Folks who are tapping into their tunes via the Yahoo Music Jukebox music player may find themselves at risk of allowing a malicious attacker into their computer, according to a security advisory issued Monday by Secunia.
The "extremely critical" security vulnerabilities are found in Yahoo Music Jukebox version 2.2.2.056 and possibly other versions, according to Secunia. The heightened warning comes as exploit code has been made public, which could give malicious attackers a road map to follow should they want to compromise a user's computer.
According to Secunia, users who have the Yahoo Music Jukebox loaded on their system and visit a malicious Web site could find themselves at risk. The security flaws are found in the way certain ActiveX controls in the Yahoo music player process information, which could cause a buffer overflow problem. An attacker could then exploit the vulnerabilities and execute arbitrary code from a user's computer.
Secunia advises Yahoo Music Jukebox users to set the "kill-bit" for the affected ActiveX controls, as a means to minimize any potential threat to their system.
Yahoo was not immediately available for comment. But stay tuned.
It's been a tumultuous few days for Yahoo--you know, with that takeover bid from Microsoft--but the company continues to shake things up internally, too.
On Monday, the company announced that it will discontinue its Yahoo Music Unlimited subscription service and will transfer its customers to RealNetworks' Rhapsody service.
In mid-2008, Yahoo Music Unlimited subscribers will be guided through an in-browser process to convert their music libraries to Rhapsody's service. For a limited time (length unknown), they'll be able to keep paying Yahoo's subscription fees, which cap out at $8.99 per month, before being required to start paying Rhapsody's $12.99 monthly fee.
Additionally, Yahoo announced in conjunction that it has acquired FoxyTunes, a browser plug-in that is compatible with multiple desktop and Web-based music players.
RealNetworks, which acquired Rhapsody when it purchased parent Listen.com for $36 million in 2003, has been partnering with both hardware manufacturers like TiVo and media companies like Viacom's MTV Networks. It's the company's best strategy for staying afloat in a digital music landscape that's not only dominated by Apple's iTunes but also seems to be gravitating toward "free," not subscription-based models.
But the announcement with Yahoo is shrouded in uncertainty, for obvious reasons. Just about anything could happen to Yahoo if Microsoft's proposed $44.6 billion acquisition goes through.
RealNetworks, ironically, has a hostile history with Microsoft, too, dating back to an antitrust scuffle several years ago that led to a partnership in which RealNetworks ultimately claimed it was shortchanged.
Yahoo Music's going to join Amazon.com in offering DRM-free MP3s, either for free as part of an advertising-supported service, or for sale on a per-download basis, according to anonymous record company executives cited in this AP story.
Yahoo Music is the only major commercial download site that offers lyrics.
(Credit: Screenshot)Ian Rogers, the exec in charge of Yahoo's music service, has certainly thought long and hard about the future of the music industry, and Yahoo's got tons of traffic (which it hasn't done a very good job of monetizing, but that's another story). I like the site's search interface--it's a lot better than Amazon's, which mixes MP3 downloads and physical CDs with no rhyme or reason--and it's the only major commercial music download site that offers lyrics.
They've got a fighting chance, in other words, but will need something extra to differentiate themselves from the rapidly growing pack. Some ideas: offer a range of bitrates, all the way up to lossless. Do more with the lyrics, like integrating them into music streams, then scrolling them across the Yahoo Media Player when users play or link to a song that's hosted on the Yahoo streaming service. Make it as easy as possible for independent artists to post their files on the site, like CDBaby and (recently) Last.fm--depth of catalog is key.
What not to do: stay wedded to Windows Media Audio, require a subscription fee or online registration, or (worst of all) try and create yet another desktop application for playing music--we've got plenty of those already, and most iPod users will stick with iTunes.
I'll wait on the details before speculating further as to whether a revamped Yahoo Music will hit or miss.
According to a report yesterday in The Wall Street Journal, Yahoo's restructuring plan will likely involve significant cutbacks at Yahoo Music, including the shutdown of one or more of its subscription-based services.
In fact, it looks like Yahoo has already removed all links to its Yahoo Music Unlimited To Go service. The service, priced at $11.99 per month, allows users to transfer files to a compatible portable device. The service now can be found only by conducting a search, and I'm not sure if Yahoo is accepting new customers for it. That leaves Yahoo Music Unlimited, which offers PC-only downloads for $5.99 per month, with an option to buy CD-burnable downloads for an extra $0.79 apiece.
This could cause some trouble for manufacturers of portable music players that don't have their own stores. I'm thinking particularly of SanDisk, which has the No. 2 position fairly well locked up at this point, with around 10 percent of the market, mostly at the low end. (Microsoft hopes to be in this position by next year, but so far hasn't officially announced any low-cost flash-based players, so it isn't in the same market category.) Today, SanDisk's Sansa Connect player is the only one offering a Wi-Fi-enabled device with a subscription-based service--that is, anytime, anywhere access to millions of songs. But that product relies on Yahoo Music Unlimited To Go. So SanDisk will either have to find another partner (Rhapsody?), build its own store, or fundamentally change the Connect--perhaps offering downloads only, as Apple's going to do with its iTunes Wi-Fi Store.
The decision to cut back on Yahoo Music also illustrates a point I made yesterday: online music stores generally exist to sell some other product. According to an Insider estimate from April by PacificCrest's Andy Hargreaves, Apple pays about 70 percent of the cost of each download back to the content owner. (Anecdotally, this matches up with the cut that independent musicians receive when they sell their songs on iTunes via CD Baby--see the end of this post on Digital Audio Insider.) After that, Apple has to cover various other costs (delivery, transaction fees to payment processors) and probably ends up keeping about 10 percent. Compare this with the estimated profit margins on Apple hardware like the iPhone (50 percent before the recent price cut) and iPod Shuffle (around 40 percent when it launched in early 2005), and it's clear that iTunes is meant to drive hardware sales, not the other way around.
Microsoft and Nokia are following a similar tack, building their own music stores in hopes of selling more devices. But for companies with no adjacent business, selling online music is tough. I imagine large retailers like Amazon.com and Wal-Mart Stores do OK because of their huge scale, and RealNetworks is making a go of it with Rhapsody, but smaller online retailers face a tight squeeze.
- prev
- 1
- next
