AfterDawn: Tech news
AfterDawn > News > Security hole discovered in Y! Music Unlimited

Security hole discovered in Y! Music Unlimited

Written by James Delahunty @ 30 May 2005 7:29 User comments (6)

Security hole discovered in Y! Music Unlimited Robert Chapin, owner of Chapin Information Services, Inc. has been trying to get Yahoo to fix a security flaw he found in Y! Music Unlimited that could allow a user to download songs for free. The Music Unlimited service is seen as a sort of music rental service, like Napster To Go and Real's new subscription service. For $4.99 customers can download songs and store them on compatible portable devices, but as soon as they stop paying for the service the music would simple disappear.
In order to burn a song to a CD, users would have to pay 79c for the track. Once it is burned to the CD, it is free of any DRM protection and could easily be ripped into MP3 format using any of various tools on the Internet. Tools like PyMusique and Musik allow users to purchase songs from iTunes without having any DRM protection attached, but these tools don’t make it possible to obtain downloads for free.



"This afternoon we checked to confirm the problem is still live. We downloaded a copy of The Moody Blues - Never Blame The Rainbows For The Rain.wma. It isn't going to be one of my personal favourites, but it does illustrate the point. The music on Yahoo can be obtained quickly, easily, and freely." Chapin told AfterDawn.com in an email. Understandably however, he has not reveal just yet how to get the music for free and most likely wont until Yahoo fixes the problem.

Source:
p2pnet
Chapin Information Services (Press Release)

Thanks to Jon Newton of p2pnet for bringing this to my attention.

<Toshiba brings LightScribe to laptops >Plextor attacks open source programmers
Previous Next  

6 user comments

131.5.2005 02:12
damo_red
Send private message to this user
Member

as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this

231.5.2005 09:08
etherz
Send private message to this user
Junior Member

I read the whole bloody article only to find he won't be releasing how he did it, why do we care then! Jks, its a shame he wont share his info, and we could all ruin yahoo! They would soon fix the security flaw then...

331.5.2005 09:49
Dela
Send private message to this user
Staff Member

Quote:
as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this
They will more than likely say thanks! lol you have to do things to proove these vulnerabilities exist!

431.5.2005 10:09
punx777
Send private message to this user
Senior Member

hey with yahoo music unlimited, can you de-drm it and burn it to a cd?

53.6.2005 04:31
borhan9
Send private message to this user
AfterDawn Addict

This article is pointless if u dont share the trick. Its not exactly "open sourcing" for everyone is it... when someone figures it out post it plz

66.6.2005 21:55
vudoo
Send private message to this user
Member

I don't see how you can download the music for FREE unless you share a friends subscription or use one of those password stealers in a yahoo chatroom that anouther subscriber has that actually pays for Yahoo and tells someone in a chat room they pay. Unless you know how to stop booters they can steal your password. This happens in chat all the time. But if you know the sites to go to you can get your passcode back. Only the super lame may lose their passcode for good. I suppose any music service would be open to trojan horses to steal passcodes from their subs. but really $4 a month is not bad. I have Rhapsody To Go and love it. I'm actually listening to a band called Thin Lizzy now which is an old 70's band. You don't get their full CD's on p2p. If you only like pop then hey p2p is the only way for you.

Comments have been disabled for this article.

Latest news

Netflix buys HBO and Warner Bros studios Netflix buys HBO and Warner Bros studios (05 Dec 2025 8:04)
Netflix has won the bidding competition for media giant Warner Bros and will acquire HBO as well as the Warner Bros film studios.
Massive Android 0-day vulnerability found - here's what you should do immediately Massive Android 0-day vulnerability found - here's what you should do immediately (08 Nov 2025 5:35)
A very serious security flaw has been found in the Android operating system, allowing malicious code to be executed on a phone or tablet.
Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm (20 Oct 2025 6:13)
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
End of an era: TiVo stops making DVRs End of an era: TiVo stops making DVRs (14 Oct 2025 4:12)
TiVo, once synonumous with digital TV recording in the United States and in select other countries, has stopped making DVR devices as of October, 2025.
Strava takes Garmin to court Strava takes Garmin to court (02 Oct 2025 2:30)
The world's perhaps best-known sports app developer Strava has filed a lawsuit against American sports watch manufacturer Garmin, accusing the company of patent infringement.
1 user comment

Reviews

Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
Roborock Saros 10 review - Great, but not perfect Roborock Saros 10 review - Great, but not perfect
We tested Roborock Saros 10 robot vacuum for more than two months in order to see whether it is really worth its hefty price tag. The mopping, self-emptying Saros 10 was mostly great, even perfect. But its object avoidance was bit disappointing.
1 user comment
Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum
We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.

Guides

Guide: Phone battery drains quickly - how to fix (iPhone / Android) Guide: Phone battery drains quickly - how to fix (iPhone / Android)
In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
Does your phone rattle? Here's why it happens Does your phone rattle? Here's why it happens
When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should.
2 user comments
GUIDE: Wi-Fi speeds are slow? Here are some tips GUIDE: Wi-Fi speeds are slow? Here are some tips
Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues.
1 user comment
Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix
Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems.
1 user comment
What happens if you don't update Android? What happens if you don't update Android?
Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?

News archive

Sections:

Follow us:

© 1999-2025 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud