Monday, January 17, 2005

Security Hole: Free Paid Downloading

Feel like getting some free music from a legal download site? Internet payment system Firstgate has a security hole that allows you to download songs for € 30, paid by other people. Provide the name and bank account number of someone else and one can instantly start downloading without the restriction of a pin code or password. Only after an initial pre-paid amount of € 30 a pin code restricts further spending.

Music download sites like MSN Music and locals Chello and use Firstgate for money transactions, and the system is also in use by Swisscom and British Telecom's Click & Buy. Banks generally only recognize written authorization and by telephone, so that an internet authorization to withdraw money is for the risks of the (music download) companies. A customer will get the withdrawn amount refunded, if he finds out.

Firstgate has responded to the news that IP addresses of users are registered and fraudulent users may be traced. However, Freegate said it was not likely it will put much effort in this, because of the low scale of fraud and small amounts of money involved. Something to remember when you lock into MSN Music through an anonymizer.
- - -
News by Kassa (Dutch only)


Post a Comment

<< Home