saulrosenbaum.com / Theft: A Proof of Concept

Yesterday I had a rather heated discussion with a fellow who claimed to be in part responsible for a very popular online(rhymes with ‘try Case’) music player a decent little piece of work that I’ll admit to fooling around with quite a bit, in our discussion he casually tossed the word ‘secure’ into the mix. I questioned him on ‘how’ secure - and he went to speak volumes as to his security prowess. I pushed him harder:

M: So what you’re saying is that even if I tried, I couldn’t download the new Britney Spears single?

H: Nope, we tested heavily and if you wanted that track you’re going to have to buy it on iTunes.

[omitting 7 minutes regarding server authentication, domain policies and string encryption]

M: I’m certainly not doubting you, but in my experience when it comes to assets loading into flash security is more a word we promise, but never deliver.

H: Well, I guess that says more about the difference between you and I.

M: [irritated]…I guess so, can I put you on hold on a second, [sarcastically] you’ll like my hold it has music.

it was at this point where I played the mp3 I downloaded from Britney’s popular social website music player, it had taken me all of 8 minutes to backtrack his so-called security.

JUST SO WE ARE CLEAR, THE POINT OF THIS POST ISN’T TO CONDONE STEALING MUSIC - or to teach you how to steal music (which honestly would be pretty easy) - the point I’d like to make is if you are in a band or are a musician who has full tracks online in a flash music player, and you think they’re safe, question it, exactly how safe? Otherwise you may as well give your music away (which has been know to work), better yet, make a video, toss it up on ViddlerHD - let the world rock along with you.

PLEASE DON’T STEAL MUSIC (and I can’t promise that link will work for very long)

ADDITIONAL NOTE: I’m not suggesting that secure flash audio can’t be done, it can - but generally it’s not being done to a level where people should label it secure.