Music City's popular new file sharing program, Morpheus, appears to have a bit of a security problem. According to a file sharing messageboard, the hole allows you to browse Morpheus shares on a computer with any old web browser - all you need to know is the IP of the computer running Morpheus. Fire up your web browser to http://ip_address_of_machine:1214, and you've got a listing of all that machine's Morpheus shares. TR reader J. Courtney writes:
A few of my friends were able to load my shares in a browser and download them.This penetrated an up to date firewall (ZoneAlarm Pro) set to high security (and solidly,stealthed ports).The Morpheus application gives no indication of the upstream activity.This looked to be rather a big deal, so I tested it out. What I can tell you is that this doesn't work under NT 4, and I would assume Windows 2000. That's all I have on any of the machines I was able to set up Morpheus on. However, armed with a fistful of random IPs of Morpheus users, I was able to connect to several computers using just a web browser. My guess is these machines are running Win9x, and that has something to do with the vulnerability.
Its pretty alarming to think that anyone and everyone can surreptitiously access your files with just an ip and a browser, no control over the number of connections.
Unfortunately, I have no way of knowing if any of these machines are firewalled. In any case, it might be a good idea to test this out yourself to see if your Morpheus file shares are vulnerable.
|Rumor: Leaked pictures appear to show Nvidia's next Titan card||5|
|Microsoft sketches out its latest Surface Pro||14|
|AMD says its Vega cards will launch "over the next couple of months"||84|
|Samsung's high-end Chromebook Pro will be available May 28||20|
|GeForce 382.33 drivers are ready for a match of Tekken 7||1|
|HP upgrades Envy and Spectre x2 laptop lineups||26|
|Asus ROG Strix X370-F and B350-F mobos take wing||4|
|MSI debuts slot-powered Radeon RX 560 Aero ITX OC cards||16|
|Lian-Li PC-O12WX puts graphics cards under glass||7|
|Please keep your politics to yourself. Not trying to be a back seat moderator, but you can state your own personal opinion as fact inside the R&P sect...||+24|