Slashdot Mirror

← Back to Stories (view on slashdot.org)

Audiophile Torrent Site What.CD Fully Pwnable Thanks To Wrecked RNG (theregister.co.uk)

Posted by msmash on from the security-woes dept.

Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world's most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. [...] "I reported it a year ago, and they acknowledged it but said 'don't worry about it,'" said New-Zealand-based independent security researcher who goes by the alias ss23.

5 of 138 comments (clear)

  1. Re:Question? by MightyMartian · · Score: 3, Funny

    I believe the Ancients used it to listen to music.

    Or perhaps it was simply a platter on which to place their protein nutrient powders. The Ancients were very strange.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  2. Re:Illegial site poorly administered by Anonymous Coward · · Score: 2, Funny

    News at 11.
    This doesn't seem like particularly shocking news, nearly all torrent sites are poorly run.

    They could easily solve this problem by purchasing and installing some solid gold Monster Brand ethernet cables between the server and the router.
    I'm actually surprised they don't already do this, in order to provide the clearest audio for their torrents.

  3. Re:Question? by Opportunist · · Score: 5, Funny

    Do we look like we're experts in paleoaudio?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. paleoaudio? by Anonymous Coward · · Score: 3, Funny

    I read as:

    Do we look like we're experts in pulseaudio?

    If there were experts, we wouldn't have pulseaudio.

  5. Monster[TM] Ethernet cables aren't good enough by davidwr · · Score: 2, Funny

    They need to run their server on an analog computer and install a special "real analog modem" that stretches the sound out to fit in the 20-2000Hz range and sends it directly over the phone line as a pure analog signal. Their customers will need to buy analog computers and analog recording devices and of course one of those special "modems." Only then will their users get the best sound possible coming out of their $10,000 home audio system.

    Yea, it will be more expensive and keeping it temperature- and humidity-stable will be a pain in the rear, but it will be worth it.

    As least that's what my friend's second cousin's son-in-law ex-con school chum says. He should know, he sells the stuff.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.