Feeds

Morpheus fesses up to user lockout security breach

Exchanges insults with former ally KaZaA.com

  • alert
  • submit to reddit

Top three mobile application threats

Morpheus has re-instated its file swapping service after ditching support for the P2P stack supplied by developer FastTrack and embracing the Gnutella protocol.

Last week, users unexpectedly found themselves locked out of the MusicCity Morpheus network. The organisation blamed incompatibilities between Morpheus and a fresh release of software provided by FastTrack software, the KaZaA Media Desktop v1.5.

This was not the entire story:

In launching the Gnutella-friendly Morpheus Preview Edition, StreamCast Networks/Morpheus chief executive Steve Griffin admits its servers were hit by a massive Denial of Service attack last week.

"It appears that the attacks included an encrypted message being repeatedly sent directly to your computers that changed registry settings in your computer," a statement by Griffin to users on the accelerated availability of Morpheus Preview Edition states.

"Later, it appears our ad servers were attacked resulting in messages being sent to other sites without our knowledge, which threatened our most basic revenue model."

Postings to the BugTraq security mailing list two weeks ago documented a denial of service exploit on PCs running older versions of the FastTrack P2P stack (prior to KaZaA 1.5), which was used by KaZaA.com and Grokster as well as MusicCity's Morpheus system. Confusingly, this had nothing to do with encrypted messages and referred instead to exhausting the memory available on a client by creating multiple pop-up windows.

Neither MusicCity Morpheus nor Sharman Networks Services, the firm behind KaZaA.com, offered any comment on this pop-up Window DoS problem when we quizzed them about it last week, preferring instead to issue statements on their rift.

This tiff has escalated in recent days with MusicCity describing FastTrack-Kazaa software as a security risk (or a vector for spyware). KaZaa has hit back with a Morpheus migration tool.

Entertainment industry execs - who've been trying to shut both services through the courts - should be pleased with the latest developments. ®

Related stories

Morpheus goes to sleep - users locked out
Morpheus application is 'safe'
KaZaA.com 'evaluates' Dutch court ban
Ala-KaZaA-m!
KaZaA ordered to cease infringing copyright
Napster to ask court to reaffirm Appeal Court ruling
Get your filthy hands off my CDs
RIAA targets post-Napster MP3 sharers
Popular file-share utilities contain Trojans

Top three mobile application threats

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.