Music City's popular new file sharing program, Morpheus, appears to have a bit of a security problem. According to a file sharing messageboard, the hole allows you to browse Morpheus shares on a computer with any old web browser - all you need to know is the IP of the computer running Morpheus. Fire up your web browser to http://ip_address_of_machine:1214, and you've got a listing of all that machine's Morpheus shares. TR reader J. Courtney writes:
A few of my friends were able to load my shares in a browser and download them.This penetrated an up to date firewall (ZoneAlarm Pro) set to high security (and solidly,stealthed ports).The Morpheus application gives no indication of the upstream activity.This looked to be rather a big deal, so I tested it out. What I can tell you is that this doesn't work under NT 4, and I would assume Windows 2000. That's all I have on any of the machines I was able to set up Morpheus on. However, armed with a fistful of random IPs of Morpheus users, I was able to connect to several computers using just a web browser. My guess is these machines are running Win9x, and that has something to do with the vulnerability.
Its pretty alarming to think that anyone and everyone can surreptitiously access your files with just an ip and a browser, no control over the number of connections.
Unfortunately, I have no way of knowing if any of these machines are firewalled. In any case, it might be a good idea to test this out yourself to see if your Morpheus file shares are vulnerable.
|SteelSeries' Apex M500 keyboard reviewed||3|
|Radeon Pro Duo price drops could herald Vega's arrival||10|
|Seagate lets loose 1TB and 2TB Enterprise hard drives||8|
|Biostar B250 motherboards enter the race||8|
|Samsung's Android 7.0 rollout starts with the Galaxy S7||9|
|Sixa Rivvr wireless kit is ready for all VR headsets||6|
|Tinkerer builds his own LCD case side panel||2|
|Leica M10 further refines rangefinders for the digital age||15|
|NZXT adds purple-and-white finishes to its hardware catalog||11|