[acid-jazz] Fwd: RIAA (HA!) (news)

From: Leslie Shill (icehouse_at_redshift.com)
Date: 2003-01-03 23:37:12

  • Next message: MGA Update: "[acid-jazz] LA: Tonite, MGA, Abstract Rude, Cody Chesnutt"

    for those of you who might be interested!

    > Subject: RIAA (HA!) (news)
    > Date: Sat, 04 Jan 2003 01:27:31 -0800
    > -----
    > http://www.wired.com/news/technology/0,1282,57048,00.html?tw=wn_ascii
    >
    > Or: http://www.wired.com/news/technology/0,1282,57048,00.html
    > 02:00 AM Jan. 03, 2003 PT
    >
    >
    > The Recording Industry Association of America may not want people to
    share
    > digital files, but the organization certainly seems to be in favor of
    open
    > access to its website.
    >
    > On Monday, the RIAA site was hacked for the sixth time in six months.
    > This time, the defacement resulted in bogus press releases on the front
    > door, touting the joys of cheese and interspecies romantic relationships.
    > The RIAA's role as the music industry's voice against digital piracy
    makes
    > it an obvious target for those who are angered by what they see as the
    > organization's overly vehement crusade for copyright owners' rights.
    > Since the RIAA site is such a tempting target, many wonder why the
    > organization hasn't made more of an effort to secure its site. On Monday,
    > access to the site's supposedly private innards was gained in much the
    same
    > way as it was last August.
    >
    > Some security experts said in no uncertain terms that the latest
    defacements
    > indicate the RIAA is clueless about technology. They charge that this
    > ignorance has resulted in the RIAA attempting to combat digital file
    sharing
    > in ineffective, counter-productive ways.
    >
    > "It's obvious that they don't get the Web, and they don't get
    technology, or
    > they'd understand how to protect their own website," said Wall Street
    > systems administrator Anthony Negil.
    >
    > "The flaws that people are exploiting to access their site are elementary
    > security issues and there's no excuse for an organization that purports
    to
    > understand the dark side of the Internet to leave such gaping holes in
    their
    > own network infrastructure."
    >
    > In response to the August defacements, the RIAA upgraded its server
    > software. But the software wasn't the problem.
    >
    > "My opinion is that the people at the RIAA (who are) making the
    statements
    > about P2P hacking and the (Digital Millennium Copyright Act), the
    executives
    > and legal staff, are completely disconnected from the technical folks who
    > actually run the website," said Robert Ferrell, a systems security
    > specialist.
    >
    > Ferrell and others predicted that if the RIAA escalates its anti-piracy
    > efforts, the organization's site will be completely knocked off the
    > Internet.
    >
    > "The RIAA honestly has no idea what they're up against. They will be
    toast
    > the first time they try to shut down a P2P network being used by any
    serious
    > black hats," Ferrell said.
    >
    > The last time the RIAA site was hacked, downloadable pirated music was
    > posted. This time, a URL allowing access to the RIAA's system for posting
    > press releases was made publicly accessible, allowing people to post
    > messages which then appeared on the RIAA's official press release page.
    > The URL was widely circulated on Internet relay chat groups on Monday.
    > People merrily posted bogus press releases and waited for the RIAA's
    > reaction.
    >
    > Hours later, they were still waiting. The hole stayed open for seven
    hours.
    > "Hey, don't you think they should have noticed that press release urging
    > people to have sex with barnyard animals by now?" one chat participant
    > asked, several hours after the bogus press releases first hit the RIAA
    site.
    > A spokeswoman for the RIAA said the problem would have been identified
    and
    > handled sooner had it not occurred over the holiday vacation week. She
    > declined to comment on why the RIAA site has suffered so many security
    > problems over the past few months.
    >
    > "I believe that the RIAA honestly has no idea what they're up against,"
    > Ferrell said. "The RIAA and MPAA are Internet disasters of potentially
    epic
    > proportions just waiting to happen, and while I don't ordinarily side
    with
    > defacers and script kiddies, in this case I'll make an exception."
    >
    >
    > //
    >
    >
    >
    >
    >