March 04, 2002
Major Security and Privacy Issues

Major Security and Privacy Issues on the Morpheus Network

The Morpheus network underwent two serious attacks last week. Users have only recently been allowed to reconnect to the network using the new Morpheus Preview Edition.

The explanation below is made up of excerpts from the statement published on the MusicCity website from Steve Griffin, the StreamCast/Morpheus CEO:

This week MusicCity and Morpheus users suffered dual attacks. First, early this week MusicCity's servers were hit by a massive Denial of Service attack. Soon thereafter, Morpheus users found that a separate attack had been launched on their computers and their Morpheus software programs.

It appears that the attacks included an encrypted message being repeatedly sent directly to your computers that changed registry settings in your computer. Later, it appears our ad servers were attacked resulting in messages being sent to other sites without our knowledge, which threatened our most basic revenue model. We believe some of these attacks continue as Morpheus users attempt to connect to the old Morpheus User Network. This was why it is important to quickly deploy our new software product...

...These attacks have forced us to more quickly deploy our new software product in order to allow you to bring the largest p2p community back together. Since it appears that the attack on your computers came from the closed proprietary FastTrack-Kazaa software, we have opted not to continue with this p2p kernel. We believe it to have the ability to access your computer at will and change registry settings. In addition, we remain committed to NOT bundling any spy ware with our product.

We are pleased to migrate to an open Protocol product with the release of Morpheus Preview Edition, which is based on the very large network of Gnutella users...Since our company and your p2p network are being attacked, we would appreciate your constructive comments for improvement, not simply criticisms. With you help and input, we will continue to provide the pre-eminent p2p software product in the world.

Lastly, we want to address some of the misinformation we've seen recently. There have been many comments that we caused these problems intentionally. Let me assure you that we would NEVER treat the Morpheus users in this fashion...

But WAIT, there's MORE (also from the Morpheus website):

BE CAREFUL WHERE YOU CLICK A recent press statement announced that KAZAA/Sharman Networks has a new program that allows you to re-connect to the Kazaa/FastTrack Network. This new program is NOT endorsed by MusicCity and will NOT allow you to connect to the Morpheus/Gnutella P2P network. We find it interesting that someone sent a message to your computer earlier this week which prevented your Morpheus Software product from joining the network and now a new software installer suggests that it allows you to re-connect.

Meanwhile, according to LimeWire, unique users have reached an all time high that was most likely caused by all of the Morpheus network's part-time users briefly connecting to the network in the course of installing the new software.

Posted by Lisa at March 04, 2002 12:01 AM | TrackBack
Me A to Z (A Work In Progress)