Fwd: Kazaa file corruption
From: Russell S/nillion42 (nillion42at_private)
Date: Wed Mar 05 2003 - 10:50:55 PST
Next message: Blue Boar: "Re: Fwd: Kazaa file corruption"
--- the forwarded message follows ---
attached mail follows:
Hi Bill,
Could you post this to the vuln-dev mailing list? The address is
vuln-devat_private
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
On 4 Mar 2003, Bill Hendron wrote:
>
>
> Problem:
> Lack of file checksum in kazaa leads to the ability to
> spread corrupted files and corrupt the dowload of any file.
>
> Method:
> By deleting(replacing with hex 00) the data from a mp3
> file and leaving the headers you can create a file
> which has identical filesize (kazaa checks filesize).
> When a kazaa user downloads a file, multiple download
> streams can be used, if a stream is created to the
> corrupted file, it will make the download useless once
> finished not readily appraent until download is complete.
>
> Additional:
> On modems and other areas where compression is used,
> this can lead to the file traveling at rapid speeds
> (greater than 20kps on a 56k modem). This could cause
> the files that are corrupted file or corrupted portions
> to spread rapdily to other users before the user has a
> chance to check the quality of the file and delete it.
>
>
> -Bill Hendron
>
This archive was generated by hypermail 2b30
: Wed Mar 05 2003 - 11:57:40 PST