massive number of people possibly noticing.
Also, something from the article:
The Berman bill, ensured a copyright owner would not be liable for "[...] otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader." Berman is expected to re-introduce the bill in this Congressional session.
So, to explain why I quoted that, the RIAA would not do this yet (or at least release it) since the "law" this is relying on HASN'T EVEN BEEN ARGUED, let alone voted or passed. Plus, the bold-type will point out that even if it were a law, a worm/virus could not be used, as that would alter files (data) on the computer, which is not allowed under the bill.
Doh, I don't think 95% of the "P2P"-Network users are downloading mp3's. There is a lot of other media out there (I never downloaded mp3 in the last year, and I'm sure there are lot of others who also download pr0n only ;)... or executeable stuff). And when I understood it right it only affects mp3's.
;))
;)
I also don't think that 17 Team members agree that RIAA is something good and support it. (It would also be somewhat strange if really noone of them is using a p2p client
Oh, and the last one... how will he be able to say that 95% are infected? Oh... I forgot.. there are exactly 9389278923729389 p2p users... don't count this one...
95% would require a lot of work, considering the p2p network clients are done on various oses, with various languages. Unless ofcourse they mean sharing a file that contains nothing and calling that 'wormed'.
Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our advisories without vendor notification of any sort is cute and humorous, so this is also the first time the vendor has been made aware of this problem. We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP
It reads more like a script kiddie to me... all your mp3 are b3l0nG t0 u$!
Gobbles is very tongue-in-cheek. Their posts, while they contain actual, working exploits, are meant to be funny. They deride or praise the list moderator, poke fun at script kiddies (shout outz duudz), and are generally pretty damn funny.
This is no different.
My main .mp3 playing machine has no internet connection at all. No modem, no NIC. I get my .mp3s from another machine, burn onto cd-rom, and then transfer over to the main machine and play or create audio compilations.
.mp3, the moment I play it, something should be going on, the hybrid should be cataloging all my .mp3s. Since I have several thousand .mp3s, I would suspect my hard drive to start spinning as the worm runs its course. Yet my drive stays down.
I have yet to see any kind of activity where some program attempts to access a dial-up or network connection.
So if I've got an infected
Methinks this is FUD on the part of the RIAA.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Geez can anyone pronounce Joke. J O K E. At least they made their exploit well known, which the seem good at (Apache / OpenSSH).
Get over it.
Yeah, that would be RIAA, home of the idle threat. This whole "virus" concept works only if the story circulates in the media. If this had been an actual attack, the perpetrators would have been sworn to secrecy and the RIAA would quietly allow the P2P networks to suffer and die. It makes no sense at all to launch an attack on your adversary and then let them know (a) who did it, and (b) how it works, unless you're bluffing and simply want them to react to the threat. I ruled out the possibiilty of someone trying to villify the RIAA, because the RIAA does such a great job of that all by themselves. It could be a case of an overstuffed ego begging for publicity, but wouldn't it be smarter to try for positive publicity?
Remote exploitation of anyone's machine will result in retribution and possibly law enforcement. Besides, if they were to hire a bunch of security consultants, you would think their first project would be the RIAA website, no?
Well, at least Windows Media Player and Winamp could fall victim to that kind of attack(theoretically): both make possible the execution of code embedded in the files. It was done to allow the delivery of ads and "related content". Ever wondered why WMP tries to connect to the 'net when you start a local file?
Be scared. Be very scared.
<maniacal laugh>hehehehahahahahahaha</maniacal laugh>
You're not old until regret takes the place of your dreams.
force the makers of MP3 players to recheck their source code to ensure that such holes DON'T exist, this would be a way to do it. Publish an exploit, link it to all major players, invoke the RIAA demon, and watch the coders scramble. Right now:
- Coders are, I'm sure, crawling through their code to look for and fix any security holes,
- Users are running firewalls and packet analyzers to check for any worm-like behavior,
- Some P2P users are taking a second look at checksums.
If such vunerabilities exist, I'm sure they won't for much longer. If the Berman bill ever becomes law, there won't be much to hack.
I think the point is just- look what the RIAA would like to do.
You are full of it. So many people on Slashdot think they are the kings of the world and are invincible behind Linux. Well over 95% of all computers run Windows software, and I do not know a single person, including many who run linux, who access peer to peer networks over linux. Every single one of them uses Windows. Slashdot is but a drop in the sand when you remember there are 150 million Kazaa users. Are you telling me that up to 75 million of them are running linux? Ha ha ha ha!
Recently, computer users all over Capitol Hill received an e-mail headlined "Learn how to copy any DVD movie." The tag line was even better: "Learn the Secrets ? Never Buy Another DVD Movie Again." What a deal: Pay absolutely nothing for a film that can cost more than $100 million dollars to make, involved the creative genius of hundreds of people, sustains local theatres, video stores and television services, is a major export, and contributes to an economic engine that creates millions of jobs for Americans and generates the biggest trade surplus of any sector of the economy.
Our copyright laws provide the economic incentive that allows a business to invest millions hoping for a return on its investment. Can a studio afford to invest in the special effects needed to make "Spiderman" or "Star Wars" come to life if the film is e-mailed around the globe within days of its release ? or even before? If an online music file exchange service replaces legitimate music sales, can a music company promote and market dozens of fresh new sounds hoping that one of those artists will be lucky enough to find an audience?
These creative businesses, as well as the videogame, software and book publishers, make this risk/reward calculation every day. The result is that, today, the United States is far and away the world's largest producer and exporter of the creative works that entertain, inform and educate the world. How much longer will that remain the case if "never buy another again" resounds as a rallying cry across the Internet?
One thing that we learned from Napster is that industry has been too slow to respond to new technologies and consumer demand for new ways of delivering music. Consumers and policy-makers, myself included, have been impatiently waiting for Hollywood to fulfill its promise of a fully stocked, easy to use, electronic marketplace. Some ask, "If KaZaA can do it, why can't they?" That one's easy ? online music file swapping sites pay nothing for their "inventory" of creative material, so they have few costs, need little revenue and run few risks. It takes a lot longer, and a lot more investment in technology and online security, to build a business that deals fairly with creators, entrepreneurs and other contributors, rather than just ripping all of them off.
Over the past few years, we have seen the Internet explode into a revolutionary tool for business, communication, entertainment, education and commerce. Even so, the Internet is still in its infancy, and we are still struggling to determine how and when we should apply our existing laws to this new and growing medium.
The United States is the world leader in intellectual property. We export billions of dollars' worth of creative works every year in the form of software, movies, recordings, and other products. In addition, the contribution of the American copyright industry to the strength of the overall American economy is significant. The core copyright industry is the largest exporter of goods from the United States and employs more than 7 million Americans. Copyright industries are responsible for 5 percent of the nation's gross domestic product.
However, recent statistics show that copyright piracy is growing exponentially. There are billions of unauthorized music downloads per month. Last year, record sales in the United States were down 10 percent. The Motion Picture Association of America estimates that it already loses more than $3 billion annually to the sale of illegally copied videotapes. By some estimates, more than 350,000 movies are illegally downloaded every day. With the recent economic challenges to this industry, reducing the impact of digital theft becomes even more critical.
Pirating works online is the same as shoplifting a videotape, book or record from a store. Imagine the same situation occurring with tangible goods that could not be transmitted over the Internet, such as copying popular movies onto hundreds of blank tapes and passing them out on every street corner, or copying personal software onto blank disks and freely distributing them throughout the world.
Few would disagree that such activities are illegal and should be prosecuted. We should be no less vigilant when such activities occur on the Internet. We cannot allow the Internet to become the Home Shoplifting Network.
There are several legislative proposals pending in Congress pertaining to online content and digital- rights management. However, the ultimate success of any legislative effort dealing with the application of copyright law to the digital environment depends on a simultaneous commitment to fighting a war on piracy in all its forms.
This war must occur on several different fronts, including the commitment of adequate resources to law enforcement, industry cooperation and consumer education. Only when the war against piracy is effectively waged and won will businesses and consumers move in significant numbers to the online marketplace.
Rep. Bob Goodlatte is a Republican from Virginia.
quote:
Make what you will of this article."He'd be a broader guy if he had dropped acid once." - Steve Jobs on Bill Gates
Isn't that an active threat of terrorism? And y'all say this advisory was signed by Gobbles PGP key?
Uh oh.. I wouldn't want to be a Gobbles member tomorrow morning.
(knock! knock! knock!)
"This is the Secret Service. Stay where you are, we're coming in..."
Obviously one thing the RIAA could do is spoof MD5 values with a hacked client.
;-)
I couldn't help but laughing out loud when I suddenly spotted a potential application for Palladium: proving that the remote download client is not compromised by the RIAA...
The scary thing behind what was posted to Bugtraq is that it explicitly states that all digital media on the system is cataloged, and the list is sent to the RIAA. This assumes all digital media on a system is an illegal copy.
Yes, it does. And it shows what criminal, despicable, disgusting excuses for human beings work for, or with, the RIAA.
Sure, if the worm comes into your system over a P2P network, there's a good chance that at least *some* of your mp3s are pirated, but there's no way to differentiate pirated mp3s and those you ripped/encoded from your own CD collection.
All of my mp3 and ogg files are ripped from my own rather large, but no longer growing CD and Vinyl collection (because now I do not buy CDs, ever, nor will I, ever again). All of my avi's are recorded from my own television, my own animations, or my own media, and are not traded, ever. Indeed, none of my stuff is traded, ever.
However, I did install gtk-gnutella in order to download the hiliarious fan fiction Star Trek episode "Savage Empire", because the web site distributing the files had been slashdoted. A perfectly legal download, for which, if this story is true, these unlawful thugs have infected my machine.
I have enough money, and the will, to persue a very harsh lawsuit against these fucks if this story has any veracity, and if I am infected, and I will not hesitate to do so.
"In Corporate Fascist America You and Your Data Belong to the Copyright and Media Cartels. Bend Over and Enjoy the Ride, Consumer."
The Future of Human Evolution: Autonomy
first get all your media off your drive and onto ... as a side effect if this worm begins to send back huge catalogs then they will be ddos themselves at their own fault cuz its not your problem for keeping a CD full of well, just names of files lol.
CDs, then create a singe CD with random names and popular media extenstions. Make sure these files
are about 1 byte in size, just enough to be catalogued but small enough to create TONS of listings on one CD. Just let this thing sit in your cdrom a while and if you notice one day your CD chunking along (because these TONS of itty bitty files are being read) and then you notice major activity on your router cuz this HUGE catalog is being sent out. Then we know this is legit and come back and post!
Part of me would like to go in to sermon mode here and proclaim how this is yet another reason we should begin work on educating the public and organizing a major boycott of all RIAA and MPAA tainted media in a specific time period...like for instance, Thanksgiving holiday weekend 2003 (boycott runs Wednesday morning to Monday morning).
Unfortunately, the general public does not care.
Add to that the fact that to be an effective protest, all downloading of RIAA/MPAA material would have to cease also...quite frankly I don't think most of you could go 5 days without downloading something illegal on Kazaa...
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
> THAT'S NO STRAP-ON !
What... is it a battle station or something?
[PowerPoint] is a tool for capitalist presentation
They ask why I downloaded all these pirated MP3s, and I simply say "I own all of these CDs. Downloading them was faster than ripping them."
"Can you produce all of these CDs?"
"No sir, I am sorry to say that someone broke into my car and stole a large portion of my CD collection. Good thing I had these backup copies in MP3 format."
How do they prove that I didn't ever own these CDs? If they accuse me of something, it is up to them to prove that I am guilty. Sound like BS on my part? I honestly haven't downloaded many songs from P2P, not that much out there interests me right now. I have downloaded (or gotten from friends) MP3s of CDs/tapes/records that I used to own. If the *media* wears out or breaks, do I still have fair use rights to that music? Am I buying the music, or the media when I purchase it? Ozzy Osbourne's Tribute album to Randy Rhodes is awesome, but my tape wore out back in '88. So do I still technically own that music? Previously, there was no other way for me to get it unless I bought another copy (or if I had made a copy of the tape myself). With digital media, this is easy to do.
This is a point that I haven't seen discussed much, but a very valid point for file sharing. Of course, there is no way for me to prove that I once owned that tape. So what do we do, start saving all of our receipts? I want some of the music I used to have, and I am not about to go shell out $19 for something that I technically already own.
My beliefs do not require that you agree with them.
Where to begin.... I'll only deconstruct the SecurityFocus message.
First, the fact that these programs have exploits is no surprise, but one media clip (probably MPEG (maybe MP3)), since while Windows Media Player and WinAMP offer universal playback, do ALL of them? Could one file even hit exploits in all these programs?
Second, since each is likely to have a different vulnerability, the amount of worm data in a file would be a decent chunk. Wouldn't it be noticed?
Third, an NDA would state that there can be no mention of it until it is ACTIVATED and USED. Now, Ad-aware-style programs will pop up to clean it if it exists.
Fourth, how many files would this have to be to get 95% of P2P users? The only way it could is by infecting every file you share, but SOMEBODY would have to notice that, whether the file size changes or some A/V data is thrown out.
Also, the idea of "specially formatted P2P requests" to inform RIAA is laughable. Even if the P2P software itself were compromised, a firewall user could notice it. Furthermore, consider the average media collection - hundreds of MP3s. Considering it would have to send artist name and song name, the amount of data would be well over 1MB unless compressed, and even then on dialup users it would have to be staggered.
Also, what kind of backend would this take? Multiple servers, a huge internet connection. Considering how big the P2P networks are, wouldn't this have to be a massive monitoring system? There aren't that many locations with these resources INSTALLED, so finding the facility would not be hard.
And why mention you have a IDENTICAL worm that you use to build a DDOS NET? Simple. Get those who don't care about privacy too much kicked up about that.
Finally, this sounds very strangely like RIAA-induced hypnosis - here are a few lines which show that they probably are lying and not even working with RIAA, just agree with RIAA's ideas.
"victim" (not the hard-working artists who p2p technology rapes, and the RIAA protects)
4) Don't fuck with the RIAA again, scriptkids.
Until we became RIAA contracters, the best they could do was to passively monitor traffic. Our contributions to the RIAA have given them the power to actively control the majority of hosts using these networks.
There are some spelling mistakes. There are factual holes that they cover with the claim of an NDA. In short, the probability of a hoax is about 98%.
You know, all this hub-ub from large sites about this so called worm and RIAA sure makes for a nice loud, noisy way to announce a fairly trival overflow exploit (like we've never seen them before).
I just looks like a cheap way to get some credit for something that isn't that groundbreaking. Yay.
Jeez.
He's trying to make a point - that running all this P2P crap blindly on your systems, -especially- Windows boxes, is a security nightmare.
Think about it; he's managed to get thousands upon thousands of people worldwide nervous and antsy about whether or not their boxes are in a semi-0wned condition. Why?
Because it's within the realm of possibility that something like this could be done. Not by the stupid RIAA, who can't even secure their own Web site, but by somebody a) more skilled and b) motivated to do something Really Bad, like build (and use) a gigantic DDoS network, or steal any kind of account/password info it can find, or any kind of documents which might contain proprietary information, etc.
The intellectual property aspect of filesharing aside, I personally think that anyone who runs a P2P app is asking to get burned. There simply hasn't been the kind of scrutiny turned on these things that we see on other types of apps and utilities (and we already know that the concept Gobbles is preaching about is valid due to the earlier KaZAa worm, etc.).
...i mean, apart from that bugtraq email and that announcement, has anyone really found such an mp3/etc with the virus in the wild?
this really looks like some kinda hoax.
Is it possible that rather than gobbles actually putting this out that someone else "exploited" hushmail and that this is related to hacking hushmail instead? (Just my thoughts)
>>why all my porn has been changed to Hillary Rosen with a strap-on.
>Wait a minute... THAT'S NO STRAP-ON !
This should hardly be surprising, and is quite logical. After all, we already knew that the RIAA was screwing the artists. I'm only surprised that we didn't know the exact mechanism of such screwing until now. It must be an NDA clause in the artists' contracts.
The price of freedom is eternal litigation.
Let me try using my detective skills at figuring this out. The group's name is Gobbles, which is a sound turkeys make. Therefore, the group is based in Turkey, which is in the Middle East. And you know what goes on there. I have deduced that Gobbles is a Turkish militant group that has ties to Al Quaeda and that the US Army must invade Iraq.
.smell my feet.
And how many windows users actually know what a checksum is??
Thought so.
Hence no detection yet.
And a firewall wouldn't help, because the traffic would look exactly like p2p traffic.
Combined with the past reputation of Gobbles, I am 99% sure this is real.
I just want to know what I have to do to disinfect KaZaA.
He's a little dork. I know, it's not terribly conducive to intellectual discussion to use words like "dork," but the word exists for a reason, and this is as good an example of that reason as I can possibly imagine. For one, "GOBBLES Security," which for a long time pretended to be a whole group of people, turned out to be one teenager. For those of us who were at DefCon X this past year and saw him talk, well...you know what I am talking about here. For those of us who remember when he first started posting on the vuln-dev list on SecurityFocus, well...you know what I'm talking about too. As for the rest of you, I implore you, do a little research, because this dork thrives upon people not knowing what a child he is. I wouldn't believe him if he said he had proof that Bill Gates was a capitalist.
For your security, this post has been encrypted with ROT-13, twice.
This is like saying you can embed a network-aware virus inside an image file. Even if such exploit is feasible (I really doubt it), the worm could easily be stripped on the fly by each p2p client or by the mp3 player. Also, I'd like to point out:
- If the worm exits, one could reverse engineer it and point it back towards the RIAA's machines and DOS their servers. It would give them a taste of their own medecine (DMCA).
- may be it's time to switch to OGG ?
there's no place like ~
"It took us about a month to develop the complex hydra, and another month to bring it up to the standards of excellence that the RIAA demanded of us."
Are they anything like the standards of excellence used by the RIAA webmasters?
WhatEVA
Crackers of the world unite! Let's all launch a massive series of attacks against the RIAA and everything evil they stand for.
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
A Californian court decided that KAZAA can be brought before a Californian judge as so many Californians use KAZAA. Therefore 95% of a network says every jurisdiction in the world. And I am sure that the RIAA breaks the law somewhere if it is true. Arguments used are like a doubleedged sword, if it is can be used by you it can be used against you.
that's why I only download the pron.
Another thing, people seem to be missing the boat on the legality issues as well. Yes, this probably is illegal, but it is exactly the sort of thing that would be legal under proposed legislation (not passed, but not dead either as far as I know). I'm too lazy to post a link to a relavent /. story, but I'm sure people can find it if easily enough.
Earlier the RIAA focus appeared to be on impeding the transmission of illegitimate files. Although that might be legal, they wanted immunity from prosecution for screwing up or crossing the line. Obviously (?) they should not get it; if they want aggressive means they'll have to persuade the gov't to do the intrusion. The more expansive idea of allowing them to install malware is nuts. We don't use the posse any more.
But also insane are the current punishments for hacking, equating the activity with terrorism. It's a serious offense, but the law is based on hysteria that robs the courts of the ability to make intelligent sentencing decisions. The RIAA is right to fear it.
*
My Q is who was the idiot who thought putting executables in MP3 files was a good idea? Can this be defeated at least as the default? The same one who thought up scripts in email? Whatever stunts the RIAA can pull, anyone can, profiting from the relative anonymity of P2P.
MP3 files should be data, like a JPEG. Throw the clown who created the security hole in jail and fix the problem so the RIAA and everyone else can't touch a thing.
can this be done?
Doesn't sending virii fall under the Anti-Terrorism Act? Couldn't every employee be held accountable for terrorizing the world, and pretty much all be fined and locked up in jail for doing this if it were true? This would be a MAJOR National Security breech because more than likely some of the Government cpu's have this worm, which would be catestophic. Couldn't they technically get the death penalty for this?
Even if it IS a hoax, we need to have them investigated and wrapped in red-tape for a while, and then if the charges ARE true, they need to be prosecuted to the maximum extent of the law as terrorists.
Great! They have signed their own death warrant.
Long live the DMCA!!!
We can use it too!
Well, whoever came up with 95% was using the same kind of accounting that lets the movie, software, and music industries think they're loosing $3.5M every minute to 12 year olds (who obviously would have paid for the hundreds of thousands of dollars of pirated stuff on their computers if only we had more laws).
Anyway, mp3's can't carry viruses. There was a scare earlier about a theoretical exploit with the mp3s, but last I checked it was pretty benign. And also linked to certain players. So unless 95% of people now use the same mp3 player, the story isn't accurate. It doesn't mean that the RIAA wouldn't love to do it, just that they can't right now.
I don't pretend to know much about the gory details of how it works, but P2P has never struck me as the best way ever invented to ensure the integrity of your system.
Last week a client asked to bring his PC into the cybercafe to download some files using eDonkey. After a couple of days, my observations were that
So I told him to take his eDonkey elsewhere... is there any way to know what you are really connected to with this sort of system?
Virtually serving coffee
OK, I'm no security expert, but this sounds like a hoax to me (somebody already said it was a joke, a quick google search did nothing to confirm this).
When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected,
Interesting. So I guess this announcement fails to mention that they also crafted patches for _all_ of the major p2p programs. It also fails to describe how p2p programs on a UNIX system (generally installed as root) can be infected by someone running a media client from a normal user account.
I grabbed the exploit file from what I believe is the original report, it was an executable named e8vbkxdn.exe. I was unable to unzip it, I tried running it under wine and got "cannot determine executable type". Has anyone successfully obtained the source code of this exploit from this exe?
Yup. I got the email from big@boss.com. It was a .mpeg, or so I thought, so I ran it.
Hrmm... a 64K mpeg, I should have noticed something odd.
Anyway, a day later, ie after I am infected, I get an email from my ISP warning of it. Darn. Good effort, but a day late.
The ISP email had some links to explain how to clean the system, so now I am all squeky clean.
Danger over. Pride still dented.
These two posts, these two wonderful and amazing posts (the orginal and your reply) have provided me with what may very well be the best laugh (and most disturbing mental image) I might get all week or possibly even in the month of January.
My hat's off to you both. Thanks. If I had any mod points to give I'd be adding to your already impressive totals.
Appended to the end of comments you post. 120 chars.
If a worm can get root privilege, it can install a rootkit as a kernel module. This module can be invisible within the kernel, can hide processes/connections from system calls (i.e., from anything that runs on the machine), send/receive information through backchannels and so on. Because the rootkit is god, it is impossible to tell whether or not one is running unless you know exactly what to look for.
There exist several well-known kernel module rootkits out in the open; if the Gobbles/RIAA worm or anything like it existed, chances are it would use a similar technology. There Systrace would not detect it.
This is a hoax... At least partly.
It has the feel of a hoax. Citations like "First, all p2p-serving software on the machine is infected", "all media on the machine is cataloged, and the full list is sent back to the RIAA headquarters" and "Snort, RealSecure, Dragon, NFR, and all that other crap cannot detect this attack, or this type of attack." are clear signs of chain letters and hoaxing (or humor if you prefer).
Gobbles claim that 95% of all p2p-participating hosts are infected. To achieve that number, exploits must exist for Mac, Win and Linux clients. I'm sure that there are exploits available, but making them work on all platforms and avoiding detection by anti-virus programs would require far more than 17 full-time persons.
We can rest assured that not only RIAA but also Symantec, F-Secure and other anti-virus companies are keeping close track of the p2p traffic patterns. Anyone trying to collect complete information of the contents on something like 50 million hosts (check the number of downloads on Download.com if you don't belive this) would not escape anybodys attention. 50 bytes per file times 100 files per computer times 100 million hosts = 500 GB. The shear volume of traffic to RIAAs computers would be noticed even if RIAA used several hundred separate IP blocks to spread the traffic. And, as said, this would require more than 17 volonteers spread over the world. Somebody would leak...
However - as many have pointed out already - it may seem unlikely, but it is definitely possible to similar things and you should protect your computer even more after this. An essential read for anyone that is still in doubt about the possibilities of doing this is:
How to 0wn the Internet in your spare time. from the Proceedings of the 11th USENIX Security Symposium (Security '02)
what better way to get everyone who WOULD get caught by such a tactic completely riled up against the RIAA. Obviously its well crafted humor/statement relating to bugs they have likely found. This is simply genius in terms of getting the troops riled up BEFORE the battle. Do the bugs exist? yeah....Does the RIAA have it together enough to use them? not yet...Would Gobbles be dumb enough to make a bullet point list of recent capitol offenses and publisize it? no....are people who dont know any better upset enough about all of this to do something about it now? Yes......
If you're a hacker, then, yah you'll get busted. However, if you're protecting your IP, then all the sympathetic biz types will smile in your direction.
Remember, there is a huge difference between law for the common man - you and I - and law for the corporate man/company, i.e. Enron, etc. We've already got Berman leaning in that direction and I don't see the RIAA sweating it. When people are faced with extinction, they'll do anything.
And frankly, for everyone that says it's impossible to do this, well I ask why? And think of this, no one is mentioning anything along the lines of numbers of possible infected files. The latest Britney hit only has a worm for Windows? Well, then we'll just tuck one into -Song X- here for all you Xmms users; albiet there are probably not nearly the numbers as Win users. Point is is that there are millions of files on p2p networks. Why assume just one is infected? I could see the RIAA uploading entire catalogs for each and every platform. I dunno, I'm not dismissing this yet; I think it's very possible.
Think it's time to look at the 'ol source..
Keep in mind through all of this that it is not illegal for you to download and store music you didn't purchase. So if the RIAA is attacking people that have downloaded MP3's, they are wrong on more than one level. The people that are breaking the law are those that share those MP3's in the first place.
Does it only search shared files, and send to RIAA, or does it do a full HD scan for all media files??
Big difference between the two.
Not only would the RIAA be guilty of terrorism, but both they and GOBBLES could be found guilty of conspiracy.
I was just exercising my suspension of disbelief there :-)
Pathman, Free (as in GPL) 3D Pac Man
I realize that pirating is illegal, but wouldn't intentionally infecting machines/networks with virus/worm/etc also be considered illegal?
Wasn't there something in the patriot act that discussed federal jail time..
Or as they now powerful enough to be exempt from the law?
---- Booth was a patriot ----
If it's a RIAA operation, it's probably psychological warfare rather than a technical operation. If the RIAA can make people afraid of file-sharing networks (or of being arrested for possession of illegal MP3s; and possession of more than a certain number may automatically count as trafficking/piracy under US law), they can make people log off, or even better, delete their MP3s. Then they sell you back your MP3s in DRM-locked pay-per-play format and laugh all the way to the bank, and the apparatchik who thought up the scheme gets a hefty promotion.
If this is followed up with carefully spun news stories of SWAT teams raiding MP3 pirates, arranged just so that the sufficiently paranoid can put two and two together, then it is more than likely that this is part of a disinformation campaign.
A great number of users aren't in America, and I doubt if the RIAA were stupid enough to do this attack they would be clever enough to restrict to US users.
If for instance they got a UK users there are a number of UK laws that would be applicable includding the data protection act. In short the RIAA would be guilty of illegal activity for mearly trying to get details of the contents of my HD without a court order. Downloading that knowledge and altering files on my PC would be seen as a serious infringement of a number of laws and I could reasonably expect to win very large damages in a UK court, irrespective of whether there was illegal material on the PC or not.
I'm assuming that US law is the same as UK law in that illegal methods cannot be used in order to obtain evidence and any case based on that evidence would have to find not guilty?
Fourth, how many files would this have to be to get 95% of P2P users? The only way it could is by infecting every file you share, but SOMEBODY would have to notice that, whether the file size changes or some A/V data is thrown out.
This one's EASY. All need be infected is one or two Britney Spears mp3s ("Oops, I did it again" is a sure bet) and you'd nail EVERYONE because it is virtual certainty that everyone on P2P networks has at least one or two Britney Spears songs. Go ahead, you can admit it.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Gobbles has a record of making exagerated claims, rediculed by everyone, only to later find they were correct!! They are a team of 17+ highly skilled hackers (not sure what colour hat though).
I would not underestimate what they are capable of doing. In fact I am 99% sure that they did what they said.
Whether there was an exploit or not may not be the question. The RIAA has a way of cataloging the files you have available and they're received in the p2p stream. Isn't that what a search does? Can't I just type something into my search box and the gnutella client will return with a list of files and IPs?
why all my porn has been changed to Hillary Rosen with a strap-on.
Wait a minute...
THAT'S NO STRAP-ON !
Its Jack Valenti!
13 year old white supremacists are shitty web designers.
IANAL, but believe me, any and all governments land hard with both steel-shod boots on the backs of people who spread worms and viruses. Look what happened to the asshole who created melissa. Multiply by a couple of orders of magnitude and there it is. Life in prison.
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
In the world of buffer overflows, all data is potentially executable content. (In an older version of Microsoft Outlook, even the subject line of an unopened email could infect your computer.)
I think you are a little misinformed. Gobbles is not a he, Gobbles is a 17+ team of highly skilled hackers (with probably grey hats).
In the article it said that the code has spread to 95% of all hosts. I am assuming that this is by infecting all the other mp3's on a P2P host machine, then, when they are transferred, they do the same.
What if an independent artist (not a member of the RIAA) had their music on P2P networks. There isn't a way (a feasible way for a worm) to verify the owner of distributed media.
Then RIAA is doing worse than what the P2P network was originally doing. P2P networks distribute media, while the RIAA's possible (it hasn't been proven) new attempt would be affecting the media of other organizations via illegal means.
We should all publish short mp3s on these networks, look for checksum changes in a few weeks, and start a class action suit against those agents responsible for ALTERING our content.
Didn't find anything there.
I wouldn't put too much stock in people who spend $1 million of tax money and cannot come up with anything better than "jail."
I am still a law student, but I took my criminal law final 4 days ago, so I'm pretty up on 4th amendment law (standard don't take this advice disclaimer applies). But with only 1 semester behind me, I know there are vast holes in my knowledge and understanding. However, here is my analysis:
A search is not legally considered a search if someone voluntarily shares the information with the public. For example, the police can get a list of the phone numbers you've dialed and see your bank records or look through your trash without a warrant. As people are voluntarily sharing lists of their mp3s over p2p networks, compiling the very same list for use in a criminal prosecution would absolutely be legal.
Now, the RIAA is on shaky legal ground because of the method they've used to compile the list -- they would certainly be liable for any damage they caused to your machine via this exploit -- but proving actual damages would be very difficult. And, as far as I know, they'd be well within their (legal, not moral) rights to prosecute you if you went after them for hacking your machine. They might not be as stupid as they seem...
most definetly a hoax.. not to mention that it would open the RIAA accessible for laWsuits from lots of people in lots of diffrent countries..better luck next time..
omg can't you all just see the signs of irony in this text. In every hoax there are signs that allow you to tell that the text isn't an official document. The story may be true, but the message you're all quoting is so fake!
...not gobbles
Systrace is neither toy, nor flawed. It works very well, and is quite easy to use. I think it's clear you've never used it, and are just trying to pass off your own preference by enstilling fears about the competion.
There's a whitepaper from someone about why, look on the internet
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I have another theory about what is going on here. Maybe RIAA wants to test the public opinion around this issue. The Berman Bill died last year but maybe this will generate public discusion sounring the issues and they will decide that, while this is too extreme, the RIAA should be allowed to attack the p2p networks. So yeah, this probably is just a hoax...but now people are going to talk about this issue again.
Lets hope this is true! Wouldn't that make the RIAA liable to criminal charges and a MASSIVE class action lawsuit?
Could this be the next nail in the RIAA's coffin?
so when the riaa spreads worms over the net, potentially damaging people's files/wip, who download copy right freed mp3s..... it isn't illegal??? right... class action time
-judging another only defines yourself
I can only imagine the hell the music industry will go through if they create a technological war with the geek population. They might pull a nice trick and win the first round but then the worlds geeks would take notice and be shaken out of their lazy habbits and be really pissed off. Once all those geeks fix their security holes I'd imagine their first line of business would be to return the favor. Is the RIAA so sure of it's own systems that they'd pick this kind of a fight? Some of us can do some pretty nasty tricks but tend not to out of laziness and generally being upright citizens but if you attacked us first then all bets would be off. They do realize that everything from their corporate web servers to their home phones and personal bank accounts are suspect to revenge - don't they?
Besides there are those of us developing our own much more advanced P2P networks with 100's of gigs of high quality data of our own. Networks that would make it very hard to disrupt things. Squash the shitty P2P networks to much and it just makes it easier for us to get enough users on our networks to reach critical mass.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I started noticing corrupt files on gnutella about a year and a half ago- at which point I abandoned the network. I also abandoned kazaa because it was getting too popular and I figured it would only be a matter of time.
I am 100 percent certain that the networks I currently participate have neither been wormed nor filled with corrupted files. It is very difficult to get a corrupted file when the releasing group identifies each file they have released with a unique hashcode, filesize and name. Additionally, it is hard to sue a network when 99 percent of the servers are overseas, in countries with no laws regarding file sharing.
I would name the networks I am currently participating in, but everyone who has a business knowing is already there.
According to the over-zealous "GOBBLES", we're all "raping artists" that the RIAA is trying to protect. Wow, they must have p-a-i-d this dude. Thank you for turning to the dark side, as if those script-kiddies have done enough already. I suppose it's okay to infect people's computers if you're fighting on the "right" side of the law, right? Hmmm. That's some shady ethics, partner.
But on a less rant-enraged subject, it seens they have only exploited Windows systems as a host. Now, I know this means that he can DOS the P2P networks, but that will only effect my ability to get data from the network. I would otherwise be uneffected?
"Politicians find new names for institutions which under old names have become odious to the people."
Come on, this is about as realistic as the computer jargon you hear on TV.
"My Subnetwork ping redistributer is down! I need to reboot my LAN before the virus infects my ethernet cable and gets everywhere!!!"
And yet I see people saying "this is probably not true" or "this may be a hoax", or "if they're doing this it should be illegal!". Come on. For Christ's Sake, this is totally idiotic and anyone with an iota of computer knowledge should immediately dismiss it.
I don't care if Linus Torvalds himself came out and said he'd done it, I'd laugh and point.
The Berman bill, ensured a copyright owner would not be liable for "disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network...
Ok, but if in the process of doing this, they disabled some of my *OWN* files that were being shared?? If I happen to have a few MP3's of *ME* playing guitar on my p2p sharing, and they block *those*, and perhaps other MP3's or JPG's or such that I *DO* have permission to share... couldn't I then sue them for hacking me and disabling my sharing of files that I have a LEGAL RIGHT to share???
Would you really have faith in someone with a handle like Gobbles? I know there have been some weird ones in the past. But Gobbles?
:)
I'd doubt many of you will find a worm snooping around anywhere.
HAHAHA I can almost piss in my pants just trying to say the name out loud....
Anyhow for those of you who know how. You guys know how snort works. How a worm can fool your ethernet card not to display what packets it's being sent out is a little silly don't you think?
for those of you who even know what snort is... or for you windows guys the Network monitor. Sniff your own packets from a freshly booted system. Dont log on to aim or any webpages.. and start playing your mp3 with your favorite mp3 player and start sniffing your packets
Scare tactic.
"Politicians find new names for institutions which under old names have become odious to the people."
It could be for example, that 95% of machines, in a 50 PC network at RIAA offices were infected... or whatever: you get the idea.
so could it be possible this worm was developped, but not released?
"First, all p2p-serving software on the machine is infected, which will allow it to infect other hosts on the p2p network."
/usr/bin/limewire
/usr/bin/limewire: Permission denied
[bash@localhost]$ echo >
[bash@localhost]$
The "hacking" antics of these clowns are based on the purported manipulation of copyrighted softwares by some incredibly rich companies with more lawyers than there are posts on this topic...
Why would anyone publicly announce something like this?
Why would the RIAA let him?
If you read the artical, you'll see that they code they released was for a UNIX Mp3 player, which means they certanly have the capacity to infect Unix machines using mpeg123, I doubt windows programs would be much harder, and I DID just upgraded winamp to cover up a buffer overflow problem in the id3 tag...
An MP3 based virus is possible these days, and it could easily spread to all your mp3s once activated. (even on unix, since obviously your mp3 player is going to have access to those files, unless they are read-only)
autopr0n is like, down and stuff.
Lets not forget who were dealing with here.... these are the same people who claimed confiscation of thousands of cdroms in a raid, when in fact it was just several fast cd burners.... their justifaction of the false numbers... These burners were really fast, thus they were equivalent to thousands of "Normal" cd burners...
they probably just got it to run on a couple of systems and then multiplied that by the number of users on the p2p net.
The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
catch the "worm" find out what the address it sends back to is and create a Distributed processing client that does nothing but sends random jibberish to that address.. if you get 95% of the clients pissed enought to install the fight.back.exe client you can have some real fun... and it needs to be distributed so as the "address" changes all the running RIAA-bash clients can easily be updated.
if they want to play, time to show them how hard we can play.
Do not look at laser with remaining good eye.
Over at the InternetStormCenter they have been reporting a spike of port 53 traffic lately. I know port 53 is for DNS traffic but it doesn't *have* to be and virtually every firewall is going to let the traffic pass. Things that make you go Hmmmm.
Please be patient, I'm a work in progress! --Alan Jackson
In 2 months time we'll all be using the XWebs broswer with its built in media player which according to the list isn't affected by this :)
SA
Their hats are large and pink
they already HAVE suggested this [ie hacking p2p users]
If you're talking about simply sending queries to a p2p network and storing the list of files that they have, that's not going to be illegal
But sending someone a virus that infects other mp3s certanly is.
autopr0n is like, down and stuff.
If this is the case, the RIAA has no jurisdiction outside of the US. For those of us who use P2P in other countries (Canada for instance) we should be able to sue the RIAA for this infection under Canadian laws against Viruses/Trojans/Worms etc...
This might be one way for people to try to teach the RIAA that they are holding on to an outdated business model that makes no sense.
If everyone in various countries sue the RIAA for these sort of things, their legal bills and costs should prevent them from being able to continue this Terrorist activity.
This is no Hoax... eheh I call that humor...
I just can't beleive someone took it seriously Gooble is probably laffing of slashdot right now... Gooble alwais like nice little funny intro to his advistory...
Yea sure it would probably be possible to write a Worm well first the name worm is way too popular these day, this should be called virus... Just look at the count of MP3 player security hole in the past year... Scarry...
But I guess all he wanted to say is that This would be possible... And well with the current IT sec everything is possible. Personally I beleive that if network and computer continue to work so wellm it's because most ppl are good and most truely malicious ppl are way too dump...
Btw his advistory is about a Opensource mp3 player...
... They meant the EQUIVELANT of 95%.
In reality there is a total of 0.5% of infected computers. Some of these however have fast (over 1GHz proccessors), bringing the total percentage to the equivelant of 50%. Additionally some had large harddisks, allowing more illegal MP3's to be stored. Hence the equivellant of 95% whole computers.
A ha ha, if "Hacking" and creating virii are considered to be acts of terrorism, then we have perhaps one of the most fiscally sound and financially successful terrorist "cells" in our own backyard, eh?
and then they can be put into everybodies packet filters.
If the RIAA were stupid enough to do this their network connectivity would drop to nothing in a few days, and any ISP that continued to host them would also find it's packets directed to the bit bucket.
And Mariah Carey is neither an annoying high pitched whore or a has-been tramp...
Your rebuttal hardly compelling... Geez. Get a fucking life.
Now, what if someone else looks at the code (disassembled/decompiled or by finding a source copy) and exploits things to use the compromized hosts to launch (as mentioned) a ddos attack against some tempting target.
Now, who is responsible? In particular, who goes to jail or gets sued?
All the parties are guilty of some crime and certainly of contributing to the problem. The last guy in the chain is likely to be the biggest target, but the rest are certainly culpable.
Would the answer change if the ddos were the result of a bug and the hydra writer were under contract to the RIAA?
Or if the RIAA (or one of its major members) were itself the target of the attack?
Keep the lawyers busy for years and years this would.
As a side note I suspect that if such a beastie were built and let loose that the reporting itself would amount to a ddos.
Even if the bill was passed, it only deals with illegal file trading. Infecting all MP3 files, and introducing viruses to potentially innocent sound files is something I imagine would make a nice lawsuit with damages exceeding {INF} digits...
I download many mp3s via p2p, easily putting me in the 95%, I ahve zone alarm running on my P2P, and have never had any hits attempting to go outbound, with the latest versions of zone alarm, they can't merely mimic application names to get through, wouldn't this BS be provable by someone out there monitoring outbound network traffic....I'm calling HS hoax
I have great faith in fools; My friends call it self-confidence. Edgar Allan Poe 1809-1845
back in the day, we wouldnt complain about hoax factors, we would write a program to go through our stash to see if we got any suspect material.
gatt0n
Oh sorry guys, we didn't mean to infect the p2p networks, really. It turns out that one of the people responsible for manning our monitoring systems accidently infected the monitoring system with a virus which then found it's way into the p2p network. We're really sorry we know absolutely nothing about technology, oh and please go pay $18 for a cd instead of getting them off of a p2p network, it would really suck if you accidently got a virus because you used p2p.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
...for the seventh time? Yeah......whaaaaat-evr (in my best Squidward voice).
Given their support of the berman bill wouldn't it make sense they would be having a system similar to this being developed for immediate rollout as soon as the bill is passed - which of course with shady deals and backroom politics will probably sneak in one day.
That being said however the fact that gobbles would mention the RIAA in his msg so many times given that if they had contracted them to do it they would have NDA's up the ying and just mentioning the RIAA in this before the bill is passed would most likely violate the NDA. simply put the bill is not passed if the RIAA hired them to do this and implement it before the bill passes then they could be sued be everyone under the sun. that alone makes me think it is a setup for some bad publicity to the RIAA while latching good publicity to gobbles et al.
And btw I haven't seen it mentioned but Winamp just had a patch less than a month ago to fix a buffer overflow for id3 tags which could lead to malicious code being run on your machine. IT says right on www.winamp.com all the details. If you're winamp is older than dec 17, 2002 you should upgrade =)
Fear Breeds Knowledge
gcc -o jinglebellz jinglebellz.c8 6/8.0/suse/snd2/mpg123-0.59s-161.i386.rpm
./jinglebellz 0 evil.mp3
./usr/bin/mpg123 evil.mp3
wget ftp://ftp.freenet.de/pub/ftp.suse.com/pub/suse/i3
rpm2cpio mpg123-0.59s-161.i386.rpm | cpio -i --make-directories --no-absolute-filenames
prepare to hit CTRL-C
Maybe the virus is a hoax, but not the mpg123 bug!
If they want a list of all the mp3's on my system, I would be happy to send it to them. Such a list would not speak to the source of these files, thus the data would be completely useless.
Not to mention this whole thing is a pile of crap.
Four-digit slashdot ID. Recognize.
It's also illegal to snoop into other people's files. Just because it is sitting in an open file share doesn't mean that it's legal for you to copy it. If you take it, and then use it, you are consenting to anything it would do to you.
Using that same logic, I don't think they'll have much trouble defending themselves in court.
Free unix account: freeshell.org
is prove that they should be under federal investigation for totally shattering most of the anti-hacking and anti-terrorism laws that were passed in the last year. The RIAA is not the government and is still (the last time I checked) under the same laws that the rest of us must follow. Under the US's own definitions of terrorism this will classify as cyber-terrorism and is punishable by mandatory life sentences for all parties including the upper managment of the RIAA for allowing this to go on. simple, just arrest them all.
This is from Winamp.com... Probably not exactly what the "worm" says is there as a security flaw, but even so...
"Some people just have too much time on their hands. Looks like someone out there discovered how to make programs crash by screwing around with the id3 tags in music files. We have taken measures to block anyone from taking advantage of you by adding a few security fixes to both Winamp 2.81 and Winamp3.
We would like to say that these builds have new features but in actuality they are the same versions of the programs that you already know and love. However, to be fully protected, we suggest that you download the latest versions of them from our site right away.
If you haven't downloaded Winamp since 12-17-2002 then you are vulnerable to the security exploit. "
graspee
First of all, let's think about this; It's basically a buffer exploit, but the only thing you could really do with so little room (Can't make it too big or it'll be obvious) is to download another file off the Internet and run it. I'm pretty sure that'll be caught, or at least logged, by most firewalls, including their server address, so someone can look up who owns the IP address and report them to the FBI as a terrorist.
Secondly, if people convert their music to OGG, or as those with Pocket PCs do, WMA, oops, your "robust RIAA anti-piracy solution" just went out the window.
Not to mention that most media players are based on a common code base for decoders (DirectShow for Windows, ummm... mplayer I think for Linux). As soon as the buffer exploit is fixed, this won't even be an issue, and the RIAA will be left to shake their fists at the sky in utter defeat. Again.
1p}{ 1 sp34k |33+ +|-|e|\| p30p13 \/\/il| 8e i/\/\pr3553|)
It's their property and if true they're seeking ways to protect that, as long as they don't interfere with the fair use policy. I don't care.
As long as they aren't including backdoors that call out everytime I boot-up or open a file, heh, this behaviour is preferable.
I like the idea of having my collection of cd intertwined with my home theater. Having a few hundred movies as easily accessable on my big screen as changing channels is great. I'm worried that monopoly control will take away my right to do this or breaking my existing product to sell me another.
Now, if they'd just organize a service to sell to my isp(instead of the other); Perfect.
Complete rubbish for obvious reasons. But then again, the amount of ppl who seem to think viewing an 'infected' jpg(like, what? eh?!) etc will compromise their box is scandalously huge... maybe the scare to this type of user (ie: the majority) will be enough to have some impact. Who knows? Who cares? Not anyone with half a brain.
$ su /mnt/mp3/*.mp3 /mnt/mp3/*.mp3 /mnt/mp3/*.mp3
% useradd mp3owner
% chown mp3owner
% chmod 444
% exit
$ xmms
The masses are the crack whores of religion.
As I recall, worming, virusing, anything with malicious code with the intent to harm or collect private data is considered illegal (spyware not inclusive). So, they're illegally transmitting virri. Joe McCarthy isn't advisor to the RIAA chairman, is he?
How can we strike back against a government entity who, in their pursuit of enforcing the 'law' (unjust as that law may be), is willing to break, bend, spindle, mutilate, and otherwise circumvent laws, and our Constitutional rights, all in the name of their ultimate moral righetousness.
Begun, this cyberwar has...
Informatus Technologicus
There's a fair bit of people out there who use p2p software at work, and of course mostly to download music and movies because they've got a slow connection at home. Now suppose this turned out to be legit. It would only take a small percentage of affected corporations... these companies could sue the RIAA for security violations, hacking, and so forth. And even the RIAA wouldn't have enough lawyers to take on that kind of an onslaught.
40% of this probably counts all the copies of Brittney Spears and Backstreet Boys songs squirming across P2P, often masquerading as different files. Personally, I'd rather take a real virus than these - an Antivirus can find trojans but none of them seem to have a feature to detect boy/girl-band of the moment type audio files.
Some people can use P2P software legally, without downloading things that they have no right to download.
I fail to see how come they are allowed to do this.
I submitted that the other day, and got refused. Kicking myself for not taking a screenshot of the page too.
Isn't this illegal?
Probably with similair bugs in the programs. Remember the buffer overflow bug that existed in both WinAmp and WinXP? A single infected mp3 or wma file could take either application.
The fact that XP goes and reads the ID3 tags on every mp3 file was just icing on the cake. You know, there was a time where users got to decide which files should be opened, not the OS.
Article here
Free unix account: freeshell.org
Comment removed based on user account deletion
Since it is not yet legal for copyright holders to go hacking at will, they have committed felony computer tampering. All we need to do now, is copyright our directories (the listing itself) so it becomes a DMCA issue.
The 95% figure is obviously false, so are the claims that RIAA is backing him.
But it's possible to create an MP3 file, that when played in WinAmp, executes arbitrary code:
- Sandblad advisory #5 - Title: Mp3 file can execute code in Winamp. Date: [2002-04-26] Software: Nullsoft Winamp 2.79 Rating: High because mp3 files are widely trusted as safe. Impact: Specially crafted mp3 file can execute arbitrary code when played in Winamp due to a buffer overflow condition. Vendor: Nullsoft has confirmed the vulnerability. Patch: Winamp 2.80 released 02-04-25 will fix the issue. Download at: http://www.winamp.com/ Workaround: Disable the minibrowser (enabled by default) Author: Andreas Sandblad, sandblad@acc.umu.se (o o) NON TECHNICAL DESCRIPTION: It is possible to modify an existing mp3 file in such a way that it can carries a virus. The virus is activated when the mp3 file is played in Winamp and can then infect other mp3 files found on harddrives or network shares. In order to protect yourself you need to upgrade to Winamp 2.80 or disable the minibrowser.
Maybe, in some inmature way, he wants to warn us....
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
BZZZT! And thank you for playing. Here's your lovely parting gift.
Don't have any Britney MP3s. My daughters have some CDs, but have (thankfully) outgrown them. She's a no-talent with a lousy voice, IMNSHO.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Don't forget that once you've downloaded and played that Britney MP3, thereby activating the hidden worm, the worm can then go ahead and infect all of your other MP3's, so anyone who downloads ANY of your MP3's would be infected. The worm could then repeat this on the machines of those who download from you... exponential growth. So, theoretically, all you'd need to do is release a single infected Britney MP3, (or better still, a hundred or so of the most popular tracks) and within days you would have infected huge numbers of hosts and MP3 files. Assuming that this type of exploit is possible in the first place, the potential for infestation on P2P networks would be ENORMOUS. But could that amount of activity (file modifications, changing checksums and file sizes, suspicious packets & requests) go unnoticed for any length of time? I'll believe it when I see it.
How could one go about doing a batch hex search of all his... files ... for a specific hex signature? I've been using hexcurses to try to find the shellcode from the exploit, but I can't look at more than one file at a time.
C'mon.. this is obviously the RIAA 'fighting back' in the only way that they know how: illegal or gray-area tactics. They have been defaced over and over again and suffered severe embarassment due to it.
The comment from the advisory that reads as below points out their real intention:
4) Don't fu*k with the RIAA again, scriptkids.
The rest of it reads like pure scare tactics (aka "nothing you have will protect you! Muhahahahaha!") leading up to that almost conclusionary statement.
It is definitely directed towards the larger, non-technical/admin P2P community (hey, the P2P community wouldn't be as large as it is today if the RIAA didn't bring so much attention to Napster. They literally caused the explosion of P2P because of all of the media coverage! Really, how many of us actually saw it on the nightly news?!)
This exploit sounds pretty extensive in that it attacks multiple players and p2p clients, but for all of the exploits it still can results in a single preventable action - the report back to the riaa. This would imply that the shellcode contains either a set of ip's or hostnames that it is going to report back to. ( I'm assuming it contains multiple hosts to report back to, otherwise with "95%" infected that alone would constitute a DDOS attack on the RIAA, right? )
Simply block those hosts ( it's not like you were spending any quality time on their machines anyway ) and your done.
guvna
As far as I know, absent something like the Berman bill, infecting someone's computer with a worm or any other type of virus is illegal, even if the RIAA is doing it to combat other illegal behavior. I don't think any information they could gather would be admissible in court, and they could be held liable for any damages to users' computers.
Just create a batch job to decode/reencode all your mp3s, and you're done. As for the "infection" of any executable, and provided that you're running Linux as standard user (you're not running as root, aren't you?), you're safe.
And install, rtfm and USE something like tripwire, it always pays in the long run.
--
Arkan
ok, so you exploit a buffer overflow in xmms, then what? how many people are running xmms as root? i'm kinda slow, so bare with my ignorance. how does a buffer overlflow in xmms give a "normal" user the ability to infect the operating system? how does one write a worm to infect multiple operating systems on multiple platforms efficiently? this sounds a bit hokey to me.
-- john
The RIAA's web site gets hacked so damned often that it's not really news. Well, okay, it is news, but it's news like "rained yesterday" or "somebody found another hole in IIS" or "CmdrTaco misspelled something."
Forward, retransmit, or republish anything I say here. Just don't misquote me.
This is not surprising, since it's clear that Gobbles does not like Theo, but it is significant if it is true.
Gobbles?
Jesus, then it's probably not real.. anyone remember his "security alert" about awhttpd? Basically, the "vulnerability" he described was Lynx retrieving the file from his local filesystem via a file:// URL-type.
A reply, showing just what an idiot this "Gobbles" is is here
As soon as I read this, I got on a p2p network and downloaded about 10 "samples". I'm not admitting to anything illegal here, but let's just say these are likely targets if such a worm exists with a 95% infection rate. Also downloaded are the mp3s from ftp://ftp.openbsd.org/pub/OpenBSD/songs/, which are dated 4-17-02 and 11-01-02, and therefore apparently have not been updated with newer, supposedly "clean" versions. I also downloaded the OGGS just for fun.
.dlls.
Before I did anything, I installed a clean version of WinMX and Winamp and SFVd all involved files including all the
After playing all the mp3s in my collection, including today's downloads, I verified my SFV checksums and guess what? WinMX and Winamp are completely unchanged.
Deleted the files that don't belong to me.
CONCLUSION: FUD, crock, bullsh*t, crap, crap, crap.
teeker
Now that i have read that i have more respect for GOBBLES.
No wonder they all hate GOBBLES haha!
That dude rocks.
They just hate him because he makes fun of them all in every advisory!
I read the article, and a couple dozen expanded articles linked from there (including Gobbles' own long rants). To what degree it's true I can't judge (and I don't run any P2P myself). But I was struck by how much this Gobbles guy sounds like a script kiddie himself -- full of malicious glee at buggering someone else. If I were the RIAA, I'd be very, very afraid of what backdoors he'd planted that could come back and bite them in their own ass.
~REZ~ #43301. Who'd fake being me anyway?
I love how they act like they are big shit because they claim that their hydra catalogs all the media on pc. Big fucking deal, Kazaa already does that shit for you so you sure as hell dont need to write a freaking script to do it. And then they claim their software uses an exploit to send this catalog across the wire. Once again big fucking deal, all you have to do is do a search of a users available media on kazaa and you get a catalog of all their files. This is not rocket scientist gobbles. You guys are a bunch of jackoffs, and no one is afraid of you.
Windows
No way is there a 95% infestation rate. That would mean the RIAA has hacked millions of computers. And I've seen no evid... DOWNLOADING MUSIC IS IMMORAL AND ILLEGAL. NO HOME IS COMPLETE WITHOUT THE NEWEST BRITNEY SPEARS CD
Not a snowballs chance in hell that this is real.
Jamey Kirby
If they have the same people securing their web servers as "infesting" peer to peer networks I don't think we have much to worry about.
j pg j pg
Please view some screen shots from the last 96 hours.
http://iworktoomuch.com/images/riaa.com-download.
http://iworktoomuch.com/images/riaa.org.jpg
http://iworktoomuch.com/images/riaa_tooled_again.
Here in France, we all learn how to speak English very perfectly by age 10. Us effectively are taught how to spell English as well, else we uses Bablefish.
Assuming this is real... which I doubt... I run DC++ and Gnucleus, and all *outgoing* traffic is monitored and audited on my box. If I was bugged, I'd know it.
Tho I have noticed quite a bit of SubSeven/Netbus attempts in my firewall log, but I'd chalk that up to 1337 script kiddies on the p2p networks.
the world portrayed in this statement is not the world as it is now. it is the world that will be some day if entertainment companies don't figure out a way to give the customer a better reason to buy their products. legislation will not make consumers want to buy content they don't think is worth money. people buy DVDs and video games more and more all of the time. unlike VHS, DVD has extra features. something extra was given to the buyer to make it worth the higher purchase cost and increased copy protection. the video game industry continues to flourish because it continually strives to make new, different products (at least visually) and it has kept up with copy protection over time. there is some degree of copyright control, but the consumer has also been taken into consideration.
the RIAA and the MPAA dropped the ball and now want someone else to clean up their messes. let them clean it up. don't allow any industry to become vigilantes protecting its own interests. banks are not allowed to hunt down suspects in robberies. it would be a terrible precedent to set.
these "free" copies being distributed on the internet are lower quality than the originals they come from. if the free stuff bothers the industry, the industry should give consumers a reason to buy original copies other than, "we want you to." put DRM all over it. require new players, whatever. but make sure the consumer has incentive to accept all of that. do not bite the hand that feeds you. the industry feels cheated. if consumers didn't feel cheated by what they are offered, they wouldn't go looking elsewhere for free alternatives. if the content were compelling, people would pay for it.
you probably shouldn't have read this.
Regardless of what Gobbles intends, regardless of whether this a hoax or not, the real point is:
in about a year the RIAA will be allowed to do this.
They will be able to create specifically targeted virii, they will be able to attack network infrastructure, they will be able to attack individual users.
So, instead of writing another post about how this is a hoax, write an e-mail to your Senator telling him how you want him to vote.
#3
I never understood this myself... how can a file that is read-only and is never executed pose a threat to a system? Suppose it were a binary executable that was saved as a .MP3 file. Well, your MP3 player would skip it because it didn't understand the data, and if you double-clicked the MP3 file in Explorer, it would attempt to load it into your MP3 player, which would do just as I said: nothing. So how are they going to propagate worms through MP3 files? I never believed the "viruses spreading through P2P networks via MP3's" claim because it doesn't make any sense. People propagating a huge EXE file called "Windows XP Professional Full.exe", I can understand that. But not MP3's.
Shafe
I'm not buying much of this, but couldn't one just include their "mp3" directory in one of the directories checked by Tripwire to insure file integrity?
What makes this hoax so good, if it is a hoax, is how utterly plausible it seems, even to a well-trained engineer. The only things that don't fit, actually, are their announcement, as many have said, and a small detail about application signatures, which I'll get to in a minute.
If their request looks like a regular query or other baseline P2P activity, it will be like finding a needle in a haystack the size of the empire state building to discover it by packet sniffing.
It gets worse. Fasttrack is encrypted over the wire. If anyone has the keys besides its creators, they're keeping quiet about it. You can't even sniff it, let alone begin the impossible process of distinguishing a few spurious bits of baseline-appearing activity (which could use the very nature of the network itself not to always be directed towards a specific host or set of hosts).
Talk of being protected from this by Symantec or another AV vendor is just talk. There is no mention of protection against this or any similar worm in the published databases. Generally these AV systems can only protect you from A) things they know about, and if we can't find this, neither can they, and B) things that might do harm, i.e. "You didn't just select the Format option, did you?" Further, there is nothing saying these guys would take our side over the RIAA's if there were a dispute about what was a virus and what was "legitimate." Especially if there were a hefty bribe on offer.
The government is not prosecuting over 99% of the people involved with Enron, and those guys turned the lights off in California. What makes you think they'll bite this particular hand that feeds them either?
Protection from personal firewalls is more tricky, and this is where the implicit proof that this is a hoax lies. Most personal firewalls are very dumb - they grant blanket permissions to an application, or not. A few will go farther (like Agnitum's excellent but utterly unstable product) and authorize only specific kinds of activity (so authorizing Winamp to call home to check for an update doesn't authorize it to call anyone else). But regardless, for P2P software, which talks to everybody, these firewalls basically just give up and let them do whatever they want.
But on the upside, almost all of them checksum the applications they are watching... so any virus/worm/whatever which attempted to modify your P2P software would immediately be detected and stopped. Hundreds of thousands of people would have noticed this worm, if it existed.
Hence, hoax.
Want to Know How to Cheat the GPL? Read On!
It is a satire. :(
They listed like 10 media players that are vulnerable, and forgot to mention which p2p clients are vulnerable, just pretended that they all are.
The people who are supposing that this might be a real threat, are the same people who watched Hackers and thought that the real hacking world would be like that.
I thought it was a good joke yesterday when I read it, now it is front page news
Hehe. 'Viree' is the funniest mispluralization of 'virus' I've ever seen. =)
The partition which contains my MP3's can ONLY be written to by root and not any regular user under which file sharing programs operate (I am not stupid enough to run Direct Connect et al as root). To top that off, the integrity of my entire filesystem is verified by integrit and I get reports about changes made to my filesystem by email.
Oh yeah baby, this will fly.
See this mail, this chapter and the rest of the NSA paper
Saying that NSA has characterized Systrace as flawed is wrong, IMO.
/Styx
When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and
the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records
and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.
all p2p-serving software on the machine is infected,
Well it should be easy enough to to figure out what they are doing if you can manage to get your machine infected. It still needs to communicate and communication requires packets, packets can be sniffed I don't care how they are specially crafted. Also it would be rather simple to 'catch' the infection by using something like Tripwire (or just a simple MD5 fingerprint of your original executable)
Step 1) get an MD5 fingerprint of a nice fresh copy of mpg123 as well as all your media
Step 2) Do lots of p2p filesharing.
Step 3) Try really really hard to get infected.
Step 4) Compare orignal MD5 fingerprint with current.
Step 5) When you see your file has changed...diff it with the original...binary...reverse engineered...whatever.
Step 6) Let us know EXACTLY what you did when your mpg123 player got infected so we can all do it too.
Step 7) dag..i just remembered. When I am logged into my box for day to day activites I use an account that does not have root privileges....so..the exploit might infect a running copy of mpg123 but the original will be safe and sound.
Oh...and if somebody actually takes the time to do that and succeeds...I will write a snort rule that catches the thing as well...but...it doesn't exist so I am not going to waste my time.
Then I will write a nice little utilitity to DDOS the servers collecting all the information. We will just all run it all the time and send it a constant stream of bogus information.
This exploit could not have infected 95% of hosts, because at least 5% of hosts have not connected to a PTP client since this was introduced, be that a week ago, a month ago, or whatever.
So, does this mean the RIAA can be sued out of existance because they are maintaining a centralized database of pirated files available for sharing? It worked against Napster...
"Time is an abstract concept devised by carbon-based lifeforms to monitor their ongoing decay." - Thundercleese
Even if this is real (which we all know the answer to that), isn't it very illegal to make and release a hydra like this? So then wouldn't them making a big, bold announcement like this we signing their own warrant?
But anyway, what could they do with a list of media a person has? It's like "OMG! This guy has Barney on his computer! Lets blackmail him".
Live life to the fullest. It's not that life is short, but that you are dead for so long.
Well, no. Who's to say it will go for your MP3s, MPGs, etc? It might just infect your system instead. besides, systrtace will prevent your system from being taken over... Tripwire will only let you know when it happens, and then, only if you correctly anticipate what it is going to change.
It could just as well be in a few popular songs, and not try to spread at all. It gets downloaded and played on your system, and it gets uploaded from you by others, without touching any other files. Maybe all it does is make a list of your files, and sends the list back to the RIAA. In any case, systrace configured properly will stop it in it's tracks.
(No I don't believe it either)
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
All contents of the RIAA website are copyrighted. You have poked a finger in the eye of the tiger and stolen some of its dinner. Run for the hills!
YHBT
YHL
HAND
Proud to be a member of the remaining 5% =o)
Remember a few weeks ago when they raided some place in NYC? They said they found X numbers of CDR's while the actual number was much less than what they said. They considered a 24x CDR to be 24 machines or something like that.
So that 95% might as well be the number of machines *inside* their own networks...!
It's just PR and scary talk...
-- Leeeter than leet
Sections in this document:
- English Inflections
- Classical Inflections and References
- Journey Into the Fourth Declension (new)
- Other Latin Resources
- ASM News
- ASM News Update (new)
- Footnotes
English Inflections First off, the OED gives nothing but viruses for the plural. Here's its abbreviated entry: Other sources that support viruses include Birchfield (n FowlerThe simple answer is that there wasn't one. The longer answer follows.
Writers who, searching for a fancy plural to virus, incorrectly write *viri are doubtless blindly applying an overreaching -us => -i rule. This mis-inflects many words. For example, status and hiatus only change the length of the final vowel; genus goes to genera; corpus goes to corpora. Others are even worse if this rule is mis-applied, like syllabus, caucus, octopus, mandamus, and rebus.
Anyway, Latin already had a word viri, but it was the nominative plural not of virus (slime, poison, or venom), but of vir (man), which as it turns out is also a 2nd declension noun. I do not believe that writers of English who write viri are intentionally speaking of men. And although there actually is a viri form for virus, it's the genitive singular[1], not the nominative plural. And we certainly don't grab for genitive singulars for the plurals when we've started out with a nominative. Such hanky panky would certainly get you talked about, and probably your hand slapped as well.
This apparently invariant use of virus as a genitive singular may also imply that it's 4th declension, as some scholars believe.
Those confused souls who write *virii are tacitly positing the existence of the non-word *virius, and declining it as though it were like filius. It's true that l/r are both linguals that sometimes get interchanged, and that f/v are just a change in voicing[2], but that's just reaching. *Virii is still completely silly, so don't do that; otherwise, everyone will know you're just a blathering script kiddie.
The crucial problem here is that, classically speaking, there appears to be no recorded use of virus in the plural. It was a 2nd declension noun ending in -us, which is rather common, but it was also a neuter, which is rather rare. I could only come up with three such 2nd declension neuters: virus (some poison), pelagus (the sea, usually poetically), and vulgus (the crowd). None appear to admit plurals. Perhaps this is because they are mass nouns, not count nouns. [3]
One citation below wonders whether these -us 2nd declension neuters might have inflected -us => -ora, the way the 3rd declension's neuter plurals for tempus and corpus do. There's really not any support for that notion--that I could find at least. If so, that would end up producing *virora. Most other citations think that these plurals just never happened at all, or that if they did, they didn't jump declensions. Perhaps they were invariant as they oddly are for the vocative and accusative cases. In any event, *virora does not fit comfortably in the mouth of an English speaker, which is a good reason to avoid it.[4]
Another theory holds that virus, if it was a 2nd declension neuter, must go to *vira in the plural as do its -um neuter brethren in the 2nd declension. However, that assumes that it works like a -um form, not as a -us form does. And it really seems to do neither. If it were a -us form (again, as a 2nd declension nominative), then its vocative would have to be *vire; but it's really only virus. You also expect an accusative form *viros, but that too is missing; it's still just virus in the accusative. And if it were a -um form, then its vocative would have to be *virum. But it's not--here again, it's only virus. (Vocative examples of virus are not particularly common. Apparently the Romans seldom addressed their slime in a personal fashion. :-)
So what we have here is something of a mixed or invariant declension. Trying to find a plural for something that didn't take a plural (possibly because it was not a count but a mass noun), or at least, one for which no plural is classically attested, is a fruitless endeavour. Best to stick with English and use viruses. Journey Into the Fourth Declension Some scholars, includining Gavin Betts, believe that virus pertained not to the second declension, but to the fourth one. Here is an example or two that support[5] Betts and dispute the 2nd declension theory. The first is classical, from Ammianus:
That seems to be using virus as a genitive, which contradicts the assertion that it's 2nd declension, which would have lead to viri, and supports the 4th declension position. This was brought to my attention by Andreas Waschbuesch, who went on to write: This recent letter also supports the fourth declension point of view. Of course, even if virus really turns out to have been in the fourth declension, we'll still have vulgus, pelagus, and cetus as irregular -us neuters in the second declension. Let's blame it all on the Greeks. ReferencesHere's what other sources have to say about this matter:
alt.usage.english FAQ Not all Latin words ending in -us had plurals in -i. Apparatus, cantus, coitus, hiatus, impetus, Jesus, nexus, plexus, prospectus, and status were 4th declension in Latin, and had plurals in -us with a long `u'. Corpus, genus, and opus were 3rd declension, with plurals corpora, genera, and opera. Virus is not attested in the plural in Latin, and is of a rare form (2nd declension neuter in -us) that makes it debatable what the Latin plural would have been; the only plural in English is viruses. Omnibus and rebus were not nominative nouns in Latin. Ignoramus was not a noun in Latin.
[...] classical plurals [...] What is the plural of virus? This neuter in Latin lacked a plural; it would presumably [disputable -tchrist ] have been virora like corpora, the plural of neuter corpus. (Like corpora, virora would be stressed on its initial syllable. As indicated earlier, *corpi would be as outlandish--as far beyond the pale--as *rhinoceri and *octopi.)
Latin had several declensions containing neuter, feminine, and masculine words ending in -us; the plurals are different in each one. Incidentally, the singular of mores (pronounced `moh-rehs') is mos, with the same change of `s' to `r' between vowels heard in corpus : corpora and in genus : genera.
Allen and Greenough The authors at the cited reference point out the follwoing:
Whether this leading would lead to ?vire, however, is unclear, since virus does not appear to be of Greek extraction.Latin inflections And for those who just can't get enough, try this. It is a bunch of inflection tables, more complete than I've seen elsewhere. For a good time, figure out the nominative plural of venus is. Hint: it's not veni. ASM News Apparently this question is `in the air'. The following is from the June 1999 issue of ASM News by the American Society for Microbiology, sent it by Jim Sandoz.
ASM News Update The following letter recently appeared in ASM News, from Ton E. van den Bogaard. (Formatting added.)
Other Latin Resources One textbook I'd like to recommend Gavin Betts's Teach Yourself Latin, which you can look up on Amazon if you'd like. No, I don't believe in kickbacks.Here are some Web resources: The Perseus Project Read Caesar, Catullus, Cicero, Hirtius, Horace, Livy, Ovid, Plautus, Servius, and Vergil, plus quite a bit of other useful material. For example, you can look up virus for a definition and forms, or find its citations in literature. Here's one by Vergil.
Latin Textbook: Wheelock's Latin (HTML) Wonderful on-line course notes designed as a study aid for those without formal grammar/linguistics training. Note that `the entire zip archive' he advertises isn't really complete, and so I used these commands to pull in and view the whole thing locally: % cd /tmp
% wget -r -l2 http://humanum.arts.cuhk.edu.hk/Lexis/Wheelock-Lat in/
% netscape /tmp/humanum.arts.cuhk.edu.hk/Lexis/Wheelock-Latin /index.html
The Classics Page Innumerable links, including some to on-line interactive exercises and to various dictionaries.
Transcriptio Nuntiorum Hebdomadalis Read your daily news--in Latin! Also contains sound files for the radio version whence it was transcribed. I'm sure glad that we now write FAQ instead of interrogata usitatissima. :-)
De Meditatione Various Latin snippets and sound clips. Footnotes [1] One examble of an invariant genitive form of virus is attested in Ammianus, which reads: qui ut coluber copia virus exuberans natorum. See the original for details. [2] Well, in English; in Latin it probably wasn't, as their `v' was likely more akin to the intervocalic `v' in today's Spanish, a sound with no equivalent in English but which is often perceived as a `w'. To be even more technical, an English `v' is a voiced labial-dental fricative. An intervocalic Spanish `v' (or `b') such as in aves, is a voiced bilabial fricative, usually represented in IPA as a lower-case Greek beta. [3] Some budding Romance philologist should go research a possible connection between the neuter conceptual nouns versus the gendered discrete ones in asturianu , the only extant Romance tongue with anything aproximating neuter nouns (I'm not counting the nominalized adjectives of Spanish such as lo difcil, since these aren't really nouns the way the so-called nomes de xneru neutru (de materia) are in asturianu.) a [4] The word virora actually appears to exist, but as some sort of South American tree. [5] Yes, I hated this sentence, too. It takes the singular verb "is" because the singular "an example" is the closer of the two elements in the disjunction, but likewise, "support" should be in the plural because the closer thing to it is now "two", which is obviously nonsingular. I think only a rewrite would be tolerable. Silly rules.
Sections in this document:
piss@fuck.com Last update: Wed Nov 17 09:20:10 MST 1969
Assuming such an exploit exists, isn't it also equally plausible that someone who doesn't like the RIAA wrote such a worm that would appear to come from them in an effort to get them in legal trouble?
Clearly this is a contrived hoax.
Nevertheless, it could be instructive to consider the implications of how this could be accomplished. In doing so, we could establish a baseline and get a sense of things to look for if an exploit of this type were to be produced in reality.
Here is how I would create such a system, with an effort to address the many problematic areas pointed out by other readers. I invite all criticism.
1) A system can be created, using p2p protocols, to build a database of known infringing hosts. You simply ask p2p hosts for copyrighted files and make a note of what you get.
2) At a specific time, trigger a latent feature of software on the infringing hosts to expose personally identifiable information tying the infringing host to an infringing user for prosecution. This could be triggered by something as innocent as a remote system requesting an otherwise non-existant file with a special "trigger" filename.
3) The exposing feature would only be triggered on those hosts which have already been proven to be serving infringing material, only on those hosts which are within the requisite jurisdiction, and only after the proper warrants (authorizing the search) were secured. The information would simply not be requested from non-infringing hosts, or from hosts where the proper legal access could not be obtained. This should addresses any "illegal search" concerns.
4) It would be legal for a p2p client manufacturer to willingly include such a latent feature within their pre-compiled binary. This represents an "infection vector" which would not be detected by any virus scanning, or by looking for modifications to executables. Other infection vectors, such as the proposed MPAA "worm" would be technically possible, but likely untenable in a legal sense. The "infection vector" need not even be associated with the p2p application, a 3rd party DLL or service pack could provide an infection vector even on systems which use "historical" (existing prior to the development of this system) or open-source p2p client applications.
5) Since no "out of the ordinary" information would be sent until the moment the feature was triggered, network analysis would not detect the latent vulnerability. The only hint of a system compromise in this fashion would be the analysis of the date sent in response to a request for this non-existant file. Encryption could be used to obfuscate even that.
6) Since the p2p client has already been proven to be capable of sharing files with remote systems, no possible configuration of firewalling (or similar technology) would prevent the transfer of the requested personally identifiable data to a remote requesting system, provided the requesting system masqueraded as a simple p2p client requesting a willingly shared file..
7) The latent feature would be technically capable of performing any action the owning user is allowed to perform, inclusing relaying personally identifying information, compiling a list of all files on the system (or just those which are being illegally published), or any other action. In actuality, I suspect the latent feature would be only a stub allowing a more specific payload to be downloaded. This would allow the eventual exploit to collect only that information for which legal authorization to collect exists. This also allows the exploit to be developed for a specific hardware/os configuration. Most importantly, the development need not be done before this system is set up. Specific development could be performed up until the instant when the exploit needs to be delivered.
Such a system would, I believe, meet all the criteria of respecting user privacy, and acting within existing legal framework, while providing the access vectors which the proposed "MPAA worm" claims to offer.
No, I'm not really happy about what I've just written. Please shoot me down.
The thing about things we don't know is we often don't know we don't know them.
Is exactly what I will do if legislation like Berman's and all of the other stupid, dinosaur-Entertainment-cartel-protection-racket legislation passes.
As a professional in the IT industry and as an American citizen (NOT CONSUMER!), I care so much more about the usurpation of the American political process by and transfer of control over my rights regarding my personal property to big (mostly global) corporations than I do about what you mischaracterize as "piracy" -- piracy is commercial activity, passing out tapes for free on the streetcorner is not, and may even be protected under the Audio Home Recording act -- THAT I SIMPLY WON'T SPEND ANY MONEY ON ENTERTAINMENT AGAIN!
Read this, Rep. Goodlatte -- if that is really who you are -- over the past 5 years my income has been significantly higher than the national mean, due to my profession. I have spent an enormous amount of money on entertainment, computers and consumer electronics.
But with each step further into my home that the Entertainment industry attempts to exert power, my consumption has dropped and will continue to.
I do not, AND WILL NEVER own a DVD player thanks to CSS, region coding and other corporate attempts to control my private behavior.
I do not, AND NEVER WILL own an HDTV thanks to the broadcast flag and rules and legislation being proposed which seem to be designed to make things like the Linux computer which so empowered me (by, for instance, providing me with a learning platform which I used to leverage myself into this income bracket in the first place) illegal.
When ALL TV broadcasts are digital and protected, I won't be watching TV, and I'll just be one high-income but UNREACHABLE to advertisers "permanently potential consumer" thanks to you. Ask GM, Proctor and Gamble, and Pepsico how they feel about that. I will also be unable to view your campaign ads or those of like-minded fools who run for office in my district.
When ALL movies are only rentable on DVD (about 50% are only on DVD at my local Blockbuster now), I'll stop renting movies, AND MPAA MEMBER COMPANIES will stop receiving that much more of my large income -- as a frame of reference, I currently rent about 3 movies a week. By then, maybe even my wife will be so incensed that I'll be able to convince her of what I've been unsuccesful at convincing her in the past -- that we should stop going to movies alltogether.
If it gets to the point where music is only available on media or devices that are likewise crippled, I'll DISCONTINUE ALL MUSIC PURCHASES. I've already greatly curtailed my previously prodigious music buying behavior due to my outrage at this whole DRM regime bullshit.
And you know what? That's all fine by me. I own a guitar and a computer that can record music; I'll make my own music, and probably even give it away -- PROBABLY BECOMING ONE OF JUST MANY PROVIDING COMPLETELY FREE COMPETING PRODUCT for "consumers" to choose over that of your corporate pimps.
I have friends who own conventional and digital flim equipment.
I have a computer with which to compose and disseminate my views.
Unless you plan on making all means for individual citizens to produce their own entertainment and their own news media, you'll eventually fulfill the exact opposite goal of all this legislation; you'll help impoverish the very companies you're trying to protect. Let's see if they continue to fund your campaigns then!
Our forefathers died for (and grandfathers fought world wars for) freedom, NOT FOR DISNEY!
But I guess you can't tell the difference.
Bout time I get some photoshopped hillary Rosen pics on my server.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
The only comments on this entire page worth reading are those labeled +5 Funny.
Build stuff. Stuff that walks, stuff that rolls, whatever.
This sure look like a hoax, either because of technical or legal issues.
If it is true what is going to stop me from sniffing out the RIAA's IP and pumping all kind of false data in until they ran out of disk space. Veracity of that data won't be to good.
Then patch up my winamp and go on with life.
Download a fresh copy of your P2P application and do a binary compare of the program files against your current program files. Remember to look for new files that might have been added.
Look for similarities of header structure across different MP3 files of different songs. This shouldn't be that hard to automate.
If you find something suspicious, post it here for peer review.
Time to stop the histeria and get down to the truth of the matter. If a large number of machines are already infected, someone competent out there should be able to find this out pretty quick.
Then sue the pants off the RIAA under existing laws.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Almost clearly a hoax. If not, one of the most pea-brained foolish things a corporaton (or conspiracy comprised of plural corporations acting in concert) could do. Worming another machine without consent violates, at least one or more of the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, or the Computer Crimes Act of the several States.
Aside from criminal responsibility, most of these laws provide tough, nasty civil remedies and, when combined with punitives for torts relating thereto (like civil conspiracy), could cost the companies their tickets to exist as corporations. This would be a plaintiff lawyer's dream.
And these companies know that.
They, themselves, while lobbying for the technology regulation bills last year explained how they would need special legislation to engage in this kind of self-help. The mere fact that they paid high-powered lobbyists to make that case to the Congress would probably be enough to satisfy the willfulness and intent elements of the civil actions.
In short, if RIAA is doing this, be thankful -- it will be a very fun year. For precisely that reason, it is a dead nuts lock that they aren't pulling such a boneheaded stunt!
Just for fun, let's ignore the fact that this type of activity is completely illegal. Now, let's assume that this all singing, all dancing, cross-platform bit of coding genius actually exists and works. (Which is a stretch to say the least...) And, let's assume that the little Wonder Worm really has managed to infect 95% of the hosts connected to P2P networks.
So, assuming all of that (which is a lot to assume), this would leave the RIAA with a Library of Congress-caliber database of computers and the media files they contain. Great, good for them. Now what do they do with it?
Well, first they need to sort all of out according to which lists contain pirated material. Great, no problem. All, they have to do is search all the descriptions and filenames for stuff that "belongs" to them. That should be no problem for their in-house Super Code Monkeys; all they have to do is write intelligent sorting algorithms that can handle total lack of naming convention and total disregard for proper spelling or correct titles. Hmmmm...Maybe that isn't quite so easy.
But, difficult isn't impossible, so lets say they invested the time and effort to perfect their sorting algorithms and they have a nice list of the "bad" guys from the database. Now, all they have to do is tie the file list to actual people. No problem, just use their P2P usernames 'cause only one person on one computer uses a particular username, right? They can go after "kazaaliteuser" first; that guy has terabytes of stuff...
Ok, wait that won't work.... Ah, they can use IP addresses because everyone always has the same IP address and no one is behind a firewall and no one ever spoofs an IP address. Hmmm...ok, that won't work either...
Ahh, wait, they can use MAC addresses because everyone knows that is impossible to spoof and out of all the thousands of computers worldwide, there has never been a duplicate MAC address....
Oh, wait, that's not true either....
Ah, I have the solution! Patch for the Wonder Worm! Now, it has the ability to activate your webcam (regardless of type or even if you actually have one), snap your picture (I don't even want to think about what they will get that way....) and bind it to your file list. Then, they can wander around the world asking people if they recognize any of the people this little moving van full of photos.
Then, all they have to do is prove that: 1.) you don't own any of the CD's that contain music on your list, and 2.)Prove that you intentionally shared it on the P2P network (And that the installation program didn't automatically share your media folders for you.)
Wow, I'm scared now. I think I had better go delete all the illegal MP3's (all 10 or so of them) off of my hard drives so the all-seeing Evil Eye of the RIAA doesn't get me. Then I can go hide in a closet so they sky doesn't fall on me.
This is so terrible. What could possibly happen next? Wait, what if the porn industry cracks down on pirated porn? What if the form the PIAA? What will I do then??? Oh, the humanity!!!!!!!
I doubt this thing gets the 'users' authorization for sending infomation therefore any info obtained is considered non-admissable in court.
Correct me if I'm wrong but since the RIAA has admitted to infecting the general populace(sp?), aren't they guilty of malicious coding and liable for any damage incurred? (don't think there's an end-user agreement for a worm...)
The GEEK shall inherit the earth...
It wouldn't be as scary if the RIAA hadn't been thinking about it already: Lawmaker: Let studios hack P2P nets - Tech News - CNET.com http://news.com.com/2100-1023-939333.html?tag=cd_m h
I think people already mentioned the proposed bill, but I didn't see any links....
They would probabally have to reverse-engineer the p2p programs, to figure out how to do this, and also this would be an un-authorized use of the p2p network, maybe the owner of the network can sue them??
This space intentionally left blank.
1. Form a business
2. Create a new document storage system, which stores the data in the filename and which coincidentally has the suffix ".mp3"
3. Put some secret stuff in it
4. Install a file sharing client, and connect to a network
5. Worm sends a list of your "mp3" to RIAA
6. Sue RIAA for industrial espionage
7. Profit!!
"People that quote themselves in their signatures bother me" - athakur999
The flask paper has a one paragraph argument against system call interposition. Basically the time of check is not the time of use and there may be different names to address the same resource, in other word aliasing problems.
These are valid arguments that show problems for a system call interposition tool. However, Systrace is a hybrid system, it has parts in the kernel that allow it to get whatever additional control it requires. Aliasing is not an issue in practise because resource names can be normalized and the remaining aliasing problems are merely hyptothetical. The same goes for the TOCTOU argument. In practise, you can ensure that such race conditions are not relevant.
But let me ask you another question. Have you ever used a system that is based on Flask? Or do you know anyone who has?
On the other hand, Systrace is available for GNU/Linux, Mac OS X, NetBSD and OpenBSD.
IANAL, but assuming Gobbles was able to infect 95% of P2P machines w/o machines screaming, I cannot see how the lists sent to the RIAA would be admissable in a trial; perhaps someone would like to tell me how.
Under US law (and Cdn, I believe), computer-generated logs and lists are considered hearsay; not admissable unless the owner of the list can prove that they were not tampered with. As the ./ readership is aware, this is why compromised boxes must immediately be shut down and preserved when a sysadmin feels compelled to pursue a cracker. How can one prove the integrity of a list that passed to the RIAA through the Internet? Fasttracker may be encrypted, but obviously this would have been compromised in the scenario claimed by Gobbles.
Having said all that, can hearsay evidence be enough to sanction confiscation and search by law enforcement?
Of course, considering Gobbles' record (esp. in view of how quickly he was able to "exploit" the Apache vulnerability), I believe that even if he is on to something, he probably plagiarised the idea and the code from someone else, the prat.
Systema collapsa est
Here's a quick way around that....change the friggin file extensions. Go ahead, index my entire fs. Like the RIAA could ever have the capacity to store that much crap from a nasty windows install
"Simon Says, Fuck You" - George Carlin
Sorry but I don't buy it. This story reeks like a mushroom farm.
First of all, in order for an MP3 file to cause a virus infection the player or P2P software would have to handle the malformed MP3 incorrectly. There would need to be a buffer overflow or some other exploit available that could be used.
Second, anyone creating a worm such as this would be prosecuted and/or sued out of existence. Consider these problems:
If the RIAA infects one of it's own MP3's with a virus and places it on a P2P network, the placement of the file by them is implying consent for other's to download it. So they would infect (do damage) to a person who is well within the law.
If person 1 downloads a worm and his system becomes infected and person 2 downloads A LEGITIMATE file from person 1 and becomes infected then person 2 has been damaged by the creator of the worm even though he has done nothing illegal. So not even a vigilante law would protect the RIAA from lawsuits.
The thing that the RIAA does not care to acknowledge is that P2P networks have a legitimate use. Not all files traded violate copyright law.
The race isn't always to the swift... but that's the way to bet!
fo'r makin' thi's my' mos't successfu'l troll' eve'r. I've print'ed i't ou't fo'r posterity!
You said that you will never buy CDs again.
Let me suggest something: go to any New Year's Eve "First Night" event (Williamsburg, VA has one, for example. So does Charlottesville, Harrisonburg, Norfolk... but I think they're nationwide).
Take a bunch of money with you (the ticket only costs $7, and you'll be able to go to 5-8 shows before the evening's fireworks). Buy CDs -- they'll have been produced by artists too small to get or want RIAA representation. They'll have been hand-produced, essentially. If you hear something you like, then buy it. *Ask* them if they mind you sharing over P2P or internet radio -- they may actually say "Please do."
I think I remember buying something from a group called "Trapezoid". But the group wasn't half as good as the woman and husband team that relaxed from playing by doing performance art. As befits a family event, it wasn't pornographic performance art, either. One performance was a story about her mother's wedding hat; another was a story about her father's singing lessons. *Extremely* entertaining.
But go ahead and buy CDs. Just don't buy RIAA CDs. They aren't worth listening to, anyhow [unless it's classical or jazz... but you still can find good stuff elsewhere].
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
It sure seems that the RIAA is opening themselves up to class action suits and civil and criminal actions. Would someone who is a lawyer give an opinion? This is also classed as "cyber-terrorism" afaik.
I don't claim to be an expert on viruses or worms by any means, but how could an "infected" mp3 infect the rest of your system, since mp3 files are read, not executed? Wouldn't this require the worm to know when to fire, and to infect files on the new host?
I don't see how this would happen just by reading an mp3, which is my understanding of what winamp and the like do.
This article IS a hoax. if you'll notice, the article is NOT from the register at all. It's amazing the editors at slashdot didn't check this...
95% of all /. wouldnt know a gigatroll when getting bitten by one into their nose.
:-)
Gobble is a first class troll: He is insightfull, he steps on hot topics, he is mostly unsympathic and his flaimbaits are mostly close to reality.
What really makes him stand above normal trolls and even megatrolls: some of his posts can only be identified by trained professionals (trained trollbusters or trained technicians, your call). I must admit he could do LOTS of damage to the scene if noticed outside the scene - whatever scene he is trolling at the moment, eg opensource.
At least he is trying to be funny. Or at least I think so (trying to be funny, not succedding
"Life is short and in most cases it ends with death." Sir Sinclair
"...not that there's anything wrong with that." (Seinfield's a genius.)
In the United States it is legal to create computer viruses and worms. It is illegal to infect someone else's computer with one if you do not have their permission.
With all the foaming at the mouth about how this is probably a hoax, etc., etc., no one seems to have bothered to check into the presented
. /tmp/sploit/mpg123/mpg123 sploit.mp3 .r amesize))
exploit. I did, last night. I found that mpg123 is indeed vulnerable to this attack, and I'll explain how:
mpg123's stream-handling mechanisms appear to rely on readahead to the next frame in order to verify the correctness of a file. Specifically,
in initial checks to see if the given file is a mp3 or a WAV, it will calculate the size of the first frame, and confirm that the next bytes
after that contain another valid mp3 frame header.
The frame header is a 32-bit value starting with 13 1-bits, then other pieces of information about the format, such as layer, bitrate,
sampling rate, etc. This is the key to the exploit: they create a frame header that indicates "MPEG 2.5" (low-sampling-rate enhancements),
layer 2, 160Kbps, 8KHz. The code at common.c:560 determines that the frame size thus should be 2877 bytes.
The problem comes when you look at common.c:158, which creates a static, fixed-length buffer on the function's stack (bad Bad BAD!). It turns
out to be 1920 bytes long (MAX_INPUT_FRAMESIZE). At common.c:240, a call is made to rds->read_frame_body, which is found in this case at
readers.c:282. It loops through the buffer up to the given size (which is 2877!!) reading in from the orignal stream into the given buffer.
There's a little problem with that, though: the buffer is only 1920 bytes long.
The result of this is that the stack is smashed, all the way up to the top of the function's stack and beyond, into the arguments given to the
function, which includes rds. The very next operation, at common.c:243, is to once again dereference rds and call head_read(). Except now
the rds pointer is overwritten, and it can call any code it wants. Game over.
To verify this, simply run mpg123 in gdb:
[omega@omicron sploit]$ gdb mpg123/mpg123
. .
(gdb) br common.c:240
Breakpoint 1 at 0x804c2b0: file common.c, line 240.
(gdb) r sploit.mp3
Starting program:
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
. .
Breakpoint 1, sync_stream (rds=0x806d780, fr=0x806dbe0, flags=65535,
skipped=0xbfff9cf4) at common.c:240
240 if(!rds->read_frame_body(rds,dummybuf,frameInfo.f
(gdb) p rds
$1 = (struct reader *) 0x806d780
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0804c2ed in sync_stream (rds=0x41424704, fr=0x41424704, flags=1094862596,
skipped=0x41424704) at common.c:243
243 if(!rds->head_read(rds,&nexthead))
(gdb) p rds
$2 = (struct reader *) 0x41424704
(gdb)
GStreamer - The only way to stream!
I've said similar things before, but you've said it much better than I, or anyone else ever has.
My question is, since WHEN does the RIAA have the right to distribute viruses? What are the penalties in the United States of America in regards to this? Common citizens would be jailed for years if they were caught creating viruses/worms, yet alone publicly admitting it. You guys really ought to uphold your laws and put the RIAA in jail.
My results?
- No buffer overflow
- mpg321 v. 0.2.10 remained unaltered. And yes, I altered the binary intentionally with elvis in hex mode.
- No odd process.
- Got tired looking for something strange in ethereal.
One more note: the code mentions Slackware and SuSE 8.0. My Slack is 8.1, so any different results out there?
I see 57005 people
I happen to be the author of a work I call my web page. On that page I have some MP3s of me singing a song I wrote called "Put them in your mouth and hum, RIAA bastard". I will be the first to go looking in RIAA and MPAA computers for my material if they make it legal. You should too.
Copyright isn't magic, it means you made something. You can have them too.
Carpe Deez
Call the RIAA and tell them what you think about their policies. This article on their web site lists a phone number you can call to inform them about music piracy. *evil grin* 1-800-BADBEAT. Sounds like an appropriate number for the RIAA to me.
You have got to be joking if you its serious. This is the biggest pile of bullshit I have seen in a long time.
.
"I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
I was wondering why my MP3 boombox started playing "You WILL send your media catalog to RIAA"
First, every time we buy a blank CD, DVD, VHS, or even audio cassette tape we are helping them out. There is a tax which we, in the US, pay every time we purchase any of the above. We also pay it every time we buy a radio, TV, or even a computer. So - we lose.
Every time we rent a CD, DVD, VHS, or even game cartridge - we are (again) paying this tax. So we lose there also.
Should we buy a book, a script, magazine, newspaper, or the like we are probably still paying this tax. So we've lost again.
Finally, even if everyone in the US refused to have anything else to do with the RIAA or MPAA they are still powerful enough to have new laws passed. As in "Atlas Shrugged," by Ayn Rand, if they can not take our money legally - then the thing to do is to change the laws so they can take it legally. After all - laws are nothing more than rules by which we play and those who have the money usually get to make the rules.
Sorry if this shocks anyone but the truth is that it is only because we respected each other, had a unified common sense approach to things, a scrupulous populus, and the knowledge that if you did wrong you would be held accountable for it - that we have made it this far. The "Anything goes" way of looking at things, not holding people's feet to the fire for doing something wrong, and (as bad as it might seem) not being willing to put to death those who really are doing terrible things to others (like Enron's execs who have ruined hundreds if not thousands of people's lives) that has caused us to come to this. What these people are doing is, IMHO, treasonous. Look it up. The act of "Treason" is where two or more groups (whether they be people, organizations, corporations, or whatever) attempt to remove the rights of their fellow citizens. According to the texts it is their "intentions" which merit this stamp So ask yourself this - what are their intentions when they attempt to force upon you their yoke of slavery? What are their "intentions" when they try to sneak, like theives, laws into Congress which remove our rights and preserve or expand upon their rights. What are their intentions? Those intentions are to take away your rights.
Now, someone will probably say "You don't go around killing people just because they are trying to get laws passed." That's true. You don't. Normally. But this is different. It is different because they are not trying to get laws passed for the betterment of mankind or to right an injustice. No. They are trying to twist the laws and our country (Heck! The world even!) to their needs. To enslave it. To enshackle it to their beliefs. Just like some religious cults have tried to enslave others to their will. It is an evil thing to do and it will have terrible consequences if it is allowed to endure.
Even if they were only brought up on charges it would shake up the corporate world enough that many things companies are beginning to attempt to do through the rewriting of our laws would be stopped. Companies would think twice about trying to change laws so they benefit only them and remove our rights. Which brings up - why do groups think they can get away with this? The answer is - they have in the past. The difference is the internet. Whereas before there was this huge time lag between when something happened and when we knew about it - now it only takes hours or minutes for word to be sent and a transgression found out. The problem is still though the complancey of many of the people in our country. "Oh! I might get involved." some whine. "I don't have the time." another chats. "It's not my place." a third comments. If you don't stand up and write your congressmen/women then you are already shackled. You already bear their mark. You already curl up at their feet, lick their hands, and eat the crumbs they throw to you.
So as always the question is - what are you going to do about it? Wallow in the filth on the floor or write and demand that these groups stop trying to infringe on your god given rights!
Someone put a black hole in my pocket and now I'm broke.
How could you send a list of files to the RIAA without snort detecting the connection?
a) Make a "request" to a not-obviously-RIAA server ASKING for the files in question.
b) Serve a file containing the filenames and make a "request" as in a) to advertise the existence the file.
c) "Ping" a not-obviously-RIAA host with a packet that contains the advertisement of a file-of-filenames as in B.
d) Store a file-of-filenames on another peer in the network, for RIAA to pick up later.
I could go on...
General form is to
- make what *appears* to be a legitimate request in essentially any protocol likely to be allowed through a firewall
- to a site that is unlikely to be identified with the RIAA.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
As an autonomous citizen of earth and one looking out for his own interests i have to say that if i should find ANY evidence that the RIAA have even thought of looking in on my system,i will PERSONALLY walk through their front doors,eliminate any security problems,waltz into the corporate offices,find the highest ranking suit and work my way down the ladder,running my arm up their asses and removing vital organs,all the way down through the offices till ive got a pile of giblets which i will truck to and drop on the front door of the MPAA as an example.
fuck em if they cant take a fuck!
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
See?
This just has so many holes it is ridiculous. I don't even know where to start, but take a look at the previous threads and you will get some idea.
Next this guy "Gobbles", yeah, the name of the turkey off Southpark, will claim to have created the first human clone. No proof mind you.
I share on P2P and I am not concerned.
When you go into "the firewall MUST allow outbound traffic on that port" I suppose you just didn't read what I wrote thoroughly - since you are "arguing" exactly the point I just made.
Regarding checksumming, you say "I think someone else went down that path." Rubbish. If you, or anyone else, knows a way to evade this kind of checksumming, and not just for one, but for all of these tools at once, then that's news.
What you say, "Perhaps that's where the 95% that is being bandied about comes from - the other 5% have their kit together and are running better monitoring software" - come on! Think it through. It's not just that whoever has personal firewall (or any other monitoring) software wouldn't be affected - it's that they would all notice the attempt to compromise their P2P app - the software will alert them. That would spur an investigation in the community, and real news, etc. etc.
In other words, implicit, prima facie proof that this is a hoax.
Want to Know How to Cheat the GPL? Read On!
...that you are part of a tiny minority...
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
It would seem to me that warning your enemy of an intended attack is the worst possible thing you do. That would give him time to prepare a defense, possibly ensuring your defeat. If Gobbles has actually written this trojan/worm (Hydra?) then I say "Thanks for the warning!" Prepare for your defeat, 'cause a LOT of coders are gonna write an anti-hydra and your battle is lost before it even starts.
I seem to remember the Federal Government passing a couple laws against writing and distributing computer viruses. While this worm may not be a "destructive" virus, it certainly is a virus. As such, IMHO, it would fall under the domain of this law (i.e., unauthorized access to someone else's computer) and RIAA could be prosecuted under that law -- as well they should.
Of course, the Dept. of Justice being the political, beaurocratic, corrupt entity that it is, I doubt that charges would be filed against RIAA for this.
Woah, I think I see Big Brother coming, I need to run....
... suggests he has stopped taking the pills...
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
By now I'm sure most people have realized this. GOBBLES released a vulnerability for mpg123 on linux, with a humourous joke release at securityfocus Big deal.
The programmers who work for the RIAA should feel ashamed! They are turning their backs on their own commmunity! ;)
in girum imus nocte et consumimur igni
You should use on ^H per character, including spaces.
...you would know if you were exploited because this attack is based on a buffer overflow, and when a buffer overflow happens the program ALWAYS crashes. So if you ran a mp3 and your program crashed, something very bad most likely happened. I personally think this is BS and Gobbles is a real tool, I can't believe stran9er even associates with such tools. Gobbles operates on shock value, and his exploits are actually really lame. I challange Gobbles to produce working windows mp3 tag overflow code.
Somehow it just seems appropriate for slashdot that someone would have no clue how to use basic system tools, but would be well versed in leet speak and lamer colloquialisms. Congratulations, you've made my day.
EOM
wow, they spelt it with a Z.
teh RIAA iz r33l l337, n0w, dud3.
The j00 bastards that own and operate MOST of the music companies on planet earth can not lay ANY claim to my White Power / Neo_Nazi music.
The guys who make this music publish it themselves, it's j00 free music and no j00 will EVER have any claim to it.
I have tens of thousands of them and they are all 100% j00 free. http://www.resistance.com
I share my Nazi music on P2P gtk-gnutella and I fucking DARE those mother fuckers to try to stop me!!
So, RIAA, go FUCK yourself you greedy fucks!
http://news.com.com/2100-1023-980649.html
this is not suggested as a solution to the immediate probelm, as it would be hard to be sure none of those users were infected with this hypothetical virus. this is sugggested as a shift in thinking about p2p.
we need to move toward a network topology based on real-world relationships of trust.
you might not be able to get as much pr0n, but what you do get will be of much higher quality. it's worth the tradeoff.
There are no trolls. There are no trees out here.
Right on brother.
Hey people I hope you think of people who use OSes like MacOS 9 which is not at all unix based but OS X is I run a P2P on my own time and I am absoultly sure that that worm has never reaced me and also on the point Linux users are less frequent then mac users but if you don't know what a mac is then get a life outside windows
While you'll be opting out (unable even to be reached by political messages from candidates, as you explain), everyone else who can't make their own music, stream their friends' dv movies or spend time declaring their principles on Slashdot will be forced to opt in. They certainly won't stop buying CDs or DVDs. And fortunately for the entertainment media, there are many more of them than there are rich guys with guitars and Linux boxes.
So I like the statement of principle. But don't go valorizing your spending power (especially not after declaring yourself a citizen rather than a consumer). Spending power is no measure of democracy let alone of freedom. If the use of discretionary income had a direct influence upon the level of freedom available to a people, we'd be rolling in freedom -- and not a people staring down Homeland Security Departments with briefs for unmitigated domestic spying, courts declaring our executive has almost unlimited power to declare citizens "enemies," or, on a much lesser yet still irritating level, a computer and media nexus that has foisted the DMCA upon us and now anxiously inseminates us with DRM.
Can someone sue these cyber-terrorists yet?
(Need I remind people that what these people are doing carries a life sentence if an individual does it?)
It's been a long time.
There's no way that anything can modify your files if you've gone in and change the permissions, even if you have admin privs (of course, if you do have admin access, you can change the permissions back again)
If you're doing it over a network, there's no chance to change anything, unless microsoft actualy included exploit code in there software, and then never patched the exploit (which I doubt)
autopr0n is like, down and stuff.
Doesn't this fall under some kind of Illegal search and seizure act? Gov't agencies can't just stroll on into your house, take a list of what items you "shouldn't" have, leave, then come back later and prosecute you, that's against the law. There has to be some kind of resonable cause for them to enter your home. Isn't it the same with your computer system? Even if the material is pirated to leagally prosacute you they still have to have reasonable cause in order to obtain a warrent to retreive it. So even if this worm (invading your system illegally I might add) is in fact actually sending lists back to the RIAA, legally it doesn't seem like there is a damn thing they would be able to do about it. Furthermore there's a good chance that even if they did try to pull some legal mumbo-jumbo not only are they shooting themselves in the foot with illegal search and seizure, unauthorized breaking and entering of a private computer system, and illegal and unauthorized use of private bandwidth most of which can be used for coutersuits or class action/federal cases. One last thing to mention is the plethora of people that 'fake' thier mp3s with text files for trading purposes. I came from a rather large tech univeristy and when P2P was just getting popular a number of guys had like thousands of mp3s on thier machines that were nothing more than random text files that they used for 'trading'. This goes hand in hand with the argument about how does the RIAA know it's pirated and not a legal copy. There is know way for them to know.
Just my $0.02
Just saw this on cnet. They're calling it a hoax.
- grunby
Point well taken, and thank you for engaging in rational debate rather than flattery or vilification -- the
However, I have to take issue to an extent. Economic power has no direct influence over legislation/legislators who are already elected. But it is virtually (along with lawsuits -- which is why I oppose tort reform unless it happens after election/election-finance reform and tighter controls on the runaway capitalist fraud machine we call the American economy) the only power an individual has over corporations.
Any type of economic opt-out-ism, as you rightly pointed out, is of (possibly very) limited value (possibly not). But combined with public advocacy -- like this, and hopefully someday to a wider audience; corresponding w/ elected officials to try to educate/enlighten them, direct political pressure via support (financial and manpower) of alternate candidates, and any other legal means, it may be the best an individual can do (I hold out some slim hope for organized efforts like GeekPAC but the lack of any public progress reports is frustrating).
Anyway, I'm not at the point of buying a rifle and organizing a militia, and I don't have the money to buy politicians. Nor do I think illegal activity or violence are the answer. So until the hordes (even the Software Engineer hoardes, who are fairly well represented here) decide to join w/ me and constitue an overwhelming economic force to precipitate change, unfortunately ranting in fora like this, writing my representatives, and not buying shit sold by companies trying to dominate me are among my only options.
here
Forecast for tomorrow: A few sprinklings of genius with a chance of DOOM!
RIAA site defaces YOU .
Can I bum a sig? I left mine at the office.
This is the nail in the coffin, I guess:
http://news.com.com/2100-1023-980649.html
Beware: In C++, your friends can see your privates!
Quote from your first link:
:-)
See the Flask paper for a discussion of why system call interception is fundamentally inadequate.
How you jump from that to your conclusion is beyond me.
Assorted stuff I do sometimes: Lemuria.org
This is obviously a fake: it's the first Gobbles post that I can remember that is written in standard English, instead of the usual stream-of-gibberish langauge they use.
Note: This post is meant to be taken as an overview of possible thoughts and ideas on the thread, and is in no way comprehensive.
Firstly it occurs to me that coporations are the most serious threat to personal security, namely what can be labeled as "personal data". The reason that corporations are the biggest threat to this valuable and important information is that they have the power and resources to lobby political officials to change who has access to this information. Not only that but they have the money to hire individuals to create the needed software (or hardware) to do this for them. I will digress slightly to point out that the issue that is currently being discussed in this thread (P2P worm) is not actually the foundation of the problem. (Although Id like to go into more detail there just isnt enough time or reason to, as it is a sensitive issue that has little to no support) why is it that this occurs? The answer is simple. Greed and money, upon which the foundations of Capitalism are built (Why do people/corporations want our personal data? to make money, and in the instance of the RIAA they would say they need to recoup the costs lost due to piracy. This brings us back to the idea of greed of the individual, who downloads the songs for personal enjoyment, but it is fundamentally greed because songs are not a need, they are a want.) Of course the argument chicken or the egg is applicable here (Does capitalism inspire greed and selfish acts, or is it only a manifestation of what we are), but that in itself is a very detailed argument.
There are two major thoughts I would like to address on the issue of security, and ultimately technology. The advent of Technology has brought about a series of security issues, which plague modern humanity. What troubles me is that increasingly there is a segregation in society between the "Tech geeks" and the rest of the world. The "Tech geeks" are increasingly wielding more power in society, the stratification of which will increase. There are many people that understand the basic operations of technology, however there are few which understand the detailed nature. Those individuals (the majority) which do not possess enough information in order to protect or understand their own security risks may in the near future find themselves left behind, and at the mercy of the small number of individuals that do. This could have serious implications. The information wielders will control more power and wealth in our society, while those that dont understand the intricate nature of said technology will have little say in their future, or ability to control their lives. See Ted Kaczynski's argument against technology (Im not going to argue for or against his delivery, but he does make an interesting and distressing point.). Those that understand will have security and know how to protect it, those that dont will be exploited and exposed. The fact that the government is not regulating (do we really want them to anyways?) "personal data" or the protection of such data, and instead seems intent on allowing corporations to access that data in order to increase the profits of corporations, and hence fuel the economy.
The alternative view is held by Ray Kurzwell. While technolgy is advancing at a very fast pace, it is increasing the enjoyment and value of our lives. I would extend his argument here in pointing out that, what if all of our information was available and no one cared about security? What if everyone knew everything there was to know about you by simply looking into your file? What would it do? So they would know everything you have ever done, and what harm would there be in that? Perhaps we would all learn to live more harmoniously together, and we would know and understand more about one another. It is possible the state would have more control, but what if you could access any information on any state official? you can be sure their hands are completely clean. Therefore, can potentially knowing everything about everyone be really all that bad? Its possible it isnt.
Security is a tricky issue.
hi guys
- 20 0301/0144.html. ac.uk/bugtraq-20 0301/0146.html
http://security-archive.merton.ox.ac.uk/bugtraq
http://security-archive.merton.ox
first one will give you a message to stderr if the framesize is too large.
i tried posting my diff but it got mangled, sorry.
I noticed that the previous poster did not change the subject as he should have and so have done so so that people can find this message.
I expect that noone has objections. However, if I'd only add these entries :)
to the list because `I think it's the right thing to do', I'd get a lot of
flames afterwards
-- Christian Schwarz
- this post brought to you by the Automated Last Post Generator...