p2pnet news | MPAA News:- A huge security hole has been uncovered in an application custom-built to boost the Hollywood effort to seriously interfere with education at American universities across the land a la the RIAA —- only more effectively.

Among other things, with it, the MPAA can, “drill down and find out where that IP address is going. Myspace, PirateBay, Grandma’s website, whatever,” blogs David Taylor, a senior information security specialist for the University of Pennsylvania.

“If a person on the network has a personal website they might even be able to get a name and contact information of that user. And to add more weirdness to this scenario the Apache webserver logging is disabled. So you will not know what IP address accessed the application and what pages were accessed.”

And the irony is: the MPAA application was developed with open source software.

Unbelievably, the MPAA wants the universities to install it and if they follow the trend established under the RIAA’s current blackmail and extortion scheme, many of them will do exactly that.

Warner Music, EMI, Vivendi Universal and Sony BMG’s RIAA (Recording Industry Association of America) is attacking US students like a rabid dog, using unpaid school administrations and staffs as the heavies.

Now Hollywood’s MPAA (Motion Picture Association of America), with Time Warner, Viacom, Fox, Sony, NBC Universal and Disney behind it, is harassing US universities it claims are home to file sharing pirates.

Hollywood is claiming it’s being ravaged by criminals and thieves illicitly sharing its movies online, at the same time reporting record-breaking, mind-boggling profits.

‘Open source tools (snort, ntop, etc) bundled with MPAA supplied custom rule sets’

“Friends,” says Matthew Nocifore on the Educause Security list, “I’m hearing that some university presidents have recently been contacted by ‘Education/Outreach’ executives of the MPAA asking that university IT staff install MPAA developed ‘network wiretap and traffic monitoring’ software to help identify and stop the distribution of infringing traffic.”

“The toolkit, freely available via http://universitytoolkit.com, is a collection of open source tools (snort, ntop, etc) bundled with MPAA supplied custom rule sets running on the Ubuntu OS,” says Nocifore, going on:

Apparently the MPAA has even suggested that president arrange a conference call between university and MPAA technical staff to assist in campus deployment of the toolkit.

However, the MPAA app is a Beta and, “Beta is not suitable for a production environment.”

The tool, “seems to be introducing some severe vulnerabilities to the privacy of users and direct access (unauthenticated and totally anonymous) to the logs of all network traffic that can be accessed from any remote system on the Internet,” he says, going on:

“It also appears that they are providing false information to exactly what this toolkit does.”

‘ … now the MPAA has way more information than they are supposed to have’

Taylor downloaded a copy and techies will find chapter and verse on the results on his site where, among other things, we find:

What if I log into my MPAA networked desktop computer and think today I want to go look at the sensor on the University of Tinfoil Hats’ network. I go there and load up the main application and get a list of IP addresses that are showing to be on the Kazaa network. I get the MAC address and all information I can get. Then I send that information to the packet henchmen (MediaDefender, etc) and tell them to find this IP address and generate data for a DMCA notice. Well, now the MPAA has way more information than they are supposed to have. Actually information that would normally require a subpoena.

…

So lets get to the “the content of traffic is never examined or displayed”:

They are using Snort which is a free intrusion detection system that is able to view the packet headers and contents of packets and compare to a list of predefined signatures to determine if specific things exist in the packet. Normally this is used to detect attacks on the network and is also used to enforce company policies.

Meawnhile, in a considerable understatement, he adds:

I think Perhaps the MPAA jumped the gun a bit when they began to send the letters out asking folks to install this toolkit. There are a lot of changes that need to be made before a tool like this could be installed in a production environment. And of course anyone that is responsible for running a network should always make sure to look closely at devices and applications before putting them into production.

Definitely stay tuned.

(Thanks, H)

Share with >>> Slashdot it!

Also See:
record-breaking, mind-boggling profits - Hollywood’s eye-popping summer earnings, September 1s, 2007
blogs David Taylor - MPAA University Toolkit/Backdoor, November 22, 2007
blackmail and extortion scheme - RIAA hits top US schools. But not Harvard, November 23, 2007

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.

This entry was posted on Tuesday, November 27th, 2007 at 11:00 am and is filed under MPAA News. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 4594 times