Claims that the music industry hired a group of hackers to create a worm to infect peer-to-peer networks are being dismissed by security experts.
In an advisory posted to security mailing lists, a group called Gobbles Security delivered its latest vulnerability--a real one found in a relatively unknown MP3 player--wrapped in an apparent joke aimed at the Recording Industry Association of America. The main part of the advisory consisted of Gobbles' claims that its programmers had created a "hydra"--a worm capable of spreading in a variety of ways--that infects all major music software.
The RIAA, the organization that represents major music publishers, wasn't amused. "It's a complete hoax," said an RIAA spokesman, who asked that his name not be used. "It's not true."
Security experts agreed. Steve Manzuik, moderator of vulnerability information site VulnWatch, received the advisory on Sunday. But because of the apparent joke, he held the document until the vulnerability was verified a day later.
"This is typical Gobbles, is it not?" Manzuik said. "Cause a stir, but also release useful information."
The true vulnerability is not found in the major music players--Windows Media Player, WinAMP and Xmms are among the players Gobbles names--but in the MPG123 music player, a relatively unknown piece of open-source software.
Mailing list BugTraq also decided to post the advisory. "In this case, it contained valid vulnerability details, so we decided to publish it," said Oliver Friedrichs, senior manager at computer security firm Symantec, which owns the mailing list.
This is not the first time that the RIAA has been a potential target of hacker humor. Over the weekend, unknown hackers hit the organization's site and replaced some content with false releases. In July, the music industry's Web site was hit by vandals in an attack that caused the pages to be available sporadically for four days.
The music industry isn't hacking back, but someday it might. A bill sponsored by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., would allow copyright owners and such groups as the RIAA and the Motion Picture Association of America to disable, block or otherwise impair a "publicly accessible peer-to-peer file-trading network." Nowadays, that's called hacking.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Prominent corporate governance organization says Facebook's dual-class stock structure gives CEO Mark Zuckerberg too much control over the company's future.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Is the public ready for Samsung's new Galaxy Note device, which melds tablet and phone into one unique mobile device? We hit New York streets and received some surprising results.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation