Soulseek P2P Application Vulnerable to Remote Takeover
Soulseek is one the greatest music sharing networks that most people have never heard of, with a particular specialty in electronic music. Unfortunately, for nearly a year those using versions of the official client have been exposed to a highly critical vulnerability which can leave them open to remote takeover.
Soulseek, created by former Napster programmer Nir Arbe, is a lessor known file-sharing network/application. Although files of any type can be shared, its specialty lies in the diverse independent music to be found within - for electronic music lovers Soulseek an absolute goldmine. But it’s not all good news. In July 2008, security researcher Laurent Gaffié found a bug in two of the latest versions of the official software - Soulseek 157 NS & 156. The problem was so serious he informed the Soulseek developer on 3rd September 2008. Unfortunately, Laurent heard nothing back so on 14 October 2008 he contacted the developer again. He appears to have been ignored. On 16 May 2009 Laurent tried again to contact the Soulseek team - yet again he had no response so decided to reveal his findings.