Feeds

Siphoning MySpace tunes using Safari

MySpace leaves them free for the taking

Top 5 reasons to deploy VMware with Tegile

When it comes to protecting digital content holders from the hordes of naughty file grabbers, you'll be hard pressed to find a more zealous partner than Apple. So we were surprised to learn that Apple's Safari browser makes it easy to download MP3 files hosted on MySpace that are supposed to be limited to streaming only.

MySpace programmers have taken pains to obfuscate the location of the MP3 file music artists embed into their MySpace profiles. Until now, pirates had to use programs like Ethereal or Burp to divine where a tune was stored. But thanks to a Safari feature called the Activity Window, that cumbersome process is no longer necessary.

We read Dave Shanley's writeup of the technique and were able to replicate the process, although with a few minor modifications.

At the moment, we're huge fans of the Dexateens, a Tuscaloosa, Alabama, quintet that plays a gritty, southern-fried psychedelia infused with punk. (So moved are we with their song "Makers Mound" from their most recent album that the sectors of our hard drive where that song is stored have been damn near ground to dust.)

So we were eager to see if we could use the technique to acquire "Lost and Found," a demo that we're pretty sure can't be acquired anywhere else. It took us a little while, but we got it. Here's how:

  • Safari will open that link, but it won't tell you very much without a little prompting. To do this, choose View Source from the view menu. You now have a window that contains lots and lots of links. Finding the link to the demo is as simple as searching for the string "mp3."

There are a few caveats. MySpace appears to behave differently depending on your IP address. For instance, if you're in California and put the last link into a browser, you're likely to get an error message indicating you are not authorized to access the file. We got around this by using the Unblock City web proxy.

We were also stymied by QuickTime, which popped up as soon as we were able to access the page. It presented us with a window pimping QuickTime Pro, which we were told is needed to actually download the file. Now, we know there's a way to change settings so QuickTime isn't invoked each time we click on an MP3 link, but we really, really wanted to download this demo. So we simply uninstalled QuickTime.

(We'd be indebted if someone would add a comment below reminding us how the hell to appoint some other player that doesn't try to punt pesky up-sell pop-ups.)

The lesson here is the same one we've heard over and over. Technology designed to limit what can be done with files distributed over the net to millions of people are at best a mere inconvenience. There's no putting the toothpaste back in the tube. Once you release something online, it's pretty much out there forever.

It's also worth noting that it's MySpace that has left the door open here. Safari is just an enabler that makes the hack easier than using a third-party app.

The insecurity doesn't seem to be lost on the Dexateens. The MP3 file containing their demo is encoded at a paltry 96 kbps. Any fan worth his salt is going to want a better sounding version of this song once it becomes available. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
Inside the EYE of the TORnado: From Navy spooks to Silk Road
It's hard enough to peel the onion, are you hard enough to eat the core?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.