MPAA Releases University Spying Toolkit - Violates GPL

Aron Schatz
December 4, 2007

Page All:

Page 1
The MPAA has released, and then promptly taken down, a derivative of Xubuntu to perform spying on university networks. The software offered a view into the university network in regards to file sharing. They offered the ISO but not the source code. One of the Ubuntu devs forced a takedown. Nice one. IN YOUR FACE, MPAA.


Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic -- and a great many universities do not -- that Web server is going to be visible and accessible by anyone with a Web browser. But wait, you say: Wouldn't someone need to know the domain name or Internet address of the Web server that's running the toolkit? Yes. However, anyone familiar enough with the file-naming convention used by the toolkit could use Google to search for the server. But surely there are ways a network administrator might keep this information from being available to the entire Web, right? Yes. The toolkit allows an administrator to require a username and password for access to the Web server. The problem is that the person responsible for running the toolkit is never prompted to create a username and password. What's more, while Apache includes a feature that can record when an outsider views the site, that logging is turned off by default in the MPAA's University Toolkit.


Medium Image View Large