Re: Napster a little insecure?

[jpr5 () BOS BINDVIEW COM (Jordan Ritter)]

On Fri, 28 Jan 2000, Thiago Mello wrote:

# That´s not true I´ve already tested...
# The Naspter is insecure because it get the user IP...
# The artist (comapny) thar owns the copyright o the of the
# can process if the music is pirate...

This is ridiculous.

When you use a web browser to view content off the web, your IP is flying
by.  When you use an FTP program to download files over the internet, your
IP is flying by.  When you check your email, well, guess what, your IP is
flying by.  If you think that being able to see your IP in Napster really
implies anything different, then you are grossly and seriously mistaken.

And I'm sure 99% of this list knows this already, but I really feel the
need to share my indignation, and my extreme disappointment: the poor
quality of reporting by the press (C|Net started this thread) is dangerous
enough, but I was just thuderstruck to see Richard Smith (of Phar-Lap
fame) being quoted as support to this idiocy.

On another note, if anyone had taken the time to look at other software
vying for our market position, you might find much scarier things.  For
instance, I'm not sure if it does this anymore, but CuteMX (by the makers
of CuteFTP and CuteHTML, GlobalScape) would send your local IP as part of
the login sequence.  Given the following situation:

Client(192.168.1.5) -> NAT(1.2.3.4) -> CuteMX service

The client sends the IP of the local interface

client: IP - ip address
#IP#192.168.2.17#FB##RB#
 fields: ip address

If there's anything here so far that should be the topic of conversation
in security circles, it's things like this.

--jordan