Gizmodo
The MPAA is such a kind and giving organization. After compiling a list of the top 25 schools for piracy, it sent them a letter last month offering the free, super-helpful University Toolkit to track naughty file-sharing on their networks. It "can produce a report that is strictly internal and therefore confidential to illustrate the level of file sharing on [your school's] network. In addition, we will send a hard copy in the near future to your university's Chief Information Officer." Of course, the first thing it does is call home. That's before the security holes.
The toolkit's actually a modified version of xubuntu rolled up with some network monitoring tools like Snort, which "captures detailed information about all traffic flowing across a network" and ntop, which makes pretty graphs from the data produced by Snort.
After you install it, it sets up an Apache Web server that uploads all of the data and graphs to a web page that displays "not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited." The kicker is that unless it's properly firewalled, the page is open to anyone and easily Googlable if you know the kit's URL conventions. Yet the MPAA's overview explicitly promises "No privacy issues—the content of traffic is never examined or displayed."
It gets better. The person who installs the toolkit isn't prompted to setup a user/pass to block access to the site, and the default setting is to not log outsider views of the page. Like, say, the MPAA's people. And even with the firewall blocking outsiders, tech-savvy university students can still sneak peaks.
To be fair, the MPAA's Craig Winter emphasizes
It can tell you how much traffic is going back and forth on BitTorrent [a popular file-sharing service], but it can't see what's in those files or what the names of those files are, and it doesn't communicate anything back to the Internet.On the upside, no schools appear to have blindly installed it, and are still "poking and prodding it." You know, I almost admire the MPAA's persistence, if only they weren't such assholes about it. [WaPo's Security Fix via Techdirt, Flickr]
Comments
So as long as my school isn't on the list, I can download all I want?
Yes I can hide!
I swear, officer, I was only torrenting Linux distros!
lovely, and it'll also give ll your old grades, reports and SSN to scam artists. good going mpaa, oyu're a big screwup like the riaa.
This sucks, but so how does this sound like a rootkit, exactly?
i wish the mpaa would stop putting so much money into this drm/campus crusade for copyright bullshit so my dvds wouldn't cost 25 bucks a pop.
As much as I loathe these guys, this reminds me of the saying "never attribute to malice what can be explained by incompetence." Which is not to say the MPAA is not malicious, but that this is more likely incompetence in action.
They are digging their grave, and I'm loving it.
Eventually MPAA or RIAA will hit someone important, of someone related to someone important. Like a senator's son, or something like that.
Another thing not mentioned: This is the Motion Picture Assoc. asking our learning institutions to police students for them. Handle your own mess.
Where is this list of schools at? I wonder if my school is downloading to its potential.
I'm so glad I'm not in school anymore...
Because as we all know, sharing files is illegal. Especially when using bittorrent.
If you can't analyze the files (and hence, if they're licensed), this software is completely useless. They'll be breaking down doors of kids who do nightly CVS or torrented linux kernel updates.
Morons, the lot of 'em.
Let them implement this. I see serious courtroom hilarity coming from this software.
DIAF RIAA
Comment on this post
Reply by EmailLogin with your username and password below. Or comment on this post via email.
Forgot your username or password? New User?