Feeds

Siphoning MySpace tunes using Safari

MySpace leaves them free for the taking

3 Big data security analytics techniques

When it comes to protecting digital content holders from the hordes of naughty file grabbers, you'll be hard pressed to find a more zealous partner than Apple. So we were surprised to learn that Apple's Safari browser makes it easy to download MP3 files hosted on MySpace that are supposed to be limited to streaming only.

MySpace programmers have taken pains to obfuscate the location of the MP3 file music artists embed into their MySpace profiles. Until now, pirates had to use programs like Ethereal or Burp to divine where a tune was stored. But thanks to a Safari feature called the Activity Window, that cumbersome process is no longer necessary.

We read Dave Shanley's writeup of the technique and were able to replicate the process, although with a few minor modifications.

At the moment, we're huge fans of the Dexateens, a Tuscaloosa, Alabama, quintet that plays a gritty, southern-fried psychedelia infused with punk. (So moved are we with their song "Makers Mound" from their most recent album that the sectors of our hard drive where that song is stored have been damn near ground to dust.)

So we were eager to see if we could use the technique to acquire "Lost and Found," a demo that we're pretty sure can't be acquired anywhere else. It took us a little while, but we got it. Here's how:

  • Safari will open that link, but it won't tell you very much without a little prompting. To do this, choose View Source from the view menu. You now have a window that contains lots and lots of links. Finding the link to the demo is as simple as searching for the string "mp3."

There are a few caveats. MySpace appears to behave differently depending on your IP address. For instance, if you're in California and put the last link into a browser, you're likely to get an error message indicating you are not authorized to access the file. We got around this by using the Unblock City web proxy.

We were also stymied by QuickTime, which popped up as soon as we were able to access the page. It presented us with a window pimping QuickTime Pro, which we were told is needed to actually download the file. Now, we know there's a way to change settings so QuickTime isn't invoked each time we click on an MP3 link, but we really, really wanted to download this demo. So we simply uninstalled QuickTime.

(We'd be indebted if someone would add a comment below reminding us how the hell to appoint some other player that doesn't try to punt pesky up-sell pop-ups.)

The lesson here is the same one we've heard over and over. Technology designed to limit what can be done with files distributed over the net to millions of people are at best a mere inconvenience. There's no putting the toothpaste back in the tube. Once you release something online, it's pretty much out there forever.

It's also worth noting that it's MySpace that has left the door open here. Safari is just an enabler that makes the hack easier than using a third-party app.

The insecurity doesn't seem to be lost on the Dexateens. The MP3 file containing their demo is encoded at a paltry 96 kbps. Any fan worth his salt is going to want a better sounding version of this song once it becomes available. ®

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.