AfterDawn: Tech news

Security hole discovered in Y! Music Unlimited

Written by James Delahunty (Google+) @ 30 May 2005 19:29 User comments (6)

Security hole discovered in Y! Music Unlimited Robert Chapin, owner of Chapin Information Services, Inc. has been trying to get Yahoo to fix a security flaw he found in Y! Music Unlimited that could allow a user to download songs for free. The Music Unlimited service is seen as a sort of music rental service, like Napster To Go and Real's new subscription service. For $4.99 customers can download songs and store them on compatible portable devices, but as soon as they stop paying for the service the music would simple disappear.
In order to burn a song to a CD, users would have to pay 79c for the track. Once it is burned to the CD, it is free of any DRM protection and could easily be ripped into MP3 format using any of various tools on the Internet. Tools like PyMusique and Musik allow users to purchase songs from iTunes without having any DRM protection attached, but these tools dont make it possible to obtain downloads for free.

"This afternoon we checked to confirm the problem is still live. We downloaded a copy of The Moody Blues - Never Blame The Rainbows For The Rain.wma. It isn't going to be one of my personal favourites, but it does illustrate the point. The music on Yahoo can be obtained quickly, easily, and freely." Chapin told in an email. Understandably however, he has not reveal just yet how to get the music for free and most likely wont until Yahoo fixes the problem.

Chapin Information Services (Press Release)

Thanks to Jon Newton of p2pnet for bringing this to my attention.

Previous Next  

6 user comments

131.5.2005 2:12

as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this

231.5.2005 9:08

I read the whole bloody article only to find he won't be releasing how he did it, why do we care then! Jks, its a shame he wont share his info, and we could all ruin yahoo! They would soon fix the security flaw then...

331.5.2005 9:49

as kind as this guy is, isent he still stealing when hes downloadin for free, wonder what yahoo have to say about this
They will more than likely say thanks! lol you have to do things to proove these vulnerabilities exist!

431.5.2005 10:09

hey with yahoo music unlimited, can you de-drm it and burn it to a cd?

53.6.2005 4:31

This article is pointless if u dont share the trick. Its not exactly "open sourcing" for everyone is it... when someone figures it out post it plz

66.6.2005 21:55

I don't see how you can download the music for FREE unless you share a friends subscription or use one of those password stealers in a yahoo chatroom that anouther subscriber has that actually pays for Yahoo and tells someone in a chat room they pay. Unless you know how to stop booters they can steal your password. This happens in chat all the time. But if you know the sites to go to you can get your passcode back. Only the super lame may lose their passcode for good. I suppose any music service would be open to trojan horses to steal passcodes from their subs. but really $4 a month is not bad. I have Rhapsody To Go and love it. I'm actually listening to a band called Thin Lizzy now which is an old 70's band. You don't get their full CD's on p2p. If you only like pop then hey p2p is the only way for you.

Comments have been disabled for this article.

Latest user comments

News archive