I was aiming for my foot, but I seem to have shot myself in the thigh…
May 16, 2009
In news from the one of the more active fronts in the ever-astounding war over copyrights and intellectual property protection, this reminder from ReadWriteWeb of just how absurd things have become:
BayTSP, a Los Gatos, CA-based company, is best known for putting the cease-and-desist smackdown on peer-to-peer copyright violators. The site serves infringement information forms to offending parties on behalf of the copyright holders. Think of them as the online debt collectors of the BitTorrent universe, with all the information security risk that implies.
BayTSP’s process involved sending suspected copyright violators a URL to a “Web Infringement Response System.” These pages were online forms containing fields with infringement notice ID numbers, email addresses, IP addresses, DNS names, and URLs that would identify users by household or even by device.
If the information were secure, this might be fine. However, in some monumental lapse of judgement, the entire site was left open to search spiders and accordingly indexed by Google, allowing anyone with hackerish leanings ample opportunity to create all kinds of mischief.
A Google search for “‘infringement information’ site:baytsp.com” yields distressing results. Some of the pages have been removed, but you can still have a look at the cached versions:
Not only have the forms been online for Google and the waiting world to view; the forms could also be completed and submitted online by just about anyone.
More technically savvy tricksters could send infringement notices of their own. “And, on top of that,” the TechDirt blogger writes, “some have discovered that BayTSP’s site has some scripting vulnerabilities such that you could create a fake complaint and get people to, say, download malware or enter credit card data.”
Although this recent debacle is simply one more PR disaster for the media industries themselves, my first thoughts were echoed by TechDirt commenter Mechwarrior: “Once this hits 4chan, it’s over.”
(Lest the 4Chan reference be obscure, it’s the font-of-all-memes site the members of which recently manipulated Time‘s on-line poll asking users to name the “World’s Most Influential Person” so that “Moot,” 4chan’s reclusive founder, emerged as Number One… see here and here.)
“‘But I don’t want to go among mad people,’ said Alice. ‘Oh, you can’t help that,’ said the cat. ‘We’re all mad here.’”
– Lewis Carroll