GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   New Hacking Threat - Streaming Content Theifs! (https://gfy.com/showthread.php?t=184837)

- AFN - 10-11-2003 12:48 AM
New Hacking Threat - Streaming Content Theifs!
 
was looking around and I found a site that would be of major interest to streaming content providers.

your streams are being stolen by thousands of people daily.

they use this software available at

http://24.106.100.133/spooph/index.html

and then use the downloaded list and spoof the referal codes for the websites and in doing so give instant and immediate access to streaming videos and other streaming content. and in turn costing the actual owners of these leased streams alot of money in extra bandwidth from these stream theifs.

well I thought I would post this up here on GFY so best of hunting. I have already shot out an email to [email protected]

Thanks for listening to my rants!

Adorno 10-11-2003 01:04 AM
This is quite possibly one of the coolest things I have ever seen.

Stramm 10-11-2003 01:57 AM
wow.. now I know why I don't trust referrer auth

integrated 10-11-2003 02:00 AM
please dont post my software here

rowan 10-11-2003 02:06 AM
It's not just streaming content that is accessable for 'free' via this method, AVS is built on referer based authentication.

Carrie 10-11-2003 03:24 AM
If nothing else, it's useful for checking out sponsor sites :glugglug

Big E 10-11-2003 06:48 AM
Wow.. welcome to two years ago. Zspoof has been around at LEAST that long.

NetRodent 10-11-2003 09:43 AM
Quote:
Originally posted by Big E
Wow.. welcome to two years ago. Zspoof has been around at LEAST that long.
And most plug-in content providers STILL base their security on referring urls.

Holio is only plug-in content provider that I'm aware of that uses reasonably secure token based system. Last time I checked you had to ask them to use it, otherwise they too were referring url based.

Just this week Homegrown send an email asking their customers to change their link codes to a new system. Now they use sessions to verify the surfer came from the right site. However, they still set those sessions based on the refering url.

What I don't get is that it is so pathetically easy to create a simple token based system but practically nobody wants to do it. All it requires is: the ability to run scripts, an accurate server time, access to a hashing function (such as md5), and a shared "secret". Its easy as pie and in half a day you could write up the necessary scripts (perl, php, asp, etc.) for unix or windows servers.

xdcdave 10-11-2003 09:46 AM
Quote:
Originally posted by Adorno
This is quite possibly one of the coolest things I have ever seen.
:1orglaugh

EZRhino 10-11-2003 09:46 AM
Pretty fucking cool


All times are GMT -7. The time now is 09:53 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123