[Infowarrior] - Holltwood copyright notice forms easily hacked
Richard Forno
rforno at infowarrior.org
Thu May 14 12:19:53 UTC 2009
http://techdirt.com/articles/20090514/0136024879.shtml
Entertainment Industry Copyright Notice Acknowledgement Forms Easily
Hacked
from the nice-work,-baytsp dept
One of the companies that the entertainment industry hires to send out
nastygrams to people it believes are file sharing illegally is BayTSP.
The company tries to hunt down IP addresses and then try to notify the
user. Apparently, a part of this process is also to include a link to
a web form where the user can respond to the notice and tell BayTSP if
you will comply with their infringement notice and remove the
offending files from your computer. Except, some are noticing, that
BayTSP's method of doing this isn't even remotely secure, so the
response forms are available for anyone to see -- and to respond to.
You can find your own with a little help from Google.
Even worse, you could send your own notices, pretending to be BayTSP,
and get people to fill out the forms instead. And, on top of that,
some have discovered that BayTSP's site has some scripting
vulnerabilities such that you could create a fake complaint and get
people to, say, download malware or enter credit card data. Once again
demonstrating the high level of technical incompetence from the folks
the RIAA and MPAA hire to piss off fans worldwide.
http://techdirt.com/articles/20090514/0136024879.shtml
More information about the Infowarrior
mailing list