SonsOfLiberty
05-26-2009, 01:49 AM
http://img223.imageshack.us/img223/9931/335large.jpg
BayTSP is a company charged with sending warnings to people whose IP address has been recorded in a file sharing swarm. Their method of contacting people turns out to be extremely insecure and prone to all kinds of abuse.
Companies like BayTSP have the honorable task of joining BitTorrent swarms and other file-sharing networks looking out for copyright infringers. When someone shares a piece of a copyrighted file with them, they log the IP-address, look up the ISP and send out a copyright infringement notice automatically.
These notices usually list details about the infringing file, the person’s IP-address and the time the infringement was recorded. In addition, BayTSP includes a link to a response form where you can indicate whether or not you will comply and remove the file from your computer.
The problem with these response forms is that they are not very secure (http://nemesis.te-home.net/News/20090513__BayTSP__How_to_send_copyright_infringement_notice.html). If you get a notice from BayTSP, someone else can easily find it through Google for example, and fake a response in your place. There is no way for them to tell who responded to the complaint unless the response originates from the IP-address linked to the infringement.
Perhaps even worse, anyone can send out a fake e-mail to someone claiming to be BayTSP. XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.
BayTSP told TorrentFreak that they are looking into the XSS issues, hopefully to solve the problem. They also admitted that their response forms are flawed, that everyone can indeed fill out the response form, and that they can’t be sure that the person who responded to it actually received the notice.
We concluded from this that the response form (and thus the warnings) are completely useless, but BayTSP disagreed with this assessment. “We’ll have to agree to disagree on this one,” was their final response after having exchanged some arguments back and forth.
For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that. Those who do not comply will receive additional notices until they do so.
http://img223.imageshack.us/img223/16/googlenotices.jpg
:source: Source: TorrentFreak (http://torrentfreak.com/)
BayTSP is a company charged with sending warnings to people whose IP address has been recorded in a file sharing swarm. Their method of contacting people turns out to be extremely insecure and prone to all kinds of abuse.
Companies like BayTSP have the honorable task of joining BitTorrent swarms and other file-sharing networks looking out for copyright infringers. When someone shares a piece of a copyrighted file with them, they log the IP-address, look up the ISP and send out a copyright infringement notice automatically.
These notices usually list details about the infringing file, the person’s IP-address and the time the infringement was recorded. In addition, BayTSP includes a link to a response form where you can indicate whether or not you will comply and remove the file from your computer.
The problem with these response forms is that they are not very secure (http://nemesis.te-home.net/News/20090513__BayTSP__How_to_send_copyright_infringement_notice.html). If you get a notice from BayTSP, someone else can easily find it through Google for example, and fake a response in your place. There is no way for them to tell who responded to the complaint unless the response originates from the IP-address linked to the infringement.
Perhaps even worse, anyone can send out a fake e-mail to someone claiming to be BayTSP. XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.
BayTSP told TorrentFreak that they are looking into the XSS issues, hopefully to solve the problem. They also admitted that their response forms are flawed, that everyone can indeed fill out the response form, and that they can’t be sure that the person who responded to it actually received the notice.
We concluded from this that the response form (and thus the warnings) are completely useless, but BayTSP disagreed with this assessment. “We’ll have to agree to disagree on this one,” was their final response after having exchanged some arguments back and forth.
For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that. Those who do not comply will receive additional notices until they do so.
http://img223.imageshack.us/img223/16/googlenotices.jpg
:source: Source: TorrentFreak (http://torrentfreak.com/)