Vulnerability Development mailing list archives
Re: Napster a little insecure?
From: jpr5 () BOS BINDVIEW COM (Jordan Ritter)
Date: Sun, 30 Jan 2000 13:56:44 -0500
On Fri, 28 Jan 2000, Thiago Mello wrote: # That´s not true I´ve already tested... # The Naspter is insecure because it get the user IP... # The artist (comapny) thar owns the copyright o the of the # can process if the music is pirate... This is ridiculous. When you use a web browser to view content off the web, your IP is flying by. When you use an FTP program to download files over the internet, your IP is flying by. When you check your email, well, guess what, your IP is flying by. If you think that being able to see your IP in Napster really implies anything different, then you are grossly and seriously mistaken. And I'm sure 99% of this list knows this already, but I really feel the need to share my indignation, and my extreme disappointment: the poor quality of reporting by the press (C|Net started this thread) is dangerous enough, but I was just thuderstruck to see Richard Smith (of Phar-Lap fame) being quoted as support to this idiocy. On another note, if anyone had taken the time to look at other software vying for our market position, you might find much scarier things. For instance, I'm not sure if it does this anymore, but CuteMX (by the makers of CuteFTP and CuteHTML, GlobalScape) would send your local IP as part of the login sequence. Given the following situation: Client(192.168.1.5) -> NAT(1.2.3.4) -> CuteMX service The client sends the IP of the local interface client: IP - ip address #IP#192.168.2.17#FB##RB# fields: ip address If there's anything here so far that should be the topic of conversation in security circles, it's things like this. --jordan
Current thread:
- Napster a little insecure? Dennis Miller (Jan 27)
- Re: Napster a little insecure? Gunes Sen (Jan 27)
- Re: Napster a little insecure? Jordan Ritter (Jan 28)
- IIS4.0 .htw vulnerability Fricke, Gregory D. (Jan 28)
- <Possible follow-ups>
- Re: Napster a little insecure? Thiago Mello (Jan 28)
- Re: Napster a little insecure? Sebastian (Jan 29)
- Re: Napster a little insecure? technot (Jan 29)
- Re: Napster a little insecure? Thomas Maschutznig (Jan 29)
- Re: Napster a little insecure? Mark Shirley (Jan 30)
- Re: Napster a little insecure? WHiTe VaMPiRe (Jan 30)
- Re: Napster a little insecure? Jordan Ritter (Jan 30)
- Re: Napster a little insecure? Maniac . (Jan 30)