New Hacking Threat - Streaming Content Theifs! - GoFuckYourself.com

- AFN - · 10-11-2003, 12:48 AM

was looking around and I found a site that would be of major interest to streaming content providers.

your streams are being stolen by thousands of people daily.

they use this software available at

http://24.106.100.133/spooph/index.html

and then use the downloaded list and spoof the referal codes for the websites and in doing so give instant and immediate access to streaming videos and other streaming content. and in turn costing the actual owners of these leased streams alot of money in extra bandwidth from these stream theifs.

well I thought I would post this up here on GFY so best of hunting. I have already shot out an email to [email protected]

Thanks for listening to my rants!

Adorno · 10-11-2003, 01:04 AM

This is quite possibly one of the coolest things I have ever seen.

Stramm · 10-11-2003, 01:57 AM

wow.. now I know why I don't trust referrer auth

integrated · 10-11-2003, 02:00 AM

please dont post my software here

rowan · 10-11-2003, 02:06 AM

It's not just streaming content that is accessable for 'free' via this method, AVS is built on referer based authentication.

Carrie · 10-11-2003, 03:24 AM

If nothing else, it's useful for checking out sponsor sites

Big E · 10-11-2003, 06:48 AM

Wow.. welcome to two years ago. Zspoof has been around at LEAST that long.

NetRodent · 10-11-2003, 09:43 AM

Quote:

Originally posted by Big E
Wow.. welcome to two years ago. Zspoof has been around at LEAST that long.

And most plug-in content providers STILL base their security on referring urls.

Holio is only plug-in content provider that I'm aware of that uses reasonably secure token based system. Last time I checked you had to ask them to use it, otherwise they too were referring url based.

Just this week Homegrown send an email asking their customers to change their link codes to a new system. Now they use sessions to verify the surfer came from the right site. However, they still set those sessions based on the refering url.

What I don't get is that it is so pathetically easy to create a simple token based system but practically nobody wants to do it. All it requires is: the ability to run scripts, an accurate server time, access to a hashing function (such as md5), and a shared "secret". Its easy as pie and in half a day you could write up the necessary scripts (perl, php, asp, etc.) for unix or windows servers.

xdcdave · 10-11-2003, 09:46 AM

Quote:

Originally posted by Adorno
This is quite possibly one of the coolest things I have ever seen.

EZRhino · 10-11-2003, 09:46 AM

Pretty fucking cool

10-11-2003, 12:48 AM	#1
- AFN - Confirmed User Join Date: Jun 2003 Location: NYC Baaaabeee Posts: 3,101	New Hacking Threat - Streaming Content Theifs! was looking around and I found a site that would be of major interest to streaming content providers. your streams are being stolen by thousands of people daily. they use this software available at http://24.106.100.133/spooph/index.html and then use the downloaded list and spoof the referal codes for the websites and in doing so give instant and immediate access to streaming videos and other streaming content. and in turn costing the actual owners of these leased streams alot of money in extra bandwidth from these stream theifs. well I thought I would post this up here on GFY so best of hunting. I have already shot out an email to [email protected] Thanks for listening to my rants!

10-11-2003, 02:00 AM	#4
integrated Confirmed User Join Date: Apr 2003 Location: west end Posts: 3,826	please dont post my software here __________________ Pioneer of .TV domains Grandfather of .TV development Respected among industry LEADERS

10-11-2003, 01:04 AM	#2
Adorno So Fucking Banned Join Date: Sep 2003 Posts: 303	This is quite possibly one of the coolest things I have ever seen.

10-11-2003, 01:57 AM	#3
Stramm Confirmed User Join Date: Jan 2003 Location: NL Posts: 342	wow.. now I know why I don't trust referrer auth

10-11-2003, 02:06 AM	#5
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	It's not just streaming content that is accessable for 'free' via this method, AVS is built on referer based authentication.

10-11-2003, 03:24 AM	#6
Carrie Confirmed User Join Date: Apr 2002 Location: Virgin - nee Posts: 3,162	If nothing else, it's useful for checking out sponsor sites

10-11-2003, 06:48 AM	#7
Big E Registered User Industry Role: Join Date: Mar 2002 Location: San Diego, CA Posts: 935	Wow.. welcome to two years ago. Zspoof has been around at LEAST that long.

10-11-2003, 09:46 AM	#10
EZRhino Confirmed User Industry Role: Join Date: Jul 2003 Location: couch Posts: 6,258	Pretty fucking cool