mailing list archives
Re: Audiogalaxy.com mp3 sharing software
From: Michael Merhej <michael () AUDIOGALAXY COM>
Date: Wed, 10 Jan 2001 00:11:30 -0000
While its true if a user got a hold of your
password they could send you mp3 files - or at
least files with an mp3 extension. The satellite
will only name files with a .temp or .mp3
extension. Even if the filename is really an
executable it will have a .mp3 extension. To
actually run the file you would then need to
purposely rename the file with a .exe extension.
Hope this helps - if you have any other security
related questions I will be glad to answer.
While this problem will not stop the world or
allow the script kiddies
to ./wu their way through us, its a problem none
the less. Versions of
Audiogalaxy Satelite software pre .601W for
windows held the username and
password for a users account in a plain text file
within the audiogalaxy
directory on their system. While if an intruder
gained this information only
the list of songs in the download que (which is
stored on the server) would
be compromised, this could have other effects.
2a. theory one 1. Gain the username and
password for a users acct. Intruder
modies the download que so that when the
user comes online they will download
a "mp3" from the intruders system. The mp3 is
actually something else. ie.
virus or back orifice or similar program. If the
user ran the mp3 directly
then of course the infection would start. --lets
examine this a little
further. Evil intruder steals password and
username. Edits download que.
User runs fake mp3 which is back orifice. User
gets keylogged. User is
goverment employee who telnets (telnet bad)
into secure goverment system.
Goverment system not secure anymore. Web
site gets defaced. Oh no the
kiddies can use this.
2b. theory two. 2. Many users use a common
password and this is the point
that i brought to Audiogalaxy. While its not their
problem if a user does
this, why not help out. If the user had their
Audiogalaxy username and
password compromised then its possible other
things get compromised.
Upgrade to the newest version which has been
out for sometime, and in general
use different passwords.
Note- I have not checked the Linux version for
any problems, if someone gets
to it before I do pleae let me know.