Security hole discovered in Y! Music Unlimited

Written by James Delahunty @ 30 May 2005 7:29 User comments (6)

Robert Chapin, owner of Chapin Information Services, Inc. has been trying to get Yahoo to fix a security flaw he found in Y! Music Unlimited that could allow a user to download songs for free. The Music Unlimited service is seen as a sort of music rental service, like Napster To Go and Real's new subscription service. For $4.99 customers can download songs and store them on compatible portable devices, but as soon as they stop paying for the service the music would simple disappear.

In order to burn a song to a CD, users would have to pay 79c for the track. Once it is burned to the CD, it is free of any DRM protection and could easily be ripped into MP3 format using any of various tools on the Internet. Tools like PyMusique and Musik allow users to purchase songs from iTunes without having any DRM protection attached, but these tools don’t make it possible to obtain downloads for free.

"This afternoon we checked to confirm the problem is still live. We downloaded a copy of The Moody Blues - Never Blame The Rainbows For The Rain.wma. It isn't going to be one of my personal favourites, but it does illustrate the point. The music on Yahoo can be obtained quickly, easily, and freely." Chapin told AfterDawn.com in an email. Understandably however, he has not reveal just yet how to get the music for free and most likely wont until Yahoo fixes the problem.

Source:
p2pnet
Chapin Information Services (Press Release)

Thanks to Jon Newton of p2pnet for bringing this to my attention.

<Toshiba brings LightScribe to laptops >Plextor attacks open source programmers

6 user comments

131.5.2005 02:12

damo_red

Send private message to this user

Member

as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this

231.5.2005 09:08

etherz

Send private message to this user

Junior Member

I read the whole bloody article only to find he won't be releasing how he did it, why do we care then! Jks, its a shame he wont share his info, and we could all ruin yahoo! They would soon fix the security flaw then...

331.5.2005 09:49

Dela

Send private message to this user

Staff Member

Quote:
as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this

They will more than likely say thanks! lol you have to do things to proove these vulnerabilities exist!

431.5.2005 10:09

punx777

Send private message to this user

Senior Member

hey with yahoo music unlimited, can you de-drm it and burn it to a cd?

53.6.2005 04:31

borhan9

Send private message to this user

AfterDawn Addict

This article is pointless if u dont share the trick. Its not exactly "open sourcing" for everyone is it... when someone figures it out post it plz

66.6.2005 21:55

vudoo

Send private message to this user

Member

I don't see how you can download the music for FREE unless you share a friends subscription or use one of those password stealers in a yahoo chatroom that anouther subscriber has that actually pays for Yahoo and tells someone in a chat room they pay. Unless you know how to stop booters they can steal your password. This happens in chat all the time. But if you know the sites to go to you can get your passcode back. Only the super lame may lose their passcode for good. I suppose any music service would be open to trojan horses to steal passcodes from their subs. but really $4 a month is not bad. I have Rhapsody To Go and love it. I'm actually listening to a band called Thin Lizzy now which is an old 70's band. You don't get their full CD's on p2p. If you only like pop then hey p2p is the only way for you.

Comments have been disabled for this article.

	VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31) VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times. 2 user comments
	Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09) Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier. 8 user comments
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19) Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Neato, the robot vacuum company, ends its operations (02 May 2023 3:38) Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028. 5 user comments
	How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25) The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. .... 18 user comments

	Windows 11: Check if TPM is enabled on your computer In this short guide we will look at how you can check the status of Trusted Platform Module (TPM) on your PC ahead of the coming launch of Windows 11.
	HOWTO: Install Netflix App on rooted Android device 'This app is no longer compatible with your device. Contact the developers for more info.' If you are getting this message from Google Play when trying to install Netflix, then maybe this little guide can help you.
	HOWTO: Boot Android device into Safe Mode Are you having trouble with your Android device? If you find that your device has become sluggish, is freezing, takes too long to boot or any of a host of other performance concerns, you may want to boot into Safe Mode.
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment

Security hole discovered in Y! Music Unlimited

6 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product. 1 user comment
	Samsung Jet Bot 80+ review - excellent robot vacuum cleaner We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months. 1 user comment