Apple closes iTunes security hole, disables PyMusique
updated 06:15 pm EST, Mon March 21, 2005
Apple disables PyMusique
Apple has access to the iTunes Music Store as well as purchase song stripped of any copy-protection. Released last week, PyMusique provided an alternative interface to the iTunes Music Store: it allowed users to register at the store, purchase music, and download songs (multiple times) without the playback restrictions associated with Apple's FairPlay DRM. Apple said it closed the security hole that opened a "backdoor" into the iTunes system, allowing PyMusique access to the software, according to ZDNet. Some iTunes customers--as many as 15 percent of users--would need to upgrade their software. "The security hole in the iTunes Music Store which was recently exploited has been closed, and as a consequence the iTunes Music Store will now sell music only to customers using iTunes version 4.7."
Hu!
03/21, 06:40pm reply
Who didn't see that coming?
history1me
Mac Elite
Joined: Sep 2003
it will get hacked again
03/21, 06:51pm reply
It will get hacked again in a couple weeks and the cycle of it getting hacked, then apple fixing it will continue.
dole
Forum Regular
Joined: Dec 2002
That was fast....
03/21, 07:03pm reply
I'm sure the music a-holes weren't too happy.
Eriamjh
Addicted to MacNN
Joined: Oct 2001
Only Problem...
03/21, 09:26pm reply
The sad thing is that the hack only boldens the RIAA position on on-line sales, ect. Their response will be to try and tighten it up even more. I know there are those that want/will hack DRM. But I wish they would leave the ones that are reseaonable alone. iTunes isn't the greatest DRM but it's the best of the alternatives. A business is never going to say, "gee they don't like the DRM let's just give the stuff away"
IonCable
Mac Enthusiast
Joined: Apr 2001
Depends on the fix...
03/21, 10:07pm reply
If Apple fixed it by doing the encoding on the server instead of in iTunes, then they can't break it again because there's no longer any encryption step to bypass.
They can still decrypt it themselves, by winkling the key out of iTunes or the iTMS, but this particular hole *can* be closed.
resuna
Fresh-Faced Recruit
Joined: Jan 2005
Re: Depends
03/21, 10:17pm reply
If Apple fixed it by doing the encoding on the server instead of in iTunes, then they can't break it again because there's no longer any encryption step to bypass.
Not necessarily. If they had updated iTunes 4.7 to communicate securely with the iTunes server (making sure some key is passed/encoded correctly) before sending the file, to make sure the client is a valid client.
LouZer
Fresh-Faced Recruit
Joined: Nov 2000
oh well
03/21, 11:42pm reply
darn it, I guess now if you want DRM free music, you'll have to go to one of the other thousand places that offer that.
don't get me wrong, in this case, I think apple is very much in the right to close down this security hole...hey look, their engineers fixed something....I'm kind of shocked, why didn't they leave the security hole in place, and just put kids in jail until people were too afraid to use it.
whats the fun in just fixing the leak..I mean hole.
Jonathan-Tanya
Fresh-Faced Recruit
Joined: Oct 2004
thank you hackers
03/22, 04:19am reply
obviously the hole was fixed by apple before the hackers exploited it - iTunes 4.7 was released long before the exploit.
all that apple did was to switch it on and make iTunes < 4.7 incompatible. also apple removed to "load again" feature.
so after all all the hack did for us was that we have to update iTunes
Wutzo
Fresh-Faced Recruit
Joined: Apr 2002
Apple to crackers
03/22, 09:09am reply
"NEXT!"
denim
Mac Elite
Joined: Jun 2000
Ethereal
03/22, 09:11am reply
Just use Ethereal to sniff out the traffic while you download from iTunes. Piece the file back together, and you will have one that has DRM (in iTunes), and one that is DRM Free...
bgmccollum
Forum Regular
Joined: Sep 2002