February 4th, 2002, 02:46 PM
Security hole in Morpheus
'Dangerous' hole discovered in Morpheus
MP3 fans using the Morpheus file-swapping service risk having their personal details exposed online, according to security experts.
Morpheus in now the most popular file-swapping service on the Internet. The security hole means that the personal details of millions of people are now at risk of exposure. According to the Web site of MusicCity--the company that created Morpheus--more than nine million copies of the client have been downloaded.
MusicCity Networks could not be contacted for comment.
A new security hole has been discovered in the peer-to-peer file-sharing application, which allows a random list to be generated of people using the service. A malicious hacker could then access the computers of those users and copy files from anywhere on their hard disk. Usually, Morpheus only allows access to files placed in a specific folder, like other peer to peer file-sharing clients.
The privacy risk was reported to BBC News Online by a group of security experts, who are choosing to remain anonymous. They have described the exploit as "very dangerous", and have warned that this could make every Morpheus user's computer available to anyone who wants to access it.
The Morpheus peer-to-peer application allows users to search for digital media, such as music and videos, on the MusicCity network. The service also allows content providers to deploy third-party digital rights management technology to protect their copyright works. This protects the copyrights of artists involved, and has helped it to prevent a Napster-style shutdown.
An Ounce of Prevention is Worth a Pound of Cure...