From: Leslie Shill (icehouse_at_redshift.com)
Date: 2003-01-03 23:37:12
for those of you who might be interested!
> Subject: RIAA (HA!) (news)
> Date: Sat, 04 Jan 2003 01:27:31 -0800
> -----
> http://www.wired.com/news/technology/0,1282,57048,00.html?tw=wn_ascii
>
> Or: http://www.wired.com/news/technology/0,1282,57048,00.html
> 02:00 AM Jan. 03, 2003 PT
>
>
> The Recording Industry Association of America may not want people to
share
> digital files, but the organization certainly seems to be in favor of
open
> access to its website.
>
> On Monday, the RIAA site was hacked for the sixth time in six months.
> This time, the defacement resulted in bogus press releases on the front
> door, touting the joys of cheese and interspecies romantic relationships.
> The RIAA's role as the music industry's voice against digital piracy
makes
> it an obvious target for those who are angered by what they see as the
> organization's overly vehement crusade for copyright owners' rights.
> Since the RIAA site is such a tempting target, many wonder why the
> organization hasn't made more of an effort to secure its site. On Monday,
> access to the site's supposedly private innards was gained in much the
same
> way as it was last August.
>
> Some security experts said in no uncertain terms that the latest
defacements
> indicate the RIAA is clueless about technology. They charge that this
> ignorance has resulted in the RIAA attempting to combat digital file
sharing
> in ineffective, counter-productive ways.
>
> "It's obvious that they don't get the Web, and they don't get
technology, or
> they'd understand how to protect their own website," said Wall Street
> systems administrator Anthony Negil.
>
> "The flaws that people are exploiting to access their site are elementary
> security issues and there's no excuse for an organization that purports
to
> understand the dark side of the Internet to leave such gaping holes in
their
> own network infrastructure."
>
> In response to the August defacements, the RIAA upgraded its server
> software. But the software wasn't the problem.
>
> "My opinion is that the people at the RIAA (who are) making the
statements
> about P2P hacking and the (Digital Millennium Copyright Act), the
executives
> and legal staff, are completely disconnected from the technical folks who
> actually run the website," said Robert Ferrell, a systems security
> specialist.
>
> Ferrell and others predicted that if the RIAA escalates its anti-piracy
> efforts, the organization's site will be completely knocked off the
> Internet.
>
> "The RIAA honestly has no idea what they're up against. They will be
toast
> the first time they try to shut down a P2P network being used by any
serious
> black hats," Ferrell said.
>
> The last time the RIAA site was hacked, downloadable pirated music was
> posted. This time, a URL allowing access to the RIAA's system for posting
> press releases was made publicly accessible, allowing people to post
> messages which then appeared on the RIAA's official press release page.
> The URL was widely circulated on Internet relay chat groups on Monday.
> People merrily posted bogus press releases and waited for the RIAA's
> reaction.
>
> Hours later, they were still waiting. The hole stayed open for seven
hours.
> "Hey, don't you think they should have noticed that press release urging
> people to have sex with barnyard animals by now?" one chat participant
> asked, several hours after the bogus press releases first hit the RIAA
site.
> A spokeswoman for the RIAA said the problem would have been identified
and
> handled sooner had it not occurred over the holiday vacation week. She
> declined to comment on why the RIAA site has suffered so many security
> problems over the past few months.
>
> "I believe that the RIAA honestly has no idea what they're up against,"
> Ferrell said. "The RIAA and MPAA are Internet disasters of potentially
epic
> proportions just waiting to happen, and while I don't ordinarily side
with
> defacers and script kiddies, in this case I'll make an exception."
>
>
> //
>
>
>
>
>