Advisory #244 - iPhone, Java, Asterisk, Multiple News
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
Advisory #244 - iPhone, Java, Asterisk, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #244
You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error, please contact info@... to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 iPhone - Remote Hacker Automatic Control - Time Since Discovery - 3 Days 1.2 Java - Remote Hacker Automatic Control - Time Since Discovery - 1 Week 1.3 Asterisk - Remote Hacker Automatic Control - Time Since Discovery - 2 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Vista Security Claims Not All They Appear 2.2 A BlackHat Showdown 2.3 Time to Blacklist Blacklists 2.4 A Glitch in the Matrix, or a Hungry Exploit? 2.5 Hunting Safari 2.6 Acknowledging the Importance of Web Security 2.7 Investigating the iPhone 2.8 Why Hack When You Can Buy Your Way to Identity Theft 2.9 A Lesson in Why Regulating Online Activity is Difficult ===================================== 1. SECURITY 1.1 iPhone - Remote hacker automatic control -- Products Affected -- iPhone -- Technical Description -- errata security are claiming the discovery of a vulnerability that affects the Safari browser on the iPhone. At this stage details about the level of access that the vulnerability grants have not been disclosed, but it is considered to be at least an application crash, and potentially arbitrary control. Although the exact vulnerability has not been disclosed, knowledge that there are remote code execution vulnerabilities in existence for the desktop Safari browser makes it a reasonable assumption that similar issues will be affecting the iPhone Safari (given that the disclosed issue is similar to one affecting desktop Safari). -- Description -- After initial speculation that the first general vulnerabilities targeting the iPhone would be discovered within the first few weeks of release, it has been disclosed that at least one vulnerability exists which can allow a remote attacker to gain some level of control / application crash if the user can be tricked into visiting a malicious site using the inbuilt Safari browser. This new issue is an almost exact copy of issues found on the desktop version of the Safari Internet browser, which can give some clues to potential weaknesses to be discovered. -- Recommended Action -- If iPhone users are concerned about the potential risk to their new devices, they should apply caution to the sites that they visit using the inbuilt Safari browser and limit the sites visited to trusted sites only. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 10 10 (Highly Critical) Corporate 10 10 (Highly Critical) 1.2 Java - Remote hacker automatic control -- Products Affected -- Java J2SE -- Technical Description -- Java Web Start may provide access to overwrite local files and pass control of the system to a remote attacker that has convinced a user to interact with a malicious Java application via the Internet. Arbitrary code execution is possible within the context of the local user. Specifically, JDK, JRE 5.0 Update 11 and earlier, and SDK, JRE 1.4.2_13 and earlier are vulnerable on Windows platforms. -- Description -- Late last week a set of vulnerabilities affecting Java Web Start in J2SE were disclosed and patched by Sun. These vulnerabilities can lead to situations where a remote attacker is able to take control of the victim's system in the context of the current victim's privilege level. Of note, JDK and JRE 6, Solaris, and Linux versions of J2SE are not vulnerable to these issues. -- Recommended Action -- Apply the updates for J2SE at the earliest opportunity -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 8 8 (Very High) Corporate 8 8 (Very High) 1.3 Asterisk - Remote hacker automatic control -- Products Affected -- Asterisk 1.4.2 and prior. -- Technical Description -- Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c, specifically two closely related stack based buffer overflows exist in the SIP/SDP handler. These vulnerabilities can be triggered with a number of different SIP messages affecting calls received by Asterisk, or in response to calls made by Asterisk. -- Description -- Asterisk is vulnerable to two related issues affecting handling of SIP/SDP network traffic. These issues can lead to an attacker taking control of a vulnerable server / system that is running Asterisk. Asterisk developers have released an update to address this issue. -- Recommended Action -- Update to the latest versions of Asterisk or AsteriskNOW as appropriate. -- Source -- (Paid subscription required to access) -- Updates Available -- (Paid subscription required to access) -- External Tracking Data -- (Paid subscription required to access) -- Threat Matrix -- U O Home User 9 9 (Critical) Corporate 9 9 (Critical) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Vista Security Claims Not All They Appear Microsoft employee Jeff R Jones (Security Strategy Director) recently released a report claiming that Windows Vista is significantly more secure than competing operating system platforms. After being released to CSO Online, the news was picked up and repeated by many sites, but not many stopped to analyse the information actually being put forward in the paper. Some sites, such as Slashdot, saw heated discussion about the methodology used and conclusions presented in the report, but overall most people accepted the report at face value. Now that more people have had the opportunity to dig deeper through the report, more claims are being put forward that the report presents the wrong conclusions and is using flawed methodology. The first warning sign for many is the fact that a paper written by a Microsoft employee places Microsoft in an advantageous position. While parochialism should be supressed by professionalism, it does lead to concerns about bias. Parochialism aside, the biggest problem that most observers are having with the published article is that the author has interpreted the available data sources in a very constrained manner that is not consistent for all of the considered platforms. Windows Vista certainly has had fewer vulnerabilities publicly reported and patched by Microsoft, but it has only been available for a few months. Of concern to researchers is the number of critical vulnerabilities that are due to buffer overflows and those derived from old code. Technology such as ASLR was supposed to neutralise the majority of these vulnerabilities. The report skips 'silently fixed' issues, which Microsoft did not publicly acknowledge as existing. It also covers bundled software when considering other operating systems, such as RHEL 4, which are provided with numerous database, mail, and web servers, along with a host of other applications that the base Windows installations do not come with. With the continuing trend of the same vulnerabilities being found on Vista as on other systems, some are seeing it as a reason NOT to upgrade to Vista (or at least not until SP1). Consumers and businesses are continuing to push for the ongoing sale of Windows XP, and there are concerns from some quarters that Microsoft may have painted itself into a corner with Vista. It appears that Microsoft's big push to rewrite the core system with security in mind hasn't quite achieved the goals that were set (ASLR can be defeated reliably, as well). This, and the response to the recent report is quite disappointing, especially as Microsoft really has improved their stance on security and development practices in recent years. 2.2 A BlackHat Showdown An old-fashioned Wild West show down appears to be on the cards at the 2007 Black Hat USA Briefings & Training, due to kick off in Las Vegas on July 28. Lining up on one side is a team of luminaries who have gathered under the Matasano Chargen banner, seeking to demonstrate that they can arbitrarily detect hardware-level (hypervisor) rootkits (such as Blue Pill). Opposing this is the Blue Pill team, led by Joanna Rutkowska, who believe that they have a better than fair chance at evading reliable detection by the Matasano Chargen team. With an armament of: * Direct Timing Observation; * Indirect Timing Observation, and * Functional Observation the team from Matasano Chargen believe that they have what it takes to identify and knock down Blue Pill. The difficulty will be in applying these capabilities in a manner that does not adversely impact the end user experience (some cryptographic attacks that use timing observation effectively DoS the system while they are running). Watching the two teams posturing ahead of the challenge, the impression is gained that they are both moving towards the same goals, but there is a little bit of a discrepancy between the aim points. That discrepancy is going to be the key as to whether Blue Pill succeeds or Matasano succeeds. Even though there are lines being drawn in the sand by the supporters of each side, the outcome (at this stage) is basically a coin flip. If Blue Pill can reliably counter each of the techniques being used in an attempt to detect it, then the Blue Pill team wins. In a real infection scenario, disabling the detection software is also a valid procedure (though it will serve as a detection in this case). If the Matasano team can implement even one reliable detection technique, then they win. The real difficulty is making that technique reliable, given all the other processes that might be competing for resources that are under observation. Drawing on how the arms race for kernel-level rootkits, detection, and counter-detection has developed, there is a slight advantage to the Blue Pill team. What everyone watching should hope for is that there is no repeat of last year, where lengthy arguments developed after disputed claims were made about being able to hack WiFi connections on OS X machines. UPDATED - Black Hat Showdown a No Down. An eagerly awaited Security showdown at this year's Black Hat briefings in Las Vegas, between the developers of the Blue Pill hypervisor rootkit and a team that claims they can reliably detect it, is no more. In establishing the ground rules for the face off, the Blue Pill developers requested a fee of $384,000 USD to be paid as compensation for time and resources used to develop the technology and bring it to a commercial stage of completion. Nobody is claiming that the Blue Pill team should not be compensated for their efforts, but the amount that they have requested is enough to throw iced water over the concept of a show down at this year's Black Hat conference in Las Vegas. Is this the market rate for complete control of a brand new rootkit? Or is it indicative of the hidden costs that software development and security research really bring to a company? The quoted market rate of $200 per hour might be within a reasonable bracket, but applying it for the length of time that the rootkit has been in development is generally being interpreted as unfair. Suggestions have been put forward that it may be worth closer to 15-20% of what they have asked for, but with trades for information like this it will always be worth what someone is willing to pay. Other suggestions have been that it should be handled like a proper wager (where better to do it than Vegas), with each side fronting up their bet, and winner takes all. The show down may not be a complete writeoff, however. The team who were lined up to detect the rootkit will still be presenting an outline at the Black Hat Briefings of the technology and guiding principles that will allow for detection of these hardware level rootkits. After news of the initial challenge grabbed the attention of a lot of people, the subsequent cancellation has led to some interesting ideas about how to still achieve some sort of outcome and test the claims of both parties. One of the most prominent concepts that has been put forward so far is for a good faith bet, where the detecting team places their tool online, and allows arbitrary third party use and testing of the tool to see whether it would comply with the initial guidelines of the test, and allow the Blue Pill team to internally test against it (that particular report would have to be accepted on good faith for accuracy). While not the same as a public head-to-head test, it still allows most of the aims to be achieved, including the most stringent limitations placed on the detection tool (don't significantly degrade the user experience). 2.3 Time to Blacklist Blacklists Blacklists have their place for detecting and identifying malicious content and activity, with the whole signature-based malware detection industry effectively being built around the concept that blacklists are reliable mechanisms. The only problem is that they aren't. They certainly are an important element of security models, but the last couple of decades of security research has shown that they quickly become ineffective in the face of a rapidly evolving threat. Early in the life of antivirus tools, simple signature based detection was enough. An internal blacklist could identify all known pieces of malware because they did not evolve or spread very rapidly. When polymorphic malware began to exhibit better software development, the need for heuristic detection engines became more urgent. Most antimalware software now has a combination of blacklisting and heuristics in use to assist in identifying malicious activity (when they aren't busy deleting critical system files or being compromised by their own analysis engines). Having an exhaustive blacklist helps companies claim that they detect many tens of thousands of viruses and malware, when in reality it may be many different versions of a few key pieces of malware, just different enough from previous versions to require a brand new blacklist signature. Moving on to blacklists of known spam-generating IPs and malware- serving sites, we start to see significant problems emerge with this particular approach to protection. Many mail server administrators will have encountered at least one period where they have found their IP on an RBL (Real Time Block List) alongside IPs that have seen to be spewing spam across networks (or they could have just had AOL mailing list subscribers who find it easier to report as spam than unsubscribe from something they manually subscribed to). With the use of dynamic IP addresses and virtual hosts, many have found that if they have a bad network neighbour, they can be hit with the same blocking (we've had it happen a few times) from indiscriminate RBL maintainers. Even important registries are not immune from arbitrary blockage and ongoing annoyance from poorly developed RBLs. The problem of misidentification becomes even worse when blacklists of websites that are hosting malware and phishing attacks are maintained. Microsoft, Mozilla, Opera, McAfee, and Google are just some of the large bodies that have invested significant resources to the creation, maintenance, and use of website blacklists to warn users of potential malicious activity on websites (and in some cases prevent access). Anyone who spends even just a little bit of time involved with researching and observing the patterns and pace of website attacks, hacks and defacements will know that websites are essentially fragile entities and it doesn't take much for a well-trusted site to become a malware-spewing nightmare. Like trying to use DRM to restrict the spread of copyright infringement, using blacklists / blocklists to limit access to sites will only stop the honest, and the casual attacker (extremely casual attacker) from getting people to see their site. Any attacker that is remotely serious about their work will have plenty of ways to bypass and overcome the minor inconvenience that the blacklists pose. If any further evidence was required, a security researcher (Kuza) has published a small set of techniques that can be used to bypass these website blacklists. The set of techniques published reflects just a small number of the many different ways that it is possible to avoid these lists, not least of which is the fact that it takes time for a site to be added to a blacklist. The response that Kuza received from Microsoft when he reported his techniques for phishing detection avoidance is actually quite an intelligent response - "[it] is not a security feature". The only problem with this is that many, many people (including a lot of 'security' people who should really know better) consider these lists to be just that - a security feature. It is time that people became aware that these lists are a small tool of their protection arsenal, and not the major innovation that their creators and maintainers describe them as. It is also time that people became aware of the problems that these lists can cause when improperly developed and maintained (and even when they aren't). 2.4 A Glitch in the Matrix, or a Hungry Exploit? Sûnnet Beskerming researchers observed an interesting deviation in global network traffic over the last 24 hours, particularly for South American, Asian, and Australian networks. Normally, global Internet traffic (as observed by the Internet Traffic Report) oscillates around 9% packet loss, with global response times of 138 ms, and the internally derived traffic index at around 79. Sustained over the last 24 hours, the traffic index has dipped almost 5%, packet loss has climbed to 11%, and the global response time to almost 150 ms. Normal spikes and dips as observed on the Internet Traffic Report show up as no more than 3 or 4 hour blocks of odd results before settling back into normalcy. This latest spike and dip has been sustained for at least 18 hours, with a rapid ramp up in the six hours prior to the peaks (and lows) being reached. When the figures are considered against the 7 day average, and the 30 day average, the deviation appears to be quite significant and seems to mark a distinct event or set of events. When the reports for Asia, South America, and Australia are looked at in isolation, the three regions appear to be suffering from a related event, with similar patterns being observed in the data being put forward for those regions. Data for Europe and North America indicates that whatever is affecting the other regions, it isn't affecting Europe or North America. Independently sourced data at Keynote (using their Internet Health Report) indicates that there is nothing adversely impacting the US at this time. Either these regions are experiencing the first stages of a global event, or they contain networks that are under a sustained attack for some specific reason. So, what can be causing this problem? There appears to be nothing that is being reported by any of the usual agencies or news feeds, with SANS indicating a GREEN Threat level, and Symantec, McAfee, and the other major security software providers not indicating any new malicious software emergence. Looking at the current Top 10 report from SANS, it appears that Port 5901 (used for VNC) is leading the charge for the top rating across all metrics (including a 20% lead on the next port on the rising Trends chart). At the time of writing, the raw data for Port 5901 was showing disturbing results. While there is spam, drive-by phishing attacks, and persistent worms attacking global networks, these have been ongoing attacks and should not be responsible for such a large change in such a short period of time by themselves. If we consider port 5901 to be relevant to the reason behind the attacks, then we might have found a potential cause, and a potential target. An exploit was added a couple of days ago to a number of security mailing lists, distribution sites, and other sources, which targets a remote code execution vulnerability in the AMX VNC ActiveX control. Since appearing on these sources it has spread to thousands of sites, and is guaranteed to have been seen by many, many people - some with malicious intent. Although a remote code execution exploit is nothing special nowadays, this particular piece of code claims to achieve its goals without alerting the victim to the fact that they have just been successfully hacked. Whether or not it is relevant to the real reason behind the observed response time and packet loss deviation will be seen over time. At the least, administrators and end users should keep a closer eye on their systems and networks over the next few days to see if this unknown problem is going to spread. UPDATED - Since so many people have been asking about whether there are any updates to our Glitch in the Matrix post, we've decided to post a quick update based on what our researchers are continuing to observe. Overall Internet traffic, as observed by The Internet Traffic Report has settled back into normal ranges, though the 7 day charts show a clear deviation from the norm at the end of last week (29-30 June) and a little bit more volatility in the period since. There is still no clear picture as to what was behind the lengthy deviation, with some regional networks still encountering out of the ordinary behaviour (though that might be within normal operating ranges for those networks, especially if they are under maintenance). Port 5901 has now dropped to more reasonable levels on the SANS Top 10, but the fact that it is still present on the Top 10 should still be a concern for end users. Feedback from various sources and communication with the ISC indicated that while the observed traffic patterns were of interest, there was nothing that could be clearly identified as being more than a possible source for the behaviour. 2.5 Hunting Safari When Apple's Safari browser was released for beta testing on Windows at this year's WWDC, it was expected that many researchers would turn their attention to this little piece of Apple in a Microsoft world. These expectations were met when vulnerabilities were rapidly discovered and disclosed within a matter of hours of the release of the browser, some with detailed exploitation code accompanying the disclosure. A lot of the remaining publicly known vulnerabilities are low threat issues, providing cross site scripting and minor data corruption opportunities. However, there are still serious vulnerabilities being released, such as the '0-day' code execution vulnerability due to excessive Title tag length when a page is added to the bookmarks. While Apple quickly moved to patch the known vulnerabilities, bringing the browser to beta version 3.02 in short order, some 'researchers' have decided to take a more unprofessional route while vulnerabilities continue to be disclosed by others. Repeating the oft-used line that unpaid research and Quality Assurance for a software vendor is not what they are there for, at least one security researcher has publicly stated that they will be withholding disclosure of serious Safari vulnerabilities until after the release of OS X 10.5 (Leopard), preferring to wait until a reasonable userbase has been established prior to disclosure. The risk of taking this approach is that it is possible (maybe even probable) that another researcher will identify and report the vulnerabilities before the release and widesperad use of Leopard. Intentional suppression of vulnerability data (including not reporting it to the vendor), with the intention of later publicity, is a practice that many find unethical and unprofessional and the researchers may find that software vendors will be less willing to negotiate with them in the future. Whatever the outcome, it is to be expected that many more Safari- focussed vulnerabilities will be disclosed over the next several months. 2.6 Acknowledging the Importance of Web Security Two recent articles in the mainstream technical media are helping to bring increased awareness to the importance of web security as a key component in the overall security picture. With acknowledgement of the increasing difficulty of spreading malware through traditional channels (email), Paul Henry suggests that the web is becoming the dominant distribution channel for malware. Supporting this argument through figures that point to increasing numbers of websites hosting malicious content, Paul fails to recognise that the recent explosion in the number of sites hosting malicious content has largely been due to hosting providers that were compromised through known weaknesses in their hosting solutions (especially of systems with numerous virtual hosts). There are still increasing numbers of dedicated malicious sites, but this analysis (like many) fails to properly account for previously trusted sites that are temporarily compromised by an attacker or via included third party content (such as banner ads). This sort of problem will forever be the Achille's heel of programs like SiteAdvisor and browser-based phishing protection. Although the article at ZDNet is a press release masquerading as news (guess who has a vested interest in the product hawked in the article), it does raise some valid points that people outside of the web security sphere may not have been aware of, but should be informed about. A better article, over at C|Net, identifies some of the problems associated with web security, particularly in terms of creating and implementing standards. The assertion that the industry is 'basically making up web security as it goes along', however, is somewhat unfair. Perhaps this is the case in companies where there is not even a basic understanding of web security, but there is a growing repository of freely available information and common baseline knowledge that will propel companies and developers a long way towards implementing reasonable levels of security. Beyond reasonable security the situation changes. It becomes like the rest of Information Security, where a small set of researchers and attackers are constantly probing away at the edges of what is known - seeking to improve the common knowledge (or improve the ability to attack and control). Creating and implementing standards that can get entities to a level of reasonable security is the difficult part (as the article points out). Any standards body risks becoming irrelevant as soon as a standard is published (just like every other standards body), particularly with the rapid pace of security research and discovery. It doesn't take much research to find examples of this (PCI DSS), but the ongoing efforts of groups like OWASP and WASC are likely to form the initial basis of any eventual standards (it would almost be criminal for them not to). 2.7 Investigating the iPhone When Apple's iPhone was released at the end of last week, not only were purchasers lined up to get their hands on the device, but security researchers were keenly awaiting physical access to the device. It didn't take long, with what appears to be a recovery system image posted to a number of sites within a matter of hours of the release of the iPhone. Initial analysis of the files has provided clues about the internal setup of the phone (assuming the files represent an accurate firmware image). The presence of low level accounts (admin and root), along with passwords for them came as a minor surprise. Password recovery tools quickly allowed recovery of the underlying passwords. Those discoveries are a major assistance to web security researchers on both sides of the fence. Web security researchers sat up and took closer notice after Steve Jobs announced at the recent WWDC that third party developers will be able to develop applications for the iPhone by creating 'Web 2.0' style applications that iPhone users are able to access using the Safari browser on the phone. Observing what sort of vulnerabilities continue to be discovered for desktop browsers, it is only going to be a matter of time until someone discovers a vulnerability that will allow for complete access to all of the data on the iPhone. Already researchers are busy looking at ways that can be used to access the information stored on the device. Researchers who are focussed on the network that the iPhone connects to have disclosed that in order to access voicemail across the network a password is not required, merely a valid Caller ID. Guidance on addressing the situation has also been released, which should be followed by all iPhone holders. Initial analysis of the network traffic coming from the iPhone has raised some interesting possibilities and similarities to OS X, and it is likely that there are going to be some significant results to come from this approach over coming weeks. The next couple of days are likely to see activation cracks released, according to one group looking at the code, and it is reasonable to assume that arbitrary execution code will only be a matter of weeks away (at most). The team over at errata security are claiming what could be the first set of vulnerabilities to affect the iPhone, after less than 96 hours of general availability of the device. At this stage they are claiming the presence of an unidentified Safari bug, and an interesting Denial of Service against the Bluetooth connection. Even without full disclosure, the Safari bug throws up some interesting material for others who are looking at the potential weaknesses in the device. It appears to be the same as a bug that errata security have identified with the desktop version of Safari (but not fully disclosed). If this not just a one off, then there are plenty of vulnerabilities affecting the desktop version of Safari that will give enterprising researchers and attackers a useful means to probe deeper into the iPhone. With the timeframe since the release of the iPhone so short, the vulnerabilities being discussed and disclosed are somewhat raw around the edges, it should be expected that they will soon become more useful and more efficient, even if the potential infection base is around 1 million devices. 2.8 Why Hack When You Can Buy Your Way to Identity Theft Continuing a trend of employees stealing valuable data, an employee at a Fidelity National Information Services subsidiary at some time prior to May 2007 stole more than 2 million records that contained a range of personal, financial account, and credit card data for users of Fidelity services. Immediately profiting off the theft, the employee sold the information to a data broker that then sold the information on to direct marketing companies. Even though officials from the Fidelity subsidiary involved have stated that none of the data was used for fraudulent financial activity, the consumers who were subsequently contacted by the direct marketing firms might think otherwise. Even though they have found no fraudulent activity, the Fidelity subsidiary just doesn't know what the data has been used for, or where it has exactly spread to - which is always the considered risk with identity data theft. A clear example of failing to understand how fluid the storage and distribution of information is, the company has set out to recover all of the data stolen. They will be able to recover copies of it, but there will be no guarantee that they can recover all copies of it. The employee who stole the data was a senior DBA who has subsequently been fired and is likely to face civil and criminal charges in the near future. 2.9 A Lesson in Why Regulating Online Activity is Difficult When the controversial online music distribution site AllofMP3.com went dark recently, it was touted as a victory by various groups responsible for music royalties (who weren't getting a cut from AllofMP3.com) and a positive sign of US-Russian relations due to the intimation that US pressure was used to force the Russian authorities to terminate the link between AllofMP3 and their ISP. This celebratory feeling was somewhat short-lived when MP3Spark.com suddenly appeared from nowhere, apparently being operated by the same parties responsible for AllofMP3.com. Account holders from AllofMP3.com have confirmed that it appears that their accounts and other details appear on the new site, and the catalogue presented on MP3Spark.com contains the same spelling errors and misattributions that AllofMP3.com maintained. MP3Spark.com also appears to have the same arrangement with the disputed collector of royalties within Russia that AllofMP3.com maintained. It is claimed that this particular organisation has tried to distribute royalty funds, but has been turned down by rights holders. Media Services, the company that appears to be behind both sites is currently in the process of being sued by multiple parties inside and outside of Russia, so it may be a shorter timeframe before the new site is taken offline (or moved to a country that doesn't care about copyright as much). ======================================= Sincerely, Sûnnet Beskerming Team info@... Sûnnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** Sûnnet Beskerming Pty. Ltd. ** Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. Sûnnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis. _______________________________________________ Alertmailinglist mailing list Alertmailinglist@... http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com |
| Free Forum Powered by Nabble | Forum Help |
