Posted by configure on 15 January 2003 - 03:53 · 12 comments & 2190 views
Now it's a hoax... :right:

Claims that the music industry hired a group of hackers to create a worm to infect peer-to-peer networks are being dismissed by security experts.

In an advisory posted to security mailing lists, a group called Gobbles Security delivered its latest vulnerability--a real one found in a relatively unknown MP3 player--wrapped in an apparent joke aimed at the Recording Industry Association of America. The main part of the advisory consisted of Gobbles' claims that its programmers had created a "hydra"--a worm capable of spreading in a variety of ways--that infects all major music software.

The RIAA, the organization that represents major music publishers, wasn't amused. "It's a complete hoax," said an RIAA spokesman, who asked that his name not be used. "It's not true."

Security experts agreed. Steve Manzuik, moderator of vulnerability information site VulnWatch, received the advisory on Sunday. But because of the apparent joke, he held the document until the vulnerability was verified a day later.

"This is typical Gobbles, is it not?" Manzuik said. "Cause a stir, but also release useful information."

News source: CNET News - RIAA calls hacking claim a hoax


The true vulnerability is not found in the major music players--Windows Media Player, WinAMP and Xmms are among the players Gobbles names--but in the MPG123 music player, a relatively unknown piece of open-source software.

Mailing list BugTraq also decided to post the advisory. "In this case, it contained valid vulnerability details, so we decided to publish it," said Oliver Friedrichs, senior manager at computer security firm Symantec, which owns the mailing list.

This is not the first time that the RIAA has been a potential target of hacker humor. Over the weekend, unknown hackers hit the organization's site and replaced some content with false releases. In July, the music industry's Web site was hit by vandals in an attack that caused the pages to be available sporadically for four days.

The music industry isn't hacking back, but someday it might. A bill sponsored by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., would allow copyright owners and such groups as the RIAA and the Motion Picture Association of America to disable, block or otherwise impair a "publicly accessible peer-to-peer file-trading network." Nowadays, that's called hacking.



There are 12 additional comments
Advertisement
(1 reply) Quote this comment Reply to this comment #1 Posted by Toxikk on 15 Jan 2003 - 03:55
lmao. what a crock of bulldung.
Quote this comment #1.1 Posted by persianpsycho on 15 Jan 2003 - 03:56
haha nicely said
Quote this comment Reply to this comment #2 Posted by kjordan2001 on 15 Jan 2003 - 03:56
Now that's comedy
Quote this comment Reply to this comment #3 Posted by Jerichohol on 15 Jan 2003 - 04:14
[quote]The music industry isn't hacking back, but someday it might. A bill sponsored by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., would allow copyright owners and such groups as the RIAA and the Motion Picture Association of America to disable, block or otherwise impair a "publicly accessible peer-to-peer file-trading network." Nowadays, that's called hacking.[/quote]
Quote this comment Reply to this comment #4 Posted by ad.J on 15 Jan 2003 - 04:33
HAHAHAHA Now this is just getting retarded
Quote this comment Reply to this comment #5 Posted by mule on 15 Jan 2003 - 04:33
ROFL, loosers
Quote this comment Reply to this comment #6 Posted by DrOmango on 15 Jan 2003 - 04:34
boorrrring... like they gonna hack us... sue em
(1 reply) Quote this comment Reply to this comment #7 Posted by CheeseCow on 15 Jan 2003 - 05:23
[i]MPG123 music player, a relatively unknown piece of open-source software[/i] You have got to be kidding me!? This player is used as a back-end for several other media programs, including one of the most file managers, GNOME Nautilus. And wasn't it among one of the first MP3-players?
Quote this comment #7.1 Posted by Fotix on 15 Jan 2003 - 05:28
I remember a couple years ago MPG123 was used in a lot of programs for MP3 playback. I guess it's slipped into obscurity again, or somethin'
(1 reply) Quote this comment Reply to this comment #8 Posted by aristotle-dude on 15 Jan 2003 - 05:37
I guess they read the message I sent them. It mentioned lawsuits.
Quote this comment #8.1 Posted by configure on 15 Jan 2003 - 06:14
Or maybe realized how pissed off p2p users got and prolly figured out that they'll be hack 10032423947234723842364230743278402394623432 times more "oh er.. it's a hoax.. settle down, mmkay?"
Quote this comment Reply to this comment #9 Posted by Jon on 15 Jan 2003 - 14:10
I hate to say this, but i told ya so In the other comments I said goobles talks a lot of childish sh*t on bugtraq, so true.
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....