|
|
|
|
#1 |
|
Junior Member
Join Date: Aug 2003
Location: Denmark, Copenhagen.
Posts: 42
|
Pretty serious issues (Winamp maintainers plz read)
Dunno how to say this, but if you get my hint, /pub/music is widely open.
No authentication whatsoever needed to gain acces to the root of the FS. (Winamp Community authoritives please PM for details) |
|
|
|
|
#2 |
|
Wind Chime of the Apocalypse
Join Date: May 2000
Location: The Forest
Posts: 17,228
|
Say what?
|
|
|
|
|
#3 |
|
Mostly Harmless
(Alumni) Join Date: Jan 2001
Location: UK
Posts: 2,319
|
Well, if you mean you can go here and download all the lovely DRMed licensed AOL goodness, then that is correct. And that's not a bug.
And if you mean you can go here and look at the wonderful, properly permissioned chrooted goodness of ftp27e.newaol.com, then you'd also be correct. But there's no vulnerability there (except that you can download all their music and videos, which is sort of the point...). So in fact, there's not actually a problem at all. For long you live and high you fly, but only if you ride the tide, and balanced on the biggest wave you race towards an early grave. |Musicbrainz|Audioscrobbler|last.fm| |
|
|
|
|
#4 |
|
Junior Member
Join Date: Aug 2003
Location: Denmark, Copenhagen.
Posts: 42
|
*blushes*
|
|
|
|
|
#5 |
|
rules all things
Join Date: Jan 2001
Posts: 3,149
|
Aw Russ, you embarassed them. For shame for shame.
|
|
|
|
|
#6 |
|
Junior Member
Join Date: Aug 2003
Location: Denmark, Copenhagen.
Posts: 42
|
I really should do more research before alarming everyone like that :P
|
|
|
|
|
#7 |
|
Junior Member
Join Date: Aug 2003
Location: Denmark, Copenhagen.
Posts: 42
|
Nevertheless, youve got like
ftp25e ftp25d ftp25c ftp25b and the list goes on, all open and public FTP servers. You are practically begging to be hacked. And no, ive got no idea whatsoever what sequrity measures youve taken, but in my eyes something like this isnt the smartest thing to do. |
|
|
|
|
#8 |
|
Mostly Harmless
(Alumni) Join Date: Jan 2001
Location: UK
Posts: 2,319
|
They're only "open" insofar as you can see a directory listing of the public FTP root. These aren't small-time fileservers - these things serve software of the like of Netscape, Mozilla, Compuserve, AOL, as well as Winamp and have done for several years. If they were hackable it would have been done (and it hasn't).
For long you live and high you fly, but only if you ride the tide, and balanced on the biggest wave you race towards an early grave. |Musicbrainz|Audioscrobbler|last.fm| |
|
|
|
|
#9 |
|
Junior Member
Join Date: Aug 2003
Location: Denmark, Copenhagen.
Posts: 42
|
ftp.newaol.com is the main one, right?
|
|
|
|
|
#10 |
|
Bastificator [Alumni]
Join Date: May 2000
Location: #nullsoft
Posts: 1,260
|
ftp.newaol.com would (probably) be a load balancer that will hand off download to one of a bunch of mirror servers as one server couldn't cope with the full load.
It'll do this on a round-robin, or load based algorithm. It will know which servers are up via a heart beat system probably. If you're going to offer downloads of software, you need some kind of annon download, FTP is preferable to HTTP as download management is easier for users. Thousands of companies on the web have open, public, FTP/HTTP download servers, some get hacked, most don't. It's not hard to have a protected, open FTP download for stuff like winamp. Especialy when you are AOL. "Beer?" |
|
|
|
|
#11 | |
|
Member
Join Date: Jan 2002
Posts: 63
|
So, how'd u know about the FTP servers?
Quote:
|
|
|
|
|
|
#12 |
|
Ninja Master!
(Forum King) Join Date: Mar 2001
Location: Hotel California
Posts: 4,333
|
when theres a /pub in the string then you know it's probably MEANT to be mostly wide open :P
|
|
|
|
|
#13 |
|
Rudolf the Red.
(Forum King) Join Date: Nov 2000
Posts: 9,314
|
I often say the same about womens legs in my local too.
"We think science is interesting and if you disagree, you can fuck off." |
|
|
|
|
#14 |
|
Forum Viking
(Forum King) Join Date: Jan 2001
Location: The North
Posts: 3,541
|
OMG! OMG! OMG! another dane being lame
![]() velkommen til vores lille sted på nettet iøvrigt, please enjoy your stay, watch out for Bilbo and all that jazz... - Stefan |
|
|
|
|
#15 |
|
Major Dude
|
um... do you know what /pub stands for? it stands for "public"(sorry if im stating the obvious)
[added] oh ya and did you know theres UK Music too? http://ftp27e.newaol.com/pub/music/uk/ and you can go here also... http://ftp27e.newaol.com/pub/ [/added] [added again]VIDEOS [/added again]
Supporting"RE-MOD Bilbo ".::My SETI::..::My Forums::..::My New Site::..::Winamp IRC::..::My DeviantArt Page::. |
|
|
|
|
#17 |
|
Forum Viking
(Forum King) Join Date: Jan 2001
Location: The North
Posts: 3,541
|
oh well, har bare aldrig set dig før...
|
|
|
|
|
#18 | |
|
Major Dude
|
Quote:
Supporting"RE-MOD Bilbo ".::My SETI::..::My Forums::..::My New Site::..::Winamp IRC::..::My DeviantArt Page::. |
|
|
|
|
|
#19 |
|
has no CT
(Forum King) |
it's a hacking game maybe, but not a tool.
|
|
|
|
|
#20 |
|
Major Dude
|
did you look at their website? its a hacking tool.... it can hack into locked servers... find out who people are, find their records.... its a hacking tool....
[added] nm i looked in their forums... it says "Stuck in the game? come here" but it could be modified to be a hacking tool... [/added] Supporting"RE-MOD Bilbo ".::My SETI::..::My Forums::..::My New Site::..::Winamp IRC::..::My DeviantArt Page::. |
|
|
|
|
#21 |
|
Senior Member
Join Date: Aug 2001
Posts: 421
|
well, in all fairness, notepad.exe can be a hacking tool. If he were malicious, he wouldn't have thought the things he thought and then come posted them in here.
Odds are, anyway. There's no accounting for people.
WOT NO FANNY PACKS? (. .) ----------------------w-O-w----------- |
|
|
|
|
#22 |
|
Mostly Harmless
(Alumni) Join Date: Jan 2001
Location: UK
Posts: 2,319
|
Uplink isn't a hacking tool, it's a game which has very little to do with hacking/cracking in the real world.
Locking, this thread has run its course. (I'm quite drunk) For long you live and high you fly, but only if you ride the tide, and balanced on the biggest wave you race towards an early grave. |Musicbrainz|Audioscrobbler|last.fm| |
|
|
![]() |
|
|||||||
| Thread Tools | Search this Thread |
| Display Modes | |
|
|