|
05/28/05 — Chapin Information
Services (CIS) uncovered a flaw today
in the Yahoo Music service that would allow users to download files without
paying for them.
The new Music Unlimited Beta was opened to the public just two weeks
ago. Free trials are available for seven days, and premium subscriptions are
being offered for $4.99 per month.
Customers normally incur a charge of 79 cents when a music file is
copied to a CD or portable music player. This file would then be free from
Digital Rights Management (DRM) restrictions that are imposed upon the music
before it is purchased.
In light of this discovery, however, customers can obtain the files
without DRM protections by using standard tools available on the Internet.
CIS initially reported flaws during day-one of the public beta period,
but had found only installation and interface bugs.
|
During additional testing this week, the Yahoo website exposed more serious
design problems.
"For a savvy Internet user, the flaws in this music system could make it
easier to download the music for free than it is to pay for the same file,"
said Robert Chapin, President of CIS.
Standard accounts and Internet equipment are being used to pinpoint the
cause of the problem. At this time, Yahoo has not acknowledged the CIS
security report.
CIS is a small Michigan business with a variety of technology automation
activities. CIS has detected major security flaws in public and private
networks for banks, schools, computer manufacturers, and open source projects.
|